Meta python merge #513
Closed
Meta python merge #513
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2.2.26 provides fixes for three CVEs: CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 https://docs.djangoproject.com/en/4.0/releases/2.2.26/ Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
Upgrade to release 5.9.0: - [Linux]: cpu_freq() is slow on systems with many CPUs. Read current frequency values for all CPUs from /proc/cpuinfo instead of opening many files in /sys fs. (patch by marxin) - NoSuchProcess message now specifies if the PID has been reused. - error classes (NoSuchProcess, AccessDenied, etc.) now have a better formatted and separated __repr__ and __str__ implementations. - [BSD]: add support for MidnightBSD. - [Linux]: disk_partitions(): convert /dev/root device (an alias used on some Linux distros) to real root device path. - PSUTIL_DEBUG mode now prints file name and line number of the debug messages coming from C extension modules. - rewrite HISTORY.rst to use hyperlinks pointing to psutil API doc. Signed-off-by: Leon Anavi <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
3.2.11 provides fixes for three CVEs: CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 https://docs.djangoproject.com/en/4.0/releases/3.2.11/ Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
Upgrade to release 5.1.0: - Strip debugging symbols from Linux binaries Add INSANE_SKIP for already-stripped to avoid build errors due to the stripped debugging symbols from Linux binaries in this release. Signed-off-by: Leon Anavi <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
Upgrade to release 2.9.2: - Fixed regression in ``astroid.scoped_nodes`` where ``_is_metaclass`` was not accessible anymore. Signed-off-by: Leon Anavi <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
Upgrade to release 4.1.3: - Fix to a regression related to parsing reStructuredText files that was introduced in Robot Framework 4.1.2 Signed-off-by: Leon Anavi <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
Upgrade to release 37.0.1: - Fix issue Wrong compare type in _check_signals_ranges_scaling() Signed-off-by: Leon Anavi <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
Upgrade to release 5.4.0: - Run isort - Remove unused imports - Update tests for Django 3.2 Signed-off-by: Leon Anavi <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Trevor Gamblin <[email protected]>
|
I have merged all but c9d3486 |
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this pull request
Nov 12, 2023
- `universal`: Enable `application/vnd.cups-postscript` as input There are filters which produce this MIME type (such as `hpps` of HPLIP), and if someone uses such driver on a client and the server has an IPP Everywhere/driverless printer, the job fails (Pull request openembedded#534). - beh backend: Use `execv()` instead of `system()` - CVE-2023-24805 With `execv()` command line arguments are passed as separate strings and not the full command line in a single string. This prevents arbitrary command execution by escaping the quoting of the arguments in a job with forged job title. - beh backend: Extra checks against odd/forged input - CVE-2023-24805 * Do not allow `/` in the scheme of the URI (= backend executable name), to assure that only backends inside `/usr/lib/cups/backend/` are used. * Pre-define scheme buffer to empty string, to be defined for case of URI being NULL. * URI must have `:`, to split off scheme, otherwise error. * Check return value of `snprintf()` to create call path for backend, to error out on truncation of a too long scheme or on complete failure due to a completely odd scheme. - beh backend: Further improvements - CVE-2023-24805 * Use `strncat()` instead of `strncpy()` for getting scheme from URI, the latter does not require setting terminating zero byte in case of truncation. * Also exclude `.` or `..` as scheme, as directories are not valid CUPS backends. * Do not use `fprintf()` in `sigterm_handler()`, to not interfere with a `fprintf()` which could be running in the main process when `sigterm_handler()` is triggered. * Use `static volatile int` for global variable job_canceled. - `parallel` backend: Added missing `#include` lines - foomatic-rip: Fix a SIGPIPE error when calling gs (Pull request openembedded#517) [Ubuntu's autopkgtest for foo2zjs](https://autopkgtest.ubuntu.com/packages/f/foo2zjs/lunar/ppc64el) shows foo2zjs's testsuite failing with cups-filters 2.0beta3 on ppc64el. This is cause by a timing issue in foomatic-rip which is fixed now. - Coverity check done by Zdenek Dohnal for the inclusion of cups-filters in Fedora and Red Hat. Zdenek has fixed all