| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
testrunners file was coming out to be empty after anon python was turned
into a prepend to populate_packages which is executed during do_package
and hence POCO_TESTRUNNERS was not populated when it was used during
do_ptest_install now. Therefore alter the logic to collect the list of
tests to run into testrunners file. Also package the ignore file which
is platform specific, here the lnx version is packaged and specified
using -ignore cmd to tests
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
This could be worked out without needing to add bash dependency
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Pick commit mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pick commit [1] mentioned in [2] as listed in [3].
[1] https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094
[2] https://github.com/gabime/spdlog/issues/3360
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-6140
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1100-1225-VGAuth-updates.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Adds backported patches to fix CVE-2024-23339, CVE-2024-53427, and
CVE-2025-48060.
Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Change-Id: Ibc2db956b7fd5d0388dbed1a81ddf9aa58431fb1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fix following CVEs for imagemagick:
CVE-2023-5341, CVE-2022-1114, CVE-2023-1289 and CVE-2023-34474
Signed-off-by: Sana Kazi <sanakazi720@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refer [1], CVE-2025-6019 is strongly related to udisk daemon, and
this is a hardening measure related to this.
[1] https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
[2] https://security-tracker.debian.org/tracker/CVE-2025-6019
[3] https://ubuntu.com/blog/udisks-libblockdev-lpe-vulnerability-fixes-available
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Client: mysqldump). Supported versions that are affected are 8.0.36
and prior and 8.3.0 and prior. Difficult to exploit vulnerability
allows unauthenticated attacker with logon to the infrastructure
where MySQL Server executes to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized update,
insert or delete access to some of MySQL Server accessible data as
well as unauthorized read access to a subset of MySQL Server accessible
data and unauthorized ability to cause a partial denial of service
(partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality,
Integrity and Availability impacts).
CVE-2024-21096-0001, CVE-2024-21096-0002 are CVE fixes and rest are
regression fixes.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-21096
https://security-tracker.debian.org/tracker/CVE-2024-21096
Upstream patches:
https://github.com/MariaDB/server/commit/13663cb5c4558383e9dab96e501d72ceb7a0a158
https://github.com/MariaDB/server/commit/1c425a8d854061d1987ad4ea352c7270652e31c4
https://github.com/MariaDB/server/commit/77c4c0f256f3c268d3f72625b04240d24a70513c
https://github.com/MariaDB/server/commit/d60f5c11ea9008fa57444327526e3d2c8633ba06
https://github.com/MariaDB/server/commit/d20518168aff435a4843eebb108e5b9df24c19fb
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2023-52969:
MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7
through 10.11., and 11.0 through 11.0. can sometimes crash
with an empty backtrace log. This may be related to
make_aggr_tables_info and optimize_stage2.
CVE-2023-52970:
MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7
through 10.11., 11.0 through 11.0., and 11.1 through 11.4.*
crashes in Item_direct_view_ref::derived_field_transformer_for_where.
CVE-2023-52969-CVE-20230-52970-0001 and CVE-2023-52969-CVE-20230-52970-0002
are dependent commits while CVE-2023-52969-CVE-20230-52970-0003 and
CVE-2023-52969-CVE-20230-52970-0004 are actual CVE fixes.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52969
https://nvd.nist.gov/vuln/detail/CVE-2023-52970
Upstream patches:
https://github.com/MariaDB/server/commit/e6403733897483bed249875f0f3e5e9937ca2b38
https://github.com/MariaDB/server/commit/d98ac8511e39770ef3d8b42937c84e876d1459e
https://github.com/MariaDB/server/commit/9b313d2de1df65626abb3b1d6c973f74addb12fb
https://github.com/MariaDB/server/commit/4fc9dc84b017cf9f30585bcdef0663f9425fe460
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6
before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before
11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under
mysql_derived_prepare when derived is not yet prepared, leading
to a find_field_in_table crash.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-52968
Upstream patch:
https://github.com/MariaDB/server/commit/74883f5e2f4c0e09f4f4e9e272a8e5bfd91a9489
Fix indent issue in mariadb.inc file.
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Backport patch with adjustments for 3.19.6 version to fix
CVE-2025-4565.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
python3-ctypes is needed as a runtime dependency.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
1. RDEPENDS on python3-protobuf instead of python-protobuf. The
latter is not available anywhere.
2. Use use python3 interpreter.
3. Fix run-ptest to avoid test failure. An extra '\n' is needed
to break out the loop.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://goodies.xfce.org/ states "Starting this month (November 2019), a project is starting
to migrate the goodies.xfce.org documentation to https://docs.xfce.org/start. The goal is to
remove deprecated projects and, eventually, de-commission the goodies.xfce.org URLs. Additional
information will be posted on https://wiki.xfce.org/projects/goodies-decomm/start as the project
proceeds."
This patch updates the URLs being used in the HOMEPAGEs to reflect where the address is actually
resolving.
