47939c2bdc
opensc: fix CVE-2024-45618
...
CVE-2024-45618:
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted
USB Device or Smart Card, which would present the system with a specially crafted
response to APDUs. Insufficient or missing checking of return values of functions
leads to unexpected work with variables that have not been initialized.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45618 ]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/8632ec172beda894581d67eaa991e519a7874f7d ]
[https://github.com/OpenSC/OpenSC/commit/f9d68660f032ad4d7803431d5fc7577ea8792ac3 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:28:50 -05:00
4fff381a22
opensc: fix CVE-2024-45617
...
CVE-2024-45617:
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
An attacker could use a crafted USB Device or Smart Card, which would present the system
with a specially crafted response to APDUs. Insufficient or missing checking of return
values of functions leads to unexpected work with variables that have not been initialized.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45617 ]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc ]
[https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc ]
[https://github.com/OpenSC/OpenSC/commit/efbc14ffa190e3e0ceecceb479024bb778b0ab68 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:28:47 -05:00
cd6d013e47
opensc: fix CVE-2024-45616
...
CVE-2024-45616:
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
An attacker could use a crafted USB Device or Smart Card, which would present the system
with a specially crafted response to APDUs. The following problems were caused by
insufficient control of the response APDU buffer and its length when communicating
with the card.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45616 ]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/1d3b410e06d33cfc4c70e8a25386e456cfbd7bd1 ]
[https://github.com/OpenSC/OpenSC/commit/265b28344d036a462f38002d957a0636fda57614 ]
[https://github.com/OpenSC/OpenSC/commit/e7177c7ca00200afea820d155dca67f38b232967 ]
[https://github.com/OpenSC/OpenSC/commit/ef7b10a18e6a4d4f03f0c47ea81aa8136f3eca60 ]
[https://github.com/OpenSC/OpenSC/commit/76115e34799906a64202df952a8a9915d30bc89d ]
[https://github.com/OpenSC/OpenSC/commit/16ada9dc7cddf1cb99516aea67b6752c251c94a2 ]
[https://github.com/OpenSC/OpenSC/commit/3562969c90a71b0bcce979f0e6d627546073a7fc ]
[https://github.com/OpenSC/OpenSC/commit/cccdfc46b10184d1eea62d07fe2b06240b7fafbc ]
[https://github.com/OpenSC/OpenSC/commit/5fa758767e517779fc5398b6b4faedc4e36d3de5 ]
[https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:28:43 -05:00
ecdd64cf48
opensc: fix CVE-2024-45615
...
CVE-2024-45615:
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
The problem is missing initialization of variables expected to be initialized
(as arguments to other functions, etc.).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45615 ]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1 ]
[https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6 ]
[https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7 ]
[https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b ]
[https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:26:09 -05:00
394846f988
opensc: fix CVE-2024-8443
...
CVE-2024-8443:
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable
to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all
versions up to, and including, 1.1.0 due to insufficient input sanitization and output
escaping. This makes it possible for authenticated attackers, with subscriber-level
access and above, to inject arbitrary web scripts in pages that will execute whenever
a user accesses an injected page. Please note that this was partially fixed in 1.1.0
due to the missing authorization protection that was added.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-8433 ]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e ]
[https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:26:06 -05:00
7e91b406fa
opensc: fix CVE-2024-1454
...
CVE-2024-1454:
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages,
occuring in the card enrolment process using pkcs15-init when a user or administrator
enrols or modifies cards. An attacker must have physical access to the computer system
and requires a crafted USB device or smart card to present the system with specially
crafted responses to the APDUs, which are considered high complexity and low severity.
This manipulation can allow for compromised card management operations during enrolment.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-1454 ]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:26:03 -05:00
291fc3e7fc
openjpeg: fix CVE-2024-56827
...
CVE-2024-56827:
A flaw was found in the OpenJPEG project. A heap buffer overflow
condition may be triggered when certain options are specified while
using the opj_decompress utility. This can lead to an application crash
or other undefined behavior.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-56827 ]
[https://github.com/uclouvain/openjpeg/issues/1564 ]
Upstream patches:
[https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:25:59 -05:00
3749051d29
openjpeg: fix CVE-2024-56826
...
CVE-2024-56826:
A flaw was found in the OpenJPEG project. A heap buffer overflow
condition may be triggered when certain options are specified while
using the opj_decompress utility. This can lead to an application crash
or other undefined behavior.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-56826 ]
[https://github.com/uclouvain/openjpeg/issues/1563 ]
Upstream patches:
[https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:25:56 -05:00
954acdcf1b
python3-django: Fix CVE-2024-53907
...
