| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
- SECURITY FIX CVE-2025-14550
- Fixed a regression in 3.11.0 in "sync_to_async" when wrapping a callable
with an attribute named "context".
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- 282 new ATRs
- pcsc_scan: display what the program expect from the user
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- mstpctl: add showportparams cmd
- bridge-stp.in: use short-hand arguments for logger command
- bridge-stp.in: support different versions of pidof
- mstpctl-utils-functions.sh: fix shellcheck warnings
- Update bridge_track.c
- netif_utils: fix speeds > 65G
- ifupdown.sh.in: fix new shellcheck warnings
- libnetlink: fix socket file descriptor leak on error paths
- fix compilation for with GCC 15 / C23
- do not leak stack memory via struct holes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
- os_stub/openssllib: Allow building with older OpenSSL versions
- Ignore MSVC warning when compiling OpenSSL
- Bring fixes from main to 3.8
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
=========
* Reduce stack usage.
* Documentation fixes.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- fix copyright typo
- Fix encoding (iso-8859 -> utf-8) and add GL CI config
- config.h.in: Fix wrong return type
- Update master from devel branch
- Pull in latest development changes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Improve as_date narrowing conversion from C4244 warning
- update trait dependencies to support CMake v4
- Fix linter error
- Update workflows for new GitHub Action Runner Images
- Support passing ssl library key handles to algorithms
- Update CMP0135 to new behaviour
- Fix error in CMake config-file package
- CMake: synchronize cmake_minimum_required from main CMakeLists.txt
- Reduce usage of std::time_t, std::chrono::system_clock::to_time_t and
system_clock::from_time_t in order to get correct dates when working with a
32bit application
- Fix set_expires_in not accepting non-default Period
- AppVeyor Warnings
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
* Annotations: draw a background behind annotations; align to the right
when they fit (e.g. for diagnostics)
* GObject Introspection: fix nullable and callback destroy annotations
(get_location, get_match_style, scheduler, callbacks)
* Fix gutter text renderer text layout snapshot deprecation
* PHP language: highlight PHP 8.0 attributes and add new keywords
* New language: Cornish
* Translation updates
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
- Fix afskmdm shutdown issues
- Fix a crash if gensio_acc_disable() is called more than once.
- Allow the pcre2 package to be used.
- Fix a locking issue in cm108gpio.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
* Support DOS-style \r\n line breaks when loading filelists. Note that
they will be saved with UNIX-style \n line breaks regardless of input
format. This is intentional.
* Fix --action, --info, --title and similar commands hard-coding the
maximum length of the formatted output to 4095 characters.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: Copyright year updated to 2026.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: Copyright year updated to 2025.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=============
- Added Share Name character check.
- Implemented cmake package version checking.
- Fixed broker tool not delivering all retained messages when wildcard
subscription matches multiple topics.
- Added get_qos2_publish_handled_pids(), restore_qos2_publish_handled_pids(),
restore_packets(), and get_stored_packets() to client for convenient.
- get_endpoint() can be omitted now.
- Refined reconnect examples.
- Added websocket async_close timeout.
- Added documentation regarding stream reuse restrictions for TLS-related
streams.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- Fix license checksum: Copyright year has been changed
- Add support for av1 and jxl
- libavif is in meta-multimedia -> disable av1 by default
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fix the following error:
ERROR: core-image-minimal-1.0-r0 do_rootfs: Postinstall scriptlets of ['tigervnc'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
CPEs are registered for iperf_project2:iperf2 in addition to
iperf_project:iperf. By changing CVE_PRODUCT to an appends, this ensures
that both iperf and iperf2 CPEs are used for CVE matching.
Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2026-14009.
Changelog:
* Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader
* Block path traversal/arbitrary reads in nltk.data for protocol-less refs
* Block path traversal/abs paths in corpus readers and FS pointers
* Validate external StanfordSegmenter JARs using SHA256
* Add optional sandbox enforcement for filestring()
* Maintenance: downloader/zipped models, CI/tooling updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23532
The related Github advisory[1] contains a detailed analysis about
the vulnerability. Pick the patch that describes the same
issue in its description.
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23530
The related Github advisory[1] contains an amalysis of the
vulenrability, describing the issue and the root cause also.
Backported the commit that implemented the solution described
in the advisory.
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 4.7.1:
- Add controls for verify_sub option in PyJWT
From release 4.7.0:
- Drop support for python 3.7 and 3.8, add 3.13
- Fix documentation around identity needing to be a string
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 3.0.1:
- Fix link rendering in readme
- Fix handling of _version.py file
From release 3.0.0:
- Support Flask 3.0+ and PyMongo 4.0+.
