Nodejs: deps folder is deleting from source while do_unpack #653
Comments
|
its using system openssl, can you check openssl recipe for these CVEs |
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this issue
Nov 30, 2023
* Fix-float-endianness-issue-on-big-endian-arch.patch removed because fixed in the new version. Changelog: * Fix baud rate handling with RTU under Linux * Fix modbus_disable_quirks signature * Remove Travis CI * Move content about migration to libmodbus.org * Avoid negative value in FD_SET call * Test socket against positive value instead of -1 * Improvements to autotools by @ndim * Fix doc links by @jordanjohnson56 (openembedded#653) * Test the protocol id for 0 by @metapsychologe (openembedded#509) * Fix double negative in tests * New quirks handler (closes openembedded#38 openembedded#533) * Fix bitwise OR in documentation * Improve doc about slave ID in RTU * Add .clang-format and format code (closes openembedded#394) * Remove constraints on baud rate values * Accept IP or device in arg of unit test progs * Avoid compilation issue with VS2022 with strdup * Display created files in configure.js * Use strcpy_s under Windows * Replace inet_addr by inet_pton calls * Replace inet_ntoa by inet_ptop * Update configure.ac/config.h.win32 for new inet functions * Instructions to build libmodbus in a VS project * Fix connection check for Windows RTU (closes openembedded#660, openembedded#662) * Add CIFuzz Github action by @DavidKorczynski (openembedded#669) * Convert a few int to unsigned int (openembedded#402) * Major rewrite of documentation with Material for mkdocs * Reduce memory use of TCP PI backend (closes openembedded#621) * Fixed MODBUS_ERROR_RECOVERY_LINK not working on Windows (@embeddedmz) * Replace Travis CI by GitHub CI * Fix linker error for Windows (VCLinkerTool) * Address check in single register / coil responses added (openembedded#463) * Swap CRC bytes in request data but not at CRC computing (openembedded#397) * Fix float endianness issue on big endian architecture * Fix comment about EMBUNKEXC (closes openembedded#566) * Fix network library detection on Haiku * Fix typos (closes openembedded#620) Signed-off-by: alperak <[email protected]> Signed-off-by: Khem Raj <[email protected]>
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this issue
Dec 19, 2023
Use PACKAGE_BEFORE_PN which is designed to introduce packages before the
final greedy ${PN}.
Changes 1.24.0:
Brad House (28):
Nameserver parsing: replace another hand-written parser (openembedded#643)
clang-format
SonarCloud: silence bogus reported error
ares_init_options() with invalid options values should unset the option
Enable system extensions
try to move AC_USE_SYSTEM_EXTENSIONS
ares__round_up_pow2() work around bogus warning
silence openwatcom warning due to qcache_max_ttl being unsigned
Support ipv6 link-local servers and %iface syntax (openembedded#646)
Windows UBSAN tests (openembedded#649)
increment failures on timeout (openembedded#651)
SonarCloud: make const
enhance timeout test case
enhance timeout test case to make sure it will re-use a previously downed server
Rewrite sortlist hand parser for memory safety and bugs (openembedded#653)
Clean up some Windows-only warnings (openembedded#654)
clang-format and fix one warning
remove redundant cast
use IF_NAMESIZE instead of IFNAMSIZ to avoid warning
Use external GoogleTest instead of bundling it (openembedded#655)
remove dead code: bitncmp
remove dead code: ares_iphlpapi.h
Coverity: fix allocation size as reported in new code
tag some functions as deprecated in docs
reference alternative to ares_getsock() in docs
1.24.0 release prep (openembedded#657)
rand: allow fallback from OS (openembedded#661)
ares_cancel() could trigger callback with wrong response code (openembedded#663)
Changes 1.23.0:
Brad House (21):
Query Cache support (openembedded#625)
ares_set_servers_*() should allow an empty server list
Fix Windows UWP (Store) building and add to CI/CD (openembedded#627)
clang-format
cleanup some Windows warnings in test
fix additional windows test warnings
CMake: CXXFLAGS environment wasn't being read because C++ compiler was enabled after settings warnings.
now that warnings are enabled on test cases, clear a bunch of warnings
fix test case regression due to missing parens
SonarCloud: fix minor codesmells
more precise timeout calculation (openembedded#633)
environment is meant as an override for sysconfig
Fix MacOS version test
Basic Thread Safety (openembedded#636)
fix ares_threadsafety() prototype
ares_init_options with ARES_OPT_UDP_PORT wrong byte order
fix doc typo
remove a simply
clang-format
add missing manpage to distribution list
1.23.0 release prep (openembedded#641)
Christian Clauss (2):
INSTALL.md: Fix typo (openembedded#630)
Fix typos discovered by codespell (openembedded#634)
Daniel Stenberg (1):
CI: codespell
Ignat (1):
Support attempts and timeout options from resolv.conf (openembedded#632)
petrvh (1):
ares_getaddrinfo(): do not use search domains if ARES_FLAG_NOSEARCH is set (openembedded#638)
Signed-off-by: Alex Kiernan <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
halstead
pushed a commit
that referenced
this issue
Dec 20, 2023
Use PACKAGE_BEFORE_PN which is designed to introduce packages before the
final greedy ${PN}.
