Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887
The vulnerability is about the default (example) configurations,
which place cache files into the /tmp folder, that is world-writeable.
The recommendation would be to place them to a more secure folder.
The recipe however does not install these example configurations,
and as such it is not vulnerable either.
Just to make sure, patch these folders to a non-tmp folder
(and also install that folder, empty).
Some more discussion about the vulnerability:
https://bugzilla.suse.com/show_bug.cgi?id=48161
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dd81ffdb68)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
While using devtool to check available versions, I noticed a 301 http error.
Specifically :
$ devtool latest-version libxfce4ui
Resolving archive.xfce.org (archive.xfce.org)... 217.70.191.87
Connecting to archive.xfce.org (archive.xfce.org)|217.70.191.87|:80... connected
.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://archive.xfce.org/src/xfce/libxfce4ui/4.20/ [following]
With this patch, we change to make the SRC_URI an https request.
A similar patch is already in master - commit 8089168196
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
oe-core has a newer version of xserver than this recipe used to compile
TigerVNC with. This recipe updates xserver to the same version, 21.1.18.
TigerVNC only started to support this xserver version 2 versions later,
with 1.13. Due to this 3 commits were backported that add the missing
changes.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Pick patch from PR in NVD report.
It is the only code change in 33.5 release.
Skip the test file change as it's not shipped in python module sources.
Resolve formatting-only conflict.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-38394
The CVE has the disputed flag. The project maintainers claim that the issue
is not in gnome-setttings-daemon. If the vulnerability needs to be handled
in gnome-settings-daemon, than it is a new feature rather than a vulnerability fix.
Due to this, ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67268
Pick the patch that is referenced by the NVD advisory.
The original commit also contains a lot of commenting style
changes (// vs /* */) and whitespace changes which were removed from
the backport.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
I just put it on the ignore list.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
- Add "Open with" right click item and dialog
- Add a command-line option for setting default sort method
- Add Ctrl+A accelerator for the treeview
- Add option to show file size in binary or decimal
- Cosmetic changes for search entry and delete dialog
- Fix Ctrl+H not always toggling hidden files
- Fix DE detection when launched from Electron apps
- Fix exo file manager lookup for non-existent keys
- Fix file manager lookup outside of Xfce
- Fix GNOME DE detection in Ubuntu
- Improve application menu appearance
- Improve default width for the sidebar
- Prepend the project root directory to sys.path
- Support running without Xfconf (no preference saving)
- Switch to using the super() method
- Use correct executable for elementary Files
- Translation Updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix releases. Note that there were no 42.3 and 42.4 releases.
42.6:
* Fix crash when pasting invalid clipboard data. CVE-2022-37290
42.5:
* Really fix the cropped compress format popover on X11
* Fix behavior inconsistencies with new tabs
* Fix memory leaks and missing signal disconnections
* Translation updates
42.2:
* Close broken link message dialog on response
* Fix crash when opening new window from pathbar
* Fix remote filesystem check
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
1.50.7:
* client: Prevent returning invalid mount cache entries
* dav: Fix authentication issues when DNS-SD URIs are used
* nfs: Fix IPv6 URI handling
* sftp/ftp: Ensure that is-symlink is always set to avoid warnings
* Translation updates
1.50.6:
* udisks2: Disconnect signal handlers to fix crashes when unmounting
* fuse: Include missing locale.h header
* Translation updates
1.50.5:
* smbbrowse: Fix empty device listing after unrelated mount failure
* udisks: Fix missing unmount notifications
* trash: Fix nfs4 and cifs monitoring
* smb: Allow renaming a file to the same name with a different case
* mtp: Emit delete event on device disconnection
* trash: Fix wrongly reported item-count
* Some other fixes and improvements
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
When gstreamer PACKAGECONFIG is enabled, packaging fails with the following error:
