Changelog:
=========
Fixed null check for fribidi_version_info in FriBiDi shim
Added GIF decompression bomb check
Handle PCF fonts files with less than 256 characters
Improved GIF optimize condition
Reverted to array_interface with the release of NumPy 1.23
Pad PCX palette to 768 bytes when saving
Fixed bug with rounding pixels to palette colors
Use gnome-screenshot on Linux if available
Fixed loading L mode BMP RLE8 images
Fixed incorrect operator in ImageCms error
Limit FPX tile size to avoid extending outside image
Added support for decoding plain PPM formats
Added apply_transparency()
Fixed behaviour change from endian fix
Use python3
Allow remapping P images with RGBA palettes
Revert "Skip test_realloc_overflow unless libtiff 4.0.4 or higher"
[pre-commit.ci] pre-commit autoupdate
Only import ImageFont in ImageDraw when necessary
Fixed drawing translucent 1px high polygons
Pad COLORMAP to 768 items when saving TIFF
Fix P -> PA conversion
Once exif data is parsed, do not reload unless it changes
Only try to connect discontiguous corners at the end of edges
Improve transparency handling when saving GIF images
Do not update GIF frame position until local image is found
Netscape GIF extension belongs after the global color table
Only write GIF comments at the beginning of the file
Separate multiple GIF comment blocks with newlines
Always use GIF89a for comments
Ignore compression value from BMP info dictionary when saving as TIFF
If font is file-like object, do not re-read from object to get variant
Raise ValueError when trying to access internal fp after close
Support more affine expression forms in im.point()
Include 'twine check' in 'make sdist'
Ensure that furthest v is set in quantize2
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Mitigate occurences where ':append' operator is used and leading
whitespace character is obviously missing, risking inadvertent
string concatenation.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6a87f2ba9c)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Mitigate occurence where ':append' operator is used and leading
whitespace character is obviously missing, risking inadvertent
string concatenation.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d25967208b)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backporting the version from master (1.50.1) would a big risk. So use the
version 1.46.6 which also includes fixes of bundled z-lib library.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The kernel_add_regdb should run before do_compile to make it take
effect.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
the commit addressing CVE-2022-41973 caused new QA errors due to
.so symlinks getting slurped into multipath-tools-libs:
QA Issue: non -dev/-dbg/nativesdk- package multipath-tools-libs
contains symlink .so '/usr/lib/libdmmp.so'
...
Fix this by making the new pattern for multipath-tools-libs package
more specific.
Signed-off-by: S. Lockwood-Childs <sjl@vctlabs.com>
It fixes CVE-2022-45062 in xfce4-settings 4.16.5.
CVE: CVE-2022-45062
$ git log --oneline xfce4-settings-4.16.2..xfce4-settings-4.16.5 | grep -v "Update translation"
83ea11cf Updates for release
f1cb5bda mime-settings: Properly quote command parameters
f7707d8b Revert "Escape characters which do not belong into an URI/URL
(Issue #390)"
b532324f Back to development
b9729c85 Updates for release
55e3c5fb Escape characters which do not belong into an URI/URL (Issue #390)
341443f8 Prefer full command when basic command is env (Fixes#358)
8d4106b3 Back to development
024399b1 Updates for release
af601e32 build: Fix intltool lock file problem during make distcheck
0875cfba xfsettingsd: Fix recursive lock in libX11 (Fixes#369)
20d866dc Back to developmen
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
[ alt summary
4.16.5 (2022-11-12)
======
- mime-settings: Properly quote command parameters
- Revert "Escape characters which do not belong into an URI/URL (Issue
4.16.4 (2022-11-07)
======
- Escape characters which do not belong into an URI/URL (Issue #390)
- Prefer full command when basic command is env (Fixes#358)
- Translation Updates:
Japanese, Portuguese, Russian
4.16.3
======
- xfsettingsd: Fix recursive lock in libX11 (Fixes#369)
- build: Fix intltool lock file problem during make distcheck
- Translation Updates:
Armenian (Armenia), Belarusian, Catalan, English (Canada), English
(United Kingdom), Estonian, Galician, Greek, Indonesian, Kazakh,
Korean, Lithuanian, Malay, Occitan (post 1500), Polish, Romanian,
Swedish
]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Distutils package and pipes are deprecated and slated for removal in Python 3.13 for Nodejs 16.18
Replaced distutils with setuptools
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
/dev/shm may have unsafe permissions. Use /run instead.
