summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* nginx-1.21.1: Drop reference to removed patchNiko Mauno2024-06-271-2/+0
| | | | | | | | | | | | Align to commit 8e297cdc841c6cad34097f00a6903ba25edfc153 ("nginx: Remove obsolete patch") by removing reference to removed patch file. By doing so we mitigate the following BitBake complaint: WARNING: .../meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb: Unable to get checksum for nginx SRC_URI entry 0001-HTTP-2-per-iteration-stream-handling-limit.patch: file could not be found Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyyaml-include: support native and nativesdk buildRandy MacLeod2024-06-271-1/+1
| | | | | | | | Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 56e2e5df9bba23c431bed2fa7794d5cc86c08f2f) Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: Remove obsolete patchJasper Orschulko2024-06-021-92/+0
| | | | | | | | | | With the inclusion of commit 85102dd2dff41945997b983f7c2bfc954dd3bc47 the same patch was introduced again, thus this copy can be deleted (which accidently was never used, since I originally forgot to add it to the SRC_URI, whoops). Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: fix CVE-2023-46809Archana Polampalli2024-06-022-0/+626
| | | | | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: fix CVE-2024-22025Archana Polampalli2024-06-022-0/+149
| | | | | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: fix CVE-2024-22019Archana Polampalli2024-06-022-0/+557
| | | | | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ITS#10094 libldap/OpenSSL: fix setting ciphersuitesPriyal Doshi2024-05-282-0/+70
| | | | | | | Backport-from: https://git.openldap.org/openldap/openldap/-/merge_requests/654/diffs?commit_id=8c482cec9a68e74b3609b1e44738bee352f6577a Signed-off-by: Priyal Doshi <pdoshi@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Backport fix CVE-2023-0767Vivek Kumbhar2024-05-262-0/+103
| | | | | | | Upstream-Status: Backport from [https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad] Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* uriparser: upgrade 0.9.6 -> 0.9.8Peter Marko2024-05-261-1/+1
| | | | | | | | | | | | Handle CVEs: * https://nvd.nist.gov/vuln/detail/CVE-2024-34402 * https://nvd.nist.gov/vuln/detail/CVE-2024-34403 Cherry-pick from master was not possible due to usage of github-releases class which is not in kirkstone yet. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 2.28.7->2.28.8Yogita Urade2024-05-261-2/+2
| | | | | | | | | | | Includes security fixes for: CVE-2024-28960 - Insecure handling of shared memory in PSA Crypto APIs Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.22 -> 8.1.28Soumya Sambu2024-05-261-1/+1
| | | | | | | | | | | | | Upgrade php to 8.1.28 Security fixes: CVE-2024-3096 CVE-2024-2756 https://www.php.net/ChangeLog-8.php#8.1.28 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libssh: Fix CVE CVE-2023-6004nikhil2024-05-268-0/+1017
| | | | | | | | | | | | A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter Signed-off-by: Nikhil R <nikhil.r@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: patch CVE-2024-0743Peter Marko2024-05-262-0/+41
| | | | | | | | https://nvd.nist.gov/vuln/detail/CVE-2024-0743 mentions bug 1867408 as tracking fix for this issue. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: patch CVE-2023-5388Peter Marko2024-05-262-0/+682
| | | | | | | | https://nvd.nist.gov/vuln/detail/CVE-2023-5388 mentions bug 1780432 as tracking fix for this issue. