| Age | Commit message (Collapse) | Author |
|---|
|
* fixes:
| WARNING: Unable to execute waf --version, exit code 1. Assuming waf version without bindir/libdir support.
| DEBUG: Python function waf_preconfigure finished
| DEBUG: Executing shell function do_configure
| Traceback (most recent call last):
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/./waf", line 163, in <module>
| from waflib import Scripting
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 6, in <module>
| from waflib import Utils,Configure,Logs,Options,ConfigSet,Context,Errors,Build,Node
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Configure.py", line 6, in <module>
| from waflib import ConfigSet,Utils,Options,Logs,Context,Build,Errors
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Options.py", line 6, in <module>
| from waflib import Logs,Utils,Context,Errors
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Context.py", line 5, in <module>
| import os,re,imp,sys
| ModuleNotFoundError: No module named 'imp'
| WARNING: /OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/temp/run.do_configure.1263276:146 exit 1 from 'waf_do_configure'
* this first issue can be fixed easily by backporting:
https://gitlab.com/ita1024/waf/-/commit/d2060dfd8af4edb5824153ff24e207b39ecd67a2
* but then it still fails a bit later, because of SyntaxWarning in waf --version
output:
ERROR: glmark2-2021.12-r0 do_configure: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:waf_preconfigure(d)
0003:
File: '/OE/build/luneos-kirkstone/openembedded-core/meta/classes/waf.bbclass', lineno: 52, function: waf_preconfigure
0048: wafbin = os.path.join(subsrcdir, 'waf')
0049: try:
0050: result = subprocess.check_output([python, wafbin, '--version'], cwd=subsrcdir, stderr=subprocess.STDOUT)
0051: version = result.decode('utf-8').split()[1]
*** 0052: if bb.utils.vercmp_string_op(version, "1.8.7", ">="):
0053: d.setVar("WAF_EXTRA_CONF", "--bindir=${bindir} --libdir=${libdir}")
0054: except subprocess.CalledProcessError as e:
0055: bb.warn("Unable to execute waf --version, exit code %d. Assuming waf version without bindir/libdir support." % e.returncode)
0056: except FileNotFoundError:
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 148, function: vercmp_string_op
0144: Compare two versions and check if the specified comparison operator matches the result of the comparison.
0145: This function is fairly liberal about what operators it will accept since there are a variety of styles
0146: depending on the context.
0147: """
*** 0148: res = vercmp_string(a, b)
0149: if op in ('=', '=='):
0150: return res == 0
0151: elif op == '<=':
0152: return res <= 0
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 138, function: vercmp_string
0134: return r
0135:
0136:def vercmp_string(a, b):
0137: """ Split version strings and compare them """
*** 0138: ta = split_version(a)
0139: tb = split_version(b)
0140: return vercmp(ta, tb)
0141:
0142:def vercmp_string_op(a, b, op):
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 89, function: split_version
0085: """Split a version string into its constituent parts (PE, PV, PR)"""
0086: s = s.strip(" <>=")
0087: e = 0
0088: if s.count(':'):
*** 0089: e = int(s.split(":")[0])
0090: s = s.split(":")[1]
0091: r = ""
0092: if s.count('-'):
0093: r = s.rsplit("-", 1)[1]
Exception: ValueError: invalid literal for int() with base 10: 'SyntaxWarning'
ERROR: Logfile of failure stored in: /OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/temp/log.do_configure.1264918
so it's safer to just use python3-native everywhere, instead of more patches for waf
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
the repo of libbytesize doesn't have a branch named master. Change
the branch from master to main.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c
and /elf/elf.c, which allows the attacker to cause a denial of service via a
crafted file.
References:
https://github.com/yasm/yasm/issues/233
https://nvd.nist.gov/vuln/detail/CVE-2023-37732
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 41fffef6b044b2722aa13f7e7648a3f848231851)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2023-5868:
postgresql: Compute aggregate argument types correctly in
transformAggregateCall()
CVE-2023-5869:
postgresql: Detect integer overflow while computing new
array dimensions
CVE-2023-5870:
postgresql: Ban role pg_signal_backend from more superuser
backend types.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-5868
https://nvd.nist.gov/vuln/detail/CVE-2023-5869
https://nvd.nist.gov/vuln/detail/CVE-2023-5870
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Reduces the impact of HTTP/2 Stream Reset flooding in the nginx product
(CVE-2023-44487).
See: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
This patch only reduces the impact and does not completely mitigate the CVE
in question, the latter being due to a design flaw in the HTTP/2 protocol
itself. For transparancy reasons I therefore opted to not mark the
CVE as resolved, so that integrators can decide for themselves, wheither to
enable HTTP/2 support or allow HTTP/1.1 connections only.
Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Branch "master" has been renamed to "main".
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A vulnerability was discovered in Samba, where the flaw allows SMB clients to
truncate files, even with read-only permissions when the Samba VFS module
"acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB
protocol allows opening files when the client requests read-only access but
then implicitly truncates the opened file to 0 bytes if the client specifies
a separate OVERWRITE create disposition request. The issue arises in configurations
that bypass kernel file system permissions checks, relying solely on Samba's permissions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4091
Fix is patched to the function call smbd_check_access_rights_fsp() of open_file(),
But in samba_4.14.14 smbd_check_access_rights() is used, from samba_4.15.0 onwards
smbd_check_access_rights() was replaced with smbd_check_access_rights_fsp() and
samba_4.14.14 is still vulnerable through smbd_check_access_rights().
Ref:
https://github.com/samba-team/samba/commit/3f61369d153419158c0f223e6f81c0bb07275833
https://github.com/samba-team/samba/commit/26dc10bdb2cff3eece4a2874931b4058f9f87d68
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Update ptest path to run sdbus-c++ ptest
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport the below CVE fixes.
CVE-2023-38406: https://security-tracker.debian.org/tracker/CVE-2023-38406
CVE-2023-38407: https://security-tracker.debian.org/tracker/CVE-2023-38407
CVE-2023-46752: https://security-tracker.debian.org/tracker/CVE-2023-46752
CVE-2023-46753: https://security-tracker.debian.org/tracker/CVE-2023-46753
CVE-2023-47234: https://security-tracker.debian.org/tracker/CVE-2023-47234
CVE-2023-47235: https://security-tracker.debian.org/tracker/CVE-2023-47235
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
According to http://nginx.org/en/CHANGES nginx supports the openssl 3.x
component only from version 1.21.2. In Kirstone openssl 3.x is included but
all provided versions of nginx are older, so there is currently an
incompatibility. With this patch this incompatibility get removed.
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d4aa17dc436beb96a804860bc6d18cf72283709e)
Backport:
* Adapted paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
python-native is not provided by meta-python anymore and this is clearly
a python3 recipe.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9962d57f7c235873de0a0bb192b5f56747762fc7)
Backport:
* Updated paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is needed to be able to build mosquitto-native.
The dependency on libcap when building for native is needed because
cmake will pick up the existence of libcap from the host, but then the
build fails if it is not available in the sysroot. Unfortunately, there
does not seem to be any way to explicitly tell cmake to not build with
libcap.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c083e0569ad80d11b4f5cfdfa89acdd4264d8152)
Backported: Updated paths to follow PV changes.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
"mozjs" does not exist but "mozjs-91" does.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1b332f2eff7df2336ff87917cd48249edf763a2)
Backport: Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 79e0a9d237343ad0af0a40128494155ccaa131ec)
Backported:
* Adapted paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
python3-beautifulsoup4 does depend on python3-soupsieve but
python3-soupsieve does not depend on python3-beautifulsoup4.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Fetch the test data during do_fetch phase to avoid internet access
during test as some tests need test data.
# ./run-ptest
PASS: test-algorithms
PASS: test-allocator
PASS: test-alt-string
PASS: test-assert_macro
PASS: test-bson
PASS: test-byte_container_with_subtype
PASS: test-capacity
PASS: test-cbor
PASS: test-class_const_iterator
PASS: test-class_iterator
PASS: test-class_lexer
PASS: test-class_parser
PASS: test-comparison
PASS: test-concepts
PASS: test-constructor1
PASS: test-constructor2
PASS: test-convenience
PASS: test-conversions
PASS: test-conversions_cpp17
PASS: test-deserialization
PASS: test-diagnostics
PASS: test-disabled_exceptions
PASS: test-element_access1
PASS: test-element_access2
PASS: test-hash
PASS: test-inspection
PASS: test-items
PASS: test-items_cpp17
PASS: test-iterators1
PASS: test-iterators2
PASS: test-json_patch
PASS: test-json_pointer
PASS: test-large_json
PASS: test-merge_patch
PASS: test-meta
PASS: test-modifiers
PASS: test-msgpack
PASS: test-noexcept
PASS: test-ordered_json
PASS: test-ordered_map
PASS: test-pointer_access
PASS: test-readme
PASS: test-reference_access
PASS: test-regression1
PASS: test-regression1_cpp17
PASS: test-regression2
PASS: test-regression2_cpp17
PASS: test-serialization
PASS: test-testsuites
PASS: test-to_chars
PASS: test-ubjson
PASS: test-udt
PASS: test-udt_macro
PASS: test-unicode1
PASS: test-unicode2
PASS: test-unicode3
PASS: test-unicode4
PASS: test-unicode5
PASS: test-user_defined_input
PASS: test-wstring
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This upgrade incorporates the CVE-2023-46316 fix and other bug fixes.
