| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/redis/redis/releases/tag/7.2.7
Upgrade urgency SECURITY: See security fixes below.
Security fixes
====================
* (CVE-2024-46981) Lua script commands may lead to remote code execution
* (CVE-2024-51741) Denial-of-service due to malformed ACL selectors
Bug fixes
====================
* #13380 Possible crash due to OOM panic on invalid command
* #13338 Streams: XINFO lag field is wrong when tombstone is after the last_id of the consume group
* #13473 Streams: XTRIM does not update the maximal tombstone, leading to an incorrect lag
* #13311 Cluster: crash due to unblocking client during slot migration
* #13443 Cluster: crash when loading cluster config
* #13422 Cluster: CLUSTER SHARDS returns empty array
* #13465 Cluster: incompatibility with older node versions
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ERROR: lapack-3.12.0-r0 do_package_qa: QA Issue:
File /usr/lib/lapack/ptest/bin/xccblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xccblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xccblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat3 in package lapack-ptest contains reference to TMPDIR [buildpaths]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building the `lapack` package, the following QA error occurs:
"File /usr/lib64/libblas.so.3.12.0 in package lapack contains reference to TMPDIR [buildpaths]"
The issue arises because the `xerbla.o` object file embeds the absolute host path of `xerbla.f`.
This occurs during compilation, where the build command in `build.make` (generated by CMake) specifies:
`gfortran -c <absolute path>/xerbla.f -o`.
As a result, the absolute path is included in `xerbla.o`. Unfortunately, `gfortran` does not support
flags like `-fdebug-prefix-map` or `-ffile-prefix-map` to remove such paths.
To resolve this, the fix involves replacing the absolute path of `xerbla.f` in the generated
`build.make` file with a relative path before the compilation step. This ensures that the
resulting `xerbla.o` does not contain any references to TMPDIR, passing the `do_package_qa` check.
For ptest code, the solution is to replace `${WORKDIR}` with `../../..` in the generated `build.make`
files located in the TESTING directory.
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick commit [1] mentioned in [2].
[1] https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-11407
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mdio-netlink source make reference to ${S}/.. which breaks
-fdebug-prefix-map and results in the full TMPDIR path being present in
the -dbg package and, also, change a related CRC in the main package.
This changes ${S} to enclose the whole SRC_URI repo and adapt relative paths to
build (MODULES_MODULE_SYMVERS_LOCATION)
This make mdio-netlink reproducible and fixes this warning:
WARNING: mdio-netlink-1.3.1-r0 do_package_qa: QA Issue: File /lib/modules/6.6.29-yocto-standard/updates/.debug/mdio-netlink.ko in package mdio-netlink-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d161de0b00b91cd0c286fbbc1190f87cf20fe088)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds
read vulnerability within the JBIG2Bitmap::combine function
in JBIG2Stream.cc.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-56378
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is done because libcamera 0.2. is broken,
probablay because of 0001-rpi-Use-alloca-instead-of-variable-length-arrays.patch
Tested good with upstream version.
See more details here:
https://github.com/openembedded/meta-openembedded/issues/919
and here:
https://github.com/raspberrypi/rpicam-apps/issues/654
Signed-off-by: Thomas Roos <throos@amazon.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Remove ${RECIPE_SYSROOT} path from ${B}/config.h to fix the QA warning:
WARNING: gphoto2-2.5.28-r0 do_package_qa: QA Issue: File /usr/bin/gphoto2 in package gphoto2 contains reference to TMPDIR [buildpaths]
Signed-off-by: Hieu Van Nguyen <hieu2.nguyen@lge.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
According to crash help message, crash can decode the random address with
"--kaslr=auto". But it has a bug that when with "-S" in parameter, crash will
bypass the kaslr option.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick commit [1] mentioned in [2].
