Update CVE status for: CVE-1999-0289, CVE-2007-0450, CVE-2010-0425
The current version (2.4.6) is not affected. It only applies for Windows.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Current version (1.6.9) is not affected. Issue was addressed in version 1.3.0
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Current version (392) not affected. This was fixed in version X11R5-fix-26 (R11R6 from 1994)
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This issue shows up with upcoming glibc-2.40+ where
clang fortify support has been enhanced significantly.
Set CLEANBROKEN since it does not recover from a dirty tree
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE's Fixed by upgrade:
CVE-2024-36387 apache2/httpd: DoS by null pointer in websocket over HTTP/2
CVE-2024-38472 apache2/httpd: UNC SSRF on WIndows
CVE-2024-38473 apache2/httpd: Encoding problem in mod_proxy
CVE-2024-38474 apache2/httpd: Substitution encoding issue in mod_rewrite
CVE-2024-38475 apache2/httpd: Improper escaping of output in mod_rewrite
CVE-2024-38476 apache2/httpd: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
CVE-2024-38477 apache2/httpd: null pointer dereference in mod_proxy
CVE-2024-39573 apache2/httpd: Potential SSRF in mod_rewrite
Other Changes between 2.4.59 -> 2.4.60
======================================
https://github.com/apache/httpd/blob/2.4.60/CHANGES
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
PipeWire 1.2.0 (2024-06-27)
This is the 1.2 release that is API and ABI compatible with previous
1.1.x and 1.0.x releases.
This release contains some of the bigger changes that happened since
the 1.0 release last year, including:
* Support for asynchronous processing has been implemented. Nodes can choose
(or be forced) to be scheduled asynchronously. The graph will not wait for
the output of the node to continue processing but it will use the output
of the previous cycle (or silence) instead. This adds one cycle of latency
but it can avoid having some nodes blocking the processing graph. Non realtime
streams and filters now also use this asynchronous processing instead of
their own slightly broken version.
* The concept of node.sync-group was added. This groups nodes with overlapping
sync-group together when one of them sets the node.sync = true. This is now
used to make sure all nodes are scheduled together when JACK transport is
started so that they all see the same transport time.
* Config parsing errors are reported earlier and much better with line and
column numbers where the parsing started to fail.
* Add support for mandatory metadata when negotiating buffer parameters. This
can be used to only negotiate extra buffer planes when certain metadata is
negotiated. One use case is the explicit sync support that requires 2
extra fds for the timelines.
* Explicit sync metadata and support was added.
* Support was added for making and using multiple data-loops in the server
and clients. Support for CPU affinity and priorities was added to the
data-loops as well.
* The log topic debug levels can now be changed at runtime with metadata.
The log levels in the pulse server can be dynamically changed with a
/core message.
* The UCM conflicting devices patches were merged.
* Add snapcast-discover module to stream to snapcast servers.
* Rework how peers are linked and the counters are updated. Resume the
peers when a node is unlinked and not yet processed. This should cause
less occasional dropouts in the graph when reconnecting things.
* Many GStreamer element updates.
* Many more fixes and improvements.
Enjoy the summer vacation!
Highlights (since the previous 1.1.83 release)
- Small fixes here and there.
PipeWire
- Compilation fixes after enabling -Werror=float-conversion
Modules
- The module-rtp-sap now propagates the cleanup.sec property to the
rtp-source and the rtp-source now sets a property with the receiving
status.
- Fix for ROC 0.3, explicitly specify sender encoding. (#4070)
- Some fixes to the RAOP sink module, including a format fix for 32 bit
machines.
Tools
- Fix pw-cli monitoring code.
SPA
- Revert peer_enum_params again because it was not used and flawed.
- Fix multichannel processing in webrtc AEC.
GStreamer
- Logging improvements.
- Fix a race in the bufferpool activation.
Bluetooth
- Improvements to BAP broadcast code parsing.
Older versions:
PipeWire 1.1.83 (2024-06-17)
This is the third and hopefully the last 1.2 release candidate that is
API and ABI compatible with previous 1.0.x releases.
Some last minute changes went in to clean up the node activation and
scheduling that justify another pre-release.
Highlights
- Rework how peers are linked and the counters are updated. Resume the
peers when a node is unlinked and not yet processed. This should cause
less occasional dropouts in the graph when reconnecting things.
- Improve xruns in module-ffado.
- Many GStreamer element updates.
- More fixes and improvements.
