Fix font installation warnings on nilrt/master/next #60
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(cherry-picked from 795ccdd) Signed-off-by: Chee Yang Lee <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
upgrade include fix for CVE-2022-46149 Signed-off-by: Chee Yang Lee <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
* needed for abseil-cpp-native on hosts with gcc-13" Signed-off-by: Martin Jansa <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Martin Jansa <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Chee Yang Lee <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
This reverts commit 0cc8e22. The pahole-native package should use the header from libbpf instead of linux-libc-headers, the 0cc8e22 would cause compile error, so revert it. Signed-off-by: Xiangyu Chen <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
using libbpf-native provided headers for pahole-native or other application. Signed-off-by: Xiangyu Chen <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Add a security fix from the stable/8.2 branch for two CVEs for the same vulneratiblity: CVE-2022-36440: A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. CVE-2022-40302: An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-36440 https://nvd.nist.gov/vuln/detail/CVE-2022-40302 https://cyberriskleaders.com/new-vulnerabilities-disclosed-in-frrouting-software/ FRRouting/frr#13202 Patch from: FRRouting/frr@02a0e45 Signed-off-by: Jonas Gorski <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Add a security fix from the stable/8.2 branch: CVE-2022-40318: An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-40318 https://cyberriskleaders.com/new-vulnerabilities-disclosed-in-frrouting-software/ Patch from: FRRouting/frr@72088b0 Signed-off-by: Jonas Gorski <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Add a security fix cherry-picked from master: CVE-2022-40318: An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-43681 https://cyberriskleaders.com/new-vulnerabilities-disclosed-in-frrouting-software/ Patch from: FRRouting/frr@766eec1 Signed-off-by: Jonas Gorski <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Django 4.2* is designated as a long-term support release. It will receive security updates for at least three years after its release (From April-2023 to April-2026). The delta between 4.0.2 and 4.2.1 contain numerous CVEs and other bugfixes. Changelog: https://docs.djangoproject.com/en/dev/releases/4.2.1/ Signed-off-by: Randy MacLeod <[email protected]> Signed-off-by: Narpat Mali <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
This patch fixes a bug in libyang which could cause a null pointer dereference from a call to strcmp. Since this recipe includes ptests, the tests were run twice (once before the patch and once after) with the same results: all tests passing except utest_types, which is skipped. Signed-off-by: Natasha Bailey <[email protected]> Signed-off-by: Randy MacLeod <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. Signed-off-by: Narpat Mali <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. Signed-off-by: Narpat Mali <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
The delta between 3.2.12 and 3.2.19 contain numerous CVEs and other bugfixes. git log --oneline 3.2.12..3.2.19 shows: fc42edd2e6 (tag: 3.2.19) [3.2.x] Bumped version for 3.2.19 release. eed53d0011 [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field. 007e46d815 [3.2.x] Added missing backticks in docs/releases/1.7.txt. a37e4d5d6e [3.2.x] Added stub release notes for 3.2.19. 963f24cff2 [3.2.x] Added CVE-2023-24580 to security archive. e34a2283f2 [3.2.x] Post-release version bump. 722e9f8a38 (tag: 3.2.18) [3.2.x] Bumped version for 3.2.18 release. a665ed5179 [3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 932b5bd52d [3.2.x] Added stub release notes for 3.2.18. c35a5788f4 [3.2.x] Added CVE-2023-23969 to security archive. 9bd8db3940 [3.2.x] Post-release version bump. aed1bb56d1 (tag: 3.2.17) [3.2.x] Bumped version for 3.2.17 release. c7e0151fdf [3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. 9da46345d8 [3.2.