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libeigen: Update GPL-3.0-only to GPL-2.0-onlyakash hadke2024-05-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | libeigen source contains GPL-3.0-only code but it is not being packaged hence update LICENSE with GPL-2.0-only Below are the GPL-3.0-only files from libeigen source bench/btl/actions/action_aat_product.hh bench/btl/actions/action_ata_product.hh bench/btl/actions/action_atv_product.hh bench/btl/actions/action_axpby.hh bench/btl/actions/action_axpy.hh bench/btl/actions/action_cholesky.hh bench/btl/actions/action_ger.hh bench/btl/actions/action_hessenberg.hh bench/btl/actions/action_lu_decomp.hh bench/btl/actions/action_lu_solve.hh bench/btl/actions/action_matrix_matrix_product_bis.hh bench/btl/actions/action_matrix_matrix_product.hh bench/btl/actions/action_matrix_vector_product.hh bench/btl/actions/action_partial_lu.hh bench/btl/actions/action_rot.hh bench/btl/actions/action_symv.hh bench/btl/actions/action_syr2.hh bench/btl/actions/action_trisolve.hh bench/btl/actions/action_trisolve_matrix.hh bench/btl/actions/action_trmm.hh bench/btl/COPYING bench/btl/data/mean.cxx bench/btl/data/regularize.cxx bench/btl/data/smooth.cxx bench/btl/generic_bench/bench.hh bench/btl/generic_bench/bench_parameter.hh bench/btl/generic_bench/btl.hh bench/btl/generic_bench/init/init_function.hh bench/btl/generic_bench/init/init_matrix.hh bench/btl/generic_bench/init/init_vector.hh bench/btl/generic_bench/static/bench_static.hh bench/btl/generic_bench/static/intel_bench_fixed_size.hh bench/btl/generic_bench/static/static_size_generator.hh bench/btl/generic_bench/timers/mixed_perf_analyzer.hh bench/btl/generic_bench/timers/portable_perf_analyzer.hh bench/btl/generic_bench/timers/portable_perf_analyzer_old.hh bench/btl/generic_bench/timers/portable_timer.hh bench/btl/generic_bench/timers/STL_perf_analyzer.hh bench/btl/generic_bench/timers/STL_timer.hh bench/btl/generic_bench/utils/size_lin_log.hh bench/btl/generic_bench/utils/size_log.hh bench/btl/generic_bench/utils/xy_file.hh bench/btl/libs/BLAS/blas_interface.hh bench/btl/libs/BLAS/main.cpp bench/btl/libs/blaze/blaze_interface.hh bench/btl/libs/blaze/main.cpp bench/btl/libs/blitz/blitz_interface.hh bench/btl/libs/blitz/blitz_LU_solve_interface.hh bench/btl/libs/blitz/btl_blitz.cpp bench/btl/libs/blitz/btl_tiny_blitz.cpp bench/btl/libs/blitz/tiny_blitz_interface.hh bench/btl/libs/eigen2/btl_tiny_eigen2.cpp bench/btl/libs/eigen2/eigen2_interface.hh bench/btl/libs/eigen2/main_adv.cpp bench/btl/libs/eigen2/main_linear.cpp bench/btl/libs/eigen2/main_matmat.cpp bench/btl/libs/eigen2/main_vecmat.cpp bench/btl/libs/eigen3/btl_tiny_eigen3.cpp bench/btl/libs/eigen3/eigen3_interface.hh bench/btl/libs/eigen3/main_adv.cpp bench/btl/libs/eigen3/main_linear.cpp bench/btl/libs/eigen3/main_matmat.cpp bench/btl/libs/eigen3/main_vecmat.cpp bench/btl/libs/gmm/gmm_interface.hh bench/btl/libs/gmm/gmm_LU_solve_interface.hh bench/btl/libs/gmm/main.cpp bench/btl/libs/mtl4/main.cpp bench/btl/libs/mtl4/mtl4_interface.hh bench/btl/libs/mtl4/mtl4_LU_solve_interface.hh bench/btl/libs/STL/main.cpp bench/btl/libs/STL/STL_interface.hh bench/btl/libs/tvmet/main.cpp bench/btl/libs/tvmet/tvmet_interface.hh bench/btl/libs/ublas/main.cpp bench/btl/libs/ublas/ublas_interface.hh libeigen project dropped all GPL code in their 'master' branch and moved to 'Apache-2.0' Signed-off-by: Akash Hadke <akash.hadke27@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: fix CVE-2023-44487Meenali Gupta2024-05-262-0/+80
| | | | | | | | | | | | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. References: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyyaml-include: Drop pytest --automakeMingli Yu2024-05-222-2/+1
| | | | | | | | | | The python3-unittest-automake-output is not supported [1], so drop "pytest --automake". [1] https://lore.kernel.org/all/20240327072236.2221619-1-mingli.yu@windriver.com/T/#mda91919809cf156aba24f099bef65142067cd318 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-twisted: Add python3-typing-extensions to RDEPENDSHains van den Bosch2024-04-281-0/+1
| | | | | | | | | | | | | To fix crash due to missing module: File "/usr/lib/python3.11/site-packages/twisted/internet/defer.py", line 42, in <module> from typing_extensions import Literal, ParamSpec, Protocol ModuleNotFoundError: No module named 'typing_extensions' Signed-off-by: Hains van den Bosch <hainsvdbosch@ziggo.nl> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-twisted: Add python3-asyncio to RDEPENDSHains van den Bosch2024-04-281-0/+1
