summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* python3-django: upgrade 5.0.9 -> 5.0.10Soumya Sambu2025-01-201-1/+1
| | | | | | | | | | Fixes CVE-2024-53907 and CVE-2024-53908 Release Notes: https://docs.djangoproject.com/en/dev/releases/5.0.10/ Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 4.2.16 -> 4.2.17Soumya Sambu2025-01-201-2/+2
| | | | | | | | | | Fixes CVE-2024-53907 and CVE-2024-53908 Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.17/ Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark 4.2.7: Fix CVE-2024-9781Shubham Pushpkar2025-01-202-0/+134
| | | | | | | | | | | | | Upstream Repository: https://gitlab.com/wireshark/wireshark.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-9781 Type: Security Fix CVE: CVE-2024-9781 Score: 7.8 Patch: https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5 Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.2.24 -> 8.2.26Vijay Anusuri2025-01-201-1/+1
| | | | | | | | | | Includes fix for CVE-2024-8929, CVE-2024-11236, CVE-2024-11234 and CVE-2024-11233 Changelog: https://www.php.net/ChangeLog-8.php#8.2.26 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chrony: fix do_fetch errorJiaying Song2025-01-201-1/+1
| | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ghex,gnome-chess,gnome-photos: Add missing dep on itstool-nativeKhem Raj2025-01-053-1/+3
| | | | | | | | Fixes build issues in these recipe in meta-gnome Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit af6858aa3729a81780f2ec113c095f7f0c87c226) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* eog: add itstool-native dependencyMarkus Volk2025-01-051-0/+1
| | | | | | | | | | | | | fixes: | ../eog-47.0/help/meson.build:45:6: ERROR: Program 'itstool' not found or not executable | | A full log can be found at /home/flk/poky/build/tmp/work/corei7-64-poky-linux/eog/47.0/build/meson-logs/meson-log.txt | ERROR: meson failed Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b523303f785c459e2f9232af45504863564ad7b9) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* geary: add itstool-native dependencyMarkus Volk2025-01-051-0/+1
| | | | | | | | | | | | | fixes: | Configuring org.gnome.Geary.service using configuration | Program itstool found: NO | | ../git/help/meson.build:21:6: ERROR: Program 'itstool' not found or not executable Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 34962ffbbef0a7b8af82121655ec78a4b7c7e055) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-tornado: Upgrade 6.4 -> 6.4.2Soumya Sambu2024-12-271-2/+2
| | | | | | | | | | | | | Changelog: ========== https://github.com/tornadoweb/tornado/releases/tag/v6.4.2 https://github.com/tornadoweb/tornado/releases/tag/v6.4.1 Switch to python_setuptools_build_meta - https://github.com/tornadoweb/tornado/commit/e71fb6e616e08838df55dddb494c96a80454f812 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* sip: Upgrade 6.8.3 -> 6.8.6Leon Anavi2024-12-271-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to version 6.8.6: - Handle single number macOS deployment targets - Support for architectures where `char` is unsigned - Support for building from git archives - Run the tests using the current Python version The project has a proper pyproject.toml which declares the setuptools.build.meta PEP-517 backend. Fixes: WARNING: sip-6.8.6-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] The work was sponsored by GOVCERT.LU. License-Update: Update years Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* postgresql: upgrade 16.4 -> 16.5Yogita Urade2024-12-272-4/+4
| | | | | | | | | | | | | | Includes fix for CVE-2024-10976, CVE-2024-10977, CVE-2024-10978 and CVE-2024-10979 Changelog: https://www.postgresql.org/docs/release/16.5/ 0003-configure.ac-bypass-autoconf-2.69-version-check.patch Refreshed for 16.5 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* ndisc6: Fix reproducible buildKhem Raj2024-12-152-0/+86
| | | | | | | | | | | | includes the CFLAGS used to build the package in the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the absolute build path via (eg.) the -ffile-prefix-map flag. Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ndisc: Remove buildpaths from binariesKhem Raj2024-12-151-0/+4
| | | | | | | | | | configure emits its arguments into binaries via PACKAGE_CONFIGURE_INVOCATION therefore edit the paths from this in generated config.h before it gets into binaries. Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: Switch SRC_URI to use github releaseJiaying Song2024-12-151-1/+1