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
aiohttp is an asynchronous HTTP client/server framework for asyncio and
Python. Prior to version 3.10.2, static routes which contain files with
compressed variants (`.gz` or `.br` extension) are vulnerable to path
traversal outside the root directory if those variants are symbolic
links. The server protects static routes from path traversal outside the
root directory when `follow_symlinks=False` (default). It does this by
resolving the requested URL to an absolute path and then checking that
path relative to the root. However, these checks are not performed when
looking for compressed variants in the `FileResponse` class, and
symbolic links are then automatically followed when performing the
`Path.stat()` and `Path.open()` to send the file. Version 3.10.2
contains a patch for the issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-42367
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj
Upstream patch:
https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade includes fix for CVE-2025-4207
Release notes:
https://www.postgresql.org/docs/release/14.18/
0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 14.18
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/redis/redis/commit/42fb340ce426364d64f5dccc9c2549e58f48ac6f
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
syslog-ng is an enhanced log daemo. Prior to version 4.8.2,
`tls_wildcard_match()` matches on certificates such as `foo.*.bar`
although that is not allowed. It is also possible to pass partial
wildcards such as `foo.a*c.bar` which glib matches but should be
avoided / invalidated. This issue could have an impact on TLS
connections, such as in man-in-the-middle situations. Version
4.8.2 contains a fix for the issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-47619
Upstream patch:
https://github.com/syslog-ng/syslog-ng/commit/12a0624e4c275f14cee9a6b4f36e714d2ced8544
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix following CVEs for imagemagick:
CVE-2021-20311, CVE-2021-20312, CVE-2021-20313
CVE-2021-20309, CVE-2021-20310, CVE-2021-3610
CVE-2022-0284, CVE-2022-2719
fix-cipher-leak.patch fixes CVE-2021-20311, CVE-2021-20312, CVE-2021-20313
Ignore following CVES as current version is not affected by them:
CVE-2014-9826, CVE-2016-7538, CVE-2017-5506
Signed-off-by: Sana Kazi <sanakazi720@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building with sensord disabled (PACKAGECONFIG = ""), do_install
would fail because it tried to build sensord which was skiped in
do_compile.
Error log:
make: *** No rule to make target 'rrd.h', needed by 'prog/sensord/rrd.rd'. Stop.
Avoid building sensord in do_install by explicitly setting PROG_EXTRA.
(master rev: fc88c96c4e40d9dbc6097c4679ac79ed55356730)
Fixes: 86b20b84ec27 (lmsensors: Clean stale files for sensord to avoid
incorrect GCC header dependencies)
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not
verify the adbe.pkcs7.sha1 signatures on documents, resulting
in potential signature forgeries.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-43903
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP
requests out-of-order, possibly resulting in information disclosure. This vulnerability
is fixed in 24.7.0rc1.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-41671
https://ubuntu.com/security/CVE-2024-41671
Upstream patches:
https://github.com/twisted/twisted/commit/f1cb4e616e9f23b4dd044a6db44365060950c64f
https://github.com/twisted/twisted/commit/ef2c755e9e9d57d58132af790bd2fd2b957b3fb1
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-55553:
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the
total size of an update received via RTR exceeds the internal socket's buffer size,
default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB
for FRR routers using RTR by causing more than this number of updates during an update
interval (usually 30 minutes). Additionally, this effect regularly occurs organically.
Furthermore, an attacker can use this to trigger route validation continuously.
Given that routers with large full tables may need more than 30 minutes to fully
re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be
used to impact the route handling performance of all FRR instances using RPKI globally.
Additionally, the re-validation will cause heightened BMP traffic to ingestors.
Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.
Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-55553]
[https://frrouting.org/security/cve-2024-55553/]
Upstream patch: backport [https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Poppler before 25.04.0 allows crafted input files to trigger
out-of-bounds reads in the JBIG2Bitmap::combine function in
JBIG2Stream.cc because of a misplaced isOk check.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32365
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A floating-point exception in the PSStack::roll function of
Poppler before 25.04.0 can cause an application to crash when
handling malformed inputs associated with INT_MIN.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32364
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch [1] to fix memory leak by freeing tclist
[1] https://github.com/net-snmp/net-snmp/commit/4bd0d9a8a2860c2c46307aef5ee1ccc69f7e3b62
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
|
| |
|
|
|
|
|
|
| |
Backport patch[1] to fix CVE-2022-4968.
[1] https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dependencies
After upgrading GCC—for example, from 14.1.0 to 14.2.0—building lmsensors that
was previously compiled with GCC 14.1.0 may fail with an error like:
lmsensors/3.6.0/recipe-sysroot-native/usr/lib/x86_64-wrs-linux/gcc/x86_64-wrs-linux/
14.1.0/include/stddef.h can't find, which is needed by 'prog/sensord/args.rd'.
This occurs because prog/sensord/args.rd still references stale headers from the
older GCC version.
