2dd0c9db67
quagga: CVE-2021-44038 unsafe chown/chmod operations may lead to privileges escalation
...
Upstream-Status: Backport from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-07-14 07:08:54 -04:00
fbe2d05a15
ntp: backport patch for 5 CVEs CVE-2023-26551/2/3/4/5
...
Upstream-Status: Backport from https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch
Patch taken from https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch
It is linked as official patch for p15 in:
- https://www.ntp.org/support/securitynotice/ntpbug3807/
- https://www.ntp.org/support/securitynotice/ntpbug3806/
Small adaptation to build is needed because of how tests are built.
Backport fixes for:
CVE: CVE-2023-26551
CVE: CVE-2023-26552
CVE: CVE-2023-26553
CVE: CVE-2023-26554
CVE: CVE-2023-26555
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-07-14 07:08:54 -04:00
205b72edaa
wireshark: Fix CVE-2023-0667 & CVE-2023-0668
...
Backport fixes for:
* CVE-2023-0667 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/35418a73f7c9cefebe392b1ea0f012fccaf89801 && https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a
* CVE-2023-0668 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-07-14 07:08:54 -04:00
8b5ce0d524
wireshark: Fix Multiple CVEs
...
Backport fixes for:
* CVE-2023-2855 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/0181fafb2134a177328443a60b5e29c4ee1041cb
* CVE-2023-2856 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/db5135826de3a5fdb3618225c2ff02f4207012ca
* CVE-2023-2858 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/cb190d6839ddcd4596b0205844f45553f1e77105
* CVE-2023-2952 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-07-14 07:08:54 -04:00
0a8fa5e716
openvpn: upgrade 2.4.9 -> 2.4.12
...
Fixes below CVEs:
* CVE-2022-0547
* CVE-2020-15078
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-05-03 11:16:53 -04:00
a8be62b089
openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist
...
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.
Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(upstream from commit d49e96aac4hsimeliere.opensource@witekio.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-05-03 11:16:53 -04:00
98e6e31688
dnsmasq: fix CVE-2023-28450 default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232
...
Set the default maximum DNS UDP packet size to 1232.
http://www.dnsflagday.net/2020/ refers.
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-04-06 07:32:11 -04:00
d07c7f658f
net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception
...
Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-02-22 11:24:23 -05:00
e707e9b7cf
postfix: upgrade 3.4.23 -> 3.4.27
...
Changelog:
http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.4.27.HISTORY
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-01-19 07:49:31 -05:00
82f77e2b3c
proftpd: CVE-2021-46854 memory disclosure to radius server
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
2023-01-19 07:49:31 -05:00
b2c7d54b40
strongswan: Fix CVE-2022-40617
...
Add a patch to fix CVE-2022-40617 issue which allows remote attackers to
cause a denial of service in the revocation plugin by sending a crafted
end-entity (and intermediate CA) certificate that contains a CRL/OCSP
URL that points to a server (under the attacker's control) that doesn't
properly respond but (for example) just does nothing after the initial
TCP handshake, or sends an excessive amount of application data.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-40617
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-11-25 10:35:23 -05:00
7203130ed8
[dunfell] wireguard: Upgrade to 1.0.20220627 (module) and 1.0.20210914 (tools)
...
Quoting Jason A. Donenfeld on IRC:
<zx2c4> Colin_Finck: you should never, ever use old versions
<zx2c4> Notice that neither the major nor minor version numbers change
<zx2c4> Use the latest versions on your LTS
With that definite answer, I'd like to fix the problem described in https://lore.kernel.org/yocto/CswA.1659543156268567471.pbrp@lists.yoctoproject.org/ by importing the latest versions instead of maintaining our own fork of wireguard 1.0.20200401.
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-10-30 14:47:43 -04:00
44d843ecad
networkmanager: Update to 1.22.16
...
Update network manager stable branch to last version, allowing to fix
CVE-2020-10754.
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-10-30 14:47:43 -04:00
8377de1624
dnsmasq: CVE-2022-0934 Heap use after free in dhcp6_no_relay
...
Source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git
MR: 121726
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
ChangeID: be554ef6ebedd7148404ea3cc280f2e42e17dc8c
Description:
CVE-2022-0934 dnsmasq: Heap use after free in dhcp6_no_relay.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
2022-10-30 14:47:43 -04:00
9f3d116fdd
cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
...