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on SQLite 3.37+. 4c2b26174f [3.2.x] Removed 'tests' path prefix in a couple tests. d21543182d [3.2.x] Adjusted release notes for 3.2.17. 4e31d3ea55 [3.2.x] Added stub release notes for 3.2.17. 238e8898ac [3.2.x] Corrected passenv value for tox 4.0.6+. b381ab4906 [3.2.x] Disabled auto-created table of contents entries on Sphinx 5.2+. f6f0699d01 [3.2.x] Removed obsolete doc reference to asyncio.iscoroutinefunction. accdd0576d [3.2.x] Added CVE-2022-36359 to security archive. 7190b38b8d [3.2.x] Post-release version bump. 4c85beca9d (tag: 3.2.16) [3.2.x] Bumped version for 3.2.16 release. 5b6b257fa7 [3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. 33affaf0b6 [3.2.x] Added stub notes 3.2.16 release. 777362d74a [3.2.x] Added CVE-2022-36359 to security archive. eb5bdb461e [3.2.x] Post-release version bump. 653a7bd7b7 (tag: 3.2.15) [3.2.x] Bumped version for 3.2.15 release. b3e4494d75 [3.2.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. cb7fbac9f8 [3.2.x] Fixed collation tests on MySQL 8.0.30+. 840d009c06 [3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+. a5eba20f40 Adjusted release notes for 3.2.15. ad104fb50f [3.2.x] Added stub release notes for 3.2.15 release. 22916c8c1f [3.2.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with MyISAM storage engine. e1cfbe58b7 [3.2.x] Added CVE-2022-34265 to security archive. 605cf0d3f6 [3.2.x] Post-release version bump. 746e88cc63 (tag: 3.2.14) [3.2.x] Bumped version for 3.2.14 release. a9010fe555 [3.2.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 3acf156be3 [3.2.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0. 4a5d98ee0a [3.2.x] Bumped minimum Sphinx version to 4.5.0. 1a9098166e [3.2.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. 37f4de2deb [3.2.x] Added stub release notes for 3.2.14. 7595f763a9 [3.2.x] Fixed test_request_lifecycle_signals_dispatched_with_thread_sensitive with asgiref 3.5.1+. 2dc85ecf3e [3.2.x] Fixed CoveringIndexTests.test_covering_partial_index() when DEFAULT_INDEX_TABLESPACE is set. a23c25d84a [3.2.x] Fixed #33753 -- Fixed docs build on Sphinx 5+. e01b383e02 [3.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. ac2fb5ccb6 [3.2.x] Post-release version bump. 08e6073f87 (tag: 3.2.13) [3.2.x] Bumped version for 3.2.13 release. 9e19accb6e [3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2044dac5c6 [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. bdb92dba0b [3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 70035fb044 [3.2.x] Added stub release notes for 3.2.13 and 2.2.28. 7e7ea71a8d [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." 610ecc9053 [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+. 754af45773 [3.2.x] Fixed typo in release notes. 6f309165e5 [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 1e6b555c92 [3.2.x] Post-release version bump. Release Notes: https://docs.djangoproject.com/en/3.2/releases/ Signed-off-by: Narpat Mali <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue. Signed-off-by: Narpat Mali <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Signed-off-by: Hitendra Prajapati <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. References: https://nvd.nist.gov/vuln/detail/CVE-2022-3437 Upstream patches: heimdal/heimdal@f6edaaf heimdal/heimdal@c9cc343 heimdal/heimdal@a587a4b heimdal/heimdal@c758910 heimdal/heimdal@414b2a7 heimdal/heimdal@be9bbd9 heimdal/heimdal@c8407ca heimdal/heimdal@8fb508a Signed-off-by: Archana Polampalli <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. References: https://nvd.nist.gov/vuln/detail/CVE-2022-45142 Upstream patches: https://www.openwall.com/lists/oss-security/2023/02/08/1 heimdal/heimdal@5f63215 Signed-off-by: Archana Polampalli <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2022-41916 Upstream patches: heimdal/heimdal@eb87af0 Signed-off-by: Archana Polampalli <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. References: https://nvd.nist.gov/vuln/detail/CVE-2021-44758 Upstream patches: heimdal/heimdal@f9ec700 Signed-off-by: Archana Polampalli <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Backport