PipeWire
- Rework how peers are linked and the counters are updated. Resume the
peers when a node is unlinked and not yet processed. This should cause
less dropouts in the graph when reconnecting. (#4026)
- Improve debug of xruns.
- Evaluate node.rules and device.rules before loading the plugin so that
extra properties can be passed to the plugin init function.
Modules
- Improve timing reporting in module-ffado some more.
- Prealloc less memory in the profiler by default.
- Improve xrun handling in module-ffado.
Tools
- Fix a crash in pw-link when a link fails.
- Fix pw-dump update for metadata. (#4053)
SPA
- Improve handling of controls. (#4028)
- Fix the string size in v4l2 to hold the device and vendor id.
- Support meta_videotransform on buffers in v4l2. This can be used to
signal that the buffer was rotated for example.
- Add HDMI/AC3 profile to ALSA when supported.
- Make it possible to disable the webrtc dependency
GStreamer
- Improve caps handling in the elements.
- Set buffer duration when we can.
- Post an element error when all the elements buffers are removed.
(#1980)
- Improve DMA_DRM caps selection.
- Some refactoring work.
- Improve state handling in the elements.
JACK
- Improve how links are activated.
- Fix some races when freeing memory.
Bluetooth
- Support multiple BIS in the broadcast source.
PipeWire 1.1.82 (2024-05-24)
This is the second 1.2 release candidate that is API and ABI
compatible with previous 1.0.x releases.
Not so many things needed to be fixed so this might already be the
last prerelease if everything goes well...
Highlights
- Fix problem when moving nodes that could cause nodes to be scheduled
wrongly and cause errors. (#4017)
- Add snapcast-discover module to stream to snapcast servers.
- Work around wrong kernel provided MTU for USB controllers.
- Fix some spelling mistakes all over the codebase.
- More small fixes and improvements.
PipeWire
- Remove the private cleanup.h header and use the public SPA version.
- Fix problem when moving nodes that could cause nodes to be scheduled
wrongly and cause errors. (#4017)
Modules
- Handle IPv6 in module-protocol-simple and support port allocation.
- Add snapcast-discover module to stream to snapcast servers.
Bluetooth
- Work around wrong kernel provided MTU for USB controllers.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
WirePlumber 0.5.5
Highlights:
Hotfix release to address crashes in the Bluetooth HSP/HFP autoswitch
functionality that were side-effects of some changes that were part
of the role-based linking policy (#682)
Improvements:
wpctl will now properly show a '*' in front of sink filters when they are
selected as the default sink (!660)
Past releases
WirePlumber 0.5.4
Highlights:
Refactored the role-based linking policy (previously known also as
"endpoints" or "virtual items" policy) to blend in with the standard desktop
policy. It is now possible use role-based sinks alongside standard desktop
audio operations and they will only be used for streams that have a
"media.role" defined. It is also possible to force streams to have a
media.role, using a setting. Other features include: blending with smart
filters in the graph and allowing hardware DSP nodes to be also used easily
instead of requiring software loopbacks for all roles. (#610, !649)
Improvements:
Filters that are not declared as smart will now behave again as normal
application streams, instead of being treated sometimes differently (!657)
Fixes:
Fixed an issue that would cause WirePlumber to crash at startup if an
empty configuration file was present in one of the search paths (#671)
Fixed Bluetooth profile auto-switching when a filter is permanently linked
to the Bluetooth source (!650)
Fixed an issue in the software-dsp script that would cause DSP filters to
stay around and cause issues after their device node was destroyed (!651)
Fixed an issue in the autoswitch-bluetooth-profile script that could cause
an infinite loop of switching between profiles (!652, #617)
Fixed a rare issue that could cause WirePlumber to crash when dealing with
a device object that didn't have the "device.name" property set (#674)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upstream project now has a version scheme and migrated to meson.
A weak dependency on musl has been upstreamed too.
Adjust the recipe accordingly.
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adapt the compile 'test' phony target from Makefile and deploy as
ptest for unbound.
All test are successful on a trial and took around >9min and <10min.
Duration of ptest execution was 587 seconds on an average.
Signed-off-by: rajmohan r <semc.2042@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We need to patch the standalone libfts detection as it currently looks for
fts-standalone, which is what Gentoo renames musl-fts to.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Release notes page name changed from releases to release_notes
- Provide explicit __all__ exports for providers in web3/providers/__init__.py;
update web3/__init__.py to include all provider classes including base classes.
