| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
attacker to execute arbitrary SQL commands
Source: https://github.com/cyrusimap/cyrus-sasl
MR: 118501
Type: Security Fix
Disposition: Backport from https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc
ChangeID: 5e0fc4c28d97b498128e4aa5d3e7c012e914ef51
Description:
CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fix the below do_fetch warning:
WARNING: bridge-utils-1.7-r0 do_fetch: Failed to fetch URL git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/bridge-utils.git, attempting MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add patch for CVE issue: CVE-2018-16301
Link: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86
Upstream-Status: Pending
Issue: MGUBSYS-5370
Change-Id: I2aac084e61ba9d71ae614a97b4924eaa60328b79
Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add patches to fix CVE-2021-41054 and CVE-2021-46671 issues
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-41054
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-46671
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix the below do_fetch warning:
WARNING: geoip-1.6.12-r0 do_fetch: Failed to fetch URL git://github.com/maxmind/geoip-api-c.git, attempting MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit df3ef158347072a409b4e276a9dab8c2e89350ec)
[Fix up for dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add below patch to fix CVE-2020-24265 and CVE-2020-24266
CVE-2020-24265-and-CVE-2020-24266.patch
Link: https://github.com/appneta/tcpreplay/commit/d3110859064b15408dbca1294dc7e31c2208504d
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add a patch to fix CVE-2021-45079
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: wireshark.org
MR: 114425, 114409, 114441, 114269, 114417, 114311, 114449
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 8663cdebb2f10ee84817e5199fa3be0acb715af9
Description:
This is a bugfix only update.
Addresses these CVES:
wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684. CVE-2021-39920, CVE-2021-39923.
wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
V2]
Fixes: /build/run/lemon: Exec format error
revert "cmake: lemon: fix path to internal lemon tool"
so the wireshark-native version is instead.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Add patch to fix CVE-2021-41990 and CVE-2021-41991
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This way yocto cve-check can find open CVE's. See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE
database differ from yocto recipe names. This series fixes several
of those name mapping problems by setting the CVE_PRODUCT correctly
in the recipes. To check this mapping with after a build, I'm exporting
LICENSE and CVE_PRODUCT variables to buildhistory for recipes and
packages."
Value added is based on:
https://nvd.nist.gov/products/cpe/search/results?keyword=netcat&status=FINAL&orderBy=CPEURI&namingFormat=2.3
Signed-off-by: Andre Carvalho <andrestc@fb.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Changelog:
http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.20.HISTORY
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch to fix build against glibc 2.34 (e.g. on Fedora 35)
Fixes:
| In file included from attr_clnt.c:88:
| /usr/include/unistd.h:363:13: error: conflicting types for
‘closefrom’; have ‘void(int)’
| 363 | extern void closefrom (int __lowfd) __THROW;
| | ^~~~~~~~~
| In file included from attr_clnt.c:87:
| ./sys_defs.h:1506:12: note: previous declaration of ‘closefrom’ with
type ‘int(int)’
| 1506 | extern int closefrom(int);
| | ^~~~~~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
| |
Signed-off-by: Armin kuster <akuster808@gamil.com>
|
| |
|
|
|
|
|
|
|
|
| |
Added patch for CVE-2020-12674
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Added patch for CVE-2020-12673
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Added patches to fix CVE-2020-12100
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT
Signed-off-by: Andreas Weger <weger@hs-mittweida.de>
Change-Id: Id1d0a1062d09f690123b2a1c06137ae5c04d7b20
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
CVE tag was missing inside the patch file
which is the remedy for CVE-2020-8037 and
tracked by cve-check.
Signed-off-by: Purushottam Choudhary <purushottam.Choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Source: https://thekelleys.org.uk/dnsmasq.git
MR: 110238
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818
Description:
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: https://git.openembedded.org/meta-openembedded
MR: 109039
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/stunnel?h=gatesgarth&id=b76712700c79e4627028787ae65ab306c21eed02
ChangeID: 2543a2516b0f00024ed117a1fe33d1157b3d725f
Description:
Affects < 5.57
License-Update: copyright years updated.
