Fix a security issue CVE-2020-36242 where certain sequences of
``update()`` calls when symmetrically encrypting very large
payloads (>2GB) could result in an integer overflow, leading to
buffer overflows.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
License-Update: License updated (year updated)
Fix some security issues such as CVE-2021-21702 and remove two
cve patches which already included in the new version.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2.2.x is LTS, so upgrade to latest release 2.2.20.
This upgrade fixes several CVEs such as CVE-2021-3281.
Also, CVE-2021-28658.patch is dropped as it's already in 2.2.20.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to latest stable version.
The 1.10 branch is not maitained any more, it stops update in 2019.
The 1.11 branch has fix for CVE-2020-26117, which is a high risk CVE.
https://nvd.nist.gov/vuln/detail/CVE-2020-26117
Some changes in this new version are as below.
1) 'bash' is added to RDEPENDS as /usr/libexec/vncsession-start requires it.
2) DEPENDS on libpam and requires 'pam' distro feature.
This is because upstream has made 'pam' mandatory in the following commit.
"""
commit d80817f101d1b3f1a9b1c5ec268f28fffa2d75f9
Author: Pierre Ossman <ossman@cendio.se>
Date: Wed Jul 11 15:49:46 2018 +0200
Make PAM mandatory
It is present on all UNIX systems anyway, so let's simplify things.
We will need it for more proper session startup anyway.
"""
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The +1 fixes build issues for the 5.4 kernel.
This update looks like bugfixes
Signed-off-by: Armin Kuster <akuster808@gmail.com>
v2]
Wrong version listed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4784c7c62f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libnet is a dependency to --enable-spoof-source.
The correct flag to enable/disable in ./configure
is --enable-spoof-source.
Adjust PACKAGECONFIG accordingly.
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c126dcd1f9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
when enabling DEBUG_BUILD, an assembler failure used to be seen.
But this patch was in meta-oe c0ce7599, dating in 2014...
Cannot reproduce the failure anymore with qemuarm.
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6c626c0e12)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Drop 0001-GitHub-Issue-367.-Remove-references-to-deprecated-G_.patch
since it was a backport.
Drop 0001-pollGtk-Drop-volatile-qualifier.patch
since it's covered by:
f48efc8e Make pollGtk resetable.
Drop 0001-utilBacktrace-Ignore-Warray-bounds.patch
since it's covered by:
0cfda58a Make peeking back into the stack work for back traces
Drop 0002-add-include-sys-sysmacros.h.patch
since it's covered by:
69b7e1f9 Include sysmacros.h directly as mandated by glibc-2.25.
Refit:
0005-Use-configure-to-test-for-feature-instead-of-platfor.patch
0009-Rename-poll.h-to-vm_poll.h.patch
0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch
0011-Use-uintmax_t-for-handling-rlim_t.patch
Add:
0001-Add-resolv_compat.h-for-musl-builds.patch
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Trevor Gamblin <Trevor.Gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7a5fbd9d46)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Rebase the musl patches.
Drop json-c dependency as this is no longer used.
Drop FILES_${PN}-dbg packaging as this happens magically now.
Drop -Wno-error CFLAGS as we patch out -Werror entirely.