| | | | | | | | | | | | | | To fix crash due to missing module: from twisted.internet import defer File "/usr/lib/python3.11/site-packages/twisted/internet/defer.py", line 14, in <module> from asyncio import AbstractEventLoop, Future, iscoroutine ModuleNotFoundError: No module named 'asyncio' Signed-off-by: Hains van den Bosch <hainsvdbosch@ziggo.nl> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: fix CVE-2023-6175Hitendra Prajapati2024-04-282-0/+247
| | | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> [manual fixed up] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-aiohttp: Fix CVE-2024-23334Rahul Janani Pandi2024-04-282-0/+225
| | | | | | | | | | | | | | | | | | | | | | | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. References: https://security-tracker.debian.org/tracker/CVE-2024-23334 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2 Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: Upgrade v2.4.58 -> v2.4.59Soumya Sambu2024-04-283-14/+14
| | | | | | | | | | | | | | | This upgrade incorporates the fixes for CVE-2024-27316, CVE-2024-24795,CVE-2023-38709 and other bugfixes. Adjusted 0004-apache2-log-the-SELinux-context-at-startup.patch and 0007-apache2-allow-to-disable-selinux-support.patch to align with upgraded version. Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.59 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* giflib: Fix CVE CVE-2022-28506nikhil2024-04-282-1/+43
| | | | | | | | | | | | | | There is a heap buffer overflow in DumpScreen2RGB() in gif2rgb.c. This occurs when a crafted gif file, where size of color table is < 256 but image data contains pixels with color code highier than size of color table. This causes oferflow of ColorMap->Colors array. Fix the issue by checking if value of each pixel is within bounds of given color table. If the value is out of color table, print error message and exit. Signed-off-by: Nikhil R <nikhil.r@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: fix CVE-2024-24680Rahul Janani Pandi2024-04-282-0/+49
| | | | | | | | | | | | | | | | An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://security-tracker.debian.org/tracker/CVE-2024-24680 https://docs.djangoproject.com/en/dev/releases/4.2.10/ Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bats: fix bats-format-pretty report error when multilib enabledXiangyu Chen2024-04-281-0/+1
| | | | | | | | bat-format-pretty hardcoded the lib folder that cause it reports missing formatter.bash error when multilib is enabled. Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xterm: Security fix for CVE-2023-40359Rohini Sangam2024-04-282-0/+389
| | | | | | | | | | | | | CVE fixed: - CVE-2023-40359 xterm: ReGIS reporting for character-set names containing characters other than alphanumerics or underscore Upstream-Status: Backport from https://github.com/ThomasDickey/xterm-snapshots/commit/41ba5cf31da5e43477811b28009d64d3f643fd29 Note: The CVE patch is part of minor version-up and is extracted from the snapshot of xterm-379c. Documentation of the commit shows 2 different overflows being fixed and hence the fix was extracted from the commit. Signed-off-by: Rohini Sangam <rsangam@mvista.com> Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pillow: Fix CVE-2023-50447Rahul Janani Pandi2024-04-285-0/+186
| | | | | | | | | | | | | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). References: https://security-tracker.debian.org/tracker/CVE-2023-50447 https://github.com/python-pillow/Pillow/blob/10.2.0/CHANGES.rst Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* iniparser: Fix CVE-2023-33461Soumya Sambu2024-04-282-1/+54
| | | | | | | | | | | | iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. References: https://nvd.nist.gov/vuln/detail/CVE-2023-33461 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Backport fix for CVE-2024-2955Ashish Sharma2024-04-282-0/+53
| | | | | | | Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/6fd3af5e999c71df67c2cdcefb96d0dc4afa5341] Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyyaml-include: Upgrade 1.3.2 -> 1.4.1Mingli Yu2024-04-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Upgrade to 1.4.1 to make it work with setuptools 59.x as it doesn't support pep 621 [1], so remove pyproject.toml and add setup.cfg back [2]. * Add python3-toml to RDEPENDS to fix below error: self = <yamlinclude.readers.TomlReader object at 0x7faceccdbd30> def __call__(self): if sys.version_info >= (3, 11): with open(self._path, "rb") as fp: return tomllib.load(fp) else: try: import toml except ImportError as err: # pragma: no cover > raise ImportError(f'Un-supported file "{self._path}".\n`pip install toml` should solve the problem.\n\n{err}') E ImportError: Un-supported file "tests/data/include.d/1.toml". E `pip install toml` should solve the problem. E E No module named 'toml' ../../python3.10/site-packages/yamlinclude/readers.py:69: ImportError [1] https://setuptools.pypa.io/en/latest/userguide/pyproject_config.html [2] https://github.com/tanbro/pyyaml-include/issues/43 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyyaml-include: switch to pytest --automakeTim Orling2024-04-282-4/+5
| | | | | | | | | | * Also replace ${PYTHON_PN} with python3 Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 182f31a182f6572a3538b875cec7ee761e2da1e6) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyyaml-include: add initial recipe for version 1.3.2Derek Straka2024-04-282-0/+31
| | | | | | | | | | | | Add a recipe for the pyyaml-include package that extends PyYAML to include YAML files within YAML files. Add a ptest to run the unit tests and include the tests as part of the package lists in meta-python Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bf011a9f5e89186b338b6a335d10ef84929be0ce) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: Upgrade 2.87 -> 2.90Soumya Sambu2024-03-255-87/+3
| | | | | | | | | | | | | | Fixes CVE-2023-50387 and CVE-2023-50868 Remove backported CVE patch. Remove patch for lua as hardcoding lua version was removed. Changelog: =========== https://thekelleys.org.uk/dnsmasq/CHANGELOG Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* unixodbc: Fix CVE-2024-1013Soumya Sambu2024-03-252-0/+54
| | | | | | | | | | | | | An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. References: https://nvd.nist.gov/vuln/detail/CVE-2024-1013 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openjpeg: Backport fix CVE-2021-3575Vivek Kumbhar2024-03-252-0/+46
| | | | | | | Upstream-Status: Backport from https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* c-ares: fix CVE-2024-25629Yogita Urade2024-03-252-0/+35
| | | | | | | | | | | | | | | | | | | | | c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist. References: https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security-tracker.debian.org/tracker/CVE-2024-25629 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opencv: fix reproducibility issuesAnuj Mittal2024-03-251-17/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Download and unpack contrib modules and other repositories in S instead of WORKDIR so they don't escape file-prefix-map substitutions. Fixes a number of reproducibility problems because of OpenCV check macros that were embedding path to files in contrib/. MJ: this is backport from langdale and fixes not only reproducibility issues but also pseudo aborts in do_install when do_install is executed again after do_package (in incremental builds): | DEBUG: Executing shell function do_install | NOTE: DESTDIR=opencv/4.5.5-r0/image VERBOSE=1 cmake --build opencv/4.5.5-r0/build --target install -- | abort()ing pseudo client by server request. See https://wiki.yoctoproject.org/wiki/Pseudo_Abort for more details on this. | Check logfile: opencv/4.5.5-r0/pseudo//pseudo.log | Subprocess aborted and pseudo.log file shows: path mismatch [3 links]: ino 214373575 db 'opencv/4.5.5-r0/package/usr/src/debug/lib32-opencv/4.5.5-r0/contrib/modules/intensity_transform/src/bimef.cpp' req 'opencv/4.5.5-r0/contrib/modules/intensity_transform/src/bimef.cpp'. easily reproducible with: bitbake -c cleansstate opencv; bitbake -c package opencv; bitbake -c install -f opencv unlike ${S} ${WORKDIR}/contrib isn't in default PSEUDO_IGNORE_PATHS Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: Upgrade to 14.11Soumya Sambu2024-03-255-535/+5
