Age | Commit message (Collapse) | Author |
|
c-ares version 1.18.1 - Oct 27 2021
Bug fixes:
ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses
rather than the sizeof(struct sockaddr_in6)
Conflicts:
meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e251d7b827d63277a36f1b8094d992303329b866)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.vom>
|
|
Current patch is breaking the library dependencies added by cmake
especially when you are static linking.
Applications need the ws2_32 library to be linked for mingw32
and with the existing patch this is not getting passed to the users.
Current patch seems to address this issue:
https://github.com/c-ares/c-ares/issues/373
Both issues are resolved in 1.17.2:
1.17.2-r0/git $ find . | grep c-ares-config.cmake.in
./c-ares-config.cmake.in
1.17.2-r0/git $ find . | grep libcares.pc.cmake
./libcares.pc.cmake
Conflicts:
meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 621bdc1993d2e8da08b9b240043dc13481cd644f)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.vom>
|
|
Conflicts:
meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c49173b09c998bb3893ae873f68823647f1a7e18)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.vom>
|
|
Forward port cmake-install-libcares.pc.patch, drop the need to install
pkgconfig files as its already being done by main Makefile
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Forward port cmake-install-libcares.pc.patch, drop the need to install
pkgconfig files as its already being done by main Makefile
Conflicts:
meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b65f2904191b8d309b3971d4e65c5e1701156b1c)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.vom>
|
|
This reverts commit b06724bc274f751004ade2ceeddfb8ec40d93f16.
Revert this CVE fix as we upgrade c-ares to 1.18.1
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.vom>
|
|
Stable security bug-fix release that fixes CVE-2021-4122.
ReleaseNotes:
https://kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.7-ReleaseNotes
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 5dca16b451abf80b1bfacfc533daf447ff4dad7c)
This is just the rename and SRC_URI hash updates made to apply
to dunfell.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
|
|
As per the below release note, it should be a last release for 12.x
stable LTS series.
Link: https://github.com/nodejs/node/releases/tag/v12.22.12
Remove CVE-2021-44532 fix as it already available in this release
v12.22.12
License-Update: src/gtest additional file in the LICENSE
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 92441f9d6a958c245a03f89ec44ef2c17dd6b0ee)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://github.com/ThomasDickey/xterm-snapshots/
MR: 115675
Type: Security Fix
Disposition: Backport from https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d
ChangeID: 6ad000b744527ae863187b570714792fc29467d9
Description:
CVE-2022-24130 xterm: Buffer overflow in set_sixel in graphics_sixel.c.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://git.openldap.org/openldap/openldap
MR: 117821
Type: Security Fix
Disposition: Backport from https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134
ChangeID: d534808c796600ca5994bcda28938d45405bc7b4
Description:
CVE-2022-29155 openldap: OpenLDAP SQL injection
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE: CVE-2021-21703 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
[Didn't apply cleanly, corrected.]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Set CVE_PRODUCT as 'iperf_project:iperf' for iperf2 and iperf3
recipes, cve-check class is setting default CVE_PRODUCT to
'iperf2' and 'iperf3' respectively which ignores the iperf
CVEs from NVD Database.
Reference:
CVE-2016-4303
Link: https://nvd.nist.gov/vuln/detail/CVE-2016-4303
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* hardknott and newer branches don't need this as upb repo was removed in:
commit 15cff67fd6cdb34e3621368fe9ce94a98356f27a
Author: Anatol Belski <anbelski@linux.microsoft.com>
Date: Fri Feb 19 12:39:55 2021 +0000
grpc: Upgrade 1.24.3 -> 1.35.0
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: mariadb.org
MR: 117530, 117522, 117514, 117506, 117497, 117489, 117481, 117473, 117465, 117457, 117449, 117380, 117364, 117356, 117336, 117212, 117204, 117196, 117180, 117188, 117169, 117161, 117441, 117372
Type: Security Fix
Disposition: Backport from mariagdb.org
ChangeID: 8bf787570ebe8503d2974af92e17b505e70440e5
Description:
LTS version, bug fix only.
