Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file.
NOTE: exploitability may be uncommon because this file is typically owned by root.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Vulnerability in the MySQL Server product of Oracle MySQL
(component: InnoDB). Supported versions that are affected
are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily
exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. CVSS 3.1
Base Score 4.9 (Availability impacts).
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-22084https://security-tracker.debian.org/tracker/CVE-2023-22084
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This reverts commit 522603beb6.
This change was for oe-core not meta-oe repository, creating
unused directory "meta" which doesn't belong here.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
with make 4.4, linuxptp do_compile will failed with error:
In file included from clock.c:35:
missing.h:61:9: error: redeclaration of enumerator 'HWTSTAMP_TX_ONESTEP_P2P'
61 | HWTSTAMP_TX_ONESTEP_P2P = 3,
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from clock.c:21:
/buildarea2/WRLCD_Regression/Rerun/build_dir/11201532-build_scp_world_Feature_Test/qemux86-64-standard-std-OE/build/tmp-glibc/work/core2-64-wrs-linux/linuxptp/3.1.1-r0/recipe-sysroot/usr/include/linux/net_tstamp.h:128:9: note: previous definition of 'HWTSTAMP_TX_ONESTEP_P2P' with type 'enum hwtstamp_tx_types'
128 | HWTSTAMP_TX_ONESTEP_P2P,
|
Following change of make 4.4 changes behavior of shell function:
* WARNING: Backward-incompatibility!
Previously makefile variables marked as export were not exported to commands
started by the $(shell ...) function. Now, all exported variables are
exported to $(shell ...).
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport of commit 05c1003c4 ("linuxptp: fix do_compile error").
This is present in dunfell/kirkstone as well. If net_tstamp.h of the
build host disagrees with net_tstamp.h of the OE kernel or I remove
the build host's net_tstamp.h do_compile fails.
Changed Upstream Status to Backport with the git sha as the commit is
now applied upstream.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted
objects in the LDAP store.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
old tarballs disappear from main location, use a backup location to
fetch it in such cases.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Backported from Nanbield
(cherry-picked from commit 8d34444c74)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5be2e20157)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit b135007c8ff43c18dd0593b5115d46dc6362675f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This recipe sets the product name used for CVE checking to
"http_server". However, the cve-check logic matches that name to all
products in the CVE database regardless of vendor. Currently, it is
matching to products from vendors other than apache. As a result,
CVE checking incorrectly reports CVEs for those vendors' products for
this package.
Signed-off-by: Jeffrey Pautler <jeffrey.pautler@ni.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 51f70eaaa5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows
RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems
from an RPC function that can be blocked indefinitely. The issue arises because
the "rpcecho" service operates with only one worker in the main RPC task, allowing
calls to the "rpcecho" server to be blocked for a specified time, causing service
disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()"
function under specific conditions. Authenticated users or attackers can exploit this
vulnerability to make calls to the "rpcecho" server, requesting it to block for a
specified duration, effectively disrupting most services and leading to a complete
denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs
in the main RPC task.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-42669
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
An unintentional breakage was made upstream in sip4 which results
in builds reporting: QtCoremod.sip:23: syntax error
This was reported in Debian, but not resolved:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998605
A backport of a fix from the upstream project fixes the parser to
prevent it from complaining about the syntax error.
Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add the destdir option to ensure that sipconfig.py gets installed to the
site-packages directory and included in python3-sip3.
Remove references to the build paths from sipconfig.py as part of the
install stage. One may then prepend STAGING_DIR_NATIVE to sip_bin and
STAGING_DIR_TARGET to *_dir in any recipe that uses sipconfig.py.
Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The delta between 4.2.5 and 4.2.7 contains the fixes for
CVE-2023-43665, CVE-2023-46695 and other bugfixes.
git log --oneline 4.2.5..4.2.7 shows:
d254a54e7f (tag: 4.2.7) [4.2.x] Bumped version for 4.2.7 release.
048a9ebb6e [4.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.
3fae5d92da [4.2.x] Refs #30601 -- Fixed typos in docs/topics/db/transactions.txt.
a8aa94062b [4.2.x] Refs #15578 -- Made cosmetic edits to fixtures docs.
109f39a38b [4.2.x] Fixed#34932 -- Restored varchar_pattern_ops/text_pattern_ops index creation when deterministic collaction is set.
61612990d8 [4.2.x] Fixed typos in docs/ref/models/expressions.txt.
696fbc32d6 [4.2.x] Fixed#30601 -- Doc'd the need to manually revert all app state on transaction rollbacks.
ffba63180c [4.2.x] Fixed typo in docs/ref/contrib/gis/geos.txt.
43a3646070 [4.2.x] Fixed#15578 -- Stated the processing order of fixtures in the fixtures docs.
0cd8b867a0 [4.2.x] Added stub release notes and release date for 4.2.7, 4.1.13, and 3.2.23.