[1] https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-11407
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-8443:
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable
to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all
versions up to, and including, 1.1.0 due to insufficient input sanitization and output
escaping. This makes it possible for authenticated attackers, with subscriber-level
access and above, to inject arbitrary web scripts in pages that will execute whenever
a user accesses an injected page. Please note that this was partially fixed in 1.1.0
due to the missing authorization protection that was added.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-8433]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e]
[https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2020-36774:
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x
before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a
denial of service (application crash).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2020-36774]
Upstream patches:
[https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
# ./run-ptest
PASS: address
PASS: address_v4
PASS: address_v4_iterator
PASS: address_v4_range
PASS: address_v6
PASS: address_v6_iterator
PASS: address_v6_range
PASS: any_completion_executor
PASS: any_completion_handler
PASS: any_executor
PASS: any_io_executor
PASS: append
PASS: as_tuple
PASS: associated_allocator
PASS: associated_cancellation_slot
PASS: associated_executor
PASS: associated_immediate_executor
PASS: associator
PASS: async_result
[snip]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
https://nginx.org/en/CHANGES
*) Security: when using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session
(CVE-2024-24989, CVE-2024-24990).
*) Bugfix: connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
*) Bugfix: socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
fault in a worker process (for SSL proxying) might occur if AIO was
used in a subrequest.
*) Bugfix: a segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
*) Bugfixes and improvements in HTTP/3.
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug fix releases which are API and ABI compatible with previous 1.0.x
releases.
Changelog can be found here:
https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/1.0.9/NEWS?ref_type=tags
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Backport PR merged to thrift v0.21.0 to be able to compile thrift
generated c++ code with C++20 clang 15+.
Signed-off-by: Stanislav Angelovic <stanislav.angelovic.ext@siemens.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When build host machine is not installed with elfutils-libelf-devel, it
throws compile error "libelf.h: No such file or directory". Fix missing
headers file by including path ${STAGING_INCDIR_NATIVE} via CFLAGS variable.
Use headers file from ${STAGING_INCDIR_NATIVE} instead of host machine.
Error:
| libbpf_internal.h:19:10: fatal error: libelf.h: No such file or directory
Signed-off-by: Preeti Sachan <preeti.sachan@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-53907 and CVE-2024-53908
Release Notes:
https://docs.djangoproject.com/en/dev/releases/5.0.10/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-53907 and CVE-2024-53908
Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.17/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream Repository: https://gitlab.com/wireshark/wireshark.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-9781
Type: Security Fix
CVE: CVE-2024-9781
Score: 7.8
Patch: https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5
Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-8929, CVE-2024-11236, CVE-2024-11234 and CVE-2024-11233
Changelog:
https://www.php.net/ChangeLog-8.php#8.2.26
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Change the SRC_URI to the correct value due to the following error:
WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fixes build issues in these recipe in meta-gnome
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit af6858aa3729a81780f2ec113c095f7f0c87c226)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
fixes:
| ../eog-47.0/help/meson.build:45:6: ERROR: Program 'itstool' not found or not executable
|
| A full log can be found at /home/flk/poky/build/tmp/work/corei7-64-poky-linux/eog/47.0/build/meson-logs/meson-log.txt
| ERROR: meson failed
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b523303f785c459e2f9232af45504863564ad7b9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
fixes:
| Configuring org.gnome.Geary.service using configuration
| Program itstool found: NO
|
| ../git/help/meson.build:21:6: ERROR: Program 'itstool' not found or not executable
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 34962ffbbef0a7b8af82121655ec78a4b7c7e055)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
https://github.com/tornadoweb/tornado/releases/tag/v6.4.2
https://github.com/tornadoweb/tornado/releases/tag/v6.4.1
Switch to python_setuptools_build_meta -
https://github.com/tornadoweb/tornado/commit/e71fb6e616e08838df55dddb494c96a80454f812
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to version 6.8.6:
- Handle single number macOS deployment targets
- Support for architectures where `char` is unsigned
- Support for building from git archives
- Run the tests using the current Python version
The project has a proper pyproject.toml which declares the
setuptools.build.meta PEP-517 backend.
Fixes:
WARNING: sip-6.8.6-r0 do_check_backend: QA Issue: inherits
setuptools3 but has pyproject.toml with setuptools.build_meta,
use the correct class [pep517-backend]
The work was sponsored by GOVCERT.LU.
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-10976, CVE-2024-10977, CVE-2024-10978
and CVE-2024-10979
Changelog:
https://www.postgresql.org/docs/release/16.5/
0003-configure.ac-bypass-autoconf-2.69-version-check.patch
Refreshed for 16.5
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
includes the CFLAGS used to build the package in
the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the
absolute build path via (eg.) the -ffile-prefix-map flag.
Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
configure emits its arguments into binaries via PACKAGE_CONFIGURE_INVOCATION
therefore edit the paths from this in generated config.h before it gets into
binaries.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
This ensures that we do not have to do the toggling from
releases to old-release in LTS release branches
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
Closes #3128.
- Open files with appropriate access on Windows.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.
Client library:
- Fix cmake build on OS X.
Build:
- Fix build on NetBSD
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Solves CVE-2024-8376
- removed 1571.patch and 2894.patch, already applied in v2.0.19
https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt
Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com>
Reviewed-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Backport patches [1] to fix CVE-2024-7246.
[1] https://github.com/grpc/grpc/pull/37361/files
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The SPA plugins for bluez depend on D-Bus bindings generated using
gdbus-codegen at build time. Some PACKAGECONFIG combinations appear to
pull this in accidentally. Add an explicit dependency to ensure that
it's in the sysroot when PACKAGECONFIG contains bluez5.
Signed-off-by: Ethan D. Twardy <ethan.twardy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
* Compilation fixes for libxml 2.13
* Fix ABR in gsf-vba-dump.
* Teach gsf (the tool) to handle odf properties.
* Fix integer overflows affecting memory allocation.
* Add missing "DocumentStatus" ole2 property.
* Avoid some undefined C behaviour in overflow checks.
Security fixes:
CVE-2024-42415
An integer overflow vulnerability exists in the Compound Document Binary
File format parser of v1.14.52 of the GNOME Project G Structured File
Library (libgsf). A specially crafted file can result in an integer
overflow that allows for a heap-based buffer overflow when processing
the sector allocation table. This can lead to arbitrary code execution.
An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-36474
An integer overflow vulnerability exists in the Compound Document Binary
File format parser of the GNOME Project G Structured File Library
(libgsf) version v1.14.52. A specially crafted file can result in an
integer overflow when processing the directory from the file that allows
for an out-of-bounds index to be used when reading and writing to an
array. This can lead to arbitrary code execution. An attacker can
provide a malicious file to trigger this vulnerability.
Reference:
[https://gitlab.gnome.org/GNOME/libgsf/-/issues/34]
(master rev: 6ed5891c18fc78a69764af0a29ad9b5feefb1aa8)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Backport patch with adjustments for the current version to fix
CVE-2024-7254.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
Security fixes
==============
* (CVE-2024-31449) Lua library commands may lead to stack overflow and
potential RCE.
* (CVE-2024-31227) Potential Denial-of-service due to malformed ACL
selectors.
* (CVE-2024-31228) Potential Denial-of-service due to unbounded pattern
matching.
Bug fixes
=========
* Fixed crashes in cluster mode (#13315)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-31949:
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR
capability as a dynamic capability because malformed data results in a pointer not advancing.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31949]
Upstream patches:
[https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-31948:
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute
in a BGP UPDATE packet can cause the bgpd daemon to crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31948]
Upstream patches:
[https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138]
[https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-31951:
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a
buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during
an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31951]
Upstream patches:
[https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-31950:
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in
ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs
(their size is not validated).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31950]
Upstream patches:
[https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-34088:
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c
in the OSPF daemon to return a NULL pointer. In cases where calling functions do not
handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-34088]
Upstream patches:
[https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-8925, CVE-2024-8926, CVE-2024-8927
and CVE-2024-9026
Changelog:
https://www.php.net/ChangeLog-8.php#8.2.24
Rebase 0001-ext-opcache-config.m4-enable-opcache.patch to new version
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2023-52160:
The implementation of PEAP in wpa_supplicant through 2.10 allows
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-52160
Patch from:
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to [1][2], Igor Pavlov, the author of 7-Zip, refused to
provide an advisory or any related change log entries. Have to
backport a part of ./CPP/7zip/Archive/NtfsHandler.cpp from upstream
big commit https://github.com/ip7z/7zip/commit/fc662341e6f85da78ada0e443f6116b978f79f22
[1] https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
[2] https://dfir.ru/wp-content/uploads/2024/07/screenshot-2024-07-03-at-02-13-40-7-zip-_-bugs-_-2402-two-vulnerabilities-in-the-ntfs-handler.png
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
