This upgrade contains a fix for CVE-2024-47175.
Changelog:
2.1.1:
-pdftops: Use Poppler for a few old Epson laser printers This
works around documents being printed off-centre, shifted towards
the top right. Affected are printers using epsoneplijs:
EPL-5700L, EPL-5800L, EPL-5900L, EPL-6100L, EPL-6200L.
-Fixed bugs discovered by static analyzer OpenScanHub Possible
buffer overflows, uninitialized memory, format string issues
and resource leaks, ...
-Fix crash bugs in ppdLoadAttributes() When parsing the
"*cupsFilter(2): ..." lines in the PPD file use memmove() instead
of strcpy() as the latter does not support handling overlapping
memory portions and do not move running pointer beyond the end
of the input string.
2.1.0:
-Prevent PPD generation based on invalid IPP response Overtaken
from CUPS 2.x: Validate IPP attributes in PPD generator, refactor
make-and-model code, PPDize preset and template names, quote PPD
localized strings. Fixes CVE-2024-47175.
2.1b:
-Added support for libcups3 (libcups of CUPS 3.x) With these changes
libcupsfilters can be built either with libcups2 (libcups of CUPS 2.x)
or libcups3 (libcups of CUPS 3.x).
-Prefer PDF again in PPDs for driverless printers PDF works better with
finishing, especially combinations of multiple copies, collation, and
stapling/binding.
-Use 0.5mm as tolerance when comparing page sizes For the PWG two page
sizes are considered the same when the dimensions differ no more than
0.5 mm, libppd used too tight tolerances.
-PPD generator: Check for required attributes when choosing input format
Check for PCLm and PWG the minimum of attributes which we require
during PPD generation.
-ppdLoadAttributes(): Improve check whether parameters are integer
-ppdLoadAttributes(): Fix crash when page size could not get determined
-Fix crash if there is no page size for "Custom"
-Fix crash when incoming *ptr is NULL
-libcups2 compatibility: Use proper CUPS array callback function types
Fixed CUPS array function call in libcups2 compatibility layer
-Build system: Fix failure to correctly link to zlib Look up zlib
properly with pkg-config
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade contains fixes for the following vulnerabilities:
CVE-2025-43961, CVE-2025-43962, CVE-2025-43963 and CVE-2025-43964
Also drop two old CVE_STATUS entries which are not needed anymore,
because the database has been updated with correct info.
Changelog:
https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2022-3734 only affects Windows.
CVE-2022-0543 affects only packages that were packaged for Debian and
Debian-derivative distros.
Neither of these issues is present in upstream Redis.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
6.2.19:
(CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
(CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
6.2.20:
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade includes fixes for the following vulnerabilities:
CVE-2025-31176
CVE-2025-31178
CVE-2025-31179
CVE-2025-31180
CVE-2025-31181
This release supports qt4, qt5 and qt6 (the last one is new in this release).
There are 2 qt PACKAGECONFIGs now: qt5 and qt6 - they are mutually exclusive.
Since it is being touched, also fix lua PACKAGECONFIG, which requires lua-native
at build time.
Changelog:
http://gnuplot.info/ReleaseNotes_6_0_3.html
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upgrade contains fixes for the following vulenrabilities:
CVE-2025-8835, CVE-2025-8836, CVE-2025-8837
Changelog:
4.2.8:
Fixed a bug in the JPC decoder that could cause bad memory accesses
if the debug level is set sufficiently high.
4.2.7:
Added some missing range checking on several coding parameters in the
JPC encoder.
4.2.6:
Added a check for a missing color component in the jas_image_chclrspc
function.
Fixed a minor build problem related to the use of -Wstrict-prototypes
with Clang.
4.2.5:
Made a change to a configuration header file in order to avoid
undesirable compiler warnings when JasPer is used in C++ code
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs are for iperf3 - which is a similar application in its goals (and name),
but an independent project from this, and the projects are independent implementations
also, they share no common code.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This release contains fixes for the following vulnerabilities:
CVE-2025-53014, CVE-2025-53015, CVE-2025-53019, CVE-2025-53101,
CVE-2025-55004, CVE-2025-55005, CVE-2025-55154, CVE-2025-55160,
CVE-2025-55212, CVE-2025-55298, CVE-2025-57803, CVE-2025-57807
Also remove jp2 PACKAGECONFIG: it was superseded by openjpeg
PACKAGECONFIG, which also provides jpeg 2000 support.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It's an optional dependency for pandas to provide ODS reader
and writer support. It complements spreadsheet support along
with python3-xlrd and python3-openpyxl, both of which are
part of meta-python already.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.25:
- Bump minimum Python version to 3.11
- Upgrade code to Python 3.11
- Move to pixi/uv/ruff
- Refactor compat to make it easier to test
- Implemented several pixi environment and tasks to simplify
development
- Add docs to the functions in pint.testing
- Fix round function returning float instead of int
- Fix return type of PlainQuantity.to
- Update constants to CODATA 2022 recommended values
- Fixed issue with .to_compact and Magnitudes with uncertainties
/ Quantities with units
- Fixed issue in unit conversion which led to loss of precision
when using decimal
- Add conductivity dimension
- Add absorbance unit and dimension
- Add membrane filtration flux and permeability dimensionality,
and shorthand "LMH"
- Fix find_shortest_path to use breadth first search
- Fix typo in pyproject.toml: rename AS_MIP to HAS_MIP so that
MIP support is correctly detected
- Fix handling of extra arguments in conversion with enabled
contexts
- Fix swapped left and right arguments in interp
- Fix formatted scientific notation bug in Python 3.13
- Fix ability to add dB units, and to add dB (dimensionless) to
referenced dB units, such as dBm or dBW
- Improve pressure unit definitions in default definition file
- Avoid and document known issues with MIP during install, testing
and runtime
- Fix issue with Dask by restricting its version to < 2025.3.0
- Skip false xfail tests linked to a known numpy issue
- Improve Contributing documentation
- Add Quantity.to_unprefixed` and `ito_unprefixed methods that
remove SI prefixes without converting to base units
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.3.92:
- Implement servo.inertia_feedforward for calculating a feedforward
term based on the control acceleration
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.8.0:
- Drop tomli in pyproject.toml
- Add scene status (active + last_recall) fields
- Update various models
- Add a few missing models to complete MotionAware
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.21.0:
- The reusable-cibuildwheel.yml workflow has been refactored to be
more generic and ci-cd.yml now holds all the configuration toggles
- When building wheels, the source distribution is now passed
directly to the cibuildwheel invocation
- Added CI for Python 3.14
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added a new patch to avoid unexporting some environment variables that are set
by the recipe explicitly, to avoid the following build error:
| Loading env...
| 'bootstrap-emacs' -batch --no-site-file --no-site-lisp -batch -l ja-dic-cnv \
| -f batch-skkdic-convert -dir "../../sources/emacs-29.2/leim/../lisp/leim/ja-dic" --no-reduction "../../sources/emacs-29.2/leim/SKK-DIC/SKK-JISYO.L"
<...>
| Error: <RECIP_SYSROOT_NATIVE>/usr/share/emacs/29.2/etc/charsets: No such file or directory
Changelogs:
29.2 - 29.4: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS.29
30.1 - 30.2: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS.30
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Gyorgy Sarvari
Soumya Sambu
Zoltán Böszörményi
Leon Anavi
Dmitry Baryshkov
Jason Schonberg
Tom Geelen