mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-16 18:40:03 +00:00
Code Issues Projects Releases Wiki Activity
17,254 Commits 64 Branches 0 Tags
2071373cce3791ae9ab75b68268c06c73f0ab764
Commit Graph

2316 Commits

Author SHA1 Message Date
Ashish Sharma 2071373cce wireshark: Backport fix for CVE-2023-1992 
RPCoRDMA: Frame end cleanup for global write offsets

Upstream-Status: Backport from [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff57413]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-03-03 16:38:27 -05:00
Hitendra Prajapati 84a84000f7 wireshark: fix CVE-2024-0208 GVCP dissector crash 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-03-03 16:38:27 -05:00
Hitendra Prajapati e4af0cd491 proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read 
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-01-16 07:31:14 -05:00
Vijay Anusuri 474cea683e strongswan: Backport fix for CVE-2023-41913 
Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.3.0-5.9.6_charon_tkm_dh_len.patch]

Reference: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-01-16 07:31:14 -05:00
vkumbhar fc632d5bb0 wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-12-17 15:36:42 -05:00
vkumbhar 3bcc5bb4de squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication 
Upstream-Status: Backport from https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-12-17 15:36:42 -05:00
Hitendra Prajapati ed41cf1357 samba: fix CVE-2023-42669 denial of service 
Upstream-Status: Backport from https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-12-17 15:36:42 -05:00
Vijay Anusuri 57e58dc62f traceroute: upgrade 2.1.0 -> 2.1.3 
This upgrade incorporates the CVE-2023-46316 fix and other bug fixes.

Changelog:
----------
- Interpret ipv4-mapped ipv6 addresses (::ffff:A.B.C.D) as true ipv4.
- Return back more robast poll(2) loop handling.
- Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1 (Eric Dumazet, SF bug #14)
- Fix command line parsing in wrappers.

References:
https://security-tracker.debian.org/tracker/CVE-2023-46316
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-12-17 15:36:42 -05:00
Davide Gardenal 0689773963 openflow: ignore CVE-2018-1078 
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
(cherry picked from commit c1e7b0b993)
Backported: Changed CVE_CHECK_IGNORE to CVE_CHECK_WHITELIST
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-12-17 15:36:41 -05:00
Davide Gardenal 85d87a62df usrsctp: add CVE_VERSION to correctly check for CVEs 
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0  that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 279fce2c87)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-12-17 15:36:41 -05:00
Hitendra Prajapati d9ba954b6a wireshark: Fix CVE-2022-0585-CVE-2023-2879 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/8d3c2177793e900cfc7cfaac776a2807e4ea289f && https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-12-17 15:36:41 -05:00
Hitendra Prajapati 026fcadc2e wireshark: Fix CVE-2023-3649 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/75e0ffcb42f3816e5f2fdef12f3c9ae906130b0c

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-11-12 10:41:59 -05:00
Hitendra Prajapati 964979d26d wireshark: Fix CVE-2023-2906 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-09-19 07:34:28 -04:00
Hitendra Prajapati 2dd0c9db67 quagga: CVE-2021-44038 unsafe chown/chmod operations may lead to privileges escalation 
Upstream-Status: Backport from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-07-14 07:08:54 -04:00
Hitendra Prajapati fbe2d05a15 ntp: backport patch for 5 CVEs CVE-2023-26551/2/3/4/5 
Upstream-Status: Backport from https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch

Patch taken from https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch
It is linked as official patch for p15 in:
- https://www.ntp.org/support/securitynotice/ntpbug3807/
- https://www.ntp.org/support/securitynotice/ntpbug3806/

Small adaptation to build is needed because of how tests are built.