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2
before 4.2.17. The strip_tags() method and striptags template filter are subject
to a potential denial-of-service attack via certain inputs containing large
sequences of nested incomplete HTML entities.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-53907
Upstream-patch:
https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:23:09 -05:00
be168328f8
python3-django: Fix CVE-2024-45231
...
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The
django.contrib.auth.forms.PasswordResetForm class, when used in a view
implementing password reset flows, allows remote attackers to enumerate
user e-mail addresses by sending password reset requests and observing
the outcome (only when e-mail sending is consistently failing).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45231
Upstream-patch:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:23:05 -05:00
b4feba446d
python3-django: Fix CVE-2024-45230
...
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and
4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are
subject to a potential denial-of-service attack via very large inputs with
a specific sequence of characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45230
Upstream-patch:
https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:23:02 -05:00
aa9e8a5557
python3-django: Fix CVE-2024-41991
...
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The
urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with a
very large number of Unicode characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41991
Upstream-patch:
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:22:59 -05:00
4e8fa78778
python3-django: Fix CVE-2024-41990
...
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41990
Upstream-patch:
https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:22:56 -05:00
46701493ac
python3-django: Fix CVE-2024-41989
...
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The
floatformat template filter is subject to significant memory consumption when
given a string representation of a number in scientific notation with a large
exponent.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41989
Upstream-patches:
https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124
https://github.com/django/django/commit/4b066bde692078b194709d517b27e55defae787c
https://github.com/django/django/commit/dcd974698301a38081c141ccba6dcafa5ed2c80e
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:20:15 -05:00
91d60c9b0a
python3-django: Fix CVE-2024-39614
...
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14.
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-39614
Upstream-patch:
https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:20:12 -05:00
e13c721bed
python3-django: Fix CVE-2023-23969
...
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values
of Accept-Language headers are cached in order to avoid repetitive parsing. This leads
to a potential denial-of-service vector via excessive memory usage if the raw value of
Accept-Language headers is very large.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-23969
Upstream-patch:
https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:20:09 -05:00
59ebd5b114
python3-django: upgrade 4.2.15 -> 4.2.17
...
Fixes CVE-2024-45230, CVE-2024-45231, CVE-2024-53907 and
CVE-2024-53908
Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.16/
https://docs.djangoproject.com/en/dev/releases/4.2.17/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:20:06 -05:00
580693f8b9
python3-django: Fix CVE-2024-38875
...
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7.
urlize and urlizetrunc were subject to a potential denial of service attack
via certain inputs with a very large number of brackets.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-38875
https://github.com/advisories/GHSA-qg2p-9jwr-mmqf
Upstream-patch:
https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:20:02 -05:00
ff5e933e58
poppler: fix CVE-2024-56378
...
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds
read vulnerability within the JBIG2Bitmap::combine function
in JBIG2Stream.cc.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-56378
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:16:49 -05:00
e9e496dc64
poppler: fix CVE-2024-6239
...
A flaw was found in the Poppler's Pdfinfo utility. This issue
occurs when using -dests parameter with pdfinfo utility. By
using certain malformed input files, an attacker could cause
the utility to crash, leading to a denial of service.
CVE-2024-6239-0001 is the dependent commit and CVE-2024-6239-0002
is the actual CVE fix.
fix indent issue in poppler_22.04.0.bb file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-6239
Upstream patches:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
https://gitlab.freedesktop.org/poppler/poppler/-/commit/fc1c711cb5f769546c6b31cc688bf0ee7f0c1dbc
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:16:45 -05:00
9d2f35c8ce
glade: fix CVE-2020-36774
...
CVE-2020-36774:
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x
before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a
denial of service (application crash).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2020-36774 ]
Upstream patches:
[https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:13:03 -05:00
6ae5b4de25
libsass: upgrade 3.6.5 -> 3.6.6
...
(master rev: 3f88224fb9wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:12:58 -05:00
198cf66134
meta-oe: Remove True option to getVar calls
...
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-22 19:12:54 -05:00
66ec168505
packagegroup-meta-multimedia: Remove library only packages from rdeps
...
Because they get renamed, it is better to ignore them and let a
dependency build them
Fixes errors like
ERROR: packagegroup-meta-multimedia-1.0-r0 do_package_write_ipk: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (gssdp to libgssdp-1.2-0)
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit eafecde2aeakuster808@gmail.com >
2025-01-01 09:13:52 -05:00
aa423dfd81
lldpd: Fix CVE-2023-41910
...
Adds patch to backport fix for CVE-2023-41910.