| | | | | | | | This ensures that we do not have to do the toggling from releases to old-release in LTS release branches Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mosquitto: upgrade 2.0.19 -> 2.0.20Wang Mingyu2024-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== Broker: - Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers". Closes #3128. - Open files with appropriate access on Windows. - Don't allow invalid response topic values. - Fix some strict protocol compliance issues. Client library: - Fix cmake build on OS X. Build: - Fix build on NetBSD Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mosquitto: upgrade 2.0.18 -> 2.0.19Fabrice Aeschbacher2024-12-153-50/+1
| | | | | | | | | | | | | | - Solves CVE-2024-8376 - removed 1571.patch and 2894.patch, already applied in v2.0.19 https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* grpc: Fix CVE-2024-7246Libo Chen2024-12-152-0/+421
| | | | | | | | | Backport patches [1] to fix CVE-2024-7246. [1] https://github.com/grpc/grpc/pull/37361/files Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pipewire: Add glib-2.0-native dep for bluez5AmateurECE2024-12-151-1/+1
| | | | | | | | | | The SPA plugins for bluez depend on D-Bus bindings generated using gdbus-codegen at build time. Some PACKAGECONFIG combinations appear to pull this in accidentally. Add an explicit dependency to ensure that it's in the sysroot when PACKAGECONFIG contains bluez5. Signed-off-by: Ethan D. Twardy <ethan.twardy@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgsf: upgrade 1.14.52 -> 1.14.53Zhang Peng2024-12-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: * Compilation fixes for libxml 2.13 * Fix ABR in gsf-vba-dump. * Teach gsf (the tool) to handle odf properties. * Fix integer overflows affecting memory allocation. * Add missing "DocumentStatus" ole2 property. * Avoid some undefined C behaviour in overflow checks. Security fixes: CVE-2024-42415 An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. CVE-2024-36474 An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Reference: [https://gitlab.gnome.org/GNOME/libgsf/-/issues/34] (master rev: 6ed5891c18fc78a69764af0a29ad9b5feefb1aa8) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* protobuf: fix CVE-2024-7254Chen Qi2024-12-152-0/+795
| | | | | | | | Backport patch with adjustments for the current version to fix CVE-2024-7254. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: upgrade 7.2.5 -> 7.2.6Yi Zhao2024-12-1510-26/+25
| | | | | | | | | | | | | | | | | | | | | | ChangeLog: Security fixes ============== * (CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE. * (CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors. * (CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching. Bug fixes ========= * Fixed crashes in cluster mode (#13315) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: upgrade 7.2.4 -> 7.2.5Wang Mingyu2024-12-1510-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-31949Zhang Peng2024-12-152-0/+164
| | | | | | | | | | | | | | | CVE-2024-31949: In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31949] Upstream patches: [https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-31948Zhang Peng2024-12-152-0/+131
| | | | | | | | | | | | | | | | CVE-2024-31948: In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31948] Upstream patches: [https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138] [https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-31951Zhang Peng2024-12-152-0/+111
| | | | | | | | | | | | | | | | CVE-2024-31951: In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31951] Upstream patches: [https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-31950Zhang Peng2024-12-152-0/+69
| | | | | | | | | | | | | | | | CVE-2024-31950: In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31950] Upstream patches: [https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-34088Zhang Peng2024-12-152-0/+84
| | | | | | | | | | | | | | | | CVE-2024-34088: In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-34088] Upstream patches: [https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.2.20 -> 8.2.24Yogita Urade2024-12-152-7/+10
