mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 05:10:20 +00:00
Code Issues Projects Releases Wiki Activity
20,111 Commits 64 Branches 0 Tags
4b16dedac67db9f66999237cf210c3f644eee339
Commit Graph

20111 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
wangmy 57ae91d291 libsdl: Fix CVE-2019-13616 
References
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616

  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read
  in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

  Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/97fefd050976bbbfca9608499f6a7d9fb86e70db]
  CVE: CVE-2019-13616

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-19 09:17:49 -07:00
wangmy a9aecd2c32 exiv2: Fix CVE-2021-29473 
References
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473

      The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
      An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
      if they can trick the victim into running Exiv2 on a crafted image file.

      Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b]
      CVE: CVE-2021-29473

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-19 09:17:49 -07:00
wangmy bb1400efda exiv2: Fix CVE-2021-29470 
References
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470

      The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
      An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
      if they can trick the victim into running Exiv2 on a crafted image file.

      Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1581/commits/6628a69c036df2aa036290e6cd71767c159c79ed]
      CVE: CVE-2021-29470

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-19 09:17:49 -07:00
wangmy 8c9470bdfa exiv2: Fix CVE-2021-29464 
References
          https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464

          The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
          An attacker could potentially exploit the vulnerability to gain code execution, if they can
          trick the victim into running Exiv2 on a crafted image file.

          Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54]
          CVE: CVE-2021-29464

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-19 09:17:49 -07:00
wangmy 9e7c2c9713 exiv2: Fix CVE-2021-3482 
References
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482

      Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp
      can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

      Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da]
      CVE: CVE-2021-3482

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-19 09:17:49 -07:00
wangmy 8e63ac6c86 exiv2: Fix CVE-2021-29463 
References
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463

      The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
      An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
      if they can trick the victim into running Exiv2 on a crafted image file.

      Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b]
      CVE: CVE-2021-29463

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-19 09:17:49 -07:00
wangmy f0d83c14d9 exiv2: Fix CVE-2021-29458 
References
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458

      The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
      An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
      if they can trick the victim into running Exiv2 on a crafted image file.

      Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1536/commits/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d]
      CVE: CVE-2021-29458

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-19 09:17:49 -07:00
wangmy 5be7269309 exiv2: Fix CVE-2021-29457 
References
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457

  The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
  An attacker could potentially exploit the vulnerability to gain code execution, if they can
  trick the victim into running Exiv2 on a crafted image file.

  Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/0230620e6ea5e2da0911318e07ce6e66d1ebdf22]
  CVE: CVE-2021-29457

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-19 09:17:49 -07:00
Trevor Gamblin bdf1be7c55 python3-django: upgrade 3.2.2 -> 3.2.3 
3.2.3 is a bugfix release:

- Prepared for mysqlclient > 2.0.3 support (#32732).
- Fixed a regression in Django 3.2 that caused the incorrect
  filtering of querysets combined with the | operator (#32717).
- Fixed a regression in Django 3.2.1 where saving FileField
  would raise a SuspiciousFileOperation even when a custom
  upload_to returns a valid file path (#32718).

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Trevor Gamblin f07a8c1376 python3-django: upgrade 2.2.22 -> 2.2.23 
2.2.23 is a bugfix release:

- Fixed a regression in Django 2.2.21 where saving FileField would raise a
  SuspiciousFileOperation even when a custom upload_to returns a valid
  file path (#32718).

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi 8a4a32c12c python3-pysonos: Upgrade 0.0.46 -> 0.0.48 
Upgrade to release 0.0.48:

- Merge SoCo 0.22

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi 20731f44e1 python3-websocket-client: Upgrade 0.59.0 -> 1.0.0 
Upgrade to release 1.0.0:

- Removed Python 2 code, now only Python 3 compatible
- Use semver for release versions, unlike breaking release 0.58.0
- Enhance enableTrace output
- Improve unit tests to over 80% code coverage
- Fix old _app.py close status code bug
- Replace select import with selectors

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi 5911c4662f python3-decorator: Upgrade 5.0.7 -> 5.0.9 
Upgrade to release 5.0.9:

- Made the decorator module more robust when decorating builtin
  functions lacking dunder attributes, like dict.__setitem__.
- Fixed a test breaking PyPy. Restored support for Sphinx.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi eb7be79cfb python3-websockets: Upgrade 9.0.1 -> 9.0.2 
Upgrade to release 9.0.2:

- Restored compatibility of python -m websockets with Python < 3.9
- Restored compatibility with mypy

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi e306688945 python3-cbor2: Upgrade 5.2.0 -> 5.3.0 
Upgrade to release 5.3.0:

- Removed support for Python < 3.6

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Khem Raj 728e5b08e2 python3-haversine: Fix build with latest python/setuptools 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Bartosz Golaszewski 9a98ff7dcc python3-pydbus-manager: add runtime dependencies 
This recipe is missing the runtime deps. Add them.

Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi 2e8de30fe8 python3-aiohue: Upgrade 2.4.0 -> 2.5.0 
Upgrade to release 2.5.0:

- Store group resource
- Make sure v2 button events are translated to v1 button events
- Fix normalize check
- Support remotes

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi 1553993029 python3-aiofiles: Upgrade 0.6.0 -> 0.7.0 
Upgrade to release 0.7.0:

- Added the aiofiles.tempfile module for async temporary files.
- Switched to Poetry and GitHub actions.
- Dropped 3.5 support.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi be3f005dd7 python3-pyjwt: Upgrade 2.0.1 -> 2.1.0 
Upgrade to release 2.1.0:

- Allow claims validation without making JWT signature validation
  mandatory
- Remove padding from JWK test data
- Make kty mandatory in JWK to be compliant with RFC7517
- Allow JWK without alg to be compliant with RFC7517
- Allow to verify with private key on ECAlgorithm, as well as on
  Ed25519Algorithm
- Add caching by default to PyJWKClient
- Add missing exceptions.InvalidKeyError to jwt module __init__
  imports
- Add support for ES256K algorithm
- Add from_jwk() to Ed25519Algorithm
- Add to_jwk() to Ed25519Algorithm
- Export PyJWK and PyJWKSet

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi 3ab0e0db16 python3-javaobj-py3: Upgrade 0.4.2 -> 0.4.3 
Upgrade to release 0.4.3:

- Added support for TC_NULL as array sub-type in _read_field_value
- javaobj can now read GZipped files directly (trick done in
  load(), which is also the underlying method used by loads())
- Fixed a type issue in BlockData/str content comparison

License-Update: License remains Apache License Version 2.0

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Leon Anavi 269880d81d python3-sh: Upgrade 1.14.1 -> 1.14.2 
Upgrade to release 1.14.2:

- bugfix where setting _ok_code to not include 0, but 0 was the
  exit code

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Bartosz Golaszewski 67f9550be7 python3-pycocotools: new package 
Add a recipe for building pycocotools - a Python wrapper for cocapi.

Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-05-19 09:16:54 -07:00
Alexander Vickberg d6ef417074 hostapd: fix building with CONFIG_TLS=internal 
The patch recently added for CVE-2021-30004 broke compilation with
CONFIG_TLS=internal. This adds the necessary function to let it
compile again.

Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:15:23 -07:00
William A. Kennington III 05b8c9578d span-lite: upgrade 0.8.1 -> 0.9.2 
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:15:23 -07:00
Nuno Sá a41f4277cd libiio: mark libxml2 as depends for usb_backend 
When usb_backend is configured, libxml2 is set as a RDEPEND. But, in
reality we want it to be part of the DEPENDS list.

Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Nuno Sá 31c3d52888 libiio: add serial backend support 
This patch adds the serial backend to the PACKAGECONFIG list.

Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 491249e48c meta-gnome: remove upstream-version-is-even from inherit on 40.x version recipes 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Khem Raj 71dd824d25 libcamera: Update to latest master tip 
Drop upstreamed patch
jinja2.Environment.compile_templates no longer accepts py_compile
argument so delete it

Fixes
TypeError: compile_templates() got an unexpected keyword argument 'py_compile'

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
 2021-05-17 09:00:36 -07:00
Khem Raj 46bd112bc4 Revert "nautilus: Exclude from builds" 
This reverts commit f2dd522724.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller b5b298dc21 gnome-photos: Let all desktops add gnome-photos to their start menu 
As a XFCE user I was wondering why gnome-photos was missing

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller f17d9dd0d6 gnome-photos: rrecommend grilo-plugins 
Fixes:
| (org.gnome.Photos:952): gnome-photos-WARNING **: 08:02:54.011: Unable to activate Grilo's Flickr plugin: Plugin “grl-flickr” not available

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 75831afcbd grilo-plugins: initial add 0.3.13 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller fe32f27391 Revert "gimp: Disable svg icons on arm" 
gimp builds without issues on armv7 / gcc 11.1.0

This reverts commit 57a7c1ed7d.

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller f72da715c4 gegl: add poppler PCAKAGECONFIG and enable it by default 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller c63a1eae60 gegl: add PACKAGECONFIG libraw and enable it by default 
Without gnome-photos fails to start and complains:
| (org.gnome.Photos:952): gnome-photos-WARNING **: 08:02:54.154: Unable to find GEGL operation gegl:raw-load: Check your GEGL install
| (org.gnome.Photos:952): gnome-photos-CRITICAL **: 08:02:54.154: photos_application_create_window: assertion 'gegl_sanity_checked' failed

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Khem Raj ea0af875ca libraw: Move from meta-qt5-extra to meta-oe 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 5d4d462df0 gimp: upgrade 2.10.22 -> 2.10.24 
Backported patch can go

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller d52da0147d babl: upgrade 0.1.84 -> 0.1.86 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 620e16a5bb libwnck3: upgrade 3.36.0 -> 40.0 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 38578caab6 dconf-editor: upgrade 3.38.2 -> 3.38.3 
Backported patch can go

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 8400df63c0 gnome-system-monitor: upgrade 3.36.1 -> 40.1 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 7ec3906540 gnome-calculator: upgrade 3.36.0 -> 40.1 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 6bbba21ff1 evince: upgrade 3.38.0 -> 40.1 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 269e4f726d gedit: upgrade 3.36.2 -> 40.1 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller b83f509117 tepl: upgrade 4.4.0 -> 6.00.0 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller c9297cbd76 file-roller: upgrade 3.36.3 -> 3.38.1 
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller d3689db23f gnome-photos: upgrade 3.34.2 -> 40.0 
gnome-photos' upgrade is mandatory due to tracker major version bump

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller cac624c6d2 nautilus: upgrade 3.36.3 -> 40.1 
* 3.36.3 stopped building with meson 0.58.0
* backported patch can go

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00
Andreas Müller 1c97ec5a76 tracker-miners: upgrade 2.3.5 -> 3.0.5 
* follow tracker upgrade
* adjust PACKAGECONFIGs to new sources

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-05-17 09:00:36 -07:00