Signed-off-by: Colin McAllister <colin.mcallister@garmin.com >
Change-Id: Iab619f1f5ba26b1141dffea065c90ef0b180b46e
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-31 09:04:11 -05:00
c59e8e9dbc
python3-werkzeug: Fix CVE-2024-49767
...
Werkzeug is a Web Server Gateway Interface web application library. Applications
using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug
prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications)
are vulnerable to a relatively simple but effective resource exhaustion (denial of
service) attack. A specifically crafted form submission request can cause the parser
to allocate and block 3 to 8 times the upload size in main memory. There is no upper
limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds.
Werkzeug version 3.0.6 fixes this issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-49767
Upstream-patch:
https://github.com/pallets/werkzeug/commit/8760275afb72bd10b57d92cb4d52abf759b2f3a7
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-31 09:04:08 -05:00
c3deda05a7
python3-werkzeug: Fix CVE-2024-34069
...
Werkzeug is a comprehensive WSGI web application library. The debugger in
affected versions of Werkzeug can allow an attacker to execute code on a
developer's machine under some circumstances. This requires the attacker
to get the developer to interact with a domain and subdomain they control,
and enter the debugger PIN, but if they are successful it allows access to
the debugger even if it is only running on localhost. This also requires
the attacker to guess a URL in the developer's application that will trigger
the debugger. This vulnerability is fixed in 3.0.3.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-34069
Upstream-patches:
https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967
https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-31 09:04:05 -05:00
50544ce18c
asio: Add ptest support
...
# ./run-ptest
PASS: address
PASS: address_v4
PASS: address_v4_iterator
PASS: address_v4_range
PASS: address_v6
PASS: address_v6_iterator
PASS: address_v6_range
PASS: any_completion_executor
PASS: any_completion_handler
PASS: any_executor
PASS: any_io_executor
PASS: append
PASS: as_tuple
PASS: associated_allocator
PASS: associated_cancellation_slot
PASS: associated_executor
PASS: associated_immediate_executor
PASS: associator
PASS: async_result
[snip]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(master rev: 1274b0df3c126e72dcbfd4678d1c25aadb8607dc)
* remove duplicated SRC_URI
* refresh 0001-tests-Remove-blocking_adaptation.cpp.patch
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-31 09:02:31 -05:00
8fb0186a91
postgresql: upgrade 14.13 -> 14.14
...
Includes fix for CVE-2024-10976, CVE-2024-10977, CVE-2024-10978
and CVE-2024-10979
Changelog:
https://www.postgresql.org/docs/release/14.14/
0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 14.14
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
2024-12-31 09:00:05 -05:00
bffcd6df7a
php: upgrade 8.1.30 -> 8.1.31
...
Includes fix for CVE-2024-8929, CVE-2024-11236, CVE-2024-11234 and CVE-2024-11233
Changelog:
https://www.php.net/ChangeLog-8.php#8.1.31
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
2024-12-31 09:00:02 -05:00
54933d4bc0
mosquitto: upgrade 2.0.19 -> 2.0.20
...
Changelog:
==========
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
Closes #3128 .
- Open files with appropriate access on Windows.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.
Client library:
- Fix cmake build on OS X.
Build:
- Fix build on NetBSD
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
2024-12-31 08:59:59 -05:00
255faa7b69
mosquitto: upgrade 2.0.18 -> 2.0.19
...
- Solves CVE-2024-8376
- removed 1571.patch and 2894.patch, already applied in v2.0.19
https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt
Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com >
Reviewed-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
2024-12-31 08:59:56 -05:00
e137ee78b5
nspr: Fix build with clang16
...
* also needed for nspr-native build with gcc-14 on host
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
2024-12-31 08:56:41 -05:00
62119b2643
hostapd: Patch security advisory 2024-2
...
Pick patches according to
http://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt
SAE H2E and incomplete downgrade protection for group negotiation
Patch 0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
was removed as it only patched wpa_supplicant. The patch names were
not changed so it is comparable with wpa_supplicant recipe.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
2024-12-31 08:56:24 -05:00
85f8fe91a0
hostapd: Patch CVE-2024-3596
...
Picked patches according to
http://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt
First patch is style commit picked to have a clean cherry-pick of all
mentioned commits without any conflict.
Patch CVE-2024-3596_03.patch was removed as it only patched
wpa_supplicant. The patch names were not changed so it is comparable
with wpa_supplicant recipe.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
2024-12-31 08:56:20 -05:00
7b3fdcdfaa
libgsf: Upgrade 1.14.49 -> 1.14.53
...
Changelog:
libgsf 1.14.53
* Compilation fixes for libxml 2.13
* Fix ABR in gsf-vba-dump.
* Teach gsf (the tool) to handle odf properties.
