summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* lcov: Fix Perl PathAlex Yao2023-05-051-1/+1
| | | | | | | | | | Fixes an issue where lcov is using the system Perl rather than the yocto provided Perl. This causes packages to not be found during runtime such as PerlIO::gzip. Signed-off-by: Alex Yao <alexyao1@meraki.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* jsoncpp: Fix broken handling of escape charactersViktor Rosendahl2023-05-052-1/+56
| | | | | | | | | | | | | | | | | | | | | | | Applying this backported patch from upstream fixes the following BAT test failure: jsoncpp.jsoncpp_system_tests.TestJsoncpp.test_run_jsoncpp_test (from systemtests--bmt--BAT) : * Detail of EscapeSequenceTest/writeEscapeSequence test failure: /usr/src/debug/jsoncpp/1.9.2-r0/git/src/test_lib_json/main.cpp(3370): expected == result Expected: '["\"","\\","\b","\f","\n","\r","\t","\u0278","\ud852\udf62"] ' Actual : '["\"","\\","\b","\f","\n","\r","\t","ɸ","𤭢"] This test failure happens because aarch64 uses unsigned char as default type for char, while x86 uses signed char. Also, there is another bug in the code that is fixed by this upstream patch: "static_cast<unsigned char>(*cur) < 0x80" should be: "static_cast<unsigned char>(*cur) >= 0x80" Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libmodbus: Fix CVE-2022-0367Hugo SIMELIERE2023-05-032-1/+42
| | | | | Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: upgrade 2.4.9 -> 2.4.12Hugo SIMELIERE2023-05-031-2/+2
| | | | | | | | | Fixes below CVEs: * CVE-2022-0547 * CVE-2020-15078 Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlistHugo SIMELIERE2023-05-031-0/+3
| | | | | | | | | | | CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (upstream from commit d49e96aac4616c439a2d778b95a793037dac884e) Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Update to latest lts 10.4.28Armin Kuster2023-04-063-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Source: Mariadb.org MR: 119595, 119604, 119613, 119622, 119631, 119640, 119649, 119658, 119573 Type: Security Fix Disposition: Backport from mariadb.org ChangeID: 2aacce87739247d98ee5b61d1b714930da961a30 Description: This is a bug fix only update. Includes these CVES: CVE-2022-32081 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32086 CVE-2022-32087 CVE-2022-32088 CVE-2022-32089 CVE-2022-32091 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> -- V2] Missed on CVE reference.
* syslog-ng: CVE-2022-38725 An integer overflow in the RFC3164 parserHitendra Prajapati2023-04-062-0/+630
| | | | | | | Upstream-Status: Backport from https://github.com/syslog-ng/syslog-ng/commit/b5a060f2ebb8d794f508436a12e4d4163f94b1b8 && https://github.com/syslog-ng/syslog-ng/commit/81a07263f1e522a376d3a30f96f51df3f2879f8a && https://github.com/syslog-ng/syslog-ng/commit/4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d && https://github.com/syslog-ng/syslog-ng/commit/73b5c300b8fde5e7a4824baa83a04931279abb37 && https://github.com/syslog-ng/syslog-ng/commit/45f051239312e43bd4f92b9339fe67c6798a0321 && https://github.com/syslog-ng/syslog-ng/commit/09f489c89c826293ff8cbd282cfc866ab56054c4 && https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 && https://github.com/syslog-ng/syslog-ng/commit/56f881c5eaa3d8c02c96607c4b9e4eaf959a044d Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: fix CVE-2022-47015 NULL pointer dereference in ↵vkumbhar2023-04-062-0/+270
| | | | | | | | | | | | spider_db_mbase::print_warnings() The function spider_db_mbase::print_warnings() can potentially result in a null pointer dereference. Remove the null pointer dereference by cleaning up the function. Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: fix CVE-2023-28450 default maximum EDNS.0 UDP packet size was set ↵vkumbhar2023-04-062-0/+64
| | | | | | | | | | | to 4096 but should be 1232 Set the default maximum DNS UDP packet size to 1232. http://www.dnsflagday.net/2020/ refers. Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: CVE-2022-41862 Client memory disclosure when connecting with ↵Hitendra Prajapati2023-04-062-0/+49
| | | | | | | | | Kerberos to modified server Upstream-Status: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3f7342671341a7a137f2d8b06ab3461cdb0e1d88 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE CVE-2023-0767Virendra Thakur2023-04-062-0/+125