| | | | | | | | | | | | | | | | Addresses CVEs and other bug fixes. Remove patches that are fixed in this release. Release notes are available at: https://www.postgresql.org/docs/release/14.10/ https://www.postgresql.org/docs/release/14.11/ 0001-configure.ac-bypass-autoconf-2.69-version-check.patch refreshed for new version. License-Update: Copyright year updated Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: ignore CVE-2023-7235Soumya Sambu2024-03-251-0/+3
| | | | | | | | | | | This CVE is related to OpenVPN 2.x GUI on Windows. References: https://community.openvpn.net/openvpn/wiki/CVE-2023-7235 https://security-tracker.debian.org/tracker/CVE-2023-7235 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: Upgrade 3.5.0 -> 3.5.2Soumya Sambu2024-02-281-3/+4
| | | | | | | | | | | | | | | * Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations * Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension() Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX. License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later Changelog: https://github.com/Mbed-TLS/mbedtls/blob/v3.5.2/ChangeLog Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 2.28.5 -> 2.28.7Soumya Sambu2024-02-281-3/+3
| | | | | | | | | | | | | | Includes security fixes for: CVE-2024-23170 - Timing side channel in private key RSA operations CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension() License updated to dual Apache-2.0 OR GPL-2.0-or-later. Changelog: https://github.com/Mbed-TLS/mbedtls/blob/v2.28.7/ChangeLog Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade from 4.2.7 to 4.2.10Fathi Boudra2024-02-281-1/+1
| | | | | | | | | | Upgrade to the latest 4.x LTS release. Bugs fixes only. Fix CVE: CVE-2024-24680: Potential denial-of-service in intcomma template filter Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* graphviz: fix CVE-2023-46045Meenali Gupta2024-02-284-0/+111
| | | | | | | | Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: Backport fix for CVE-2023-49286 and CVE-2023-50269Vijay Anusuri2024-02-283-0/+151
| | | | | | | | | | | | | | | import patches from ubuntu to fix CVE-2023-49286 CVE-2023-50269 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa Upstream commit https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 & https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: fix CVE-2023-22084Yogita Urade2024-02-282-0/+92
| | | | | | | | | | | | | | | | | | | | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). References: https://nvd.nist.gov/vuln/detail/CVE-2023-22084 https://security-tracker.debian.org/tracker/CVE-2023-22084 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: Set CVE_PRODUCT to "node.js"virendra thakur2024-02-281-0/+2
| | | | | | | Set CVE_PRODUCT to 'node.js' for nodjs recipe Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Revert "libcroco: Add fix for CVE-2020-12825"Martin Jansa2024-02-072-212/+0
| | | | | | | | | | This reverts commit 522603beb6d88ad6ea443806bb986096d5b766e6. This change was for oe-core not meta-oe repository, creating unused directory "meta" which doesn't belong here. Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postfix: Backport fix for CVE-2023-51764Ashish Sharma2024-02-073-0/+1357
| | | | | | | | Import patches from ubuntu launchpad fix CVE-2023-51764 Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3] Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: backport Debian patch for CVE-2023-46728 and CVE-2023-46846Vijay Anusuri2024-02-074-0/+1934
| | | | | | | | | | | | | | | | | import patches from ubuntu to fix CVE-2023-46728 CVE-2023-46846 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa Upstream commit https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 & https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270 & https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix for CVE-2023-4511Vijay Anusuri2024-02-072-0/+82
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/ef9c79ae81b00a63aa8638076ec81dc9482972e9 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 18:13:45 +0000