ERROR: gtk4-4.6.9-r0 do_package: QA Issue: gtk4: Files/directories were installed but not shipped in any package:
/usr/lib/gtk-4.0/4.0.0/media/libmedia-gstreamer.so
Fix it by packaging this file also.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
4.8.3:
* Adds support for more Pango font-variants
* Style updates to solarized-dark, solarized-light
* Language updates to lean, rst, c, gtk-doc, javascript, and json
* Translation updates
4.8.4:
* Style updates to kate, classic, tango
* Language updates to vala, python3, c, cuda, latex
* Add unit tests for language specs
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
4.6.9:
* GtkText:
- Prevent unexpected notify::direction emissions
* Wayland:
- Fix button masks
* X11:
- Fix some ordering problems with surface destruction
* Translation updates
4.6.8:
* Input:
- Fix problems with input method interactions that caused
dead keys not to work
* GtkText:
- Respect the no-emoji input hint fully
* GtkNotebook:
- Fix an infinite loop in accessibility code
- Event handling fixes
* GtkFileChooser:
- Restore ~ and .functionality
* GtkTreeView:
- Event handling fixes
* GtkTreeListModel:
- Prevent possible crashes with collapsed nodes
* GtkGridView:
- Fix issues with rubberband selection
* GtkEmojiChooser:
- Fix navigation with arrow keys when filtered
* GtkPopover:
- Fix problems with focus when dismissing popovers
- Fix problems with focusing editable labels in popovers
* GtkStackSidebar:
- Improve accessible presentation
* Wayland:
- Make gtk_launch_uri more robust
- Make monitor bounds handling more robust
- Prevent shrinking clients due to wrong toplevel bounds
* Flatpak:
- Fix file DND with the FileTransfer portal
* Translation updates
4.6.7:
* Miscellaneous memory leak fixes
* GtkTreeView:
- Fix a problem with DND
- Fix a problem with row selection
* GtkTreePopover:
- Support scrolling
* GtkGridView:
- Fix issues with rubberband selection
* GtkSnapshot:
- Make GtkSnapshot work from bindings
* X11:
- Fix preferred action for DND
* Windows:
- Fix DND
* Translation updates
4.6.6:
* Fix translations in GTKs own ui files
* Wayland:
- Fix a problem with the activation protocol
- Don't force the HighContrast icontheme
* Windows:
- Fix a problem with builtin icons if the
hicolor icontheme is not installed
* Translation updates
4.6.5:
* GtkFileChooser:
- Fix pasting text into the name field
* GtkText:
- Remove an assertion that is sometimes hit
* Wayland:
- Ensure that our cursor surfaces don't violate
protocol constraints
* Accessibility:
- Fix a problem in the accessibility tree
* Translation updates
4.6.4:
* GtkFileChooser:
- Fix select button sensitivity in select_folder mode
- Fix some fallout from list model porting
* GtkListView, GtkColumnView:
- Optimize scrolling
* print-to-file:
- Handle nonexisting files better in the dialog
* Avoid infinite loops in size allocation
* CSS:
- Optimize a case of reparenting that is important in GtkListView
* GSK:
- Check for half-float support before using it
* Wayland:
- Ignore empty preedit updates This fixes a problem with
textview scrolling
- Freeze popups when hidden. This addresses a frame rate drop
* Translation updates
4.6.3:
* GtkOverlay:
- Bring back positional style classes
* GtkFileChooser:
- Prevent unwanted completion popups
- Fix small problems in save mode
- Fix buildable suport of GtkFileFilter
* GtkPopover:
- Fix button positions in right-to-left locales
* GtkLabel:
- Fix small issues with link handling
* Tooltips:
- Don't restrict the minimum tooltip length
* Theme:
- Don't use opacity for overlay scrollbars
- Fix selection text color in vertical spin buttons
* GSK:
- Accept textures that are generated by webkit
- Align offscreen rendering to the pixel grid
* Accessibility
- Fix a crash in startup when orca is running
* Input:
- Fix display changes in GtkIMMultiContext
- Fix activating on-screen keyboards
- Always propagate hold events in GtkEventControllerScroll
* Windows:
- Fix a critical warning in clipboard handling
- Report serial numbers for events
* MacOS:
- Prevent fullscreen transition reentrancy
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix release. Note that there were no other intermediate point releases
between these two versions.
Drop patch that is included in this release.
Release notes:
This release includes a fix for the broken GNOME Extensions link and
several translation updates.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
- Translation updates
- window: Use a normal menu for the popup menu
- regex: Fix path-less URL recognition
- Revert "regex: Workaround a PCRE bug resulting in not recognizing schemeless URLs"
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix releases.