the issues: Missing `free()`, files not closed, potential string overflows, ... Thanks a lot! (Pull request openembedded#510). - Dropped all C++ references and obsolete C standards (Pull requests openembedded#504 and openembedded#513) With no C++ compiler needed, there is no need for any checks or setting for C++ in configure.ac. - configure.ac: Change deprecated AC_PROG_LIBTOOL for LT_INIT (Pull request openembedded#508) - texttopdf: Do not include fontconfig.h in the CUPS filter wrapper - Build system: Do not explicitly check for libpoppler-cpp The cups-filters package does not contain any code using libpoppler-cpp, therefore we let ./configure not check for it. - COPYING, NOTICE: Simplification for autotools-generated files autotools-generated files can be included under the license of the upstream code, and FSF copyright added to upstream copyright list. Simplified COPYING appropriately. - Makefile.am: Include LICENSE in distribution tarball - Add templates for issue reports on GitHub. This makes a selection screen appear when clicking "New Issue" in the web UI, to selct whether the issue is a regular bug, a feature request, or a security vulnerability. - Corrected installation path for *.h files of *.drv files. The ppdc (and underlying functions) of libppd searches for include files in /usr/share/ppdc and not in /usr/share/cups/ppdc any more. - configure.ac: Remove unnecessary "AVAHI_GLIB_..." definitions. - Makefile.am: Include NOTICE in distribution tarball - configure.ac: Added "foreign" to to AM_INIT_AUTOMAKE() call. Makes automake not require a file named README. - Cleaned up .gitignore - Tons of fixes in the source code documentation: README.md, INSTALL, DEVELOPING.md, CONTRIBUTING.md, COPYING, NOTICE, ... Adapted to the cups-filters component, added links. - Converted nearly all filters to filter functions, only exceptions are `rastertoescpx`, `rastertopclx`, `commandtoescpx`, `commandtopclx`, and `foomatic-rip`. The latter is deeply involved with Foomatic PPDs and the others are legacy printer drivers. The filter functions are mainly in libcupsfilters, the ones which generate PostScript are in libppd. - Replaced all the filters converted to filter functions by simple wrapper executables using `ppdFilterCUPSWrapper()` of libppd for backward compatibility with CUPS 2.x. - Added new streaming mode triggered by the boolean "filter-streaming-mode" option. In this mode a filter (function) is supposed to avoid everything which prevents the job data from streaming, as loading the whole job (or good part of it) into a temporary file or into memory, interpreting PDF, pre-checking input file type or zero-page jobs, ... This is mainly to be used by Printer Applications when they do raster printing in streaming mode, to run with lowest resources possible. Currently `foomatic-rip`, `ghostscript`, and `pdftopdf` got a streaming mode. For the former two PostScript (not PDF) is assumed as input and no zero-page-job check is done, in the latter all QPDF processing (page management, page size adjustment, ...) is skipped and only JCL according to the PPD added. - The CUPS filter `imagetops` uses the `ppdFilterImageToPS()` filter function of libppd now. - `driverless`, `driverless-fax`: Added IPP Fax Out support. Now printer setup tools list an additional fax "driver". A fax queue is created by selecting this driver. Jobs have to be sent with "-o phone=12345" to supply the destination phone number (Pull request openembedded#280, openembedded#293, openembedded#296, openembedded#302, openembedded#304, openembedded#305, openembedded#306, openembedded#309, Issue openembedded#298, openembedded#308). - `sys5ippprinter`: Removed `sys5ippprinter`, as CUPS does not support System V interface scripts any more. This first approach of PPD-less printing was also not actually made use of. - `urftopdf`: Removed as we require CUPS 2.2.2+ now which supports Apple Raster by itself. - Build system, `README.md`: Require CUPS 2.2.2+. Removed now unneeded `./configure` switches for use of the `urftopdf` filter for old CUPS versions. - Sample PPDs: Renamed source directory from `ppd/` to `ppdfiles/`. - Build system: Remove '-D_PPD_DEPRECATED=""' from the compiling command lines of the source files which use libcups. The flag is not supported any more for longer times already and all the PPD-related functions deprecated by CUPS have moved into libppd now. - Build system: Add files in `.gitignore` that are generated by "autogen.sh", "configure", and "make" (Pull request openembedded#336). Signed-off-by: Markus Volk <[email protected]> Signed-off-by: Khem Raj <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.