Age | Commit message (Collapse) | Author |
|
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
There is a heap buffer overflow in DumpScreen2RGB() in gif2rgb.c. This
occurs when a crafted gif file, where size of color table is < 256 but
image data contains pixels with color code highier than size of color
table. This causes oferflow of ColorMap->Colors array.
Fix the issue by checking if value of each pixel is within bounds of
given color table. If the value is out of color table, print error
message and exit.
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
bat-format-pretty hardcoded the lib folder that cause it reports
missing formatter.bash error when multilib is enabled.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE fixed:
- CVE-2023-40359 xterm: ReGIS reporting for character-set names containing characters other than alphanumerics or underscore
Upstream-Status: Backport from https://github.com/ThomasDickey/xterm-snapshots/commit/41ba5cf31da5e43477811b28009d64d3f643fd29
Note: The CVE patch is part of minor version-up and is extracted from the snapshot of xterm-379c.
Documentation of the commit shows 2 different overflows being fixed and hence the fix was extracted from the commit.
Signed-off-by: Rohini Sangam <rsangam@mvista.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
iniparser v4.1 is vulnerable to NULL Pointer Dereference
in function iniparser_getlongint which misses check NULL
for function iniparser_getstring's return.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-33461
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
An out-of-bounds stack write flaw was found in unixODBC on 64-bit
architectures where the caller has 4 bytes and callee writes 8 bytes.
This issue may go unnoticed on little-endian architectures, while
big-endian architectures can be broken.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-1013
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upstream-Status: Backport from https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
c-ares is a C library for asynchronous DNS requests.
`ares__read_line()` is used to parse local configuration
files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`,
the `HOSTALIASES` file, and if using a c-ares version
prior to 1.27.0, the `/etc/hosts` file. If any of these
configuration files has an embedded `NULL` character as
the first character in a new line, it can lead to
attempting to read memory prior to the start of the given
buffer which may result in a crash. This issue is fixed
in c-ares 1.27.0. No known workarounds exist.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-25629
https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
https://security-tracker.debian.org/tracker/CVE-2024-25629
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Download and unpack contrib modules and other repositories in S instead
of WORKDIR so they don't escape file-prefix-map substitutions.
Fixes a number of reproducibility problems because of OpenCV check
macros that were embedding path to files in contrib/.
MJ: this is backport from langdale and fixes not only reproducibility
issues but also pseudo aborts in do_install when do_install
is executed again after do_package (in incremental builds):
| DEBUG: Executing shell function do_install
| NOTE: DESTDIR=opencv/4.5.5-r0/image VERBOSE=1 cmake --build opencv/4.5.5-r0/build --target install --
| abort()ing pseudo client by server request. See https://wiki.yoctoproject.org/wiki/Pseudo_Abort for more details on this.
| Check logfile: opencv/4.5.5-r0/pseudo//pseudo.log
| Subprocess aborted
and pseudo.log file shows:
path mismatch [3 links]: ino 214373575 db 'opencv/4.5.5-r0/package/usr/src/debug/lib32-opencv/4.5.5-r0/contrib/modules/intensity_transform/src/bimef.cpp' req 'opencv/4.5.5-r0/contrib/modules/intensity_transform/src/bimef.cpp'.
easily reproducible with:
bitbake -c cleansstate opencv; bitbake -c package opencv; bitbake -c install -f opencv
unlike ${S} ${WORKDIR}/contrib isn't in default PSEUDO_IGNORE_PATHS
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Addresses CVEs and other bug fixes. Remove patches that are fixed
in this release. Release notes are available at:
https://www.postgresql.org/docs/release/14.10/
https://www.postgresql.org/docs/release/14.11/
0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for new version.
License-Update: Copyright year updated
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file.
NOTE: exploitability may be uncommon because this file is typically owned by root.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Vulnerability in the MySQL Server product of Oracle MySQL
(component: InnoDB). Supported versions that are affected
are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily
exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. CVSS 3.1
Base Score 4.9 (Availability impacts).