This is a bug fix release:
- X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes.
- Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
- Merged Debian 05-typos.patch (thx to Peter Pentchev).
- Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
- Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
- Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
- Fixed tests on the WSL2 platform.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b76712700c79e4627028787ae65ab306c21eed02)
[Includes CVE-2021-20230 per changelog
Full commit https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
]
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
| |
This issue was introduce in 4.9 by 246ca110 Autosar SOME/IP protocol support which is after
4.9.3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Revert patch to setup-only-make-one-reference-to-env.patch and make
patch for python3 interpreter fix apply to runs of setup.py during
self test as well as installs.
Reported-by: Kenta Nakamura <Nakamura.Kenta@bp.MitsubishiElectric.co.jp>
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: Wireshark.org
MR: 109612, 110462, 112069
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 40f9f8ac2431f32680d4817607badbbe44875260
Description:
Bug fix only update:
see:
https://www.wireshark.org/docs/relnotes/wireshark-3.2.15.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.14.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.13.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.12.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.11.html
includes: CVE-2021-22191, CVE-2021-22207, CVE-2021-22235
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patches:
using conntrack instead of state eliminating warning
support setup.py build (python 3)
adjust runtime tests to use daytime port (netbase changes)
empty out IPT_MODULES (nf conntrack warning)
check-requirements patch for python 3.8
Update, add patches for python 3 interpreter
Add ufw-test package. Backport fixes for check-requirements script
Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell
For dunfell
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using systemd, ntpdate-sync script will start in background
triggering the start of ntpd without actually exiting.
This results in an bind error in ntpd startup.
Add wait at the end of ntpdate script to ensure that when the ntpdate.service
is marked as finished the oneshot script ntpdate-sync finished and unbind the
ntp port
Fixes #386
Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 73d5cd5e8d9d8a922b6a8a9d90adf0470a99314e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit f52ce99b468eff95b6e36caf41fb50808a26f8d5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3613b50a84559ce771866cd1eef1141fa3e6d238)
[mkcert.sh does mask 077 first]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit d1fb027f894921ea02c984eb581ee1500c613470)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This affects only openSUSE, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 711e932b14de57a5f341124470b2f3f131615a25)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 26819375448077265cd4c9dbb88b6be08b899e3f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb4a4f0ff8d9926137cb152fd3f2808bd9f961ce)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit d614d160a10b3c5ac36702fbd433f98925a9aa8e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Applied single patch for below listed CVEs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
as they are fixed by single commit
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
Link: https://www.openwall.com/lists/oss-security/2021/01/19/1
Also, applied patch for below listed CVEs:
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
all CVEs applicable to v2.81
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
[Refreshed patches]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't overwrite with O3 optimization. Reduces ebtables
binary package size from 416241 to 412145 bytes, and
enables further optimizations with e.g. -Os flags
via bitbake distro wide settings.
Only ebtables versions up to 2.0.10-4 and dunfell are affected.
The version 2.0.11 from hardknott and master branch use system
wide flags already.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
error: static declaration of 'icmp_ndo_send' follows non-static declaration
| 959 | static inline void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
| | ^~~~~~~~~~~~~
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f37e5423da984b7dc721d52f04673d3afc0879a1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Added below two patches to fix CVE-2020-11080:
1. CVE-2020-11080-1.patch
2. CVE-2020-11080-2.patch
Signed-off-by: Rahul Taya <Rahul.Taya@kpit.com>
[Refreshed patches to apply]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes
configure: error:
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
via the LIBS environment variable.
Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 59f817bbe374799e4398766c2a444692d932d979)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 59d3d64e902d4d2e7ea9c3d2e1fec442912bcdd5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Systemd service file option 'ExecStopPre' is warned and ignored by
systemd. By replacing 'ExecStopPre' with 'ExecStop', the intended
behavior is realized. The 'ExecStop' commands are executed one after the
other.
Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 55c94cb3196f53d0c1c76bbd74136d1b5d51802d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 83842c9150fdead52dc7b0913ffac32677720f98)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
original SRC_URI is not valid now, offical CELT repository
moved to gitlab
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5450c958bf66afd560fd8dff5b432ea71f10165c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 1de0f4c33b92b9bbd885044df505154c177db59e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* it's not clear why it was added in first place and it's causing issues since:
"package: get_package_mapping: avoid dependency mapping if renamed package provides original name"
commit in oe-core as discussed in:
https://lists.openembedded.org/g/openembedded-core/message/143672
https://github.com/openembedded/meta-openembedded/issues/285
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 304f660f880bdf7dd5c51695875ab0a73aaed8b2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit f9502868169715ee4945f5d8bef7c845dbb7b9e0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* now the gitlab QA check was backported to dunfell as well in:
https://git.openembedded.org/openembedded-core/commit/?h=dunfell&id=72f2c45880afbba1745e5e0cbd841d7fd666f374
and this started failing with:
ERROR: networkd-dispatcher-2.0.1-r0 do_package_qa: QA Issue: networkd-dispatcher: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol [src-uri-bad]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: git.openembedded.org
MR: 108115, 108125, 108095, 108105
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-daemons/iscsi-initiator-utils?id=46e30569e3b3d0cc66ce05e9accd759f37705feb
ChangeID: 46e30569e3b3d0cc66ce05e9accd759f37705feb
Description:
0001-libopeniscsiusr-Compare-with-max-int-instead-of-max-.patch
Removed since this is included in 2.1.3
Bugfix only update. Also includes these CVE fixes:
CVE-2020-13988
CVE-2020-13987
CVE-2020-17438
CVE-2020-17437
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
| |
This unbreaks the build with clang as well.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 409032dcc59bed5051cca454f7344b3cd207cebf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fix build with clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b99b2f5297a587188cf28e687111b58d7e358fb7)
[Bug fix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: Wireshark.org
MR: 106181, 106696, 107655, 107673, 107682
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 57df6ac3b11aabd96e6aec728501ce7988bc176a
Description:
Bugfix only update including these cves:
3.2.8
CVE-2020-26575
CVE-2020-28030
3.2.9
CVE-2020-26418
CVE-2020-26421
CVE-2020-26420
Signed-off-by: Armin Kuster <akuster@mvista.com>
(cherry picked from commit a10ea62a1c9c7b0c4810f2e4ef0dcc6f75b0ca6b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit baee1ebeafce5d6a99dafc30b91e6fb760197686)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 81d14a86353829eba1d55a93d478faf4c5527a89)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1d44b4c03d51e91ce01cf5fd0b33155ce36f1862)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 38beb6fe98894ffaf82a05ccfd6694f735daba26)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/tmp/work/qemux86_64-poky-linux/wireguard-module/1.0.20200401-r0/git/src/compat/compat-asm.h:44: warning: "SYM_FUNC_START" redefined
| 44 | #define SYM_FUNC_START ENTRY
| |
| In file included from /tmp/work/qemux86_64-poky-linux/wireguard-module/1.0.20200401-r0/git/src/compat/compat-asm.h:9,
| from <command-line>:
| /tmp/work-shared/qemux86-64/kernel-source/include/linux/linkage.h:218: note: this is the location of the previous definition
| 218 | #define SYM_FUNC_START(name) \
| |
| In file included from <command-line>:
| /tmp/work/qemux86_64-poky-linux/wireguard-module/1.0.20200401-r0/git/src/compat/compat-asm.h:45: warning: "SYM_FUNC_END" redefined
| 45 | #define SYM_FUNC_END ENDPROC
| |
Backporit fix from upstream
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Stacy Gaikovaia <stacy.gaikovaia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b4d7b1ee421d9ae75548ac0c0dd0ea9405a0571e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is security release in order to address CVE-2020-1472
(Unauthenticated domain takeover via netlogon ("ZeroLogon")).
See: https://www.samba.org/samba/history/samba-4.10.18.html
Also remove 3 backported patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bebdea8530652ff698885a3f55b0a650de319379)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 47821db8ed0dc81e84d5ba6b873dc14d50f85e07)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
