meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00

Author	SHA1	Message	Date
Khem Raj	f22bf6efaa	meta-oe: Add leading whitespace for append operator Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `92441f9d6a`) Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-08-02 06:59:38 -07:00
Hitendra Prajapati	b406297d3b	xterm: CVE-2022-24130 Buffer overflow in set_sixel in graphics_sixel.c Source: https://github.com/ThomasDickey/xterm-snapshots/ MR: 115675 Type: Security Fix Disposition: Backport from https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d ChangeID: 6ad000b744527ae863187b570714792fc29467d9 Description: CVE-2022-24130 xterm: Buffer overflow in set_sixel in graphics_sixel.c. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-07-16 12:56:17 -07:00
Hitendra Prajapati	a24773d39e	openldap: CVE-2022-29155 OpenLDAP SQL injection Source: https://git.openldap.org/openldap/openldap MR: 117821 Type: Security Fix Disposition: Backport from https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 ChangeID: d534808c796600ca5994bcda28938d45405bc7b4 Description: CVE-2022-29155 openldap: OpenLDAP SQL injection Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-07-16 12:56:17 -07:00
Jeroen Hofstee	d6795ab0ee	php: move to version v7.4.28 CVE: CVE-2021-21703 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708 Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com> [Didn't apply cleanly, corrected.] Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-06-15 06:45:03 -07:00
Akash Hadke	512a3caee4	iperf: Set CVE_PRODUCT to "iperf_project:iperf" Set CVE_PRODUCT as 'iperf_project:iperf' for iperf2 and iperf3 recipes, cve-check class is setting default CVE_PRODUCT to 'iperf2' and 'iperf3' respectively which ignores the iperf CVEs from NVD Database. Reference: CVE-2016-4303 Link: https://nvd.nist.gov/vuln/detail/CVE-2016-4303 Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-06-15 06:45:03 -07:00
Martin Jansa	245a1ab46b	grpc: switch from master branch to main for upb * hardknott and newer branches don't need this as upb repo was removed in: commit `15cff67fd6` Author: Anatol Belski <anbelski@linux.microsoft.com> Date: Fri Feb 19 12:39:55 2021 +0000 grpc: Upgrade 1.24.3 -> 1.35.0 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-06-15 06:45:03 -07:00
Martin Jansa	96e9636f7d	leveldb: switch from master branch to main Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-06-15 06:45:03 -07:00
Martin Jansa	2526b14d39	tesseract-lang: switch from master branch to main Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-06-15 06:45:03 -07:00
Armin Kuster	04212afa12	mariadb: update to 10.4.25 Source: mariadb.org MR: 117530, 117522, 117514, 117506, 117497, 117489, 117481, 117473, 117465, 117457, 117449, 117380, 117364, 117356, 117336, 117212, 117204, 117196, 117180, 117188, 117169, 117161, 117441, 117372 Type: Security Fix Disposition: Backport from mariagdb.org ChangeID: 8bf787570ebe8503d2974af92e17b505e70440e5 Description: LTS version, bug fix only. Include these CVES: CVE-2022-27458 CVE-2022-27457 CVE-2022-27456 CVE-2022-27455 CVE-2022-27452 CVE-2022-27451 CVE-2022-27449 CVE-2022-27448 CVE-2022-27447 CVE-2022-27446 CVE-2022-27445 CVE-2022-27444 CVE-2022-27387 CVE-2022-27386 CVE-2022-27385 CVE-2022-27384 CVE-2022-27383 CVE-2022-27382 CVE-2022-27381 CVE-2022-27380 CVE-2022-27379 CVE-2022-27378 CVE-2022-27377 CVE-2022-27376 Signed-off-by: Armin Kuster <akuster@mvista.com>	2022-06-05 06:53:33 -07:00
Julien STEPHAN	9f361cff9c	opencl-headers: switch to main branch master branch was renamed main on upstream project, so update the URI Signed-off-by: Julien STEPHAN <jstephan@baylibre.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-05-25 19:34:39 -07:00
Julien STEPHAN	c9e034fbaa	opencl-icd-loader: switch to main branch master branch was renamed main, so update the URI Signed-off-by: Julien STEPHAN <jstephan@baylibre.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-05-25 19:34:39 -07:00