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-22084
https://security-tracker.debian.org/tracker/CVE-2023-22084
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Set CVE_PRODUCT to 'node.js' for nodjs recipe
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
with make 4.4, linuxptp do_compile will failed with error:
In file included from clock.c:35:
missing.h:61:9: error: redeclaration of enumerator 'HWTSTAMP_TX_ONESTEP_P2P'
61 | HWTSTAMP_TX_ONESTEP_P2P = 3,
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from clock.c:21:
/buildarea2/WRLCD_Regression/Rerun/build_dir/11201532-build_scp_world_Feature_Test/qemux86-64-standard-std-OE/build/tmp-glibc/work/core2-64-wrs-linux/linuxptp/3.1.1-r0/recipe-sysroot/usr/include/linux/net_tstamp.h:128:9: note: previous definition of 'HWTSTAMP_TX_ONESTEP_P2P' with type 'enum hwtstamp_tx_types'
128 | HWTSTAMP_TX_ONESTEP_P2P,
|
Following change of make 4.4 changes behavior of shell function:
* WARNING: Backward-incompatibility!
Previously makefile variables marked as export were not exported to commands
started by the $(shell ...) function. Now, all exported variables are
exported to $(shell ...).
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport of commit 05c1003c4 ("linuxptp: fix do_compile error").
This is present in dunfell/kirkstone as well. If net_tstamp.h of the
build host disagrees with net_tstamp.h of the OE kernel or I remove
the build host's net_tstamp.h do_compile fails.
Changed Upstream Status to Backport with the git sha as the commit is
now applied upstream.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upstream-Status: Backport
[https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c
&
https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd
&
https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
old tarballs disappear from main location, use a backup location to
fetch it in such cases.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Backported from Nanbield
(cherry-picked from commit 8d34444c749a466f35445fd4c2212b3fbdb8d844)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patch file to fix CVE
Upstream-Status: Backport[https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patch file to fix CVE
Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/940e8bc764047c873f88bb1396933a5368d03533]
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2023-32726:
The vulnerability is caused by improper check for check
if RDLENGTH does not overflow the buffer in response
from DNS server.
CVE-2023-32727:
An attacker who has the privilege to configure Zabbix
items can use function icmpping() with additional
malicious command inside it to execute arbitrary code
on the current Zabbix server.
Refernces:
https://nvd.nist.gov/vuln/detail/CVE-2023-32726
https://security-tracker.debian.org/tracker/CVE-2023-32726
https://nvd.nist.gov/vuln/detail/CVE-2023-32727
https://security-tracker.debian.org/tracker/CVE-2023-32727
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The libdevmapper recipe don't provide any package and is only
there to resolve circular dependencies [1].
We already have the libdevmapper PREFERRED_RPROVIDER but the native
it's missing.
Fixes:
| NOTE: Multiple providers are available for runtime libdevmapper-native (libdevmapper-native, lvm2-native)
| Consider defining a PREFERRED_RPROVIDER entry to match libdevmapper-native
[1] https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/lvm2?id=3f64779eae2d8312f569bee863f90ec4f8176e6c
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5996
https://nvd.nist.gov/vuln/detail/CVE-2016-9296
Upstream patches:
https://sources.debian.org/data/non-free/p/p7zip-rar/16.02-3/debian/patches/06-CVE-2018-5996.patch
https://snapshot.debian.org/archive/debian-debug/20180205T215659Z/pool/main/p/p7zip/p7zip_16.02%2Bdfsg-6.debian.tar.xz
Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The following CVEs are addressed in this release.
CVE-2023-50471
CVE-2023-50472
https://github.com/DaveGamble/cJSON/releases/tag/v1.7.17
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
An unintentional breakage was made upstream in sip4 which results
in builds reporting: QtCoremod.sip:23: syntax error
This was reported in Debian, but not resolved:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998605
A backport of a fix from the upstream project fixes the parser to
prevent it from complaining about the syntax error.
Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add the destdir option to ensure that sipconfig.py gets installed to the
site-packages directory and included in python3-sip3.
Remove references to the build paths from sipconfig.py as part of the
install stage. One may then prepend STAGING_DIR_NATIVE to sip_bin and
STAGING_DIR_TARGET to *_dir in any recipe that uses sipconfig.py.
Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* fixes:
| WARNING: Unable to execute waf --version, exit code 1. Assuming waf version without bindir/libdir support.
| DEBUG: Python function waf_preconfigure finished
| DEBUG: Executing shell function do_configure
| Traceback (most recent call last):
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/./waf", line 163, in <module>
| from waflib import Scripting
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 6, in <module>
| from waflib import Utils,Configure,Logs,Options,ConfigSet,Context,Errors,Build,Node
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Configure.py", line 6, in <module>
| from waflib import ConfigSet,Utils,Options,Logs,Context,Build,Errors
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Options.py", line 6, in <module>
| from waflib import Logs,Utils,Context,Errors
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Context.py", line 5, in <module>
| import os,re,imp,sys
| ModuleNotFoundError: No module named 'imp'
| WARNING: /OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/temp/run.do_configure.1263276:146 exit 1 from 'waf_do_configure'
* this first issue can be fixed easily by backporting:
https://gitlab.com/ita1024/waf/-/commit/d2060dfd8af4edb5824153ff24e207b39ecd67a2
* but then it still fails a bit later, because of SyntaxWarning in waf --version
output:
ERROR: glmark2-2021.12-r0 do_configure: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:waf_preconfigure(d)
0003:
File: '/OE/build/luneos-kirkstone/openembedded-core/meta/classes/waf.bbclass', lineno: 52, function: waf_preconfigure
0048: wafbin = os.path.join(subsrcdir, 'waf')
0049: try:
0050: result = subprocess.check_output([python, wafbin, '--version'], cwd=subsrcdir, stderr=subprocess.STDOUT)
0051: version = result.decode('utf-8').split()[1]
*** 0052: if bb.utils.vercmp_string_op(version, "1.8.7", ">="):
0053: d.setVar("WAF_EXTRA_CONF", "--bindir=${bindir} --libdir=${libdir}")
0054: except subprocess.CalledProcessError as e:
0055: bb.warn("Unable to execute waf --version, exit code %d. Assuming waf version without bindir/libdir support." % e.returncode)
0056: except FileNotFoundError:
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 148, function: vercmp_string_op
0144: Compare two versions and check if the specified comparison operator matches the result of the comparison.
0145: This function is fairly liberal about what operators it will accept since there are a variety of styles
0146: depending on the context.
0147: """
*** 0148: res = vercmp_string(a, b)
0149: if op in ('=', '=='):
0150: return res == 0
0151: elif op == '<=':
0152: return res <= 0
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 138, function: vercmp_string
0134: return r
0135:
0136:def vercmp_string(a, b):
0137: """ Split version strings and compare them """
*** 0138: ta = split_version(a)
0139: tb = split_version(b)
0140: return vercmp(ta, tb)
0141:
0142:def vercmp_string_op(a, b, op):
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 89, function: split_version
0085: """Split a version string into its constituent parts (PE, PV, PR)"""
0086: s = s.strip(" <>=")
0087: e = 0
0088: if s.count(':'):
*** 0089: e = int(s.split(":")[0])
0090: s = s.split(":")[1]
0091: r = ""
0092: if s.count('-'):
0093: r = s.rsplit("-", 1)[1]
Exception: ValueError: invalid literal for int() with base 10: 'SyntaxWarning'
ERROR: Logfile of failure stored in: /OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/temp/log.do_configure.1264918
so it's safer to just use python3-native everywhere, instead of more patches for waf
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
the repo of libbytesize doesn't have a branch named master. Change
the branch from master to main.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c
and /elf/elf.c, which allows the attacker to cause a denial of service via a
crafted file.
References:
https://github.com/yasm/yasm/issues/233
https://nvd.nist.gov/vuln/detail/CVE-2023-37732
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 41fffef6b044b2722aa13f7e7648a3f848231851)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2023-5868:
postgresql: Compute aggregate argument types correctly in
transformAggregateCall()
CVE-2023-5869:
postgresql: Detect integer overflow while computing new
array dimensions
CVE-2023-5870:
postgresql: Ban role pg_signal_backend from more superuser
backend types.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-5868
https://nvd.nist.gov/vuln/detail/CVE-2023-5869
https://nvd.nist.gov/vuln/detail/CVE-2023-5870
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Update ptest path to run sdbus-c++ ptest
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9962d57f7c235873de0a0bb192b5f56747762fc7)
Backport:
* Updated paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is needed to be able to build mosquitto-native.
The dependency on libcap when building for native is needed because
cmake will pick up the existence of libcap from the host, but then the
build fails if it is not available in the sysroot. Unfortunately, there
does not seem to be any way to explicitly tell cmake to not build with
libcap.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c083e0569ad80d11b4f5cfdfa89acdd4264d8152)
Backported: Updated paths to follow PV changes.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
"mozjs" does not exist but "mozjs-91" does.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Fetch the test data during do_fetch phase to avoid internet access
during test as some tests need test data.