Changelog:
----------
- Interpret ipv4-mapped ipv6 addresses (::ffff:A.B.C.D) as true ipv4.
- Return back more robast poll(2) loop handling.
- Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1 (Eric Dumazet, SF bug #14)
- Fix command line parsing in wrappers.
References:
https://security-tracker.debian.org/tracker/CVE-2023-46316
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2022-3968 & CVE-2023-43291 apply to the other "emlog" and can be
safely ignored.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is 0.70 release with few more commits on top.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 08edc0b6ace0d04688a5617cf05546a7b8ba6cca)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A flaw was found in open-vm-tools. This flaw allows a malicious actor that
has been granted Guest Operation Privileges in a target virtual machine to
elevate their privileges if that target virtual machine has been assigned
a more privileged Guest Alias.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-34058
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
[minor fixup]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A malicious actor that has been granted Guest Operation Privileges
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID
-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine
may be able to elevate their privileges if that target virtual machine
has been assigned a more privileged Guest Alias https://vdc-download.
vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31
e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-20900
https://security-tracker.debian.org/tracker/CVE-2023-20900
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
[Minor fixup]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace
in indent.c via a crafted file.
Reference:
https://savannah.gnu.org/bugs/index.php?64503
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* it was removed in:
https://git.openembedded.org/meta-openembedded/commit/?id=deb11a823c32d4090b3724a589641810e06df6bc
* but still needed as shown in world build without x11 in DISTRO_FEATURES:
ERROR: Nothing RPROVIDES 'projucer' (but /OE/build/luneos-nanbield/meta-openembedded/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb RDEPENDS on or otherwise requires it)
projucer was skipped: missing required distro feature 'x11' (not in DISTRO_FEATURES)
NOTE: Runtime target 'projucer' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['projucer']
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites
* Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH
* Includes aesce compilation fixes
Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
The extra patch fixes x86 32-bit builds.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
meta-oe master branch already made this change.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
meta-oe master already made this change along with others. Update the branchname
to match upstream repository changes to allow fetching to continue to work.
Drop unneeded duplicate semicolon too.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes:
Rejected zero-sized runs
Avoided merging runlists with no runs
Fix CVE-2022-40284
Dunfell and master both have latest version of ntfs-3g-ntfsprogs
2022.10.3. Therefore, upgrade the version on kirkstone too.
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5d5e8854718dab02c2737e3faf288f830a514841)
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This release includes security fix for CVE-2023-43615.
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
[Minor tweak to get it to apply]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Support --with-http_xslt_module configure option via a PACKAGECONFIG
option. The option is not added to the defaults.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e0ac8eec48ddddc93751cfcdef2557998bfe91c8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
As mbedtls installs this rather generically-named /usr/bin/hello binary,
it conflicts with the one provided by lmbench, hence set it up as an
alternative to avoid conflicts when both are installed to rootfs or SDK.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add two patches from Debian, pull requests proposed upstream as 2894 and 2895
to make it start only when board is online, and to fix dynamic websockets link failure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix for CVE-2023-28366, CVE-2023-0809, CVE-2023-3592
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
logging system
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
An issue in Gevent Gevent before version 23.9.1 allows a remote attacker
to escalate privileges via a crafted script to the WSGIServer component.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-41419
https://github.com/advisories/GHSA-x7m3-jprg-wc5g
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A fully compromised ESXi host can force VMware Tools to
fail to authenticate host-to-guest operations, impacting
the confidentiality and integrity of the guest virtual machine.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol,
Samba discloses the server-side absolute path of shares, files, and directories in the
results for search queries. This flaw allows a malicious client or an attacker with a
targeted RPC request to view the information that is part of the disclosed path.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The delta between 4.2.3 and 4.2.5 contains the CVE-2023-41164 fix
and other bugfixes. git log --oneline 4.2.3..4.2.5 shows:
b8b2f74512 (tag: 4.2.5) [4.2.x] Bumped version for 4.2.5 release.
9c51b4dcfa [4.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri().
acfb427522 [4.2.x] Fixed #34803 -- Fixed queryset crash when filtering againts deeply nested OuterRef annotations.
55a0b9c32e [4.2.x] Added stub release notes and release date for 4.2.5, 4.1.11, and 3.2.21.
8e8c318449 [4.2.x] Avoided counting exceptions in AsyncClient docs.
dcb9d7a0e4 [4.2.x] Improved formset docs by using a set instead of a list in the custom validation example.
f55b420277 [4.2.x] Fixed #34781 -- Updated logging ref docs for django.server's request extra context value.