510a512119 [4.2.x] Fixed typo in docs/releases/4.2.txt.
b644f8bc1f [4.2.x] Corrected note about using accents in writing documentation contributing guide.
a576ef98ae [4.2.x] Refs #34900, Refs #34118 -- Updated assertion in test_skip_class_unless_db_feature() test on Python 3.12.1+.
803caec60b [4.2.x] Fixed#34798 -- Fixed QuerySet.aggregate() crash when referencing expressions containing subqueries.
caec4f4a6f [4.2.x] Refs #34840 -- Improved release note describing index regression.
b6bb2f8099 [4.2.x] Refs #34840 -- Fixed test_validate_nullable_textfield_with_isnull_true() on databases that don's support table check constraints.
e8fe48d3a0 [4.2.x] Fixed#34808 -- Doc'd aggregate function's default argument.
830990fa6c [4.2.x] Reorganized tutorial's part 4 to better understand changes needed in URLConf.
0cbc92bc3a [4.2.x] Refs #26029 -- Improved get_storage_class() deprecation warning with stacklevel=2.
9c7627da30 [4.2.x] Refs #34043 -- Clarified how to test UI changes.
0bd53ab86a [4.2.x] Added backticks to setuptools in docs.
99dcba90b4 [4.2.x] Refs #32275 -- Added scrypt password hasher to PASSWORD_HASHERS setting docs.
6697880219 [4.2.x] Refs #31435 -- Doc'd potential infinite recursion when accessing model fields in __init__.
a9a3317a95 [4.2.x] Corrected wrap_socket() reference in docs/ref/settings.txt.
9962f94a97 [4.2.x] Added CVE-2023-43665 to security archive.
b2d95bb301 [4.2.x] Added stub release notes for 4.2.7.
08d54f83a9 [4.2.x] Post release version bump.
c22017bd1d (tag: 4.2.6) [4.2.x] Bumped version for 4.2.6 release.
be9c27c4d1 [4.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
39fc3f46a8 [4.2.x] Added stub release notes and release date for 4.2.6, 4.1.12, and 3.2.22.
dd0bf63d3e [4.2.x] Added warning about flatpages and untrusted users.
fec4ed0a25 [4.2.x] Refs #34320 -- Skipped SchemaTests.test_rename_field_with_check_to_truncated_name on MariaBD 10.5.2+.
a148461f1f [4.2.x] Fixed#34840 -- Avoided casting string base fields on PostgreSQL.
b08f53ff46 [4.2.x] Refs #34808 -- Doc'd that aggregation functions on empty groups can return None.
c70f08c4aa [4.2.x] Added updating the Django release process on Trac to release steps.
d485aa2732 [4.2.x] Fixed typo in docs/howto/custom-file-storage.txt.
ff26e6ad84 [4.2.x] Corrected QuerySet.prefetch_related() note about GenericRelation().
866122690d [4.2.x] Doc'd HttpResponse.cookies.
97e8a2afb1 [4.2.x] Fixed#34821 -- Prevented DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings from mutating the main STORAGES.
39cb3b08bc [4.2.x] Bumped checkout version in Github actions configuration.
592ebd8920 [4.2.x] Added stub release notes for 4.2.6.
a1dd785139 [4.2.x] Added CVE-2023-41164 to security archive.
a9686cb871 [4.2.x] Post-release version bump.
Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.7/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The delta between 3.2.21 and 3.2.23 contains the fixes for
CVE-2023-43665, CVE-2023-46695 and other bugfixes.
git log --oneline 3.2.21..3.2.23 shows:
60e648a7ae (tag: 3.2.23) [3.2.x] Bumped version for 3.2.23 release.
f9a7fb8466 [3.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.
e6d2591d9e [3.2.x] Added stub release notes for 3.2.23.
3c04b74293 [3.2.x] Added CVE-2023-43665 to security archive.
86a14d653f [3.2.x] Post release version bump.
3106e94e52 (tag: 3.2.22) [3.2.x] Bumped version for 3.2.22 release.
ccdade1a02 [3.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
6caf7b313d [3.2.x] Added stub release notes for 3.2.22.
9e814c3a5e [3.2.x] Added CVE-2023-41164 to security archive.
4b439dcd05 [3.2.x] Post-release version bump.
Release Notes: https://docs.djangoproject.com/en/dev/releases/3.2.23/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2023-43665:
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the
django.utils.text.Truncator chars() and words() methods (when used with
html=True) are subject to a potential DoS (denial of service) attack via
certain inputs with very long, potentially malformed HTML text. The chars()
and words() methods are used to implement the truncatechars_html and
truncatewords_html template filters, which are thus also vulnerable.
NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
CVE-2023-46695:
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and
4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence,
django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of
service) attack via certain inputs with a very large number of Unicode characters.