| | | | | | | | | | | | | Includes fix for CVE-2024-8925, CVE-2024-8926, CVE-2024-8927 and CVE-2024-9026 Changelog: https://www.php.net/ChangeLog-8.php#8.2.24 Rebase 0001-ext-opcache-config.m4-enable-opcache.patch to new version Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: Security fix for CVE-2023-52160Yi Zhao2024-12-152-0/+199
| | | | | | | | | | | | | | | | | | | | CVE-2023-52160: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-52160 Patch from: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* p7zip: fix CVE-2023-52169 and CVE-2023-52168hongxu2024-12-152-0/+456
| | | | | | | | | | | | | According to [1][2], Igor Pavlov, the author of 7-Zip, refused to provide an advisory or any related change log entries. Have to backport a part of ./CPP/7zip/Archive/NtfsHandler.cpp from upstream big commit https://github.com/ip7z/7zip/commit/fc662341e6f85da78ada0e443f6116b978f79f22 [1] https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/ [2] https://dfir.ru/wp-content/uploads/2024/07/screenshot-2024-07-03-at-02-13-40-7-zip-_-bugs-_-2402-two-vulnerabilities-in-the-ntfs-handler.png Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-werkzeug: upgrade 3.0.3 -> 3.0.6Soumya Sambu2024-12-151-1/+1
| | | | | | | | | | | | Includes fix for CVE-2024-49767 Changelog: ========== https://github.com/pallets/werkzeug/blob/3.0.6/CHANGES.rst Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* freeradius: upgrade 3.2.3 -> 3.2.5Yi Zhao2024-11-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_4 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_5 Security fixes: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://www.freeradius.org/security/ https://www.blastradius.fail/ https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95 (master rev: 28d82d17c8174ee17271ca43ad7eb2175211cacc) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdev-checklib-perl: fix do_fetch errorJiaying Song2024-11-241-1/+1
| | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: libdev-checklib-perl-native-1.16-r0 do_fetch: Failed to fetch URL https://cpan.metacpan.org/modules/by-module/Devel/Devel-CheckLib-1.16.tar.gz, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* eject: fix do_fetch errorJiaying Song2024-11-241-1/+1
| | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: eject-2.1.5-r0.wr2401 do_fetch: Failed to fetch URL http://sources.openembedded.org/eject-2.1.5.tar.gz, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xfce-dusk-gtk3: fix do_fetch errorJiaying Song2024-11-241-1/+1
| | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: xfce-dusk-gtk3-1.3-r0 do_fetch: Failed to fetch URL http://sources.openembedded.org/141404-xfce_dusk_gtk3-1_3.tar.gz;subdir=xfce-dusk-gtk3-1.3, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: upgrade 2.6.10 -> 2.6.12Haixiao Yan2024-11-242-146/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.12/Changes.rst Security fixes: CVE-2024-4877: Windows: harden interactive service pipe. Security scope: a malicious process with "some" elevated privileges (SeImpersonatePrivilege) could open the pipe a second time, tricking openvn GUI into providing user credentials (tokens), getting full access to the account openvpn-gui.exe runs as. CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client. Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> [Drop CVE-2024-28882 patch not yet in stable] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix multiple cve CVE-2024-45615-45616-45617-45618-45619-45620Virendra Thakur2024-11-222-1/+1271
| | | | | | | | | | Fixes for uninitialized memory issues Hunk present in card-entersafe.c and card-gids.c are refresehed base on codebase. Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: fix CVE-2024-28882Haixiao Yan2024-11-092-0/+145
| | | | | | | | | | | | CVE-2024-28882: OpenVPN in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session References: https://community.openvpn.net/openvpn/wiki/CVE-2024-28882 Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libp11: Treat all openssl-3.x releases the sameSana Kazi2024-11-092-1/+32
| | | | | | | | | | | | OpenSSL's soversion will not change for any 3.x minor release. https://www.openssl.org/policies/general/versioning-policy.html Signed-off-by: Sana Kazi <sanakazi720@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c3e4879c5c7abbf57b0c2633a66137e302604e0a) Signed-off-by: Akash Hadke <akash.hadke27@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: conditionally set status of CVE-2024-45802Peter Marko2024-11-091-0/+6