Source: https://github.com/cyrusimap/cyrus-sasl
MR: 118501
Type: Security Fix
Disposition: Backport from https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc
ChangeID: 5e0fc4c28d97b498128e4aa5d3e7c012e914ef51
Description:
CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-07-16 12:56:17 -07:00
d865d97f9b
bridge-utils: Switch to use the main branch
...
Fix the below do_fetch warning:
WARNING: bridge-utils-1.7-r0 do_fetch: Failed to fetch URL git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/bridge-utils.git, attempting MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-15 06:45:03 -07:00
deee226017
tcpdump: Add fix for CVE-2018-16301
...
Add patch for CVE issue: CVE-2018-16301
Link: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86
Upstream-Status: Pending
Issue: MGUBSYS-5370
Change-Id: I2aac084e61ba9d71ae614a97b4924eaa60328b79
Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-05-25 19:34:39 -07:00
a8d82c80a1
atftp: Add fix for CVE-2021-41054 and CVE-2021-46671
...
Add patches to fix CVE-2021-41054 and CVE-2021-46671 issues
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-41054
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-46671
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com >
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-05-25 19:34:31 -07:00
388dc2830a
geoip: Switch to use the main branch
...
Fix the below do_fetch warning:
WARNING: geoip-1.6.12-r0 do_fetch: Failed to fetch URL git://github.com/maxmind/geoip-api-c.git, attempting MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit df3ef15834akuster808@gmail.com >
2022-04-18 07:37:42 -07:00
a09ddd737e
tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266
...
Add below patch to fix CVE-2020-24265 and CVE-2020-24266
CVE-2020-24265-and-CVE-2020-24266.patch
Link: https://github.com/appneta/tcpreplay/commit/d3110859064b15408dbca1294dc7e31c2208504d
Signed-off-by: Akash Hadke <akash.hadke@kpit.com >
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-03-27 08:18:20 -07:00
93a315f96f
strongswan: Add fix of CVE-2021-45079
...
Add a patch to fix CVE-2021-45079
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com >
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-02-13 10:47:05 -08:00
cc90900dfb
wireshark: Update to 3.2.18
...
Source: wireshark.org
MR: 114425, 114409, 114441, 114269, 114417, 114311, 114449
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 8663cdebb2f10ee84817e5199fa3be0acb715af9
Description:
This is a bugfix only update.
Addresses these CVES:
wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684. CVE-2021-39920, CVE-2021-39923.
wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
Signed-off-by: Armin Kuster <akuster@mvista.com >
---
V2]
Fixes: /build/run/lemon: Exec format error
revert "cmake: lemon: fix path to internal lemon tool"
so the wireshark-native version is instead.
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-01-26 22:05:03 -08:00
9e5b6ad6ce
strongswan: Fix for CVE-2021-41990 and CVE-2021-41991
...
Add patch to fix CVE-2021-41990 and CVE-2021-41991
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-01-22 10:33:41 -08:00
cc9e6dabcb
netcat: Set CVE_PRODUCT
...
This way yocto cve-check can find open CVE's. See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE
database differ from yocto recipe names. This series fixes several
of those name mapping problems by setting the CVE_PRODUCT correctly
in the recipes. To check this mapping with after a build, I'm exporting
LICENSE and CVE_PRODUCT variables to buildhistory for recipes and
packages."
Value added is based on:
https://nvd.nist.gov/products/cpe/search/results?keyword=netcat&status=FINAL&orderBy=CPEURI&namingFormat=2.3
Signed-off-by: Andre Carvalho <andrestc@fb.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com >
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-01-11 20:47:01 -08:00
ab9fca485e
postfix: upgrade 3.4.12 -> 3.4.23
...
Changelog:
http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.20.HISTORY
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
2021-12-31 10:24:49 -08:00
544bcd09f5
postfix: fix build with glibc 2.34
...
Backport a patch to fix build against glibc 2.34 (e.g. on Fedora 35)
Fixes:
| In file included from attr_clnt.c:88:
| /usr/include/unistd.h:363:13: error: conflicting types for
‘closefrom’; have ‘void(int)’
| 363 | extern void closefrom (int __lowfd) __THROW;
| | ^~~~~~~~~
| In file included from attr_clnt.c:87:
| ./sys_defs.h:1506:12: note: previous declaration of ‘closefrom’ with
type ‘int(int)’
| 1506 | extern int closefrom(int);
| | ^~~~~~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
2021-12-31 10:24:46 -08:00
95969f0f5f
dovecot: refresh patches
...