a commit to fix the build error when using gcc11. [commit] google/googletest@096014a [error] /usr/include/gtest/gtest-printers.h:291:36: error: no matching function for call to ‘testing::internal::internal_stream_operator_without_lexical_name_lookup::StreamPrinter::PrintValue(const A::B::C::D::E::F::G&, std::nullptr_t)’ 291 | T, decltype(Printer::PrintValue(std::declval<const T&>(), nullptr)), | ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/gtest/gtest-printers.h:214:15: note: candidate: ‘template<class T, class, class> static void testing::internal::internal_stream_operator_without_lexical_name_lookup::StreamPrinter::PrintValue(const T&, std::ostream*)’ 214 | static void PrintValue(const T& value, ::std::ostream* os) { | ^~~~~~~~~~ Signed-off-by: Peng Cui <[email protected]> Signed-off-by: Sana Kazi <[email protected]> Signed-off-by: Sana Kazi <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 0522e66) [The SRC_URI HASH no longer exists in repo so use 0.0.2 version] Signed-off-by: Armin Kuster <[email protected]>
Backported from c-ares/c-ares@823df3b Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548. Signed-off-by: Narpat Mali <[email protected]> [Refactored to apply to kirkstone] Signed-off-by: Armin Kuster <[email protected]>
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. References: https://nvd.nist.gov/vuln/detail/CVE-2023-31489 FRRouting/frr#13098 Signed-off-by: Narpat Mali <[email protected]> [Refactored to get it to apply] Signed-off-by: Armin Kuster <[email protected]>
fixed Below security CVE: 1)CVE-2023-2454 postgresql: schema_element defeats protective search_path changes. 2)CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining. Signed-off-by: Vivek Kumbhar <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
This reverts commit 34d2866. Signed-off-by: Xander Huff <[email protected]>
This reverts commit a973901. Signed-off-by: Xander Huff <[email protected]>
This reverts commit 3365b29. Signed-off-by: Xander Huff <[email protected]>
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). References: https://security-tracker.debian.org/tracker/CVE-2023-50447 https://github.com/python-pillow/Pillow/blob/10.2.0/CHANGES.rst Signed-off-by: Rahul Janani Pandi <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
CVE fixed: - CVE-2023-40359 xterm: ReGIS reporting for character-set names containing characters other than alphanumerics or underscore Upstream-Status: Backport from ThomasDickey/xterm-snapshots@41ba5cf Note: The CVE patch is part of minor version-up and is extracted from the snapshot of xterm-379c. Documentation of the commit shows 2 different overflows being fixed and hence the fix was extracted from the commit. Signed-off-by: Rohini Sangam <[email protected]> Signed-off-by: Siddharth Doshi <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
bat-format-pretty hardcoded the lib folder that cause it reports missing formatter.bash error when multilib is enabled. Signed-off-by: Xiangyu Chen <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://security-tracker.debian.org/tracker/CVE-2024-24680 https://docs.djangoproject.com/en/dev/releases/4.2.10/ Signed-off-by: Rahul Janani Pandi <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
There is a heap buffer overflow in DumpScreen2RGB() in gif2rgb.c. This occurs when a crafted gif file, where size of color table is < 256 but image data contains pixels with color code highier than size of color table. This causes oferflow of ColorMap->Colors array. Fix the issue by checking if value of each pixel is within bounds of given color table. If the value is out of color table, print error message and exit. Signed-off-by: Nikhil R <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
This upgrade incorporates the fixes for CVE-2024-27316, CVE-2024-24795,CVE-2023-38709 and other bugfixes. Adjusted 0004-apache2-log-the-SELinux-context-at-startup.patch and 0007-apache2-allow-to-disable-selinux-support.patch to align with upgraded version. Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.59 Signed-off-by: Soumya Sambu <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. References: https://security-tracker.debian.org/tracker/CVE-2024-23334 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2 Signed-off-by: Rahul Janani Pandi <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e Signed-off-by: Hitendra Prajapati <[email protected]> [manual fixed up] Signed-off-by: Armin Kuster <[email protected]>
