Upgade Surf browser to release 2.1:
- Remove accelerated canvas parameter
- Remove external plugin handling
License-Update: Update contributors in file LICENSE
Signed-off-by: Leon Anavi
---
...01-config.mk-Fix-compiler-and-linker.patch | 35 ++-
.../surf/{surf_2.0.bb =>
From: Khem Raj
Adjust incdefs.sh to use cross tools to poke for system functionality
Re-enable using incdefs.sh
export KBUILD_OUTPUT to point to recipe sysroot
(From meta-oe rev: b6022761d6880382c5e6ffa4b3dc6f1ec2ae1e73)
Signed-off-by: Khem Raj
Signed-off-by: Denys Dmytriyenko
Signed-off-by:
From: Saloni Jain
CVE-2019-14860 is a REDHAT specific issue and
was addressed for REDHAT Fuse products on
Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
REDHAT has also released the fix and updated their
security advisories after significant releases.
Hence, whitelisted the CVE-2019-14860.
Link:
From: Clément Péron
Fixes :
- CVE-2021-22883
- CVE-2021-22884
- CVE-2021-23840
Signed-off-by: Clément Péron
Signed-off-by: Khem Raj
(cherry picked from commit 02feb1d9324fba08c5d3055fa34bb6200ee91520)
[12.x LTS version]
Signed-off-by: Armin Kuster
---
.../nodejs/{nodejs_12.20.2.bb =>
From: Sean Nyekjaer
Signed-off-by: Khem Raj
(cherry picked from commit 6322c63987b1422d5a8c5e30077780b38011c89d)
[12.x is LTS version]
Signed-off-by: Armin Kuster
---
.../nodejs/{nodejs_12.20.1.bb => nodejs_12.20.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
Signed-off-by: Armin Kuster
---
.../recipes-core/packagesgroups/packagegroup-meta-webserver.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb
2.2.23 is a bugfix release:
- Fixed a regression in Django 2.2.21 where saving FileField would raise a
SuspiciousFileOperation even when a custom upload_to returns a valid
file path (#32718).
Signed-off-by: Trevor Gamblin
---
.../recipes-devtools/python/python3-django_2.2.22.bb | 9
Please have comments back by Thursday
The following changes since commit 2915810edbb6599051e30efb3b7f805665ddcc23:
ostree: switch from default master branch to main to fix do_fetch failure
(2021-05-13 21:52:34 -0700)
are available in the Git repository at:
3.2.3 is a bugfix release:
- Prepared for mysqlclient > 2.0.3 support (#32732).
- Fixed a regression in Django 3.2 that caused the incorrect
filtering of querysets combined with the | operator (#32717).
- Fixed a regression in Django 3.2.1 where saving FileField
would raise a
Host site is dead.
Signed-off-by: Armin Kuster
---
meta-webserver/recipes-httpd/nostromo/nostromo_1.9.7.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.7.bb
b/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.7.bb
index
Signed-off-by: Stefan Wiehler
---
.../recipes-connectivity/restinio/restinio_0.6.13.bb| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
* add PACKAGECONFIG for gspell - disabled by default
Release notes for 0.5.5
===
- New Features:
- Add a `.desktop` file to make Mousepad appear in Xfce settings
(!94)
- Add a command line option to open the prefs dialog (!94)
- Plugin support (!92)
- Add gspell
Full changelog is found at [1]
[1] https://www.nano-editor.org/dist/latest/ChangeLog
Signed-off-by: Andreas Müller
---
meta-oe/recipes-support/nano/{nano_5.6.bb => nano_5.7.bb} | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
rename meta-oe/recipes-support/nano/{nano_5.6.bb =>
* development continues on github
* build with CMake
* examples is a configure option -> replace (always empty) extra package by
PACKAGECONFIG
>From announcement:
* support for latest Mac OS APIs
* Jack - fixes for device names that allows use on Linux systems with PipeWire
* WASAPI - numerous
Signed-off-by: Andreas Müller
---
...anager-applet_1.18.0.bb => network-manager-applet_1.22.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
meta-gnome/recipes-connectivity/network-manager-applet/{network-manager-applet_1.18.0.bb
=> network-manager-applet_1.22.0.bb} (89%)
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
heap-based buffer over-read
in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in
video/SDL_blit.c.
Upstream-Status:
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470
The out-of-bounds read is triggered when Exiv2 is used to write metadata
into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial
of service by crashing
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
The out-of-bounds read is triggered when Exiv2 is used to write metadata
into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial
of service by crashing
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482
Improper input validation of the rawData.size property in
Jp2Image::readMetadata() in jp2image.cpp
can lead to a heap-based buffer overflow via a crafted JPG image
containing malicious EXIF data.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
The heap overflow is triggered when Exiv2 is used to write metadata
into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code
execution, if they
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
The out-of-bounds read is triggered when Exiv2 is used to write metadata
into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial
of service by crashing
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457
The heap overflow is triggered when Exiv2 is used to write metadata into a
crafted image file.
An attacker could potentially exploit the vulnerability to gain code
execution, if they can
trick the victim into
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
The out-of-bounds read is triggered when Exiv2 is used to write metadata
into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial
of service by crashing
Upgrade to release 0.0.48:
- Merge SoCo 0.22
Signed-off-by: Leon Anavi
---
.../{python3-pysonos_0.0.46.bb => python3-pysonos_0.0.48.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-pysonos_0.0.46.bb =>
python3-pysonos_0.0.48.bb}
Upgrade to release 5.3.0:
- Removed support for Python < 3.6
Signed-off-by: Leon Anavi
---
.../python/{python3-cbor2_5.2.0.bb => python3-cbor2_5.3.0.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename meta-python/recipes-devtools/python/{python3-cbor2_5.2.0.bb =>
Upgrade to release 9.0.2:
- Restored compatibility of python -m websockets with Python < 3.9
- Restored compatibility with mypy
Signed-off-by: Leon Anavi
---
...{python3-websockets_9.0.1.bb => python3-websockets_9.0.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
Upgrade to release 5.0.9:
- Made the decorator module more robust when decorating builtin
functions lacking dunder attributes, like dict.__setitem__.
- Fixed a test breaking PyPy. Restored support for Sphinx.
Signed-off-by: Leon Anavi
---
.../{python3-decorator_5.0.7.bb =>
Upgrade to release 1.0.0:
- Removed Python 2 code, now only Python 3 compatible
- Use semver for release versions, unlike breaking release 0.58.0
- Enhance enableTrace output
- Improve unit tests to over 80% code coverage
- Fix old _app.py close status code bug
- Replace select import with
28 matches
Mail list logo
