mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-06 04:49:29 +00:00
Code Issues Projects Releases Wiki Activity
17,269 Commits 64 Branches 0 Tags
dunfell-next
Commit Graph

17269 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Jansa
2526b14d39 tesseract-lang: switch from master branch to main 
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-15 06:45:03 -07:00
Adrian Fiergolski
986bb14aaf python3-matplotlib: add missing dependency 
In order to fix the dependency issue on PIL module, python3-pillow is required.

Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d4e70a1960)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit fcc7d7eae8)
[fixup for honister context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 44c394f3cbdce8c7297af01c0f5ee030e1e3dacd)
[fixup for dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-15 06:45:03 -07:00
Armin Kuster
04212afa12 mariadb: update to 10.4.25 
Source: mariadb.org
MR: 117530, 117522, 117514, 117506, 117497, 117489, 117481, 117473, 117465, 117457, 117449, 117380, 117364, 117356, 117336, 117212, 117204, 117196, 117180, 117188, 117169, 117161, 117441, 117372
Type: Security Fix
Disposition: Backport from mariagdb.org
ChangeID: 8bf787570ebe8503d2974af92e17b505e70440e5
Description:

LTS version, bug fix only.

Include these CVES:
CVE-2022-27458
CVE-2022-27457
CVE-2022-27456
CVE-2022-27455
CVE-2022-27452
CVE-2022-27451
CVE-2022-27449
CVE-2022-27448
CVE-2022-27447
CVE-2022-27446
CVE-2022-27445
CVE-2022-27444
CVE-2022-27387
CVE-2022-27386
CVE-2022-27385
CVE-2022-27384
CVE-2022-27383
CVE-2022-27382
CVE-2022-27381
CVE-2022-27380
CVE-2022-27379
CVE-2022-27378
CVE-2022-27377
CVE-2022-27376

Signed-off-by: Armin Kuster <akuster@mvista.com>
 2022-06-05 06:53:33 -07:00
Riyaz Ahmed Khan
deee226017 tcpdump: Add fix for CVE-2018-16301 
Add patch for CVE issue: CVE-2018-16301
Link: 8ab211a7ec

Upstream-Status: Pending

Issue: MGUBSYS-5370

Change-Id: I2aac084e61ba9d71ae614a97b4924eaa60328b79
Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Julien STEPHAN
9f361cff9c opencl-headers: switch to main branch 
master branch was renamed main on upstream project, so update the URI

Signed-off-by: Julien STEPHAN <jstephan@baylibre.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Mikko Rapeli
a1c7bb2098 fuse: set CVE_PRODUCT to "fuse_project:fuse" 
Other products like "RedHat:fuse" introduce false CVE findings like:

https://nvd.nist.gov/vuln/detail/CVE-2018-10906
https://nvd.nist.gov/vuln/detail/CVE-2019-14860
https://nvd.nist.gov/vuln/detail/CVE-2020-25689

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit fd7dc34871)
[Fixup for Dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Julien STEPHAN
c9e034fbaa opencl-icd-loader: switch to main branch 
master branch was renamed main, so update the URI

Signed-off-by: Julien STEPHAN <jstephan@baylibre.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Sana Kazi
a38c92d8e9 openjpeg: Whitelist CVE-2020-27844 and CVE-2015-1239 
Whitelist CVE-2020-27844 as it is introduced by
4edb8c8337
but the contents of this patch is not present in openjpeg_2.3.1

Link: https://security-tracker.debian.org/tracker/CVE-2020-27844

Whitelist CVE-2015-1239 as the CVE description clearly states that
j2k_read_ppm_v3 function in openjpeg is affected due to CVE-2015-1239
but in openjpeg_2.3.1 this function is not present.
Hence, CVE-2015-1239 does not affect openjpeg_2.3.1.

Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Martin Jansa
de4b76934c ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay 
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Martin Jansa
b99a386cd1 python3-cryptography: backport 3 changes to fix CVE-2020-36242 
* backport the actual code change from
  https://github.com/pyca/cryptography/pull/5747
  without the docs and CI changes (which aren't applicable on old 2.8
  version) and backport 2 older changes to make this fix applicable
  on 2.8.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Steve Sakoman
abd7cf838d lua: fix CVE-2022-28805 
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup
call, leading to a heap-based buffer over-read that might affect a system that
compiles untrusted Lua code.

https://nvd.nist.gov/vuln/detail/CVE-2022-28805

(From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e)

Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91e14d3a8e6e67267047473f5c449f266b44f354)
Signed-off-by: Omkar Patil <omkar.patil@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Ranjitsinh Rathod
a8d82c80a1 atftp: Add fix for CVE-2021-41054 and CVE-2021-46671 
Add patches to fix CVE-2021-41054 and CVE-2021-46671 issues
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-41054
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-46671

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:31 -07:00
Khem Raj
8ff12bfffc postgresql: Fix build on riscv 
Remove duplicate code

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa22894fa3)
[Fixup for Dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-19 10:15:37 -07:00
Khem Raj
fdd1dfe6b4 mongodb: Pass OBJCOPY to scons so it does not use it from host 
Fixes
objcopy: Unable to recognise the format of the input file `build/opt/mongo/mongos'

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Vincent Prince <vincent.prince.fr@gmail.com.com>
(cherry picked from commit e91940073a)
[Fix up for Dunfell context:
also fixes Please add a conforming MONGO_VERSION=x.y.z[-extra] as an argument to SCons]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Armin Kuster
df8259cc49 Mariadb: update to 10.4.24 
Source: Mariadb.org
MR:  115460, 115507, 1115549, 115549, 115488
Type: Security Fix
Disposition: Backport from mariadb.org
ChangeID: 722782cefa6805e907ee377a340f1b8bec174079
Description:

Bug fix only update, includes these CVES:
CVE-2021-46665
CVE-2021-46664
CVE-2021-46661
CVE-2021-46668
CVE-2021-46663

For more information see: https://mariadb.com/kb/en/mariadb-10424-release-notes/

drop mariadb/c11_atomics.patch as its include in the update.
drop mariadb/clang_version_header_conflict.patch different fix  applied

Signed-off-by: Armin Kuster <akuster@mvista.com>
 2022-04-18 07:37:42 -07:00
Yi Zhao
8314be774a apache2: upgrade 2.4.52 -> 2.4.53 
Source: meta-openembedded
MR: 117176, 116633
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=81bbe65791459538ab578ac13e612f7dc6f692f0

ChangeID: 5b86888b06765a3b5aa7ff301da4f8b87f2dd154
Description:

ChangeLog:
https://downloads.apache.org/httpd/CHANGES_2.4.53

Security fixes:
CVE-2022-23943
CVE-2022-22721
CVE-2022-22720
CVE-2022-22719

Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
 2022-04-18 07:37:42 -07:00
Ranjitsinh Rathod
dbf01a10e2 python3-urllib3: Fix CVE-2020-26137 and CVE-2021-33503 
Add patch to fix CVE-2020-26137
Link: https://ubuntu.com/security/CVE-2020-26137
Link: 1dd69c5c59.patch

Add patch to fix  CVE-2021-33503
Link: https://ubuntu.com/security/CVE-2021-33503
Link: 2d4a3fee6d.patch

Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Ralph Siemsen
aa316ee2bb polkit: fix overlapping changes in recent CVE patches 
Commit 17e931e77 ("polkit: fix CVE-2021-3560") contains
- upstream commit a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81

Commit 67ec3e049 ("polkit: Fix for CVE-2021-4115") contains both:
- upstream commit a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (CVE-2021-3560)
- upstream commit 41cb093f554da8772362654a128a84dd8a5542a7 (CVE-2021-4115)

Thus the fix for CVE-2021-3560 is applied twice, resulting in warnings
during do_patch. Curiously it neither fails nor complains about patch
already applied. Also devtool silently discards the duplicate patch.

Drop the duplicate patch, to resolve following warnings:

WARNING: polkit-0.116-r0 do_patch: Fuzz detected:

Applying patch 0001-GHSL-2021-074-authentication-bypass-vulnerability-in.patch
patching file src/polkit/polkitsystembusname.c
Hunk #1 succeeded at 438 with fuzz 2 (offset 3 lines).

Applying patch CVE-2021-4115.patch
patching file src/polkit/polkitsystembusname.c
Hunk #4 succeeded at 439 with fuzz 2.

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Minjae Kim
5cdde2991e multipath-tools: update SRC_URI 
The git repo for multipath-tools was changed, so update the
SRC_URI accordingly with the new link.