46b2b08e45 [4.2.x] Fixed #34779 -- Avoided unnecessary selection of non-nullable m2m fields without natural keys during serialization.
d34db6602e [4.2.x] Fixed #34773 -- Fixed syncing DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings with STORAGES.
a22aeef555 [4.2.x] Fixed #15799 -- Doc'd that Storage._open() should raise FileNotFoundError when file doesn't exist.
936afc2deb [4.2.x] Refs #34754 -- Added missing FullResultSet import.
3a1863319c [4.2.x] Fixed #34754 -- Fixed JSONField check constraints validation on NULL values.
951dcbb2e6 [4.2.x] Fixed #34756 -- Fixed docs HTML build on Sphinx 7.1+.
a750fd0d7f [4.2.x] Added stub release notes for 4.2.5.
a56c46642d [4.2.x] Post-release version bump.
6f4c7c124a (tag: 4.2.4) [4.2.x] Bumped version for 4.2.4 release.
e53d6239df [4.2.x] Added release date for 4.2.4.
8808d9da6b [4.2.x] Fixed #34750 -- Fixed QuerySet.count() when grouping by unused multi-valued annotations.
2ef2b2ffc0 [4.2.x] Corrected pycon formatting in some docs.
8db9a0b5a0 [4.2.x] Fixed warnings per flake8 6.1.0.
739da73164 [4.2.x] Fixed #34748 -- Fixed queryset crash when grouping by a reference in a subquery.
a52a2b6678 [4.2.x] Fixed #34749 -- Corrected QuerySet.acreate() signature in docs.
12ebd9a1ac [4.2.x] Refs #34712 -- Doc'd that defining STORAGES overrides the default configuration.
1f9d00ef9f [4.2.x] Added missing backticks in docs.
c99d935600 [4.2.x] Fixed typo in docs/ref/models/querysets.txt.
da92a971a0 [4.2.x] Refs #30052 -- Clarified that defer() and only() do not work with aggregated fields.
7a67b065d7 [4.2.x] Fixed #34717 -- Fixed QuerySet.aggregate() crash when referencing window functions.
c646412a75 Added reference to TypedChoiceField in ChoiceField docs.
f474ba4cb5 [4.2.x] Fixed #34309 -- Doc'd how to fully delete an app.
e54f711d42 [4.2.x] Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs regarding safe and unsafe usages.
047844270b [4.2.x] Added stub release notes for 4.2.4.
Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.5/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The delta between 3.2.20 and 3.2.21 contains the CVE-2023-41164 fix
and other bugfixes. git log --oneline 3.2.20..3.2.21 shows:
fd0ccd7fb3 (tag: 3.2.21) [3.2.x] Bumped version for 3.2.21 release.
6f030b1149 [3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri().
73350a6369 [3.2.x] Added stub release notes for 3.2.21.
75418f8c0e [3.2.x] Fixed #34756 -- Fixed docs HTML build on Sphinx 7.1+.
848fe70f3e [3.2.x] Added CVE-2023-36053 to security archive.
4012a87a58 [3.2.x] Post-release version bump.
Release Notes: https://docs.djangoproject.com/en/dev/releases/3.2.21/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In Django 3.2 before 3.2.21, 4 before 4.1.11, and 4.2 before 4.2.5,
``django.utils.encoding.uri_to_iri()`` was subject to potential denial
of service attack via certain inputs with a very large number of Unicode
characters.
Since, there is no ptest available for python3-django so have not
tested the patch changes at runtime.
References:
https://security-tracker.debian.org/tracker/CVE-2023-41164
https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- The c-ares commit https://github.com/c-ares/c-ares/commit/9903253c347f
(Add str len check in config_sortlist to avoid stack overflow),
fixes the CVE-2022-4904 instead of CVE-2022-4415
https://security-tracker.debian.org/tracker/CVE-2022-4904
- CVE-ID inside the CVE-2022-4904.patch is wrong
in the OE commit[092e125f44f6]
- Hence corrected the CVE-ID in CVE-2022-4904.patch
Signed-off-by: Shinu Chandran <shinucha@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Martin Jansa
Wentao Zhang
Soumya
vkumbhar
Yogita Urade
Jasper Orschulko
Christian Eggers
Archana Polampalli
Poonam Jadhav
Narpat Mali
Michael Haener
Richard Purdie
Yoann Congal
Peter Kjellerstedt
Mingli Yu
Khem Raj
Beniamin Sandu
Omkar Patil
Yi Zhao
Joe Slater
Denys Dmytriyenko
Gianfranco Costamagna
Wang Mingyu
Meenali Gupta
Shinu Chandran