Signed-off-by: Armin kuster <akuster808@gamil.com >
2021-12-27 13:23:37 -08:00
fba8ff0d91
dovecot: Fix CVE-2020-12674
...
Added patch for CVE-2020-12674
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com >
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-12-03 12:23:42 -08:00
7804c8e5bd
dovecot: Fix CVE-2020-12673
...
Added patch for CVE-2020-12673
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com >
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-12-03 12:23:38 -08:00
00ad99f4f9
dovecot: Fix CVE-2020-12100
...
Added patches to fix CVE-2020-12100
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com >
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-12-03 12:23:33 -08:00
59bff77ad0
recipes: Update SRC_URI branch and protocols
...
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-11-17 12:26:21 -08:00
4b8f554f4d
drdb-utils: Define SRCREV_FORMAT
...
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT
Signed-off-by: Andreas Weger <weger@hs-mittweida.de >
Change-Id: Id1d0a1062d09f690123b2a1c06137ae5c04d7b20
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-11-02 05:47:24 -07:00
3cf22d1588
tcpdump: Update CVE-2020-8037 tag
...
CVE tag was missing inside the patch file
which is the remedy for CVE-2020-8037 and
tracked by cve-check.
Signed-off-by: Purushottam Choudhary <purushottam.Choudhary@kpit.com >
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-10-01 14:49:10 -07:00
2e7e98cd0c
dnsmasq: Security fix CVE-2021-3448
...
Source: https://thekelleys.org.uk/dnsmasq.git
MR: 110238
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818
Description:
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Signed-off-by: Armin Kuster <akuster@mvista.com >
2021-09-10 15:16:48 -07:00
892b724cd1
stunnel: upgrade 5.56 -> 5.57
...
Source: https://git.openembedded.org/meta-openembedded
MR: 109039
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/stunnel?h=gatesgarth&id=b76712700c79e4627028787ae65ab306c21eed02
ChangeID: 2543a2516b0f00024ed117a1fe33d1157b3d725f
Description:
Affects < 5.57
License-Update: copyright years updated.
This is a bug fix release:
- X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes.
- Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
- Merged Debian 05-typos.patch (thx to Peter Pentchev).
- Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
- Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
- Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
- Fixed tests on the WSL2 platform.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b76712700chttps://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
]
Signed-off-by: Armin Kuster <akuster@mvista.com >
2021-09-10 10:21:52 -07:00
b9fe34b1ad
tcpdump: Exclude CVE-2020-8036 from check
...
This issue was introduce in 4.9 by 246ca110 Autosar SOME/IP protocol support which is after
4.9.3
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-08-24 21:25:51 -07:00
a64eec1771
ufw: Fix interpreter for installed ufw and test ufw
...
Revert patch to setup-only-make-one-reference-to-env.patch and make
patch for python3 interpreter fix apply to runs of setup.py during
self test as well as installs.
Reported-by: Kenta Nakamura <Nakamura.Kenta@bp.MitsubishiElectric.co.jp >
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com >
2021-08-15 07:14:11 -07:00
a420980c4f
wireshark: update to 3.2.15
...
Source: Wireshark.org
MR: 109612, 110462, 112069
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 40f9f8ac2431f32680d4817607badbbe44875260
Description:
Bug fix only update:
see:
https://www.wireshark.org/docs/relnotes/wireshark-3.2.15.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.14.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.13.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.12.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.11.html
includes: CVE-2021-22191, CVE-2021-22207, CVE-2021-22235
Signed-off-by: Armin Kuster <akuster@mvista.com >
2021-07-25 15:17:32 -07:00
da09c4c743
ufw: backport patches, update RRECOMMENDS, python3 support, tests
...
Backport patches:
using conntrack instead of state eliminating warning
support setup.py build (python 3)
adjust runtime tests to use daytime port (netbase changes)
empty out IPT_MODULES (nf conntrack warning)
check-requirements patch for python 3.8
Update, add patches for python 3 interpreter
Add ufw-test package. Backport fixes for check-requirements script
Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell
For dunfell
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-07-24 10:48:10 -07:00
5c1356a1ec
ntp: fix ntpdate to wait for subprocesses
...