| | | | | | | | | | | | | | | | | | | | | | According to [1] the ESI feature implementation in squid is vulnerable without any fix available. NVD says it's fixed in 6.10, however the change in this release only disables ESI by default (which we always did via PACKAGECONFIG). Commit in master branch related to this CVE is [2]. Title is "Remove Edge Side Include (ESI) protocol" and it's also what it does. So there will never be a fix for these ESI vulnerabilities. We should not break features in LTS branch and cannot fix this problem. So ignrore this CVE based on set PACKAGECONFIG which should remove it from reports for most users. Thos who need ESI need to assess the risk themselves. [1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj [2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpreplay: fix CVE-2023-43279Jiaying Song2024-11-092-0/+40
| | | | | | | | | | | | | | | Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command. References: https://nvd.nist.gov/vuln/detail/CVE-2023-43279 Upstream patches: https://github.com/appneta/tcpreplay/pull/860/commits/963842ceca79e97ac3242448a0de94fb901d3560 Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-xmodem: replace hardcoded /usr with ${prefix}Justin Bronder2024-11-091-2/+2
| | | | | | | | Without this the native recipe cannot be built. Signed-off-by: Justin Bronder <jsbronder@cold-front.org> (cherry picked from commit 4a86f8a54fe96f4aa05232180a2a744a15638f55) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openipmi: upgrade 2.0.34->2.0.36Jiaying Song2024-11-091-1/+1
| | | | | | | | Full changelog: https://sourceforge.net/p/openipmi/news/ Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: patch CVE-2024-6609Peter Marko2024-11-092-0/+31
| | | | | | | | | | | | | | | | | | | Pick the same patch as Debian took for bullseye. There is no direct backport to version prior 3.102 because commit NSS_3_101_BETA2-12-g8d94c529b [1] rewrote this code. Applied patch was proposed for old versions in [2] and already applied in Debian bullseye. I could not find suitable upstream status, inappropriate is the best I could pick from offered possibilities. [1] https://github.com/nss-dev/nss/commit/8d94c529b333194d080c4885ddd3a40e6c296ae9< [2] https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/t9JmsYkujWM/m/HjKuk-ngBAAJ Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: patch CVE-2024-6602Peter Marko2024-11-092-0/+66
| | | | | | | Pick the same patch as Debian took for bullseye. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 3.6.1 -> 3.6.2Yi Zhao2024-11-091-1/+1
| | | | | | | | | | | | | ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2 Security Fix: CVE-2024-49195 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* graphviz: remove obsolete and problematic patchChen Qi2024-11-092-37/+0
| | | | | | | | | | | | | | | | | | | | | | | | Remove 0001-Set-use_tcl-to-be-empty-string-if-tcl-is-disabled.patch. This patch is obsolete and not needed because the current graphviz configure.ac has correct logic of checking use_tcl. This use_tcl variable needs to be set when '--disable-tcl' is set, otherwise, things will behave as if no option is supplied and the configure process will check tcl automatically. This patch is problematic because its logic against the current version is wrong. The recipe has already explicitly set '--disable-tcl', so the configure process should not do automatic checking for tcl at do_configure. This patch fixes do_configure error when host has tcl8.6-dev installed. The error is like below: QA Issue: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities. Rerun configure task after fixing this. [configure-unsafe] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vlock: fix do_fetch errorJiaying Song2024-11-091-1/+1
| | | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: vlock-2.2.3-r0.vr2401 do_fetch: Failed to fetch URL http://distfiles.gentoo.org/distfiles/vlock-2.2.3.tar.gz, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireguard-tools: fix do_fetch errorJiaying Song2024-11-091-1/+1
| | | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: cleanupJ. S.2024-11-092-118/+0
| | | | | | | | | | Drop two patches which haven't been referenced by the nodejs recipe since the 20.11.0 version checkin. 0001-build-fix-build-with-Python-3.12.patch 0001-gyp-resolve-python-3.12-issues.patch Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-05 05:16:05 +0000