Backport fixes for:
CVE: CVE-2023-26551
CVE: CVE-2023-26552
CVE: CVE-2023-26553
CVE: CVE-2023-26554
CVE: CVE-2023-26555

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-07-14 07:08:54 -04:00
Hitendra Prajapati 205b72edaa wireshark: Fix CVE-2023-0667 & CVE-2023-0668 
Backport fixes for:
* CVE-2023-0667 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/35418a73f7c9cefebe392b1ea0f012fccaf89801 && https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a
* CVE-2023-0668 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-07-14 07:08:54 -04:00
Hitendra Prajapati 8b5ce0d524 wireshark: Fix Multiple CVEs 
Backport fixes for:
* CVE-2023-2855 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/0181fafb2134a177328443a60b5e29c4ee1041cb
* CVE-2023-2856 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/db5135826de3a5fdb3618225c2ff02f4207012ca
* CVE-2023-2858 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/cb190d6839ddcd4596b0205844f45553f1e77105
* CVE-2023-2952 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-07-14 07:08:54 -04:00
Hugo SIMELIERE 0a8fa5e716 openvpn: upgrade 2.4.9 -> 2.4.12 
Fixes below CVEs:
* CVE-2022-0547
* CVE-2020-15078

Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-03 11:16:53 -04:00
Hugo SIMELIERE a8be62b089 openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist 
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.

Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(upstream from commit d49e96aac4)
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-03 11:16:53 -04:00
vkumbhar 98e6e31688 dnsmasq: fix CVE-2023-28450 default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 
Set the default maximum DNS UDP packet size to 1232.

http://www.dnsflagday.net/2020/ refers.

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-04-06 07:32:11 -04:00
Hitendra Prajapati d07c7f658f net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception 
Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-02-22 11:24:23 -05:00
Yi Zhao e707e9b7cf postfix: upgrade 3.4.23 -> 3.4.27 
Changelog:
http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.4.27.HISTORY

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-01-19 07:49:31 -05:00
Hitendra Prajapati 82f77e2b3c proftpd: CVE-2021-46854 memory disclosure to radius server 
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
 2023-01-19 07:49:31 -05:00
Ranjitsinh Rathod b2c7d54b40 strongswan: Fix CVE-2022-40617 
Add a patch to fix CVE-2022-40617 issue which allows remote attackers to
cause a denial of service in the revocation plugin by sending a crafted
end-entity (and intermediate CA) certificate that contains a CRL/OCSP
URL that points to a server (under the attacker's control) that doesn't
properly respond but (for example) just does nothing after the initial
TCP handshake, or sends an excessive amount of application data.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-40617

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-11-25 10:35:23 -05:00
Colin Finck 7203130ed8 [dunfell] wireguard: Upgrade to 1.0.20220627 (module) and 1.0.20210914 (tools) 
Quoting Jason A. Donenfeld on IRC:

<zx2c4> Colin_Finck: you should never, ever use old versions
<zx2c4> Notice that neither the major nor minor version numbers change
<zx2c4> Use the latest versions on your LTS

With that definite answer, I'd like to fix the problem described in https://lore.kernel.org/yocto/CswA.1659543156268567471.pbrp@lists.yoctoproject.org/ by importing the latest versions instead of maintaining our own fork of wireguard 1.0.20200401.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-10-30 14:47:43 -04:00
Mathieu Dubois-Briand 44d843ecad networkmanager: Update to 1.22.16 
Update network manager stable branch to last version, allowing to fix
CVE-2020-10754.

Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-10-30 14:47:43 -04:00
Hitendra Prajapati 8377de1624 dnsmasq: CVE-2022-0934 Heap use after free in dhcp6_no_relay 
Source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git
MR: 121726
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
ChangeID: be554ef6ebedd7148404ea3cc280f2e42e17dc8c
Description:
	 CVE-2022-0934 dnsmasq: Heap use after free in dhcp6_no_relay.

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
 2022-10-30 14:47:43 -04:00
Hitendra Prajapati 9f3d116fdd cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands 
Source: https://github.com/cyrusimap/cyrus-sasl
MR: 118501
Type: Security Fix
Disposition: Backport from https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc
ChangeID: 5e0fc4c28d97b498128e4aa5d3e7c012e914ef51
Description:
       CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands.