| | | | | | | | Add CVE-2023-0767.patch to fix CVE-2023-0767 Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Bhabu Bindu <bindudaniel1996@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.55 -> 2.4.56Wang Mingyu2023-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - rotatelogs: Add -T flag to allow subsequent rotated logfiles to be truncated without the initial logfile being truncated. - mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to allow connections of any age to be reused. Up to now, a negative value was handled as an error when parsing the configuration file. PR 66421. - mod_proxy_ajp: Report an error if the AJP backend sends an invalid number of headers. - mod_md: - Enabling ED25519 support and certificate transparency information when building with libressl v3.5.0 and newer. - MDChallengeDns01 can now be configured for individual domains. - Fixed a bug that caused the challenge teardown not being invoked as it should. - mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors reported in access logs and error documents. The processing of the reset was correct, only unneccesary reporting was caused. - mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xterm: Remove undeclared variables introduced by backportChris Rogers2023-03-181-15/+6
| | | | | | | | | | | | | | | CVE-2022-45063 ported onto the dunfell baseline introduces two variables that cause xterm to fail compilation with the error ./fontutils.c:4143:13: error: 'added' undeclared (first use in this function) These two variables don't appear to be defined at all in findXftGlyph for xterm_353, so they should be removed. Fixes: 10148c538ebc("xterm : Fix CVE-2022-45063 code execution via OSC 50 input sequences] CVE-2022-45063") Signed-off-by: Chris Rogers <crogers122@gmail.com> Tested-by: Jason Andryuk <jandryuk@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: Fix CVEs for nodejsPoonam Jadhav2023-03-182-0/+4349
| | | | | | | | | | | Add patch file CVE-llhttp.patch to fix CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35256 of nodejs. Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-llhttp.patch Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com> Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: Fix CVE-2022-43548Poonam Jadhav2023-03-182-0/+215
| | | | | | | | | | Add patch to fix CVE-2022-43548 Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-43548.patch Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com> Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: Fix CVE-2022-35255Poonam Jadhav2023-03-182-0/+238
| | | | | | | | | | Add patch to fix CVE-2022-35255 Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-35255.patch Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com> Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: Fix CVE-2022-32212Poonam Jadhav2023-03-182-0/+134
| | | | | | | | | | Add patch to fix CVE-2022-32212 Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-32212.patch Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com> Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* open-vm-tools: Security fix for CVE-2022-31676Priyal Doshi2023-03-182-0/+40
| | | | | | | Backport from https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745 Signed-off-by: Priyal Doshi <pdoshi@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* zeromq: 4.3.2 -> 4.3.4Roger Knecht2023-02-222-6/+6
| | | | | | | | | | | Fixes: - CVE-2021-20236 Patch changes: - Refreshed 0001-CMakeLists-txt-Avoid-host-specific-path-to-libsodium.patch Signed-off-by: Roger Knecht <roger@norberthealth.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.54 -> 2.4.55Wang Mingyu2023-02-221-1/+1
| | | | | | | | | Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.55 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pillow: Security fix for CVE-2022-45198Shubham Kulkarni2023-02-222-0/+27
| | | | | | | | Fix for CVE-2022-45198: Improper Handling of Highly Compressed GIF Data Backport from https://github.com/python-pillow/Pillow/commit/884437f8a2b953a0abd2a3b130a87fcfb438092e Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krb5: CVE-2022-42898 integer overflow vulnerabilities in PAC parsingHitendra Prajapati2023-02-222-0/+111
| | | | | | | Upstream-Status: Backport from https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer ExceptionHitendra Prajapati2023-02-222-0/+117
| | | | | | | Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE-2020-25648Mathieu Dubois-Briand2023-02-222-0/+164
| | | | | Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Whitelist CVEs related to libnssdbmMathieu Dubois-Briand2023-02-221-0/+4
| | | | | | | | | | | | These CVEs only affect libnssdbm, compiled when --enable-legacy-db is used. https://bugzilla.mozilla.org/show_bug.cgi?id=1360782#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360778#c8 https://bugzilla.mozilla.org/show_bug.cgi?id=1360900#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360779#c9 Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Add missing CVE productMathieu Dubois-Briand2023-02-221-0/+2
| | | | | Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postfix: upgrade 3.4.23 -> 3.4.27Yi Zhao2023-01-191-1/+1
| | | | | | | | Changelog: http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.4.27.HISTORY Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.53 -> 2.4.54wangmy2023-01-192-8/+6
| | | | | | | | | | | | 0004-apache2-log-the-SELinux-context-at-startup.patch refresh for new version. Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.54 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: update 7.4.28 -> 7.4.33Valeria Petrov2023-01-191-1/+1
| | | | | | | | | | | | | | | Update php from 7.4.28 to 7.4.33 Fixes below CVEs: CVE-2021-21708 CVE-2022-31626 CVE-2022-31625 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xterm : Fix CVE-2022-45063 code execution via OSC 50 input sequences] ↵Siddharth Doshi2023-01-192-0/+786
| | | | | | | | | | CVE-2022-45063 Upstream-Status: Backport [https://github.com/ThomasDickey/xterm-snapshots/commit/787636674918873a091e7a4ef5977263ba982322] CVE: CVE-2022-45063 Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* capnproto: Fix CVE-2022-46149Virendra Thakur2023-01-192-1/+52
| | | | | | | | | | This patch contains a fix for CVE-2022-46149 Patch backported from : https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9 Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* proftpd: CVE-2021-46854 memory disclosure to radius serverHitendra Prajapati2023-01-192-0/+52
| | | | | | Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
* postgresql: Fix CVE-2022-2625Hitendra Prajapati2022-12-112-0/+905
| | | | | | | | | Upstream-Status: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5579726bd60a6e7afb04a3548bced348cd5ffd89 Description: CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* flatbuffers: adapt for cross-compilation environmentsIvan Stepic2022-11-251-1/+6
| | | | | | | | | | | | | | | | | | | | | | Flatbuffers contains a library and a schema compiler. The package contains cmake files to discover the libraries and the compiler tool. Currently, all of these cmake files are installed into the target sysroot. However, the compiler utility isn't installed into the sysroot (as it is not runnable on the build machine). When an application that depends on flatbuffers gets built, it uses flatbuffers' exported cmake targets to configure the project. One of the exported targets is FlatcTarget.cmake which expects to see flatc binary in /usr/bin of the sysroot. Since binaries for target don't end up in target sysroot, cmake configuration fails. This patch addresses this problem of flatbuffers' build infrastructure in cross-compiling environments. By removing FlatcTarget.cmake for target builds from the sysroot we essentially skip this step of flatbuffers' configuration. Signed-off-by: Ivan Stepic <Ivan.Stepic@bmw.de> Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
* ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3Omkar Patil2022-11-251-1/+1
| | | | | | | | | | | Changes: Rejected zero-sized runs Avoided merging runlists with no runs Fix CVE-2022-40284 Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: CVE-2022-41741, CVE-2022-41742 Memory corruption in the ↵Hitendra Prajapati2022-11-252-1/+322
| | | | | | | | | ngx_http_mp4_module Upstream-Status: Backport from https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Fix CVE-2022-40617Ranjitsinh Rathod2022-11-252-0/+211
| | | | | | | | | | | | | Add a patch to fix CVE-2022-40617 issue which allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. Link: https://nvd.nist.gov/vuln/detail/CVE-2022-40617 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* [dunfell] wireguard: Upgrade to 1.0.20220627 (module) and 1.0.20210914 (tools)Colin Finck2022-10-305-93/+25
| | | | | | | | | | | | Quoting Jason A. Donenfeld on IRC: <zx2c4> Colin_Finck: you should never, ever use old versions <zx2c4> Notice that neither the major nor minor version numbers change <zx2c4> Use the latest versions on your LTS With that definite answer, I'd like to fix the problem described in https://lore.kernel.org/yocto/CswA.1659543156268567471.pbrp@lists.yoctoproject.org/ by importing the latest versions instead of maintaining our own fork of wireguard 1.0.20200401. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* networkmanager: Update to 1.22.16Mathieu Dubois-Briand2022-10-301-1/+2
| | | | | | | | Update network manager stable branch to last version, allowing to fix CVE-2020-10754. Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: CVE-2022-0934 Heap use after free in dhcp6_no_relayHitendra Prajapati2022-10-302-0/+189