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Mingli Yu
388dc2830a geoip: Switch to use the main branch 
Fix the below do_fetch warning:
WARNING: geoip-1.6.12-r0 do_fetch: Failed to fetch URL git://github.com/maxmind/geoip-api-c.git, attempting MIRRORS if available

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit df3ef15834)
[Fix up for dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Nisha Parrakat
89d2876e2e nodejs: upgrade to 12.22.2 
upgrading to next maintainence LTS version

Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Armin Kuster
7abb2382cd spirv-tools: update SRC_URI for googletest to main 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Armin Kuster
bd08205d94 breakpad: Update SRC_URI for protobuf and lss 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Thomas Perrot
ac85c97636 breakpad: fix branch for gtest in SRC_URI 
The commit 4fe018038f87 is in the main branch, so the do_fetch task failed.

Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b8bb7dc157)
[Fix up for Dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Christian Ege
717b8b9286 cli11: switch from default master branch to main to fix do_fetch failure 
The branch was renamed in the upstream repository

Signed-off-by: Christian Ege <christian.ege@ifm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Daniel Stadelmann
17ee7b0348 imagemagick: update SRC_URI branch from master to main 
master branch in imagemagick was renamed to main (https://github.com/ImageMagick/ImageMagick).
Similar change is already in master branch for version 7.0.10 (see 2487391283)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Sana Kazi
86b864a4d8 openjpeg: Fix multiple CVE 
Add patch to fix below CVE:
CVE-2019-12973
CVE-2020-15389
CVE-2020-27814
CVE-2020-27823
CVE-2020-27824
CVE-2020-27841
CVE-2020-27842
CVE-2020-27843
CVE-2020-27845

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Virendra Thakur
4f701b4655 p7zip: Fix for CVE-2016-9296 
Add patch to fix CVE-2016-9296

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Mingli Yu
17e931e776 polkit: fix CVE-2021-3560 
Backport a patch [1] to fix CVE-2021-3560.

[1] a04d13affe

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

Squashed together 6000f5a3b and 7f4f1ee71
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Ralph Siemsen
0940e1e382 nginx: backport fix for CVE-2019-20372 
Fixed an HTTP request smuggling with certain error_page configurations
which could have allowed unauthorized web page reads.

This issue affects nginx prior to 1.17.7, so only the recipe for 1.16.1
needs the patch applied.

Fix is taken directly from
c1be55f972

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Armin Kuster
e6a4c8e5c5 p7zip: refresh patches 
Signed-off-by: Armin Kuster <akuster808@gmail.vom>
 2022-03-27 08:18:20 -07:00
Nisha Parrakat
7334bc295d p7zip: build and package lib7z.so needed for fastboot 
a) use option 7z to build the lib7z.so library
This is needed for android-tools for building fastboot
from android-tools

b) Packaged the lib7z.so and codec libraries as a part of this recipe
Fastboot RDepends on it lib7z.so

c) Fixed a C++17 forbidden error when lib7z.so is built

fixes the below error

| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)':
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17
|   308 |           numMethods++;
|       |           ^~~~~~~~~~
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17
|   318 |         numMethods++;

Signed-off-by: Nisha Parrakat <Nisha.Parrakat@kpit.com>
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Akash Hadke <Akash.Hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
(cherry picked from commit 3c36a8efe2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Peter Kjellerstedt
29e3a918ac googletest: Switch branch from master to main 
The master branch has been renamed to main in the github repo.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Ross Burton
a14eb5e288 protobuf: fix patch fuzz 
Applying patch CVE-2021-22570.patch
patching file src/google/protobuf/descriptor.cc
Hunk #1 succeeded at 2603 with fuzz 1 (offset -23 lines).
Hunk #2 succeeded at 2817 with fuzz 1 (offset -14 lines).
Hunk #3 succeeded at 4006 (offset -17 lines).
Hunk #4 succeeded at 4050 (offset -18 lines).
Hunk #5 succeeded at 4368 (offset -18 lines).