Include these CVES:
CVE-2022-27458
CVE-2022-27457
CVE-2022-27456
CVE-2022-27455
CVE-2022-27452
CVE-2022-27451
CVE-2022-27449
CVE-2022-27448
CVE-2022-27447
CVE-2022-27446
CVE-2022-27445
CVE-2022-27444
CVE-2022-27387
CVE-2022-27386
CVE-2022-27385
CVE-2022-27384
CVE-2022-27383
CVE-2022-27382
CVE-2022-27381
CVE-2022-27380
CVE-2022-27379
CVE-2022-27378
CVE-2022-27377
CVE-2022-27376
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
master branch was renamed main on upstream project, so update the URI
Signed-off-by: Julien STEPHAN <jstephan@baylibre.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
master branch was renamed main, so update the URI
Signed-off-by: Julien STEPHAN <jstephan@baylibre.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Whitelist CVE-2020-27844 as it is introduced by
https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5
but the contents of this patch is not present in openjpeg_2.3.1
Link: https://security-tracker.debian.org/tracker/CVE-2020-27844
Whitelist CVE-2015-1239 as the CVE description clearly states that
j2k_read_ppm_v3 function in openjpeg is affected due to CVE-2015-1239
but in openjpeg_2.3.1 this function is not present.
Hence, CVE-2015-1239 does not affect openjpeg_2.3.1.
Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
kernel-module-overlay
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup
call, leading to a heap-based buffer over-read that might affect a system that
compiles untrusted Lua code.
https://nvd.nist.gov/vuln/detail/CVE-2022-28805
(From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e)
Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91e14d3a8e6e67267047473f5c449f266b44f354)
Signed-off-by: Omkar Patil <omkar.patil@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove duplicate code
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa22894fa352986a62c4530ad8facd8868b2e535)
[Fixup for Dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes
objcopy: Unable to recognise the format of the input file `build/opt/mongo/mongos'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Vincent Prince <vincent.prince.fr@gmail.com.com>
(cherry picked from commit e91940073af4e19cd18a09cd12aa381ff60fe54b)
[Fix up for Dunfell context:
also fixes Please add a conforming MONGO_VERSION=x.y.z[-extra] as an argument to SCons]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: Mariadb.org
MR: 115460, 115507, 1115549, 115549, 115488
Type: Security Fix
Disposition: Backport from mariadb.org
ChangeID: 722782cefa6805e907ee377a340f1b8bec174079
Description:
Bug fix only update, includes these CVES:
CVE-2021-46665
CVE-2021-46664
CVE-2021-46661
CVE-2021-46668
CVE-2021-46663
For more information see: https://mariadb.com/kb/en/mariadb-10424-release-notes/
drop mariadb/c11_atomics.patch as its include in the update.
drop mariadb/clang_version_header_conflict.patch different fix applied
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Commit 17e931e77 ("polkit: fix CVE-2021-3560") contains
- upstream commit a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
Commit 67ec3e049 ("polkit: Fix for CVE-2021-4115") contains both:
- upstream commit a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (CVE-2021-3560)
- upstream commit 41cb093f554da8772362654a128a84dd8a5542a7 (CVE-2021-4115)
Thus the fix for CVE-2021-3560 is applied twice, resulting in warnings
during do_patch. Curiously it neither fails nor complains about patch
already applied. Also devtool silently discards the duplicate patch.
Drop the duplicate patch, to resolve following warnings:
WARNING: polkit-0.116-r0 do_patch: Fuzz detected:
Applying patch 0001-GHSL-2021-074-authentication-bypass-vulnerability-in.patch
patching file src/polkit/polkitsystembusname.c
Hunk #1 succeeded at 438 with fuzz 2 (offset 3 lines).
Applying patch CVE-2021-4115.patch
patching file src/polkit/polkitsystembusname.c
Hunk #4 succeeded at 439 with fuzz 2.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The git repo for multipath-tools was changed, so update the
SRC_URI accordingly with the new link.