# ./run-ptest
PASS: test-algorithms
PASS: test-allocator
PASS: test-alt-string
PASS: test-assert_macro
PASS: test-bson
PASS: test-byte_container_with_subtype
PASS: test-capacity
PASS: test-cbor
PASS: test-class_const_iterator
PASS: test-class_iterator
PASS: test-class_lexer
PASS: test-class_parser
PASS: test-comparison
PASS: test-concepts
PASS: test-constructor1
PASS: test-constructor2
PASS: test-convenience
PASS: test-conversions
PASS: test-conversions_cpp17
PASS: test-deserialization
PASS: test-diagnostics
PASS: test-disabled_exceptions
PASS: test-element_access1
PASS: test-element_access2
PASS: test-hash
PASS: test-inspection
PASS: test-items
PASS: test-items_cpp17
PASS: test-iterators1
PASS: test-iterators2
PASS: test-json_patch
PASS: test-json_pointer
PASS: test-large_json
PASS: test-merge_patch
PASS: test-meta
PASS: test-modifiers
PASS: test-msgpack
PASS: test-noexcept
PASS: test-ordered_json
PASS: test-ordered_map
PASS: test-pointer_access
PASS: test-readme
PASS: test-reference_access
PASS: test-regression1
PASS: test-regression1_cpp17
PASS: test-regression2
PASS: test-regression2_cpp17
PASS: test-serialization
PASS: test-testsuites
PASS: test-to_chars
PASS: test-ubjson
PASS: test-udt
PASS: test-udt_macro
PASS: test-unicode1
PASS: test-unicode2
PASS: test-unicode3
PASS: test-unicode4
PASS: test-unicode5
PASS: test-user_defined_input
PASS: test-wstring
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2022-3968 & CVE-2023-43291 apply to the other "emlog" and can be
safely ignored.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is 0.70 release with few more commits on top.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 08edc0b6ace0d04688a5617cf05546a7b8ba6cca)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace
in indent.c via a crafted file.
Reference:
https://savannah.gnu.org/bugs/index.php?64503
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
meta-oe master branch already made this change.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- The c-ares commit https://github.com/c-ares/c-ares/commit/9903253c347f
(Add str len check in config_sortlist to avoid stack overflow),
fixes the CVE-2022-4904 instead of CVE-2022-4415
https://security-tracker.debian.org/tracker/CVE-2022-4904
- CVE-ID inside the CVE-2022-4904.patch is wrong
in the OE commit[092e125f44f6]
- Hence corrected the CVE-ID in CVE-2022-4904.patch
Signed-off-by: Shinu Chandran <shinucha@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
2.5.x is an LTS version per the project.
Drop patch now included.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
helps it compiling on on different openGL implementations which may not
implement fulll openGL specs
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a9212722c1b1a2ab29215651063ca94fb114c39b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This release has only security and bug fixes.
ChangeLog:
https://github.com/redis/redis/releases/tag/7.0.13
Security Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-41053
$ git log --oneline 7.0.12..7.0.13
49dbedb1d (tag: 7.0.13, origin/7.0) Redis 7.0.13
0f14d3279 Fix sort_ro get-keys function return wrong key number (#12522)
4d67bb6af do not call handleClientsBlockedOnKeys inside yielding command (#12459)
37599fe75 Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451)
ea1bc6f62 Process loss of slot ownership in cluster bus (#12344)
646069a90 Skip test for sdsRemoveFreeSpace when mem_allocator is not jemalloc (#11878)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through
0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g.,
for amqp-publish or amqp-consume) and are thus visible to local attackers by
listing a process and its arguments.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-35789
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
The CVE-2021-34193 is a duplicate CVE covering the 5 individual already fixed.
https://github.com/OpenSC/OpenSC/pull/2855
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch [1] to fix CVE-2021-37501.
[1] https://github.com/HDFGroup/hdf5/commit/b16ec83d4bd79f9ffaad85de16056419f3532887
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause
a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-47022
https://github.com/open-mpi/hwloc/issues/544
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upgrade iperf3 to 3.14
Fix CVE-2023-38403 and other bugs.
The iperf3 release notes are available at:
https://github.com/esnet/iperf/blob/99d738f496c96fd4fb50f45142e0bbc96bf71698/RELNOTES.md
The only change in the LICENSE file was the year update:
https://github.com/esnet/iperf/commit/6bfe27d82a3f74ad1239aba987a4fb75c1005078
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1 for these components.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* the branch was renamed upstream
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|