Changelog:
42.9
====
* Misc. bug fixes and cleanups
42.8
====
* Lower OOM score of gnome-shell process
* Fixed crash
* Plugged leak
* Misc. bug fixes and cleanups
42.7
====
* Properly apply saved shortcuts inhibition permissions
* Don't let wayland popovers block overview
* Misc. bug fixes and cleanups
42.6
====
* Fix remembering inhibit-shortcut permission for multiple apps
* Forward TERMINAL input purpose to ibus
* Fix default keyboard layout during initial setup
* Fix tracking of newly installed apps
* Misc. bug fixes and cleanups
42.5
====
* Fix initial selection in switch-monitor popup on desktop
* Improve handling of recurring events
* Prevent SignalTracker from leaking objects
* Work around pipewire regression for screencasts
* Fix initial input source order
* Fixed crash
* Plugged leak
* Misc. bug fixes
42.4
====
* Fix adding suggestions from on-screen keyboard
* Allow extension updates with only Extension Manager installed
* Only load extensions that support the current session mode
* Fix logging in with realmd
* Tweak access portal dialog
* Improve overview animation performance
* Fix remembering set up bluetooth devices
* Plugged leak
* Misc. bug fixes and cleanups
42.3.1
======
* Fix regression in ibus support
* Make sure screenshot UI opens above dialogs
* Misc. bug fixes and cleanups
42.3
====
* Fix feedback when turning on a11y features by keyboard
* Fix OSD colors with light stylesheet
* Only close messages via delete key if they can be closed
* Fix screenshots when XDG directories are disabled
* Do not create systemd scope for D-Bus activated apps
* Improve high-contrast stylesheet
* Hide overview after 'Show Details' from app context menu
* Fix stylesheet papercuts
* Respect IM hint for candidates list in on-screen keyboard
* Fix edge case where windows stay dimmed after a modal is closed
* Improve Belgian on-screen keyboard layout
* Fix fallback ibus-daemon launching
* Misc. bug fixes
42.2
====
* Align space-padded times in world clocks
* Fix top bar menus on lock screen
* Fix on-screen keyboard gestures
* Fix focus tracking in magnifier on wayland
* Misc. bug fixes
42.1
====
* Limit unfullscreen gesture to not interfere with overview
* Properly hide the second (real) cursor when magnified
* Fix various style glitches
* Fix creating default application folders
* Fix switching monitor configuration
* Add Home/End keynav in app grid
* Handle monitor changes during startup animation
* Fix fractional timezone offsets in world clock
* Default to right text-align in RTL locales
* calendar: Fix alignment of world clocks header in RTL
* Rely on symbolic icons instead of 'HighContrast' icon theme
* Fix moving windows from secondary monitor to non-active workspace
* Make sure startup animation completes
* Fix Swiss on-screen keyboard layouts
* Add Austrian-German on-screen keyboard layout
* Fix on-screen keyboard in modal dialogs and lock screen
* Fix menus in pad OSD
* Sync default colors with libadwaita
* Fix grab regressions when entering overview
* Scale calendar with text size
* Allow more intermediate icon sizes in app grid
* Fixed crash
* Plugged memory leak
* Misc. bug fixes and cleanups
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
- Translation updates
- Drop direct uses of GSlice
A11y-settings:
- Enable toolkit-accessibility when using the magnifier
Xsettings:
- Simplify fetching string for an enum value
- Remove direct mapping from gtk-im-module to Gtk/IMModule
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bug fix release.
https://gitlab.gnome.org/GNOME/gnome-desktop/-/blob/42.10/NEWS
Changelog:
Version 42.10
- Updated translations
Version 42.9
- No changes
Version 42.8
- No changes
Version 42.7
- No changes
Version 42.6
- No changes
Version 42.5
- Translation updates
Version 42.4
- No changes
Version 42.3
- No changes
Version 42.2
- Don't try to use bubblewrap inside snaps
Version 42.1
- Fix build_gtk4 option
- Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Jason Schonberg
Rohini Sangam
Vijay Anusuri
Peter Marko
zhengruoqin