Use systemd's tmpfiles.d mechanism to create /run/multipath
early during boot.
For backward compatibilty, make the runtime directory configurable
via the "runtimedir" make variable.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-41973
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
tests/test_downloadutils.py::test_stream_response_to_specific_filename
requests_toolbelt/downloadutils/stream.py:161: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
if path and isinstance(getattr(path, 'write', None), collections.Callable):
Upstream-Status: Backport [7188b06330]
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
When cleaning the package during rebuild in base_do_configure()
'make clean' deletes docs/dool.1. This files comes from source repository
but can't be recreated using 'make docs'.
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Drop Openssl legacy provider patch and install both binaries patch
which are already available in 16.x
* Refresh native binaries patch against 16.x base
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Compile redis with full systemd support when the chosen init system is
systemd.
Enabling systemd supervision allows redis to communicate the actual
server status (i.e. "Loading dataset", "Waiting for master<->replica
sync") to systemd, instead of declaring readiness right after
initializing the server process.
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There is no need for these configs on their own and they would only mess
up the sechash and privdrop configs. To actually enable sechash one also
had to enable nss, and to enable privdrop one also had to enable libcap.
This also avoids passing --with-libcap if privdrop is enabled since the
option does not exist.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Support for readline was dropped in Chrony 4.2. Enabling the readline
PACKAGECONFIG would result in no suppport for command line editing as
only editline is supported and it would be disabled.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Switch from using DISTUTILS_*_ARGS to SETUPTOOLS_*_ARGS to correspond
with the earlier change to use setuptools3_legacy instead of distutils3.
Without this change, you will get the following error if your build host
does not have iptables installed:
Fixes:
ERROR: ufw-0.36.1-r0 do_compile: 'python3 setup.py build ' execution failed.
Log data follows:
| DEBUG: Executing shell function do_compile
| ERROR: could not find required binary 'iptables'
| ERROR: 'python3 setup.py build ' execution failed.
| WARNING: exit code 1 from a shell command.
ERROR: Task ([snip]/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb:do_compile) failed with exit code '1'
Also, although the build will not fail on a host that has iptables, it
could cause a problem if it is installed at a different path than where
OpenEmbedded's iptables will be installed on the target.
Fixes: 3e2ed1dcc0 ("ufw: port to setuptools, use setuptools_legacy")
Signed-off-by: Howard Cochran <howard_cochran@jabil.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2022-31676:
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege
escalation vulnerability. A malicious actor with local
non-administrative access to the Guest OS can escalate privileges as a
root user in the virtual machine.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-31676
Patch from:
70a74758bf
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade summary:
----------------
- drop 0002-configure-fix-a-cc-check-issue.patch, as it was replaced with
upstream commit https://github.com/net-snmp/net-snmp/commit/dbb49acfa2af
- drop 0001-snmpd-always-exit-after-displaying-usage.patch backport
- rebase net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch manually
- refresh patches with devtool to get rid of fuzz
Changelog:
----------
*5.9.3*:
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address
range.
- Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
Windows:
- WinExtDLL: Fix multiple compiler warnings
- WinExtDLL: Make long strings occupy a single line Make it easier to
look up error messages in the source code by making long strings
occupy a single source code line.
- WinExtDLL: Restore MIB-II support Make winExtDLL work on 64-bit
Windows systems") caused snmpd to skip MIB-II on 64-bit systems.
IF-MIB: Update ifTable entries even if the interface name has changed
At least on Linux a network interface index may be reused for a
network interface with a different name. Hence this patch that
enables replacing network interface information even if the network
interface name has changed.
unspecified:
- Moved transport code into a separate subdirectory in snmplib
- Snmplib: remove inline versions of container funcs".
misc:
- snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
*5.9.2*:
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bf4a826c7d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
License-Update : format of License file changed.
CVE-2022-0934.patch
deleted since it's included in 2.87.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 79ed6782a6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