To fix crash due to missing module: from twisted.internet import defer File "/usr/lib/python3.11/site-packages/twisted/internet/defer.py", line 14, in <module> from asyncio import AbstractEventLoop, Future, iscoroutine ModuleNotFoundError: No module named 'asyncio' Signed-off-by: Hains van den Bosch <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Guðni Már Gilbert <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
To fix crash due to missing module: File "/usr/lib/python3.11/site-packages/twisted/internet/defer.py", line 42, in <module> from typing_extensions import Literal, ParamSpec, Protocol ModuleNotFoundError: No module named 'typing_extensions' Signed-off-by: Hains van den Bosch <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Guðni Már Gilbert <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
The python3-unittest-automake-output is not supported [1], so drop "pytest --automake". [1] https://lore.kernel.org/all/[email protected]/T/#mda91919809cf156aba24f099bef65142067cd318 Signed-off-by: Mingli Yu <[email protected]> Signed-off-by: Khem Raj <[email protected]>
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. References: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 Signed-off-by: Meenali Gupta <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
libeigen source contains GPL-3.0-only code but it is not being packaged hence update LICENSE with GPL-2.0-only Below are the GPL-3.0-only files from libeigen source bench/btl/actions/action_aat_product.hh bench/btl/actions/action_ata_product.hh bench/btl/actions/action_atv_product.hh bench/btl/actions/action_axpby.hh bench/btl/actions/action_axpy.hh bench/btl/actions/action_cholesky.hh bench/btl/actions/action_ger.hh bench/btl/actions/action_hessenberg.hh bench/btl/actions/action_lu_decomp.hh bench/btl/actions/action_lu_solve.hh bench/btl/actions/action_matrix_matrix_product_bis.hh bench/btl/actions/action_matrix_matrix_product.hh bench/btl/actions/action_matrix_vector_product.hh bench/btl/actions/action_partial_lu.hh bench/btl/actions/action_rot.hh bench/btl/actions/action_symv.hh bench/btl/actions/action_syr2.hh bench/btl/actions/action_trisolve.hh bench/btl/actions/action_trisolve_matrix.hh bench/btl/actions/action_trmm.hh bench/btl/COPYING bench/btl/data/mean.cxx bench/btl/data/regularize.cxx bench/btl/data/smooth.cxx bench/btl/generic_bench/bench.hh bench/btl/generic_bench/bench_parameter.hh bench/btl/generic_bench/btl.hh bench/btl/generic_bench/init/init_function.hh bench/btl/generic_bench/init/init_matrix.hh bench/btl/generic_bench/init/init_vector.hh bench/btl/generic_bench/static/bench_static.hh bench/btl/generic_bench/static/intel_bench_fixed_size.hh bench/btl/generic_bench/static/static_size_generator.hh bench/btl/generic_bench/timers/mixed_perf_analyzer.hh bench/btl/generic_bench/timers/portable_perf_analyzer.hh bench/btl/generic_bench/timers/portable_perf_analyzer_old.hh bench/btl/generic_bench/timers/portable_timer.hh bench/btl/generic_bench/timers/STL_perf_analyzer.hh bench/btl/generic_bench/timers/STL_timer.hh bench/btl/generic_bench/utils/size_lin_log.hh bench/btl/generic_bench/utils/size_log.hh bench/btl/generic_bench/utils/xy_file.hh bench/btl/libs/BLAS/blas_interface.hh bench/btl/libs/BLAS/main.cpp bench/btl/libs/blaze/blaze_interface.hh bench/btl/libs/blaze/main.cpp bench/btl/libs/blitz/blitz_interface.hh bench/btl/libs/blitz/blitz_LU_solve_interface.hh bench/btl/libs/blitz/btl_blitz.cpp bench/btl/libs/blitz/btl_tiny_blitz.cpp bench/btl/libs/blitz/tiny_blitz_interface.hh bench/btl/libs/eigen2/btl_tiny_eigen2.cpp bench/btl/libs/eigen2/eigen2_interface.hh bench/btl/libs/eigen2/main_adv.cpp bench/btl/libs/eigen2/main_linear.cpp bench/btl/libs/eigen2/main_matmat.cpp bench/btl/libs/eigen2/main_vecmat.cpp