- Created ABIError type in the web3.types module and added as a valid type of ABIElement.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Resolve DeprecationWarnings when extracting twine metadata.
- Fix bug for Repository URLs with auth where the port was lost.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Expose PEP-484 typing stubs, thanks to Rodion Kosianenko and GoodWasHere
License-Update: Copyright year updated to 1.18
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Remove python 3.8 from CI
- Log comm retries.
- Solve serial unrequested frame.
- test convert registers with 1234....
- Fix writing to serial (rs485) on windows os.
- Remember to remove serial writer.
- Update client.rst
- Fix usage file names
- Show error if example is run without support files.
- Solve pylint error.
- Describe zero_mode in ModbusSlaveContext.init
- Datastore will not return ExceptionResponse.
- call async datastore from modbus server
- Transaction id overrun.
- Add minimal devcontainer.
- Sphinx: do not turn warnings into errors.
- Fix usage of AsyncModbusTcpClient in client docs page
- Bump actions CI.
- Request/Response: change execute to be async method
- datastore: add async_setValues/getValues methods
- fixed kwargs not being expanded for actions on bit registers, adjusted tests to catch this issue
- Clean datastore setValues.
- modbus_server: call execute in a way that those can be either coroutines or normal methods
- Streamline message class.
- Fix decode for wrong mdap len.
- SOCKET/TLS framer using message decode().
- ASCII framer using message decode()
- Add generate_ssl() to TLS client as helper.
- add _legacy_decoder to message rtu
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Fix new interface from pbs_installer regarding build_dir and best match
auto-install strategy for pdm use (same as for pdm python install --list)
- Fix crash when pdm is used with importlib-metadata version 8.0.
- Add --no-extras to pdm export to strip extras from the requirements.
Now the default behavior is to keep extras.
- Support PEP 723: running scripts with inline metadata in standalone
environment with dependencies.
- pdm use and pdm python install now take requires-python into account
(incl. from pyproject.toml) if python version not specified and pdm use
provides auto installation by that.
- --no-isolation no longer installs build-requires nor dynamic build
dependencies, to be consistent with pip.
- Add notifiers in CLI output when global project is being used.
- Use tool.pdm.resolution table when calculating the content hash of project
file, previously only overrides table was used. This will change the hash
already stored in the lockfile, so bump the lockfile version to 4.4.2.
- Add max retries on read timeout or bad connection.
- Don't update local files if they don't change.
- Don't list python versions that don't have any installation link for the
current platform.
- Clarify the purposes of pdm outdated and --unconstrained option.
- Some clarifications on the interpreter selection and central package cache.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Test fails due to change in Numpy API
- Excel is very fussy about the version number
- Poor perfomance when reading workbooks with lots of named styles
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- bugfix for call to structured_traceback
- fixed honoring custom repr for NamedTuple if assigned by partialmethod
- Convert matplotlib gui name in enable_gui
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Wheel build exclude for pp37
- Build wheels for aarch64 to allow use in embedded systems
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
- Remove deprecated positional arguments
- Add timeframe to warning about using find_first_match without ensure_strategy
- Split release flow into two jobs (build/publish)
- Use correct depth argument for checkout action
- Add artifacts group to dependabot config
- Extend PEP440 to include (_/-) as dev/post/pre-release separator
- Allow local version for PEP440
- Update demo to trigger on input
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Lisence-Update: Copyright year updated to 1.13.2
Changelog:
=============
- Improve computed column compare function to support multi-line expressions.
- Fixed bug in alembic command stdout where long messages were not properly
wrapping at the terminal width.
- Fixed internal issue where Alembic would call connection.execute() sending
an empty tuple to indicate "no params". In SQLAlchemy 2.1 this case will be
deprecated as "empty sequence" is ambiguous as to its intent.
- Fixes to support pytest 8.1 for the test suite.
- Fixed the detection of serial column in autogenerate with tables not under
default schema on PostgreSQL
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Import os.link conditionally to fix importing on android. #175
- Remove spurious items from aiofiles.os.__all__ when running on Windows.
- Switch to more modern async idioms: Remove types.coroutine and make AiofilesContextManager an awaitable instead a coroutine.
- Add aiofiles.os.path.abspath and aiofiles.os.getcwd. #174
- aiofiles is now tested on Python 3.13 too. #184
- Dropped Python 3.7 support. If you require it, use version 23.2.1.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