* Fix integer overflows affecting memory allocation.
* Add missing "DocumentStatus" ole2 property.
* Avoid some undefined C behaviour in overflow checks.
libgsf 1.14.51
* Fix thumbnailer crash.
* Fix leaks.
libgsf 1.14.50
* Fix error handling problem when writing ole files.
License changed to LGPL-2.1-only from 1.14.51
[https://gitlab.gnome.org/GNOME/libgsf/-/commit/037c913eb631349c410ef45e49697bf5c46dac8a ]
remove obsolete DEPENDS from upstream [103f49b5fchttps://gitlab.gnome.org/GNOME/libgsf/-/issues/34 ]
(master rev: 6ed5891c18peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:04:56 -05:00
c5c647ba6a
python3-aiohttp: fix CVE-2023-49081/CVE-2024-30251/CVE-2024-52304/CVE-2023-49082/CVE-2024-27306
...
CVE-2023-49081:
aiohttp is an asynchronous HTTP client/server framework for asyncio and
Python. Improper validation made it possible for an attacker to modify
the HTTP request (e.g. to insert a new header) or create a new HTTP
request if the attacker controls the HTTP version. The vulnerability
only occurs if the attacker can control the HTTP version of the request.
This issue has been patched in version 3.9.0.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49081
Upstream patches:
https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b
CVE-2024-30251:
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
In affected versions an attacker can send a specially crafted POST
(multipart/form-data) request. When the aiohttp server processes it, the server
will enter an infinite loop and be unable to process any further requests. An
attacker can stop the application from serving requests after sending a single
request. This issue has been addressed in version 3.9.4. Users are advised to
upgrade. Users unable to upgrade may manually apply a patch to their systems.
Please see the linked GHSA for instructions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-30251
Upstream patches:
https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597
https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866
CVE-2024-52304:
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
Prior to version 3.10.11, the Python parser parses newlines in chunk extensions
incorrectly which can lead to request smuggling vulnerabilities under certain
conditions. If a pure Python version of aiohttp is installed (i.e. without the
usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may
be able to execute a request smuggling attack to bypass certain firewalls or
proxy protections. Version 3.10.11 fixes the issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-52304
Upstream patches:
https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
CVE-2023-49082:
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
Improper validation makes it possible for an attacker to modify the HTTP
request (e.g. insert a new header) or even create a new HTTP request if the
attacker controls the HTTP method. The vulnerability occurs only if the
attacker can control the HTTP method (GET, POST etc.) of the request. If the
attacker can control the HTTP version of the request it will be able to modify
the request (request smuggling). This issue has been patched in version 3.9.0.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49082
Upstream patches:
https://github.com/aio-libs/aiohttp/pull/7806/commits/a43bc1779892e7014b7723c59d08fb37a000955e
CVE-2024-27306:
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
A XSS vulnerability exists on index pages for static file handling. This
vulnerability is fixed in 3.9.4. We have always recommended using a reverse
proxy server (e.g. nginx) for serving static files. Users following the
recommendation are unaffected. Other users can disable `show_index` if unable
to upgrade.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-27306
Upstream patches:
https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:04:29 -05:00
f17b6e36fc
protobuf: fix CVE-2024-7254
...
Backport patch with tweaks for the current version to fix
CVE-2024-7254.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:04:02 -05:00
80dcdf37be
php: upgrade 8.1.29 -> 8.1.30
...
Includes fix for CVE-2024-8925, CVE-2024-8926, CVE-2024-8927
and CVE-2024-9026
Changelog:
https://www.php.net/ChangeLog-8.php#8.1.30
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:03:33 -05:00
66ef07598a
p7zip: Fix CVE-2023-52169 and CVE-2023-52168
...
According to [1][2], Igor Pavlov, the author of 7-Zip, refused to
provide an advisory or any related change log entries. Have to
backport a part of ./CPP/7zip/Archive/NtfsHandler.cpp from upstream
big commit https://github.com/ip7z/7zip/commit/fc662341e6f85da78ada0e443f6116b978f79f22
[1] https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
[2] https://dfir.ru/wp-content/uploads/2024/07/screenshot-2024-07-03-at-02-13-40-7-zip-_-bugs-_-2402-two-vulnerabilities-in-the-ntfs-handler.png
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:03:06 -05:00
9f598082ed
hostapd: Security fix for CVE-2023-52160
...
CVE-2023-52160:
The implementation of PEAP in wpa_supplicant through 2.10 allows
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-52160
Patch from:
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:02:39 -05:00
55bb99d80c
ntfs-3g-ntfsprogs: fix CVE-2023-52890
...