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
upgrading to next maintainence LTS version
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The commit 4fe018038f87 is in the main branch, so the do_fetch task failed.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b8bb7dc157b248802218fcf80215f80a6c7cd6f3)
[Fix up for Dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The branch was renamed in the upstream repository
Signed-off-by: Christian Ege <christian.ege@ifm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
master branch in imagemagick was renamed to main (https://github.com/ImageMagick/ImageMagick).
Similar change is already in master branch for version 7.0.10 (see 248739128389)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patch to fix below CVE:
CVE-2019-12973
CVE-2020-15389
CVE-2020-27814
CVE-2020-27823
CVE-2020-27824
CVE-2020-27841
CVE-2020-27842
CVE-2020-27843
CVE-2020-27845
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patch to fix CVE-2016-9296
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch [1] to fix CVE-2021-3560.
[1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Squashed together 6000f5a3b and 7f4f1ee71
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.vom>
|
|
a) use option 7z to build the lib7z.so library
This is needed for android-tools for building fastboot
from android-tools
b) Packaged the lib7z.so and codec libraries as a part of this recipe
Fastboot RDepends on it lib7z.so
c) Fixed a C++17 forbidden error when lib7z.so is built
fixes the below error
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)':
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17
| 308 | numMethods++;
| | ^~~~~~~~~~
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17
| 318 | numMethods++;
Signed-off-by: Nisha Parrakat <Nisha.Parrakat@kpit.com>
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Akash Hadke <Akash.Hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
(cherry picked from commit 3c36a8efe2a964c3aa9bfcd836cee3f80a837fcd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The master branch has been renamed to main in the github repo.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Applying patch CVE-2021-22570.patch
patching file src/google/protobuf/descriptor.cc
Hunk #1 succeeded at 2603 with fuzz 1 (offset -23 lines).
Hunk #2 succeeded at 2817 with fuzz 1 (offset -14 lines).
Hunk #3 succeeded at 4006 (offset -17 lines).
Hunk #4 succeeded at 4050 (offset -18 lines).
Hunk #5 succeeded at 4368 (offset -18 lines).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patch to fix CVE-2021-4115
Also, add a support patch to cleanly apply CVE patch
Link: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/109
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix CVE-2021-22570.
Link: https://koji.fedoraproject.org/koji/buildinfo?buildID=1916865
Link: https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch
Remove first and second hunk because the second argument in
InsertIfNotPresent() function is of type const char* const& but the
first and second hunk makes the type of second argument as const string
which is not compatible with the type of second argument in
InsertIfNotPresent().
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Without the udevrules cryptsetup luksOpen will be hanging with "Udev
cookie 0xd4de0f6 (semid 5) waiting for zero".
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 60b33e376b2331cd20950f0745336397790d2201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 32f1d758a14bba35d67a75778ae747f1ff5c5482)
[Minor fixup for Dunfell]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The `dot` tool requires to be run once after installation in order to
create its configuration file.
The do_prepare_recipe_sysroot task uses do_populate_sysroot in order to
prepare the recipe-sysroot-native. Package postinstall scripts are not
executed for -native packages, but files under ${BINDIR}/postinst-* are.
This is quite the same as graphviz-setup.sh does for nativesdk. The
general idea has been taken from
OECORE/meta/classes/pixbufcache.bbclass.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add a patch to fix CVE-2022-22747
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patch to fix CVE-2021-44532
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes CVE-2021-3570 and CVE-2021-3571
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patch to fix CVE-2018-5996
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patch to fix CVE-2021-3802
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The missing `return` statement leads to a `SIGABRT`.
Signed-off-by: Leif Middelschulte <Leif.Middelschulte@klsmartin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 77479e1c9b7bffb6ad89ae68f80605ad1c65ea75)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
handling of argument vector
Upstream-Status: Backport
CVE: CVE-2021-4034
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|