Upstream merge #70
Open
Upstream merge #70
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Upstream-Status: Backport from krb5/krb5@c5f9c81 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Addresses CVEs CVE-2024-4317 & CVE-2024-7348 and other bug fixes. Release notes are available at: https://www.postgresql.org/docs/release/14.13/ https://www.postgresql.org/docs/release/14.12/ 0001-configure.ac-bypass-autoconf-2.69-version-check.patch refreshed for new version. Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upstream-Status: Backport [nginx/nginx@88955b1 & nginx/nginx@7362d01] Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. References: https://nvd.nist.gov/vuln/detail/CVE-2024-42005 Upstream-patch: django/django@f4af67b Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Includes fixes for - CVE-2024-42005, CVE-2024-41991, CVE-2024-41990, CVE-2024-41989 Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.15/ https://docs.djangoproject.com/en/dev/releases/4.2.14/ https://docs.djangoproject.com/en/dev/releases/4.2.13/ https://docs.djangoproject.com/en/dev/releases/4.2.12/ https://docs.djangoproject.com/en/dev/releases/4.2.11 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Pick https://github.com/jpirko/libndp/commit/05e4ba7b0d126eea4c04387dcf40596059ee24af.patch Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
References: https://access.redhat.com/security/cve/cve-2023-5824 https://access.redhat.com/errata/RHSA-2023:7668 The patch is from RHEL8. Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to https://github.com/OpenSC/OpenSC/wiki#license OpenSC is licensed under LGPL-2.1 or later, which seems to be affirmed also by the comments in the source code files, as well as the COPYING file. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
The repositorys LICENSE file contains BSD-3-Clause license text, so update the relevant recipe information field to match. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to homepage https://xlsxwriter.readthedocs.io/license.html and pypi page https://pypi.org/project/XlsxWriter/ as well as https://github.com/jmcnamara/XlsxWriter/blob/RELEASE_3.0.3/LICENSE.txt the module is licensed under BSD-2-Clause. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Both project pypi page: https://pypi.org/project/cbor2/ as well as https://github.com/agronholm/cbor2/blob/5.4.2/LICENSE.txt state that it is subject to MIT rather than Apache-2.0 license. Also update LIC_FILES_CHKSUM value to reference the LICENSE.txt file from the downloaded archive. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to https://github.com/ICRAR/crc32c/blob/v2.2.post0/LICENSE and https://github.com/ICRAR/crc32c?tab=readme-ov-file#license change 'LGPL-2.0-or-later' in LICENSE value to 'LGPL-2.1-or-later'. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to https://github.com/testing-cabal/mock/blob/4.0.3/LICENSE.txt the project is subject to BSD-2-Clause license. (Also https://pypi.org/project/mock/ states 'BSD License'.) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to https://pypi.org/project/parse-type/ and https://github.com/jenisys/parse_type/blob/v0.5.2/LICENSE the project is subject to MIT license. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to https://pypi.org/project/pillow/ and https://github.com/python-pillow/Pillow/blob/9.4.0/LICENSE the project is subject to HPND license. Also change SUMMARY to DESCRIPTION as it's value is clearly over 72 characters long. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
https://github.com/tartley/colorama?tab=readme-ov-file#license and https://github.com/tartley/colorama/blob/0.4.4/LICENSE.txt declare that this project is subject to BSD-3-Clause license. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to https://github.com/FutureLinkCorporation/fann2/tree/1.1.2?tab=readme-ov-file#license and https://github.com/FutureLinkCorporation/fann2/blob/1.1.2/LICENSE this project is subject to LGPL-2.1-only license. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Contents of https://github.com/pycurl/pycurl/blob/REL_7_45_1/COPYING-LGPL correspond to version 2.1 of the license rather than 2.0. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Change the reference to the Apache-2.0 license containing LICENSE file in the downloaded archive. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Change the reference to the MIT license containing LICENSE file in the downloaded archive. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Change the reference to the MIT license containing LICENSE file in the downloaded archive. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Can Wong <can.wong@ni.com>
chaitu236
approved these changes
Oct 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge latest upstream
No conflicts
AB#2836162
Testing