Add dtc RDEPENDS as this is needed at runtime.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b7b0bcb4fe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
- Excise all devices.tar.gz code
- Use yocto vars to override hardcoded dir to support native and nativesdk
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 605cb20bdf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.0.12:
- Add support for hashed/random/keyword expressions
- Review support support for hashed/random/keyword expression and
add expanders reactor
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 4c0e6d3365)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 5.0.7:
- The decorator module was not passing correctly the defaults
inside the *args tuple
- Fixed some mispellings in the documentation
- Integrated codespell in the CI
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit d07aa9a0a7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.2.4:
- Fixed regression in DataFrame.sum() when min_count greater than
the DataFrame shape was passed resulted in a ValueError
- Fixed regression in DataFrame.to_json() raising AttributeError
when run on PyPy
- Fixed regression in (in)equality comparison of pd.NaT with a
non-datetimelike numpy array returning a scalar instead of an
array
- Fixed regression in DataFrame.where() not returning a copy in
the case of an all True condition
- Fixed regression in DataFrame.replace() raising IndexError when
regex was a multi-key dictionary
- Fixed regression in repr of floats in an object column not
respecting float_format when printed in the console or outputted
through DataFrame.to_string(), DataFrame.to_html(), and
DataFrame.to_latex()
- Fixed regression in NumPy ufuncs such as np.add not passing
through all arguments for DataFrame
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 443e435ce4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.8:
assumptions:
- Q.infinite now correctly evaluates to True for oo, -oo, and zoo
- Assumption predicates now correctly evaluates to None for S.NaN
- Relational objects do not need to be wrapped by Q.is_true to be
asked or refined anymore
- Q.is_true wrapping over AppliedPredicate now just return the
argument
- refine arg(x) when x is real and nonzero
- assumptions/relation module is introduced. This module
implements binary relation as predicate
- AskHandler(), register_handler() and remove_handler() are
deprecated. Handler now must be multipledispatch instance
- Predicate now uses a single handler which is multipledispatch
instance
- Predicate can now take multiple arguments
- Predicate("...") now returns UndefinedPredicate instance. To
define a predicate, you must make a subclass of Predicate
calculus:
- Using maximum with a piecewise expression over a domain no
longer fails due to a bug fix in Piecewise.as_expr_set_pairs
codegen:
- allowing for multi-dimensional arrays as arguments/locals in c
code generation
- create_expand_pow_optimization is now customizable with respect
to requirement on base
- Support flattening of elementwise additions of array expressions
- Fixes to array-expressions in order to properly work with
ZeroArray and ZeroMatrix
- Fixing matrix expression recognition from array-expressions
- Minor fixes to the way the AST of array expressions is built
- Add normalization of CodegenArrayDiagonal when it's nested with
CodegenArrayPermuteDims and CodegenArrayContraction
- Increased support for the normalization of array expressions and
permutations of indices
- parse_matrix_expression( ) is now able to parse traces of
matrices
combinatorics:
- Added a section to the permutation docs about containment in
permutation groups
geometry:
- Fix AssertError for vertical tangent
- Geometric entities with symbolic coordinates will not be printed
in SVG
simplify:
- Fix simplify calls sympify without rational parameter
- TRmorrie now takes powers of cos terms into account
tensor:
- Introduced objects ArraySymbol and ArrayElement for array
expressions equivalent to MatrixSymbol and MatrixElement in the
matrix expression module
- Add class ZeroArray for array expressions of zero-valued
elements
- Make Array differentiation(derive_by_array) work with non sympy
expressions
- Added tensordiagonal( ) function to perform diagonalization of
array expressions
- Adding an array with any other type now consistently gives
NotImplemented
utilities:
- Added official support for using CuPy to GPU accelerate lambdify
functions
- Added Replacer class to simplify the creation of replacement
expressions with MatchPy
- Added tests for optional parameter in MatchPy patterns
- Added string printers for MatchPy-compatible wildcards in
sympy.utilities.matchpy_connector
- minlex no longer accepts is_set or small arguments
- minlex and least_rotation now accept key= arguments similar to
sorted
vector:
- Fixed a bug with integral over ImplicitRegion objects
other:
- Expanding documentation to include all class members with
docstrings
License-Update: Update year
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 71acc03cbd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
zangrc
Leon Anavi
Khem Raj
Kai Kang
Mingli Yu
Chen Qi
Stefan Ghinea
Ulrich Ölmann
Armin Kuster
Joe Hershberger
Yi Fan Yu
zhengruoqin
Randy MacLeod
wangmy
persianpros
Ross Burton
Kamil Dziezyk
Hongxu Jia
Martin Jansa