Backport fix from upstream
https://github.com/tuxera/ntfs-3g/commit/75dcdc2cf37478fad6c0e3427403d198b554951d
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:02:11 -05:00
26ef6a9c2d
indent: fix CVE-2024-0911
...
Backport a fix from upstream to resolve CVE-2024-0911
https://git.savannah.gnu.org/git/indent.git feb2b646e6c3a05018e132515c5eda98ca13d50d
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:01:32 -05:00
84ebedfcf4
frr: fix multiple CVEs
...
CVE-2024-27913:
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1
allows remote attackers to cause a denial of service (ospfd daemon
crash) via a malformed OSPF LSA packet, because of an attempted
access to a missing attribute field.
CVE-2024-34088:
In FRRouting (FRR) through 9.1, it is possible for the get_edge()
function in ospf_te.c in the OSPF daemon to return a NULL pointer.
In cases where calling functions do not handle the returned NULL
value, the OSPF daemon crashes, leading to denial of service.
CVE-2024-31950:
In FRRouting (FRR) through 9.1, there can be a buffer overflow and
daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt
to read Segment Routing subTLVs (their size is not validated).
CVE-2024-31951:
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1,
there can be a buffer overflow and daemon crash in
ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read
Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVE-2024-31948:
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID
attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-27913 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-34088 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31951 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31950 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31948 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/a73e66d07329d721f26f3f336f7735de420b0183 ]
[https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca ]
[https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a ]
[https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4 ]
[https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07 ]
[https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:00:01 -05:00
feb3793070
freeradius: upgrade 3.0.21 -> 3.0.27
...
ChangeLog:
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_27
Configuration changes:
BlastRADIUS mitigations have been added to the "security" section. See
require_message_authenticator and also limit_proxy_state.
BlastRADIUS mitigations have been added to radclient. See man radclient,
and the -b option.
Security fixes:
CVE-2024-3596:
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a
local attacker who can modify any valid Response (Access-Accept,
Access-Reject, or Access-Challenge) to any other response using a
chosen-prefix collision attack against MD5 Response Authenticator signature.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3596
https://www.freeradius.org/security/
https://www.blastradius.fail/
https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
[Drop CVE-2024-3596 patch backported early]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:54:19 -05:00
adf635944c
openvpn: upgrade 2.5.6 -> 2.5.11
...
License-Update: Add Apache2 linking for new commits [1]
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/v2.5.11/Changes.rst
Security fixes:
CVE-2024-5594: control channel: refuse control channel messages with
nonprintable characters in them.
Security scope: a malicious openvpn peer can send garbage to openvpn
log, or cause high CPU load.
[1] https://github.com/OpenVPN/openvpn/commit/4a89a55b8a9d6193957711bef74228796a185179
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
2d6512b422
apache2: Upgrade 2.4.60 -> 2.4.62
...
CVE's Fixed by upgrade:
CVE-2024-39884
CVE-2024-40725
Other Changes between 2.4.60 -> 2.4.62
======================================
https://github.com/apache/httpd/blob/2.4.62/CHANGES
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
cc8b266290
nss: patch CVE-2024-6609
...
Pick the same patch as Debian took for bullseye.
There is no direct backport to version prior 3.102 because
commit NSS_3_101_BETA2-12-g8d94c529b [1] rewrote this code.
Applied patch was proposed for old versions in [2] and already
applied in Debian bullseye.
I could not find suitable upstream status, inappropriate is the best
I could pick from offered possibilities.
[1] https://github.com/nss-dev/nss/commit/8d94c529b333194d080c4885ddd3a40e6c296ae9 <
[2] https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/t9JmsYkujWM/m/HjKuk-ngBAAJ
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
daf05cbbe1
nss: patch CVE-2024-6602
...
Pick the same patch as Debian took for bullseye.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
5782095b7b
open-vm-tools: Security fixes CVE-2023-34059
...
CVE-2023-34059:
open-vm-tools contains a file descriptor hijack vulnerability in the
vmware-user-suid-wrapper. A malicious actor with non-root privileges may
be able to hijack the /dev/uinput file descriptor allowing them to
simulate user inputs.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-34059
Patch from:
https://github.com/vmware/open-vm-tools/blob/CVE-2023-34059.patch/CVE-2023-34059.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
Zhang Peng
Soumya Sambu
Yogita Urade
Wang Mingyu
akash hadke
Khem Raj
Colin McAllister
Mingli Yu
Vijay Anusuri
Fabrice Aeschbacher
Peter Marko
Jiaying Song
Chen Qi
hongxu
Yi Zhao
Haixiao Yan
Archana Polampalli
Yi Zhao