bench/btl/libs/eigen3/btl_tiny_eigen3.cpp bench/btl/libs/eigen3/eigen3_interface.hh bench/btl/libs/eigen3/main_adv.cpp bench/btl/libs/eigen3/main_linear.cpp bench/btl/libs/eigen3/main_matmat.cpp bench/btl/libs/eigen3/main_vecmat.cpp bench/btl/libs/gmm/gmm_interface.hh bench/btl/libs/gmm/gmm_LU_solve_interface.hh bench/btl/libs/gmm/main.cpp bench/btl/libs/mtl4/main.cpp bench/btl/libs/mtl4/mtl4_interface.hh bench/btl/libs/mtl4/mtl4_LU_solve_interface.hh bench/btl/libs/STL/main.cpp bench/btl/libs/STL/STL_interface.hh bench/btl/libs/tvmet/main.cpp bench/btl/libs/tvmet/tvmet_interface.hh bench/btl/libs/ublas/main.cpp bench/btl/libs/ublas/ublas_interface.hh libeigen project dropped all GPL code in their 'master' branch and moved to 'Apache-2.0' Signed-off-by: Akash Hadke <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
https://nvd.nist.gov/vuln/detail/CVE-2023-5388 mentions bug 1780432 as tracking fix for this issue. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
https://nvd.nist.gov/vuln/detail/CVE-2024-0743 mentions bug 1867408 as tracking fix for this issue. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter Signed-off-by: Nikhil R <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Upgrade php to 8.1.28
Security fixes:
CVE-2024-3096
CVE-2024-2756
https://www.php.net/ChangeLog-8.php#8.1.28
Signed-off-by: Soumya Sambu <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Includes security fixes for: CVE-2024-28960 - Insecure handling of shared memory in PSA Crypto APIs Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8 Signed-off-by: Yogita Urade <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Handle CVEs: * https://nvd.nist.gov/vuln/detail/CVE-2024-34402 * https://nvd.nist.gov/vuln/detail/CVE-2024-34403 Cherry-pick from master was not possible due to usage of github-releases class which is not in kirkstone yet. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Upstream-Status: Backport from [https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad] Signed-off-by: Vivek Kumbhar <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Backport-from: https://git.openldap.org/openldap/openldap/-/merge_requests/654/diffs?commit_id=8c482cec9a68e74b3609b1e44738bee352f6577a Signed-off-by: Priyal Doshi <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: pratheekshasn <[email protected]>
Signed-off-by: Chaitanya Vadrevu <[email protected]>
Signed-off by: Pratheeksha S N <[email protected]>
chaitu236
requested changes
Jul 15, 2024
amstewart
requested changes
Jul 15, 2024
There was a problem hiding this comment.
- This PR is against the wrong mainline ref. You're looking for
nilrt/master/next. - Why was the postinst failing to run during do_rootfs that it needs to be delayed? We should understand why and, if this is really the correct approach, we should be sending this patch upstream to meta-oe.
- Remember to prepend the git commit summary with the recipe you're modifying:
ttf-pt-sans: .... And to put your change justifications in the commit message.
pratheekshasn
changed the base branch from
nilrt/master/kirkstone
to
nilrt/master/next
|
I investigated the cause of the font warnings and it looks like the build expects the font cache to present on the target and only finds it when using pkg_postinst_ontarget. I'm not sure if the recipes could be updated to get around this but I talked with @gratian and using pkg_postinst_ontarget seems like a good solution in this case. I have some more details in the related work item: https://dev.azure.com/ni/DevCentral/_workitems/edit/2812142 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Building the branch nilrt/master/next threw a whole lot of warnings related to installing fonts on the target, as listed below:
The postinst script logic seemed to error out while running in a rootfs context, and it needs to be delayed until the device is first booting.
Fix
The
pkg_postinstin the recipe is replaced withpkg_postinst_ontarget.Details in this link.
The change in the current PR takes care of the warning thrown for ttf-pt-sans, the rest of the warnings are fixed in this PR.
Signed-off by: Pratheeksha S N [email protected]