Sana Kazi	a38c92d8e9	openjpeg: Whitelist CVE-2020-27844 and CVE-2015-1239 Whitelist CVE-2020-27844 as it is introduced by https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5 but the contents of this patch is not present in openjpeg_2.3.1 Link: https://security-tracker.debian.org/tracker/CVE-2020-27844 Whitelist CVE-2015-1239 as the CVE description clearly states that j2k_read_ppm_v3 function in openjpeg is affected due to CVE-2015-1239 but in openjpeg_2.3.1 this function is not present. Hence, CVE-2015-1239 does not affect openjpeg_2.3.1. Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-05-25 19:34:39 -07:00
Martin Jansa	de4b76934c	ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-05-25 19:34:39 -07:00
Steve Sakoman	abd7cf838d	lua: fix CVE-2022-28805 singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Sana Kazi <sana.kazi@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 91e14d3a8e6e67267047473f5c449f266b44f354) Signed-off-by: Omkar Patil <omkar.patil@kpit.com> Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-05-25 19:34:39 -07:00
Khem Raj	8ff12bfffc	postgresql: Fix build on riscv Remove duplicate code Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `aa22894fa3`) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-19 10:15:37 -07:00
Khem Raj	fdd1dfe6b4	mongodb: Pass OBJCOPY to scons so it does not use it from host Fixes objcopy: Unable to recognise the format of the input file `build/opt/mongo/mongos' Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Vincent Prince <vincent.prince.fr@gmail.com.com> (cherry picked from commit `e91940073a`) [Fix up for Dunfell context: also fixes Please add a conforming MONGO_VERSION=x.y.z[-extra] as an argument to SCons] Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Armin Kuster	df8259cc49	Mariadb: update to 10.4.24 Source: Mariadb.org MR: 115460, 115507, 1115549, 115549, 115488 Type: Security Fix Disposition: Backport from mariadb.org ChangeID: 722782cefa6805e907ee377a340f1b8bec174079 Description: Bug fix only update, includes these CVES: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 For more information see: https://mariadb.com/kb/en/mariadb-10424-release-notes/ drop mariadb/c11_atomics.patch as its include in the update. drop mariadb/clang_version_header_conflict.patch different fix applied Signed-off-by: Armin Kuster <akuster@mvista.com>	2022-04-18 07:37:42 -07:00
Ralph Siemsen	aa316ee2bb	polkit: fix overlapping changes in recent CVE patches Commit `17e931e77` ("polkit: fix CVE-2021-3560") contains - upstream commit a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Commit `67ec3e049` ("polkit: Fix for CVE-2021-4115") contains both: - upstream commit a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (CVE-2021-3560) - upstream commit 41cb093f554da8772362654a128a84dd8a5542a7 (CVE-2021-4115) Thus the fix for CVE-2021-3560 is applied twice, resulting in warnings during do_patch. Curiously it neither fails nor complains about patch already applied. Also devtool silently discards the duplicate patch. Drop the duplicate patch, to resolve following warnings: WARNING: polkit-0.116-r0 do_patch: Fuzz detected: Applying patch 0001-GHSL-2021-074-authentication-bypass-vulnerability-in.patch patching file src/polkit/polkitsystembusname.c Hunk #1 succeeded at 438 with fuzz 2 (offset 3 lines). Applying patch CVE-2021-4115.patch patching file src/polkit/polkitsystembusname.c Hunk #4 succeeded at 439 with fuzz 2. Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Minjae Kim	5cdde2991e	multipath-tools: update SRC_URI The git repo for multipath-tools was changed, so update the SRC_URI accordingly with the new link. Signed-off-by:Minjae Kim <flowergom@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Nisha Parrakat	89d2876e2e	nodejs: upgrade to 12.22.2 upgrading to next maintainence LTS version Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Armin Kuster	7abb2382cd	spirv-tools: update SRC_URI for googletest to main Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Armin Kuster	bd08205d94	breakpad: Update SRC_URI for protobuf and lss Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Thomas Perrot	ac85c97636	breakpad: fix branch for gtest in SRC_URI The commit 4fe018038f87 is in the main branch, so the do_fetch task failed. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `b8bb7dc157`) [Fix up for Dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Christian Ege	717b8b9286	cli11: switch from default master branch to main to fix do_fetch failure The branch was renamed in the upstream repository Signed-off-by: Christian Ege <christian.ege@ifm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Daniel Stadelmann	17ee7b0348	imagemagick: update SRC_URI branch from master to main master branch in imagemagick was renamed to main (https://github.com/ImageMagick/ImageMagick). Similar change is already in master branch for version 7.0.10 (see `2487391283`) Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-04-18 07:37:42 -07:00
Sana Kazi	86b864a4d8	openjpeg: Fix multiple CVE Add patch to fix below CVE: CVE-2019-12973 CVE-2020-15389 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-27 08:18:20 -07:00
Virendra Thakur	4f701b4655	p7zip: Fix for CVE-2016-9296 Add patch to fix CVE-2016-9296 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-27 08:18:20 -07:00
Mingli Yu	17e931e776	polkit: fix CVE-2021-3560 Backport a patch [1] to fix CVE-2021-3560. [1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Squashed together 6000f5a3b and 7f4f1ee71 Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-27 08:18:20 -07:00
Armin Kuster	e6a4c8e5c5	p7zip: refresh patches Signed-off-by: Armin Kuster <akuster808@gmail.vom>	2022-03-27 08:18:20 -07:00
Nisha Parrakat	7334bc295d	p7zip: build and package lib7z.so needed for fastboot a) use option 7z to build the lib7z.so library This is needed for android-tools for building fastboot from android-tools b) Packaged the lib7z.so and codec libraries as a part of this recipe Fastboot RDepends on it lib7z.so c) Fixed a C++17 forbidden error when lib7z.so is built fixes the below error \| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)': \| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 \| 308 \| numMethods++; \| \| ^~~~~~~~~~ \| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 \| 318 \| numMethods++; Signed-off-by: Nisha Parrakat <Nisha.Parrakat@kpit.com> Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Akash Hadke <Akash.Hadke@kpit.com> Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> (cherry picked from commit `3c36a8efe2`) Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-27 08:18:20 -07:00
Peter Kjellerstedt	29e3a918ac	googletest: Switch branch from master to main The master branch has been renamed to main in the github repo. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-27 08:18:20 -07:00
Ross Burton	a14eb5e288	protobuf: fix patch fuzz Applying patch CVE-2021-22570.patch patching file src/google/protobuf/descriptor.cc Hunk #1 succeeded at 2603 with fuzz 1 (offset -23 lines). Hunk #2 succeeded at 2817 with fuzz 1 (offset -14 lines). Hunk #3 succeeded at 4006 (offset -17 lines). Hunk #4 succeeded at 4050 (offset -18 lines). Hunk #5 succeeded at 4368 (offset -18 lines). Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-27 08:18:20 -07:00
Ranjitsinh Rathod	67ec3e0492	polkit: Fix for CVE-2021-4115 Add patch to fix CVE-2021-4115 Also, add a support patch to cleanly apply CVE patch Link: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/109 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-27 08:18:20 -07:00
Sana Kazi	0722ff6f02	protobuf: Fix CVE-2021-22570 Fix CVE-2021-22570. Link: https://koji.fedoraproject.org/koji/buildinfo?buildID=1916865 Link: https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch Remove first and second hunk because the second argument in InsertIfNotPresent() function is of type const char* const& but the first and second hunk makes the type of second argument as const string which is not compatible with the type of second argument in InsertIfNotPresent(). Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-23 15:48:18 -08:00