| | | | | | | | | | | | Source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git MR: 121726 Type: Security Fix Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39 ChangeID: be554ef6ebedd7148404ea3cc280f2e42e17dc8c Description: CVE-2022-0934 dnsmasq: Heap use after free in dhcp6_no_relay. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
* postgresql: CVE-2022-1552 Autovacuum, REINDEX, and others omit "security ↵Hitendra Prajapati2022-10-302-0/+948
| | | | | | | | | | | | | | restricted operation" sandbox Source: https://git.postgresql.org/gitweb/?p=postgresql.git; MR: 121822 Type: Security Fix Disposition: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ab49ce7c3414ac19e4afb386d7843ce2d2fb8bda && https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=677a494789062ca88e0142a17bedd5415f6ab0aa ChangeID: 5011e2e09f30f76fc27dc4cb5fa98a504d1aaec9 Description: CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
* c-ares: upgrade 1.17.2 -> 1.18.1wangmy2022-09-111-1/+1
| | | | | | | | | | | | | | | | | | c-ares version 1.18.1 - Oct 27 2021 Bug fixes: ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses rather than the sizeof(struct sockaddr_in6) Conflicts: meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e251d7b827d63277a36f1b8094d992303329b866) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* c-ares: remove custom patchesSinan Kaya2022-09-113-108/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Current patch is breaking the library dependencies added by cmake especially when you are static linking. Applications need the ws2_32 library to be linked for mingw32 and with the existing patch this is not getting passed to the users. Current patch seems to address this issue: https://github.com/c-ares/c-ares/issues/373 Both issues are resolved in 1.17.2: 1.17.2-r0/git $ find . | grep c-ares-config.cmake.in ./c-ares-config.cmake.in 1.17.2-r0/git $ find . | grep libcares.pc.cmake ./libcares.pc.cmake Conflicts: meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 621bdc1993d2e8da08b9b240043dc13481cd644f) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* c-ares: upgrade 1.17.1 -> 1.17.2wangmy2022-09-111-8/+5
| | | | | | | | | | | | Conflicts: meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c49173b09c998bb3893ae873f68823647f1a7e18) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* c-ares: Upgrade to 1.17.1 releaseKhem Raj2022-09-112-19/+12
| | | | | | | | | | | | | | | | | | Forward port cmake-install-libcares.pc.patch, drop the need to install pkgconfig files as its already being done by main Makefile Signed-off-by: Khem Raj <raj.khem@gmail.com> Forward port cmake-install-libcares.pc.patch, drop the need to install pkgconfig files as its already being done by main Makefile Conflicts: meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b65f2904191b8d309b3971d4e65c5e1701156b1c) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* Revert "c-ares: Add fix for CVE-2021-3672"Armin Kuster2022-09-113-207/+0
| | | | | | | | | This reverts commit b06724bc274f751004ade2ceeddfb8ec40d93f16. Revert this CVE fix as we upgrade c-ares to 1.18.1 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* cryptsetup: upgrade 2.3.2 -> 2.3.7Yi Zhao2022-09-111-2/+2
| | | | | | | | | | | | | | Stable security bug-fix release that fixes CVE-2021-4122. ReleaseNotes: https://kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.7-ReleaseNotes Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 5dca16b451abf80b1bfacfc533daf447ff4dad7c) This is just the rename and SRC_URI hash updates made to apply to dunfell. Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
* nodejs: Upgrade to 12.22.12Ranjitsinh Rathod2022-09-112-3093/+2
| | | | | | | | | | | | | | As per the below release note, it should be a last release for 12.x stable LTS series. Link: https://github.com/nodejs/node/releases/tag/v12.22.12 Remove CVE-2021-44532 fix as it already available in this release v12.22.12 License-Update: src/gtest additional file in the LICENSE Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
* python3-lxml: CVE-2022-2309 NULL Pointer Dereference allows attackers to ↵Hitendra Prajapati2022-09-112-0/+96
| | | | | | | | | | | | | | cause a denial of service Source: https://github.com/lxml/lxml MR: 119399 Type: Security Fix Disposition: Backport from https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f ChangeID: 0b1ef4ce4c901ef6574a83ecbe4c4b1d2ab24777 Description: CVE-2022-2309 libxml: NULL Pointer Dereference allows attackers to cause a denial of service. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
* meta-oe: Add leading whitespace for append operatorKhem Raj2022-08-026-7/+7
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 92441f9d6a958c245a03f89ec44ef2c17dd6b0ee) Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-05 11:53:20 +0000