When using systemd, ntpdate-sync script will start in background
triggering the start of ntpd without actually exiting.
This results in an bind error in ntpd startup.
Add wait at the end of ntpdate script to ensure that when the ntpdate.service
is marked as finished the oneshot script ntpdate-sync finished and unbind the
ntp port
Fixes #386
Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 73d5cd5e8dakuster808@gmail.com >
(cherry picked from commit f52ce99b46akuster808@gmail.com >
2021-07-10 21:16:42 -07:00
7bd47ef6c9
dovecot: add CVE-2016-4983 to allowlist
...
CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 3613b50a84akuster808@gmail.com >
(cherry picked from commit d1fb027f89akuster808@gmail.com >
2021-07-06 07:50:13 -07:00
50ffe3b559
cyrus-sasl: add CVE-2020-8032 to allowlist
...
This affects only openSUSE, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 711e932b14akuster808@gmail.com >
(cherry picked from commit 2681937544akuster808@gmail.com >
2021-07-05 15:27:25 -07:00
bbd2addbcf
add CVE-2011-2411 to allowlist
...
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bb4a4f0ff8akuster808@gmail.com >
(cherry picked from commit d614d160a1akuster808@gmail.com >
2021-07-05 15:26:43 -07:00
c38d2a74f7
dnsmasq: Add fixes for CVEs reported for dnsmasq
...
Applied single patch for below listed CVEs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
as they are fixed by single commit
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
Link: https://www.openwall.com/lists/oss-security/2021/01/19/1
Also, applied patch for below listed CVEs:
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
all CVEs applicable to v2.81
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com >
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com >
[Refreshed patches]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-29 11:41:45 -07:00
587fe58949
ebtables: use bitbake optimization levels
...
Don't overwrite with O3 optimization. Reduces ebtables
binary package size from 416241 to 412145 bytes, and
enables further optimizations with e.g. -Os flags
via bitbake distro wide settings.
Only ebtables versions up to 2.0.10-4 and dunfell are affected.
The version 2.0.11 from hardknott and master branch use system
wide flags already.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-29 11:02:09 -07:00
430ef96fe6
wireguard: fix build issue with updated 5.4 kernel
...
error: static declaration of 'icmp_ndo_send' follows non-static declaration
| 959 | static inline void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
| | ^~~~~~~~~~~~~
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
1ad4455f28
mdns: Whitelisted CVE-2007-0613 for mdns
...
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f37e5423daakuster808@gmail.com >
2021-03-16 08:40:06 -07:00
a8e3b20df3
nghttp2: Add fix for CVE-2020-11080
...
Added below two patches to fix CVE-2020-11080:
1. CVE-2020-11080-1.patch
2. CVE-2020-11080-2.patch
Signed-off-by: Rahul Taya <Rahul.Taya@kpit.com >
[Refreshed patches to apply]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-03-16 08:40:06 -07:00
c46aab8578
openipmi: Inherit python3targetconfig
...
Fixes
configure: error:
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
via the LIBS environment variable.
Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 59f817bbe3akuster808@gmail.com >
(cherry picked from commit 59d3d64e90akuster808@gmail.com >
2021-02-19 07:17:12 -08:00
0c87ac59d7
dnsmasq: Fix systemd service
...
Systemd service file option 'ExecStopPre' is warned and ignored by
systemd. By replacing 'ExecStopPre' with 'ExecStop', the intended
behavior is realized. The 'ExecStop' commands are executed one after the
other.
Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 55c94cb319akuster808@gmail.com >
(cherry picked from commit 83842c9150akuster808@gmail.com >
2021-02-15 08:23:59 -08:00
Hitendra Prajapati
Hugo SIMELIERE
vkumbhar
Yi Zhao
Ranjitsinh Rathod
Colin Finck
Mathieu Dubois-Briand
Mingli Yu
Riyaz Ahmed Khan
Akash Hadke
Armin Kuster
Virendra Thakur
Andre Carvalho
Yi Zhao
Armin kuster
sana kazi
Armin Kuster
Andreas Weger
Purushottam Choudhary
Pierre-Jean Texier
Jate Sujjavanich
Adrian Zaharia
ito-yuichi@fujitsu.com
Sekine Shigeki
Sana Kazi
Mikko Rapeli
Rahul Taya
Khem Raj
Mario Schuknecht