Kristian Klausen	a6c1c34031	cryptsetup: Add runtime dependency on lvm2-udevrules for udev Without the udevrules cryptsetup luksOpen will be hanging with "Udev cookie 0xd4de0f6 (semid 5) waiting for zero". Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 60b33e376b2331cd20950f0745336397790d2201) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit `32f1d758a1`) [Minor fixup for Dunfell] Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-23 15:46:40 -08:00
Christian Eggers	7c519caa1a	graphviz: native: create /usr/lib/graphviz/config6 in populate_sysroot The `dot` tool requires to be run once after installation in order to create its configuration file. The do_prepare_recipe_sysroot task uses do_populate_sysroot in order to prepare the recipe-sysroot-native. Package postinstall scripts are not executed for -native packages, but files under ${BINDIR}/postinst-* are. This is quite the same as graphviz-setup.sh does for nativesdk. The general idea has been taken from OECORE/meta/classes/pixbufcache.bbclass. Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-20 13:04:53 -08:00
Ranjitsinh Rathod	aa5b9a1ff0	nss: Add fix for CVE-2022-22747 Add a patch to fix CVE-2022-22747 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-13 10:47:08 -08:00
Virendra Thakur	ec97823273	nodejs: Fix for CVE-2021-44532 Add patch to fix CVE-2021-44532 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-06 11:01:44 -08:00
Robert Joslyn	872e60a774	linuxptp: Update to 2.0.1 Fixes CVE-2021-3570 and CVE-2021-3571 Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-06 11:01:40 -08:00
Virendra Thakur	9d722e88d7	p7zip: fix for CVE-2018-5996 Add patch to fix CVE-2018-5996 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-06 11:01:37 -08:00
Virendra Thakur	4e7d34df0f	udisks2: Fix for CVE-2021-3802 Add patch to fix CVE-2021-3802 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-01-29 06:26:51 -08:00
Leif Middelschulte	2a10c182ae	dbus-daemon-proxy: add missing `return` statement The missing `return` statement leads to a `SIGABRT`. Signed-off-by: Leif Middelschulte <Leif.Middelschulte@klsmartin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `77479e1c9b`) Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-01-29 06:19:51 -08:00
Jeremy Puhlman	46a2333262	CVE-2021-4034: polkit Local privilege escalation in pkexec due to incorrect handling of argument vector Upstream-Status: Backport CVE: CVE-2021-4034 Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-01-27 16:03:47 -08:00
Armin Kuster	4bd7715a9d	c-ares: bump PV in recipe to 1.16.1 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-01-27 07:42:07 -08:00
Robert Joslyn	197453e127	postgresql: Update to 12.9 Bug and security fixes. Fix patch fuzz as well to remove bitbake warning. Release notes available at: https://www.postgresql.org/docs/release/12.8/ https://www.postgresql.org/docs/release/12.9/ 12.8 fixes: CVE-2021-3677 12.9 fixes: CVE-2021-23214 CVE-2021-23222 Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-27 11:50:07 -08:00
Ernst Sjöstrand	ddaf5f92cc	libmicrohttpd: Add patch to fix CVE-2021-3466 Extract patch from the 0.9.71 release commit. Upstream-Status: Backport CVE: CVE-2021-3466 Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-27 11:50:03 -08:00
sana kazi	82264cbf0b	nss: Fix CVE-2021-43527 Add patch to fix CVE-2021-43527 which causes heap overflow in nss. Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-18 11:08:54 -08:00
Jeremy Puhlman	6025097d08	c-ares: switch from master to main Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-18 11:08:51 -08:00
Spectrejan	69f94af4d9	brotli: add patch to fix CVE-2020-8927 Port patch to fix CVE-2020-8927 for brotli from Debian Buster CVE: CVE-2020-8927 Signed-off-by: Jan Kraemer <jan@spectrejan.de> [Fixup to apply with URL changes] Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-03 12:28:09 -08:00
Marta Rybczynska	e0e79bbde2	jansson: whitelist CVE-2020-36325 According to the upstream [1], the bug happens only if the programmer does not follow the API definition. [1] https://github.com/akheron/jansson/issues/548 Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-30 14:40:43 -08:00

1 2 3 4 5 ...

8309 Commits