- 20 Sep, 2021 1 commit
-
-
Neetika Singh authored
Added below patches to fix CVE-2021-3672 1. ares_expand_name-should-escape-more-characters.patch 2. ares_expand_name-fix-formatting-and-handling-of-root.patch Link: http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz Signed-off-by:
akash hadke <Akash.Hadke@kpit.com> Signed-off-by:
Neetika Singh <Neetika.Singh@kpit.com> Signed-off-by:
Armin Kuster <akuster808@gmail.com>
-
- 10 Sep, 2021 3 commits
-
-
Armin Kuster authored
Source: https://thekelleys.org.uk/dnsmasq.git MR: 110238 Type: Security Fix Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2 ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818 Description: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. Signed-off-by:
Armin Kuster <akuster@mvista.com>
-
Yi Zhao authored
Source: https://git.openembedded.org/meta-openembedded MR: 112165 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-connectivity/krb5?id=69087d69d01a4530e2d588036fcbeaf8856b2ff1 ChangeID: e7cdfd1c4530312b4773103cf58d322451af1421 Description: CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. References: https://nvd.nist.gov/vuln/detail/CVE-2021-36222 Patches from: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Khem Raj <raj.khem@gmail.com> (cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327) Signed-off-by:
-
Pierre-Jean Texier authored
Source: https://git.openembedded.org/meta-openembedded MR: 109039 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/stunnel?h=gatesgarth&id=b76712700c79e4627028787ae65ab306c21eed02 ChangeID: 2543a2516b0f00024ed117a1fe33d1157b3d725f Description: Affects < 5.57 License-Update: copyright years updated. This is a bug fix release: - X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed tests on the WSL2 platform. Signed-off-by:
Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by:
-
- 05 Sep, 2021 8 commits
-
-
Armin Kuster authored
Source: https://hg.mozilla.org/projects/nss MR: 106863 Type: Security Fix Disposition: Backport from https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c and 3f022d5eca5d3cd0e366a825a5681953d76299d0 ChangeID: f7f16ca20fbb2436071fde063fe56aa8b319ce41 Description: Affects NSS < 3.55 This address both VE-2020-6829 and CVE-2020-12400 Signed-off-by:
-
Zang Ruochen authored
Source: https://git.openembedded.org MR: 111050 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/c-ares?h=hardknott&id=dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4 ChangeID: dc25d9f1 Description: Signed-off-by:
Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by:
-
Gianfranco authored
- add an upstream proposed patch 317.patch to fix a build failure with enabled systemd binding Signed-off-by:
Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by:
Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by:
Scott Murray <scott.murray@konsulko.com> Signed-off-by:
-
Gianfranco Costamagna authored
- drop patches 241 245 275: upstream Signed-off-by:
-
Gianfranco Costamagna authored
Upstream commented to use the second one Signed-off-by:
-
Gianfranco Costamagna authored
Signed-off-by:
-
Gianfranco authored
Signed-off-by:
-
Gianfranco authored
- drop patch 204: upstream - add gcc-10 build fix proposed upstream 238.patch Signed-off-by:
-
- 03 Sep, 2021 1 commit
-
-
Changqing Li authored
Source: https://git.openembedded.org/meta-openembedded https://git.openembedded.org/meta-openembedded MR: 112869, 112835, 105131, 112702, 112829 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745 ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c Description: Apache2 2.4.x is an LTS version with bug and CVE fixes. https://downloads.apache.org/httpd/CHANGES_2.4.48 Includes these CVE fixes: 2.4.48 CVE-2021-31618 2.4.47 CVE-2020-13938 CVE-2020-11985 CVE-2021-33193 CVE-2019-17567 Drop these patches included in update: CVE-2020-13950.patch CVE-2020-35452.patch CVE-2021-26690.patch CVE-2021-26691.patch CVE-2021-30641.patch Signed-off-by:
Changqing Li <changqing.li@windriver.com> Signed-off-by:
-
- 25 Aug, 2021 2 commits
-
-
Armin Kuster authored
This issue was introduce in 4.9 by 246ca110 Autosar SOME/IP protocol support which is after 4.9.3 Signed-off-by: -
Armin Kuster authored
Source: Debian.org MR: 108848 Type: Security Fix Disposition: Backport from https://sources.debian.org/data/main/x/xterm/344-1%2Bdeb10u1/debian/patches/CVE-2021-27135.diff ChangeID: 00f53def87b8b95e62908581f8fb56a69118dd32 Description: xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. This fixes CVE-2021-27135. Leverage a patch from Debian. Signed-off-by:
-
- 21 Aug, 2021 1 commit
-
-
Joe Slater authored
Source: meta-openembedded.ort MR: 112731 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/nginx?id=f92dbcc4c2723e6ff4e308c8a2e6dc228a6cd7d5 ChangeID: dd3295b606d73e01dd09291d85d529dea17a1a9e Description: Backport with no change a patch from version 1.21.0. This patch was not cherry-picked by nginx to version 1.20.1. Information about this CVE comes from https://ubuntu.com/security/CVE-2021-3618 . Signed-off-by:
Joe Slater <joe.slater@windriver.com> Signed-off-by:
-
- 15 Aug, 2021 2 commits
-
-
Jate Sujjavanich authored
Revert patch to setup-only-make-one-reference-to-env.patch and make patch for python3 interpreter fix apply to runs of setup.py during self test as well as installs. Reported-by:
Kenta Nakamura <Nakamura.Kenta@bp.MitsubishiElectric.co.jp> Signed-off-by:
Jate Sujjavanich <jatedev@gmail.com>
-
Anatol Belski authored
The configure script contains hardcoded lookup paths to /usr and other paths that might interfere with the host. These are overwritten with the staging dir locations for Poky compatibility. Backport from meta-oe master rev. 74b66d19 Signed-off-by:
Anatol Belski <anbelski@linux.microsoft.com> Signed-off-by:
Jan-Simon Moeller <dl9pf@gmx.de>
-
- 14 Aug, 2021 5 commits
-
-
Joe Slater authored
Lots of bug fixes. CVE: CVE-2021-21704 CVE-2021-21705 Signed-off-by:
-
Khem Raj authored
Add rdeps as needed Fixes shebang-size QA warnings Signed-off-by:
-
Khem Raj authored
Avoids using installed-vs-shipped Signed-off-by:
-
Michael Opdenacker authored
Replace a link that's now broken. The original download link on blender.org still works (https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_1080p_surround.avi ) but is still extremely slow. Signed-off-by:
Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by:
-
Kai Kang authored
Backport patch to fix CVE-2014-10402. CVE: CVE-2014-10402 Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12 Signed-off-by:
Kai Kang <kai.kang@windriver.com> Signed-off-by:
-
- 26 Jul, 2021 3 commits
-
-
Mingli Yu authored
License-Update: License updated (year updated) Fix some security issues such as CVE-2021-21702 and remove two cve patches which already included in the new version. Signed-off-by:
Mingli Yu <mingli.yu@windriver.com> Signed-off-by:
-
Changqing Li authored
Since commit c4ffcaa2 [php: split out phpdbg into a separate package], package php is empty, we might met error: nothing provides php needed by php-cli-7.4.9-r0.corei7_64 Signed-off-by:
-
Diego Santa Cruz authored
Since PHP 7.0 the phpdbg debugger is built by default and gets shipped in the main php package, increasing its size by several MB; split it out into a php-phpdbg package, following Debian naming. Signed-off-by:
Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by:
-
- 25 Jul, 2021 6 commits
-
-
Armin Kuster authored
Source: Wireshark.org MR: 109612, 110462, 112069 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 40f9f8ac2431f32680d4817607badbbe44875260 Description: Bug fix only update: see: https://www.wireshark.org/docs/relnotes/wireshark-3.2.15.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.14.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.13.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.12.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.11.html includes: CVE-2021-22191, CVE-2021-22207, CVE-2021-22235 Signed-off-by:
-
Nicolas Dechesne authored
It is a (non trivial) cherry pick from (cherry picked from commit b9ede0cb ) python3-pyyaml was moved from meta-python to meta-oe, so that we could apply this specific patch which breaks basic YP compatible check script. Signed-off-by:
Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by:
-
Nicolas Dechesne authored
This specific statement in ostree recipe breaks the YP compatible status (yocto-check-layer): RDEPENDS_${PN}-ptest += " \ ... ${@bb.utils.contains('BBFILE_COLLECTIONS', 'meta-python', 'python3-pyyaml', '', d)} \ ... " Recently python3-pyyaml was moved to OE-core (0a8600f9cec0), and the ostree recipe was fixed with: b9ede0cb (python3-pyyaml: Do not check for meta-python) In dunfell, moving python3-pyyaml to OE-core is not a great idea, but moving it from meta-python to meta-oe allows us to fix ostree YP compatible issue. Since meta-python depends on meta-oe, it should not be a change with any visible effect. python3-cython and python3-pyparsing are collateral damages since they are dependency for python3-pyyaml, so needed to be moved too. Signed-off-by: -
Nicolas Dechesne authored
It was moved to OE-core/dunfell in cc0f56a788c3 (python3-jinja2: Import from meta-oe/meta-python) However it was not removed from meta-oe, as such this recipe is now duplicated, for no good reason. Worse than that, the version in meta-oe and oe-core differ. OE-core has 2.11.3 and meta-oe is older with 2.11.2. Signed-off-by:
-
Nicolas Dechesne authored
It was moved to OE-core/dunfell in ec222f6af5f8 (python3-markupsafe: Import from meta-oe/meta-python) However it was not removed from meta-oe, as such this recipe is now duplicated, for no good reason. The version in meta-oe and oe-core match so, it's really a no-op. Signed-off-by:
-
Khem Raj authored
inheriting license class which brings in AVAILABLE_LICENSES into do_configure task checksums class since it wants to enable thin-provisioning-tools if distro allows GPL-3 automatically, but this brings issues when other layers which have additional licenses are provided which ends up in signature mismatches so leave that setting to end-user and keep it disabled by default with a comment in recipes stating that if needed then the user should enable it via config metadata or bbappends. Signed-off-by:
-
- 24 Jul, 2021 2 commits
-
-
Jate Sujjavanich authored
Backport patches: using conntrack instead of state eliminating warning support setup.py build (python 3) adjust runtime tests to use daytime port (netbase changes) empty out IPT_MODULES (nf conntrack warning) check-requirements patch for python 3.8 Update, add patches for python 3 interpreter Add ufw-test package. Backport fixes for check-requirements script Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell For dunfell Signed-off-by:
-
Armin Kuster authored
files moved under a new dir structure. ERROR: hiawatha-10.10-r0 do_fetch: Fetcher failure for URL: 'http://hiawatha-webserver.org/files/hiawatha-10.10.tar.gz '. Unable to fetch URL from any source. Signed-off-by:
-
- 21 Jul, 2021 1 commit
-
-
Armin Kuster authored
Source: mariadb.org MR: 109670, 110757, 110768 Type: Security Fix Disposition: Backport from mariadb ChangeID: 82a82ba3623ff39ca17443d0117d36bcee73e612 Description: LTS version https://mariadb.com/kb/en/mariadb-10420-release-notes/ CVE-2021-2166: MariaDB 10.4.19 CVE-2021-2154: MariaDB 10.4.19 CVE-2021-27928: MariaDB 10.4.18 Signed-off-by:
-
- 19 Jul, 2021 5 commits
-
-
Gianfranco authored
Its already upstream and also used in Debian and Ubuntu Signed-off-by:
-
Gianfranco authored
Signed-off-by:
-
Gianfranco authored
Drop all patches, now part of upstream codebase Signed-off-by:
-
Khem Raj authored
gcc 11 needs it on i686 Signed-off-by:
-
Gianfranco authored
Signed-off-by:
-