The root cause is that stale *.rd and *.ro files under prog/sensord are not
properly cleaned during do_configure. This patch ensures those files are removed
to prevent broken dependencies when GCC is upgraded.
Also remove the same statement in do_compile.
(master rev: 86b20b84ec278cacf4975b7933d46b894d74796e)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Corosync through 3.1.9, if encryption is disabled or the attacker knows
the encryption key, has a stack-based buffer overflow in
orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-30472
Upstream patches:
https://github.com/corosync/corosync/commit/7839990f9cdf34e55435ed90109e82709032466a
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Renew the sample keys to fix the test issue:
WARNING: Your certificate has expired!
The renewed sample keys from [1] contain binary files which can't be patched
by quilt, so archive the files into sample-keys-renew-for-the-next-10-years.tar.gz.
[1] https://github.com/OpenVPN/openvpn/commit/98e70e7
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Change the SRC_URI to the correct value due to the following error:
WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8ffe8112f733c6812732b0fcfa8db7d3849914d0)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Change the SRC_URI to the correct value due to the following error:
WARNING: eject-2.1.5-r0.wr2401 do_fetch: Failed to fetch URL http://sources.openembedded.org/eject-2.1.5.tar.gz, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit da361d2d7cf4501ab7a88bc898be187243005c47)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Change the SRC_URI to the correct value due to the following error:
WARNING: xfce-dusk-gtk3-1.3-r0 do_fetch: Failed to fetch URL http://sources.openembedded.org/141404-xfce_dusk_gtk3-1_3.tar.gz;subdir=xfce-dusk-gtk3-1.3, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4e8c4736ac361f6d2cf9a59074e4f9bbd748c303)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Change the SRC_URI to the correct value due to the following error:
ERROR: geoip-1.6.12-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'http://sources.openembedded.org/GeoIP.dat.20181205.gz;apply=no;name=GeoIP-dat;')
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aadc2ac9dc49dfb5a2066401f22e7b553b324313)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d0c2a3d383dac9fe7e85b7d87784b7f5b5c62c5e.
Please revert my patch.
After I rebase the latest codes from kirkstone. I found my patch had a bad character. This caused net-snmp do_patch failure.
After some tries, I still failed to resolve this.
The cherry-pick in my side picked copyright change. But after sending the patch via git send-mail, the character changed.
Sorry again.
Thanks.
Jinfeng
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pick commit mentioning the bug and two follow-up commits mentioning the
first commit.
Tested by running the test-suite (test starter scripts were copied from
scarthgap version which has them working).
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
http://netlib.org/lapack/lapack-3.10.1.html
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Piotr Lewicki <piotr.l.lewicki@hitachienergy.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set GRPC_PYTHON_BUILD_EXT_COMPILER_JOBS to limit spawned compiler
processes. Without this it uses all available CPUs (via
multiprocessing.cpu_count()) and can exhaust build host since there are
lot of files to compile (e.g. with 128 cores it manages to spawn 128 gcc
processes)
Note that this is a general problem for all setuptools based builds with
build_ext compilation which can either compile with 1 thread or
cpu_count threads. grpcio hot-patches setuptools and allows to set
specific build concurrency value.
(From master rev: fe582374d3ba474164005942799eb2bddc52a080)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2025-23419:
When multiple server blocks are configured to share the same IP address
and port, an attacker can use session resumption to bypass client
certificate authentication requirements on these servers. This
vulnerability arises when TLS Session Tickets
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key
are used and/or the SSL session cache
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
are used in the default server and the default server is performing
client certificate authentication. Note: Software versions which have
reached End of Technical Support (EoTS) are not evaluated.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2025-23419
This partially cherry picked from commit
13935cf9fdc3c8d8278c70716417d3b71c36140e, the original patch had 2
parts. One fixed problem in `http/ngx_http_request` module and the
second fixed problem in `stream/ngx_stream_ssl_module` module. The fix
for `stream/ngx_stream_ssl_module can't be aplied because, the 'stream
virtual servers' funcionality was added later in this commit:
https://github.com/nginx/nginx/commit/d21675228a0ba8d4331e05c60660228a5d3326de.
Therefore only `http/ngx_http_request` part was backported.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch to fix CVE-2025-0838
CVE-2025-0838:
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized
constructors, reserve(), and rehash() methods of
absl::{flat,node}hash{set,map} did not impose an upper bound on their
size argument. As a result, it was possible for a caller to pass a very
large size that would cause an integer overflow when computing the size
of the container's backing store, and a subsequent out-of-bounds memory
write. Subsequent accesses to the container might also access
out-of-bounds memory. We recommend upgrading past commit
5a0e2cb5e3958dd90bb8569a2766622cb74d90c1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-0838
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: Update license year to 2025
Includes fix for CVE-2025-1094
Changelog:
https://www.postgresql.org/docs/release/14.17/
Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch for
14.17
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas
discovered to contain a buffer overflow via the component
/shared/dlt_common.c.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36321
Upstream patch:
https://github.com/michael-methner/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