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-16 12:56:17 -07:00
Mingli Yu d865d97f9b bridge-utils: Switch to use the main branch 
Fix the below do_fetch warning:
WARNING: bridge-utils-1.7-r0 do_fetch: Failed to fetch URL git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/bridge-utils.git, attempting MIRRORS if available

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-15 06:45:03 -07:00
Riyaz Ahmed Khan deee226017 tcpdump: Add fix for CVE-2018-16301 
Add patch for CVE issue: CVE-2018-16301
Link: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86

Upstream-Status: Pending

Issue: MGUBSYS-5370

Change-Id: I2aac084e61ba9d71ae614a97b4924eaa60328b79
Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:39 -07:00
Ranjitsinh Rathod a8d82c80a1 atftp: Add fix for CVE-2021-41054 and CVE-2021-46671 
Add patches to fix CVE-2021-41054 and CVE-2021-46671 issues
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-41054
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-46671

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-25 19:34:31 -07:00
Mingli Yu 388dc2830a geoip: Switch to use the main branch 
Fix the below do_fetch warning:
WARNING: geoip-1.6.12-r0 do_fetch: Failed to fetch URL git://github.com/maxmind/geoip-api-c.git, attempting MIRRORS if available

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit df3ef15834)
[Fix up for dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-18 07:37:42 -07:00
Akash Hadke a09ddd737e tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266 
Add below patch to fix CVE-2020-24265 and CVE-2020-24266
CVE-2020-24265-and-CVE-2020-24266.patch
Link: https://github.com/appneta/tcpreplay/commit/d3110859064b15408dbca1294dc7e31c2208504d

Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-27 08:18:20 -07:00
Ranjitsinh Rathod 93a315f96f strongswan: Add fix of CVE-2021-45079 
Add a patch to fix CVE-2021-45079

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-13 10:47:05 -08:00
Armin Kuster cc90900dfb wireshark: Update to 3.2.18 
Source: wireshark.org
MR: 114425, 114409, 114441, 114269, 114417, 114311, 114449
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 8663cdebb2f10ee84817e5199fa3be0acb715af9
Description:

This is a bugfix only update.

Addresses these CVES:
wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.  CVE-2021-39920, CVE-2021-39923.
wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.

Signed-off-by: Armin Kuster <akuster@mvista.com>

---
V2]
Fixes: /build/run/lemon: Exec format error
revert "cmake: lemon: fix path to internal lemon tool"
so the wireshark-native version is instead.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-01-26 22:05:03 -08:00
Virendra Thakur 9e5b6ad6ce strongswan: Fix for CVE-2021-41990 and CVE-2021-41991 
Add patch to fix CVE-2021-41990 and CVE-2021-41991

Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-01-22 10:33:41 -08:00
Andre Carvalho cc9e6dabcb netcat: Set CVE_PRODUCT 
This way yocto cve-check can find open CVE's. See also:

http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html

"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE
database differ from yocto recipe names. This series fixes several
of those name mapping problems by setting the CVE_PRODUCT correctly
in the recipes. To check this mapping with after a build, I'm exporting
LICENSE and CVE_PRODUCT variables to buildhistory for recipes and
packages."