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Akash Hadke
a09ddd737e tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266 
Add below patch to fix CVE-2020-24265 and CVE-2020-24266
CVE-2020-24265-and-CVE-2020-24266.patch
Link: d311085906

Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Armin Kuster
9aaa031893 pw-am.sh: update to new patcwork system 
Point to patchwork.yoctoproject.org

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8b8bfbcadf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Ranjitsinh Rathod
67ec3e0492 polkit: Fix for CVE-2021-4115 
Add patch to fix CVE-2021-4115
Also, add a support patch to cleanly apply CVE patch
Link: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/109

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Sana Kazi
0722ff6f02 protobuf: Fix CVE-2021-22570 
Fix CVE-2021-22570.
Link: https://koji.fedoraproject.org/koji/buildinfo?buildID=1916865
Link: 394beeacb5/f/CVE-2021-22570.patch

Remove first and second hunk because the second argument in
InsertIfNotPresent() function is of type const char* const& but the
first and second hunk makes the type of second argument as const string
which is not compatible with the type of second argument in
InsertIfNotPresent().

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-23 15:48:18 -08:00
Kristian Klausen
a6c1c34031 cryptsetup: Add runtime dependency on lvm2-udevrules for udev 
Without the udevrules cryptsetup luksOpen will be hanging with "Udev
cookie 0xd4de0f6 (semid 5) waiting for zero".

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 60b33e376b2331cd20950f0745336397790d2201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 32f1d758a1)
[Minor fixup for Dunfell]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-23 15:46:40 -08:00
Christian Eggers
7c519caa1a graphviz: native: create /usr/lib/graphviz/config6 in populate_sysroot 
The `dot` tool requires to be run once after installation in order to
create its configuration file.

The do_prepare_recipe_sysroot task uses do_populate_sysroot in order to
prepare the recipe-sysroot-native. Package postinstall scripts are not
executed for -native packages, but files under ${BINDIR}/postinst-* are.

This is quite the same as graphviz-setup.sh does for nativesdk. The
general idea has been taken from
OECORE/meta/classes/pixbufcache.bbclass.

Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-20 13:04:53 -08:00
Ranjitsinh Rathod
aa5b9a1ff0 nss: Add fix for CVE-2022-22747 
Add a patch to fix CVE-2022-22747

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-13 10:47:08 -08:00
Ranjitsinh Rathod
93a315f96f strongswan: Add fix of CVE-2021-45079 
Add a patch to fix CVE-2021-45079

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-13 10:47:05 -08:00
Virendra Thakur
ec97823273 nodejs: Fix for CVE-2021-44532 
Add patch to fix CVE-2021-44532

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-06 11:01:44 -08:00
Robert Joslyn
872e60a774 linuxptp: Update to 2.0.1 
Fixes CVE-2021-3570 and CVE-2021-3571

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-06 11:01:40 -08:00
Virendra Thakur
9d722e88d7 p7zip: fix for CVE-2018-5996 
Add patch to fix CVE-2018-5996

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-06 11:01:37 -08:00
Virendra Thakur
4e7d34df0f udisks2: Fix for CVE-2021-3802 
Add patch to fix CVE-2021-3802

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-01-29 06:26:51 -08:00
Leif Middelschulte
2a10c182ae dbus-daemon-proxy: add missing return statement 
The missing `return` statement leads to a `SIGABRT`.

Signed-off-by: Leif Middelschulte <Leif.Middelschulte@klsmartin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 77479e1c9b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-01-29 06:19:51 -08:00
Jeremy Puhlman
46a2333262 CVE-2021-4034: polkit Local privilege escalation in pkexec due to incorrect handling of argument vector 
Upstream-Status: Backport
CVE: CVE-2021-4034

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-01-27 16:03:47 -08:00
Armin Kuster
4bd7715a9d c-ares: bump PV in recipe to 1.16.1 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-01-27 07:42:07 -08:00
Armin Kuster
cc90900dfb wireshark: Update to 3.2.18 
Source: wireshark.org
MR: 114425, 114409, 114441, 114269, 114417, 114311, 114449
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 8663cdebb2f10ee84817e5199fa3be0acb715af9
Description:

This is a bugfix only update.

Addresses these CVES:
wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.  CVE-2021-39920, CVE-2021-39923.
wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.

Signed-off-by: Armin Kuster <akuster@mvista.com>

---
V2]
Fixes: /build/run/lemon: Exec format error
revert "cmake: lemon: fix path to internal lemon tool"
so the wireshark-native version is instead.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-01-26 22:05:03 -08:00