Changelog:
============
* Do not allow formatting LUKS2 with Opal SED (hardware encryption)
* Fixes to wiping LUKS2 headers after Opal locking area erase.
* Mention the need for possible PSID revert before Opal format for some
drives (man page).
* Fix Bitlocker-compatible code to ignore newly seen metadata entries.
* Fix interactive query retry if LUKS2 unbound keyslot is present.
* Detect unsupported zoned devices for LUKS header devices.
* Allow "capi" cipher format for benchmark command and fix parsing
of plain IV in "capi" format.
* Add support for HCTR2 encryption mode.
* Source code now uses SPDX license identifiers instead of full
license preambles.
* Fix missing includes for cryptographic backend that could cause
compilation errors for some systems.
* Fix tests to work correctly in FIPS mode with recent OpenSSL 3.2.
* Fix various (mostly false positive) issues detected by Coverity.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7916a5c55a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog:
==========
* Fix feh not respecting aspect ratio of thumbnails that are smaller than
--thumb-width and --thumb-height
* Fix --no-recursive behaving like --recursive
* Fix rotation by 180° corrupting images
* Speed up --sort=size and --sort=mtime by caching stat(2) calls
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2775cdb58c)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".
Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit
In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".
Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e87e51da49)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
ChangeLog:
- Fix musl C builds
- Many code cleanups
- Use atomic variables if available for signal related flags
- Dont rotate audit logs when auditd is in debug mode
- Fix a couple memory leaks on error paths
- Correct output when displaying rules with exe/path/dir
- Fix auparse lookup test to not use the system libaupaurse
- Improve auparse metrics
- Update auparse normalizer for recent syscalls
- Make status report uniform
Drop 0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch as
the issue has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f7e691ff43)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Bug fixes:
- fix C++ tests with recent kernels which introduced stricter reconfigure
behavior
- fix a use-after-free bug in python bindings
- fix passing the event clock property to line requests in python bindings
- fix a memory leak in tools
- make sure the string buffers in line-info and chip-info are big enough to not
truncate the strings they hold below the size accepted by the kernel
Dropped patch which is merged in the upstream
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9958590b70)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The OpenLDAP license is versioned. As such, listing the license as
simply "OpenLDAP" does not convey a complete picture of what license the
component is actually using.
Update the LICENSE variable to use the SPDX identifier for OpenLDAP
licenses, with the appropriate version number, "OLDAP-2.8".
Rename the license file for the OpenLDAP license to "OLDAP-2.8" from
"OpenLDAP".
Signed-off-by: Ethan Roderick <Ethan.Roderick@digi.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0bd728bfd9)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changes in 1.18.4
=================
Released: 2024-04-18
- Don't allow commandline arrays when the first commandline item starts with
whitespace or hyphen. (CVE-2024-32462)
- Do not store device access permission if it returned an error.
- Fix crash with config files without a default backend set.
Changes in 1.18.3
=================
Released: 2024-04-04
- Don't try to read D-Bus object properties of Request objects on construction.
- Fix various memory and file descriptor leaks.
- Minuscule optimization to the ScreenCast portal so that it stores restoration
data with a single D-Bus call, instead of two.
- Fix a crash in the OpenURI file when trying to open a non-existing file.
- Various smaller bug fixes.
Changes in 1.18.2
=================
Released: 2023-11-22
- Pass the token to the OpenURI portal and, when missing, an empty string.
- Fix various memory and file descriptor leaks in the Document portal.
- Make files and folders openend with the Document portal close properly. This
should fix cases where the Document portal prevented external devices from
unmounting, due to files inside them not getting closed after applications
stop using them.
- Implement FUSE getlk and setlk callbacks.This should enable using sqlite3
through the Document portal.
- Properly resolve fd symlinks before opening them with O_NOFOLLOW.
- Fix cases where the portal id is assumed to match the .desktop file name.
- Allow sending directories in the file transfer portal. This should make it
possible to, among other things, drag and drop folders and files simultaneously
from and to sandboxed applications.
- Fallback to a hardcoded check to xdg-desktop-portal-gtk in the absence of any
other portal or configuration file, as a last resort mechanism.
- Various smaller fixes to the build system.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9e57692e9f)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Fix a build error caused by a missing build directory. This is already
fixed in cockpit 344 and newer so backport the fix.
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The branch used in the SRC_URI got deleted, and the used revision is
detached from all branches. Use nobranch tag in the SRC_URI to avoid
fetching failures.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Since this file is downloaded and upstream does not version it on changes
we have to ensure that we store the versions in DL_DIR and also ensure they
do not step on each other
Fixes
stdio: WARNING: unicode-ucd-14.0.0-r0 do_fetch: Checksum mismatch for local file /srv/autobuilder/valkyrie.yocto.io/current_sources/license.txt
stdio: WARNING: unicode-ucd-14.0.0-r0 do_fetch: Renaming /srv/autobuilder/valkyrie.yocto.io/current_sources/license.txt to /srv/autobuilder/valkyrie.yocto.io/current_sources/license.txt_bad-checksum_f7830d126f59d83842565d3dddedc79db4ca978ed52aee0ebcc040ea76a85519
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 830535e5b6)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This is downloaded and does not have version, so we have to
update it whenever upstream update it. The copyright year
is changed this time.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6121f2907a)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Switch to https protocol to avoid fetching failures (anonymous fetching
with git protocol is not available anymore on this server).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The commit from the recipe got detached from the master branch - use nobranch to
avoid fetching failure.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The previous url stopped working, switch to the same host
that's used in the master branch also.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Wang Mingyu
Ankur Tyagi
Yi Zhao
Armin Kuster
Shinji Matsunaga
Bartosz Golaszewski
Ethan Roderick
Jason Schonberg
Markus Volk
Paul Le Guen de Kerneizon
Leonard Anderweit
Gyorgy Sarvari
Khem Raj