Value added is based on:
https://nvd.nist.gov/products/cpe/search/results?keyword=netcat&status=FINAL&orderBy=CPEURI&namingFormat=2.3

Signed-off-by: Andre Carvalho <andrestc@fb.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-01-11 20:47:01 -08:00
Yi Zhao ab9fca485e postfix: upgrade 3.4.12 -> 3.4.23 
Changelog:
http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.20.HISTORY

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-12-31 10:24:49 -08:00
Yi Zhao 544bcd09f5 postfix: fix build with glibc 2.34 
Backport a patch to fix build against glibc 2.34 (e.g. on Fedora 35)

Fixes:
| In file included from attr_clnt.c:88:
| /usr/include/unistd.h:363:13: error: conflicting types for
‘closefrom’; have ‘void(int)’
|   363 | extern void closefrom (int __lowfd) __THROW;
|       |             ^~~~~~~~~
| In file included from attr_clnt.c:87:
| ./sys_defs.h:1506:12: note: previous declaration of ‘closefrom’ with
type ‘int(int)’
|  1506 | extern int closefrom(int);
|       |            ^~~~~~~~~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-12-31 10:24:46 -08:00
Armin kuster 95969f0f5f dovecot: refresh patches 
Signed-off-by: Armin kuster <akuster808@gamil.com>
 2021-12-27 13:23:37 -08:00
sana kazi fba8ff0d91 dovecot: Fix CVE-2020-12674 
Added patch for CVE-2020-12674

Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-12-03 12:23:42 -08:00
sana kazi 7804c8e5bd dovecot: Fix CVE-2020-12673 
Added patch for CVE-2020-12673

Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-12-03 12:23:38 -08:00
sana kazi 00ad99f4f9 dovecot: Fix CVE-2020-12100 
Added patches to fix CVE-2020-12100

Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-12-03 12:23:33 -08:00
Armin Kuster 59bff77ad0 recipes: Update SRC_URI branch and protocols 
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-11-17 12:26:21 -08:00
Andreas Weger 4b8f554f4d drdb-utils: Define SRCREV_FORMAT 
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT

Signed-off-by: Andreas Weger <weger@hs-mittweida.de>

Change-Id: Id1d0a1062d09f690123b2a1c06137ae5c04d7b20
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-11-02 05:47:24 -07:00
Purushottam Choudhary 3cf22d1588 tcpdump: Update CVE-2020-8037 tag 
CVE tag was missing inside the patch file
which is the remedy for CVE-2020-8037 and
tracked by cve-check.

Signed-off-by: Purushottam Choudhary <purushottam.Choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-10-01 14:49:10 -07:00
Armin Kuster 2e7e98cd0c dnsmasq: Security fix CVE-2021-3448 
Source: https://thekelleys.org.uk/dnsmasq.git
MR: 110238
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818
Description:

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Signed-off-by: Armin Kuster <akuster@mvista.com>
 2021-09-10 15:16:48 -07:00
Pierre-Jean Texier 892b724cd1 stunnel: upgrade 5.56 -> 5.57 
Source: https://git.openembedded.org/meta-openembedded
MR: 109039
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/stunnel?h=gatesgarth&id=b76712700c79e4627028787ae65ab306c21eed02
ChangeID: 2543a2516b0f00024ed117a1fe33d1157b3d725f
Description:

Affects < 5.57

License-Update: copyright years updated.

This is a bug fix release:

 - X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes.
 - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
 - Merged Debian 05-typos.patch (thx to Peter Pentchev).
 - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
 - Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
 - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
 - Fixed tests on the WSL2 platform.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b76712700c)
[Includes CVE-2021-20230 per changelog
Full commit https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
]

Signed-off-by: Armin Kuster <akuster@mvista.com>
 2021-09-10 10:21:52 -07:00
Armin Kuster b9fe34b1ad tcpdump: Exclude CVE-2020-8036 from check 
This issue was introduce in 4.9 by 246ca110 Autosar SOME/IP protocol support which is after
4.9.3

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-24 21:25:51 -07:00
Jate Sujjavanich a64eec1771 ufw: Fix interpreter for installed ufw and test ufw 
Revert patch to setup-only-make-one-reference-to-env.patch and make
patch for python3 interpreter fix apply to runs of setup.py during
self test as well as installs.

Reported-by: Kenta Nakamura <Nakamura.Kenta@bp.MitsubishiElectric.co.jp>
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
 2021-08-15 07:14:11 -07:00