References:
https://www.djangoproject.com/weblog/2023/oct/04/security-releases/https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes:
| WARNING: Unable to execute waf --version, exit code 1. Assuming waf version without bindir/libdir support.
| DEBUG: Python function waf_preconfigure finished
| DEBUG: Executing shell function do_configure
| Traceback (most recent call last):
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/./waf", line 163, in <module>
| from waflib import Scripting
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 6, in <module>
| from waflib import Utils,Configure,Logs,Options,ConfigSet,Context,Errors,Build,Node
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Configure.py", line 6, in <module>
| from waflib import ConfigSet,Utils,Options,Logs,Context,Build,Errors
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Options.py", line 6, in <module>
| from waflib import Logs,Utils,Context,Errors
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Context.py", line 5, in <module>
| import os,re,imp,sys
| ModuleNotFoundError: No module named 'imp'
| WARNING: /OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/temp/run.do_configure.1263276:146 exit 1 from 'waf_do_configure'
* this first issue can be fixed easily by backporting:
d2060dfd8a
* but then it still fails a bit later, because of SyntaxWarning in waf --version
output:
ERROR: glmark2-2021.12-r0 do_configure: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:waf_preconfigure(d)
0003:
File: '/OE/build/luneos-kirkstone/openembedded-core/meta/classes/waf.bbclass', lineno: 52, function: waf_preconfigure
0048: wafbin = os.path.join(subsrcdir, 'waf')
0049: try:
0050: result = subprocess.check_output([python, wafbin, '--version'], cwd=subsrcdir, stderr=subprocess.STDOUT)
0051: version = result.decode('utf-8').split()[1]
*** 0052: if bb.utils.vercmp_string_op(version, "1.8.7", ">="):
0053: d.setVar("WAF_EXTRA_CONF", "--bindir=${bindir} --libdir=${libdir}")
0054: except subprocess.CalledProcessError as e:
0055: bb.warn("Unable to execute waf --version, exit code %d. Assuming waf version without bindir/libdir support." % e.returncode)
0056: except FileNotFoundError:
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 148, function: vercmp_string_op
0144: Compare two versions and check if the specified comparison operator matches the result of the comparison.
0145: This function is fairly liberal about what operators it will accept since there are a variety of styles
0146: depending on the context.
0147: """
*** 0148: res = vercmp_string(a, b)
0149: if op in ('=', '=='):
0150: return res == 0
0151: elif op == '<=':
0152: return res <= 0
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 138, function: vercmp_string
0134: return r
0135:
0136:def vercmp_string(a, b):
0137: """ Split version strings and compare them """
*** 0138: ta = split_version(a)
0139: tb = split_version(b)
0140: return vercmp(ta, tb)
0141:
0142:def vercmp_string_op(a, b, op):
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 89, function: split_version
0085: """Split a version string into its constituent parts (PE, PV, PR)"""
0086: s = s.strip(" <>=")
0087: e = 0
0088: if s.count(':'):
*** 0089: e = int(s.split(":")[0])
0090: s = s.split(":")[1]
0091: r = ""
0092: if s.count('-'):
0093: r = s.rsplit("-", 1)[1]
Exception: ValueError: invalid literal for int() with base 10: 'SyntaxWarning'
ERROR: Logfile of failure stored in: /OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/temp/log.do_configure.1264918
so it's safer to just use python3-native everywhere, instead of more patches for waf
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Reduces the impact of HTTP/2 Stream Reset flooding in the nginx product
(CVE-2023-44487).
See: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
This patch only reduces the impact and does not completely mitigate the CVE
in question, the latter being due to a design flaw in the HTTP/2 protocol
itself. For transparancy reasons I therefore opted to not mark the
CVE as resolved, so that integrators can decide for themselves, wheither to
enable HTTP/2 support or allow HTTP/1.1 connections only.
Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A vulnerability was discovered in Samba, where the flaw allows SMB clients to
truncate files, even with read-only permissions when the Samba VFS module
"acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB
protocol allows opening files when the client requests read-only access but
then implicitly truncates the opened file to 0 bytes if the client specifies
a separate OVERWRITE create disposition request. The issue arises in configurations
that bypass kernel file system permissions checks, relying solely on Samba's permissions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4091
Fix is patched to the function call smbd_check_access_rights_fsp() of open_file(),
But in samba_4.14.14 smbd_check_access_rights() is used, from samba_4.15.0 onwards
smbd_check_access_rights() was replaced with smbd_check_access_rights_fsp() and
samba_4.14.14 is still vulnerable through smbd_check_access_rights().
Ref:
3f61369d1526dc10bdb2
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to http://nginx.org/en/CHANGES nginx supports the openssl 3.x
component only from version 1.21.2. In Kirstone openssl 3.x is included but
all provided versions of nginx are older, so there is currently an
incompatibility. With this patch this incompatibility get removed.
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d4aa17dc43)
Backport:
* Adapted paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