- Support Python 3.9-3.13.
- Support MongoDB 4.4+.
- Add support for ~flask.json.jsonify().
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 5.6.1:
- Session fixes for Flask >= 3.1.3
- Update SocketIO constructor documentation
- Switch to the Furo documentation template
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 6.0.2:
- Update license pyproject.toml
From 6.0.1:
- Invert regex sorting to make it correctly match the intent
(sorting by specificity descending)
- Fix README file extension in pyproject.toml
From 6.0.0:
- [CVE-2024-6839] Sort Paths by Regex Specificity
- [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote
- [CVE-2024-6866] Case Sensitive Request Path Matching
License-Update: Use line 6 from PKG-INFO
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.4.0:
- Add missing commas in error message for validate.FileType
- Support Python 3.10-3.14
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 3.1.3:
- The session is marked as accessed for operations that only access
the keys but not the values, such as in and len.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 4.1.0:
- Accept arguments such as --directory in environment variables
- Fix minor typos in documentation
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 0.10.0:
- Drop support for Python < 3.8.
- Use pyproject.toml for packaging metadata.
- Use flit_core as build backend.
- Apply code formatting and linting tools.
- Add static type annotations.
- Deprecate the __version__ attribute. Use feature detection or
importlib.metadata.version("flask-mail") instead.
- Indicate that the deprecated is_bad_headers will be removed in
the next version.
- Fix the email_dispatched signal to pass the current app as the
sender and message as an argument, rather than the other way around.
- Attachment.data may not be None.
- Attachment.content_type will be detected based on filename and
data and will not be None.
License-Update: Use LICENSE.txt
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The recipe has been moved to oe-core[1].
[1] https://git.openembedded.org/openembedded-core/commit/?id=4212392ca7ebf890e1e192ddd0e7dbe1f8dabcf2
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Add HOMEPAGE in python3-appdirs.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
The vulnerability is about a 3rd party Windows-only GUI frontend for
the streamripper library, and not for the CLI application that the
recipe builds. Due to this ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Contains fix for CVE-2026-27199
Changelog: safe_join on Windows does not allow special devices names in multi-segment paths
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2026-25990
Ptests passed successfully:
Testsuite summary
TOTAL: 5024
PASS: 4587
SKIP: 434
XFAIL: 3
FAIL: 0
XPASS: 0
ERROR: 0
Changelog:
Patch libavif for svt-av1 4.0 compatibility
Fix OOB Write with invalid tile extents
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2016-2568
This commit mostly just tries to add some info to this issue, in the
hope that it will save some time for others who try to investigate it.
This CVE most probably will stay open in meta-oe in the foreseeable future,
although it can be mitigated reasonably easily by the users of the layer.
The description of the vulnerability is short enough that it can be
reproduced here: "pkexec, when used with --user nonpriv, allows local
users to escape to the parent session via a crafted TIOCSTI ioctl call,
which pushes characters to the terminal's input buffer."
The general consensus amongst developers/major distros[1][2][3] seems to be that
it should be mitigated on the kernel side, to not allow non-privileged
users to fake input.
To this end, the kernel has introduced a new config in v6.2, called
CONFIG_LEGACY_TIOCSTI - when it is enabled, non-privileged used can
also fake input. It is however by default enabled (and it is also enabled
in the kernels shipped in oe-core, at least at the time of writing this).
Disabling this kernel config is considered to be the mitigation, to allow
input-faking only by privileged users.
[1]: https://security-tracker.debian.org/tracker/CVE-2016-2568
[2]: https://bugzilla.suse.com/show_bug.cgi?id=968674
[3]: https://marc.info/?t=145694748900001&r=1&w=2 / https://marc.info/?l=util-linux-ng&m=145702209921574&w=2
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327
Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-51442
The description of the vulnerability says "attacker [...] execute arbitrary
OS commands via a specially crafted minidlna.conf configuration file".
There is no official fix for this CVE, and upstream seems to be inactive
for the past 3 years.
The reason for ignoring this CVE is that the referenced minidlna.conf
file is in the /etc folder, and the file is not world-writable. Which
means that this vulnerability can be exploited only when someone is
root - but if the attacker is already root, they don't need to resort
to minidlna config-file modifications to execute any command they want.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36600
The vulnerability is fixed since 2.2.1.rc1[1], and officially
since v2.3.0. However NVD tracks it like v2.3.0 was still vulnerable.
Mark the CVE explicitly patched.
[1]: https://github.com/libcdio/libcdio/blob/master/NEWS.md
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