Changes 1.24.0:
Brad House (28):
Nameserver parsing: replace another hand-written parser (#643)
clang-format
SonarCloud: silence bogus reported error
ares_init_options() with invalid options values should unset the option
Enable system extensions
try to move AC_USE_SYSTEM_EXTENSIONS
ares__round_up_pow2() work around bogus warning
silence openwatcom warning due to qcache_max_ttl being unsigned
Support ipv6 link-local servers and %iface syntax (#646)
Windows UBSAN tests (#649)
increment failures on timeout (#651)
SonarCloud: make const
enhance timeout test case
enhance timeout test case to make sure it will re-use a previously downed server
Rewrite sortlist hand parser for memory safety and bugs (#653)
Clean up some Windows-only warnings (#654)
clang-format and fix one warning
remove redundant cast
use IF_NAMESIZE instead of IFNAMSIZ to avoid warning
Use external GoogleTest instead of bundling it (#655)
remove dead code: bitncmp
remove dead code: ares_iphlpapi.h
Coverity: fix allocation size as reported in new code
tag some functions as deprecated in docs
reference alternative to ares_getsock() in docs
1.24.0 release prep (#657)
rand: allow fallback from OS (#661)
ares_cancel() could trigger callback with wrong response code (#663)
Changes 1.23.0:
Brad House (21):
Query Cache support (#625)
ares_set_servers_*() should allow an empty server list
Fix Windows UWP (Store) building and add to CI/CD (#627)
clang-format
cleanup some Windows warnings in test
fix additional windows test warnings
CMake: CXXFLAGS environment wasn't being read because C++ compiler was enabled after settings warnings.
now that warnings are enabled on test cases, clear a bunch of warnings
fix test case regression due to missing parens
SonarCloud: fix minor codesmells
more precise timeout calculation (#633)
environment is meant as an override for sysconfig
Fix MacOS version test
Basic Thread Safety (#636)
fix ares_threadsafety() prototype
ares_init_options with ARES_OPT_UDP_PORT wrong byte order
fix doc typo
remove a simply
clang-format
add missing manpage to distribution list
1.23.0 release prep (#641)
Christian Clauss (2):
INSTALL.md: Fix typo (#630)
Fix typos discovered by codespell (#634)
Daniel Stenberg (1):
CI: codespell
Ignat (1):
Support attempts and timeout options from resolv.conf (#632)
petrvh (1):
ares_getaddrinfo(): do not use search domains if ARES_FLAG_NOSEARCH is set (#638)
Signed-off-by: Alex Kiernan <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this issue
Jun 11, 2024
WirePlumber 0.5.3
~~~~~~~~~~~~~~~~~
Fixes:
- Fixed a long standing issue that would cause many device nodes to have
inconsistent naming, with a '.N' suffix (where N is a number >= 2) being
appended at seemingly random times (openembedded#500)
- Fixed an issue that would cause unavailable device profiles to be selected
if they were previously stored in the state file, sometimes requiring users
to manually remove the state file to get things working again (openembedded#613)
- Fixed an occasional crash that could sometimes be triggered by hovering
the volume icon on the KDE taskbar, and possibly other similar actions
(openembedded#628, !644)
- Fixed camera device deduplication logic when the same device is available
through both V4L2 and libcamera, and the libcamera one groups multiple V4L2
devices together (openembedded#623, !636)
- Fixed applying the default volume on streams that have no volume previously
stored in the state file (openembedded#655)
- Fixed an issue that would prevent some camera nodes - in some cases -
from being destroyed when the camera device is removed (openembedded#640)
- Fixed an issue that would cause video stream nodes to be linked with audio
smart filters, if smart audio filters were configured (!647)
- Fixed an issue that would cause WP to re-activate device profiles even
though they were already active (!639)
- Configuration files in standard JSON format (starting with a '{', among
other things) are now correctly parsed (openembedded#633)
- Fixed overriding non-container values when merging JSON objects (openembedded#653)
- Functions marked with WP_PRIVATE_API are now also marked as
non-introspectable in the gobject-introspection metadata (openembedded#599)
Improvements:
- Logging on the systemd journal now includes the log topic and also the log
level and location directly on the message string when the log level is
high enough, which is useful for gathering additional context in logs
submitted by users (!640)
- Added a video-only profile in wireplumber.conf, for systems where only
camera & screensharing are to be used (openembedded#652)
- Improved seat state monitoring so that Bluetooth devices are only enabled
when the user is active on a local seat, instead of allowing remote users
as well (!641)
- Improved how main filter nodes are detected for the smart filters (!642)
- Added Lua method to merge JSON containers (!637)
Signed-off-by: Markus Volk <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I am working Nodejs security fixes, all these fixes will be done on deps/openssl folder but openssl folder is not available in Nodejs source code it is deleting while source unpack.
Could any one please tell how can I apply security patches in deps/openssl.
Ex : CVE-2022-32222
https://security-tracker.debian.org/tracker/CVE-2022-32222
nodejs/node@a5fc2de
To fix this CVE I have to backport these commit changes to Nodejs v16 and fix path location is deps/openssl/openssl_common.gypi, but deps/openssl is itself deleting while unapck and I can not apply this patch .
Could any one please explain why deps folder is deleting while unpack and how I apply apply this CVE fix patch.
The text was updated successfully, but these errors were encountered: