| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/434890df2a7c131b40fec1c49e6239972ab299d2
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ git log --oneline | grep CVE
f58c813 merge in fixes for libgd CVE-2019-6978
407a58b CVE-2017-6362
dabcb8c CVE-2016-10168
b691e47 CVE-2016-10167
16919b4 CVE-2016-9317
2208b48 CVE-2016-9011
f47cbdf CVE-2015-4696
b5ae5d1 CVE-2015-4695
879d6bf CVE-2015-0848+CVE-2015-4588
44f37ac CVE-2009-3546
7bd8ce0 CVE-2007-2756
cfc0916 CVE-2007-3477
5ec7547 CVE-2007-3473
fdd21b1 CVE-2007-3472
5588450 CVE-2007-0455
2c84480 CVE-2009-1364, Use-after-free vulnerability
b9cc022 CVE-2006-3376 Integer overflow in player.c
Adaptations:
* removed patches included in new version.
* extended buildpaths fix to pc file
* changed paths from libdir/gtk-2 to libdir/gdk-pixbuf-2.0
Test - built imagemagick (only recipe in meta-openembedded depending
on libwmf) with wmf PACKAGECONFIG.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Debian has switched to this fork in Bookworm.
If contains dozens of CVE fixes and other bugfixes.
This should make the maintenance of this package easier.
The sources are identical to those abandoned in 2002:
Only in .../tmp/work/core2-64-poky-linux/libwmf/0.2.8.4/libwmf-0.2.8.4/: autom4te.cache
Only in /tmp/caolanm/libwmf/: .git
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is fixed by
https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
It is tracked as 'fixed in next version' - 7.1.2 (which does not exist)
in NVD DB.
.../tmp/work/core2-64-poky-linux/imagemagick/7.1.1-43/git$ git describe aa673b2e4defc7cad5bec16c4fc8324f71e531f1 --tags
7.1.1-18-4-gaa673b2e4d
.../tmp/work/core2-64-poky-linux/imagemagick/7.1.1-43/git$ git tag --contains aa673b2e4defc7cad5bec16c4fc8324f71e531f1 | head -n1
7.1.1-19
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This fixes at least CVE-2024-41817 (in 7.1.1-36).
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
* move version part after dash to PV
* set git tag regex
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Take patch from Debian.
https://sources.debian.org/data/main/p/procmail/3.22-26%2Bdeb10u1/debian/patches/30
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Take patch from Debian.
https://sources.debian.org/data/main/p/procmail/3.22-20%2Bdeb7u1/debian/patches/CVE-2014-3618.patch
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is fixed in id3lib3.8.3_3.8.3-16.2.debian.tar.xz patch included in
SRC_URI.
Version 3.8.3-7 contains patch for this CVE, we use 3.8.3-16.2.
This can be verified by checking the debian/changelog within this patch
or diffing [1] and [2] and verifying that this can be reverse-applied.
[1] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6.diff.gz
[2] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-7.diff.gz
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Take patch from Debian from
https://salsa.debian.org/lts-team/packages/uw-imap/-/commit/873b07f46ce40f43bca10ec85fe63a7a0b934294
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pick commit based on [1].
Note that the pick is node from deskflow, which is open-source successor
of synergy.
If anyone uses thie recipe, it should be switched.
[1] https://github.com/deskflow/deskflow/security/advisories/GHSA-chfm-333q-gfpp
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pick patch per [1] poiting to [2] pointing to [3].
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-40320
[2] https://github.com/libconfuse/libconfuse/issues/163
[3] https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
* New features
Support watchpoint for global variables
Show man pages for the given command
Add utc_offset in the header info
* Bug fixes
Show arguments in libraries from dlopen
Save debug info for libraries from dlopen
Protect FD of communication channel from being closed
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://github.com/osandov/drgn/releases/tag/v0.0.30
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- prepare-root: Add composefs.enabled=verity
- README: Update buildstream URL to new github repo
- composefs: Ensure buffer is suitably aligned for struct fsverity_digest
- core: Always sort incoming xattrs
- Fix ci
- sign-ed25519: Fix error message of validate_length
- rofiles-fuse: when fuse execution fails, rofiles-fuse still returns exit code 0
- libostree/deploy: enable composefs by default
- man: Note semantics combining root.transient with composefs.enabled
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=============
- fix common misspellings from codespell project
- nvmetcli: set up the target only after the network is configured
- nvmetcli: fixup ana groupid setting for namespaces
- Documentation: fix typo
- nvmetcli: add a tcp example json
- nvmetcli: Correct xrange usage for py3
- nvmetcli: Allow different devices for make test
- nvmetcli: Report save name correctly
- test_nvmet.py: test_invalid_input fails for py3
- nvme.py: Make modprobe work for kmod lib too
- nvme.py: Sync the containing directory
- nvme.py: Explicit close is redundant
- nvmetcli: Improve IOError handling on restore
- README: Update URL for configshell-fb
- nvmetcli: don't remove ANA Group 1 on clear
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
============
- A build failure with gcc-15 is fixed.
- Several translations were updated.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
Fixed handling of grayscale images with alpha
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is fixed in current libsass recipe version.
So wrapper around it will also not show this problem.
It's usual usecase is to be statically linked with libsass which is
probably the reason why this is listed as vulnerable component.
[1] links [2] as issue tracker which points to [3] as fix.
[4] as base repository for the recipe is not involved and files from [3]
are not present in this repository.
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357
[2] https://github.com/sass/libsass/issues/3177
[3] https://github.com/sass/libsass/pull/3184
[4] https://github.com/sass/sassc/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Solves dozens of vulnerabilities. See
https://php.watch/versions/8.2/releases/8.2.21
https://php.watch/versions/8.2/releases/8.2.22
https://php.watch/versions/8.2/releases/8.2.23
https://php.watch/versions/8.2/releases/8.2.24
https://php.watch/versions/8.2/releases/8.2.25
https://php.watch/versions/8.2/releases/8.2.26
Removes CVE-2024-11233, CVE-2024-11234 and CVE-2024-11236 from
current cve metrics.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NVD tracks this CVE as version-less.
Per [1] this is fixed by following commits:
$ git tag --contains b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc
0.26.0
0.26.0-rc1
$ git tag --contains 02e847458369c08421fd2d5e9a16a5f272c2de9e
0.26.0
0.26.0-rc1
[1] https://github.com/OpenSC/OpenSC/wiki/CVE-2024-8443
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Solves CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618,
CVE-2024-45619 and CVE-2024-45620.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-10976, CVE-2024-10977, CVE-2024-10978
and CVE-2024-10979
Changelog:
https://www.postgresql.org/docs/release/16.5/
0003-configure.ac-bypass-autoconf-2.69-version-check.patch
Refreshed for 16.5
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
This will remove false-positive CVE-2024-50655 from reports.
There are different emlog components from other vendors around.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
This is Debian-specific CVE.
NVD tracks this CVE as version-less.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our hash does not point to exact tag and CVE patch is already in.
We use: 33a8a275928b186381bb0aea0f9778e330e57ec3
Fix: https://github.com/labapart/gattlib/commit/60b813a770e42fdb0e85c1d2da7a55327784b8d6
git describe --tags --match=v0.2 33a8a275928b186381bb0aea0f9778e330e57ec3 60b813a770e42fdb0e85c1d2da7a55327784b8d6
v0.2-262-g33a8a27
v0.2-85-g60b813a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This CVE is for vmware ace.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
for cross-compilation
Refresh local patch to remove '-L/usr/lib/p7zip'
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Due to commit [Use 7zip 2409 to replace p7zip 16.02] applied,
update affected recipes
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to DOC/readme.txt [1]:
7-Zip and p7zip
===============
Now there are two different ports of 7-Zip for Linux/macOS:
1) p7zip - another port of 7-Zip for Linux, made by an independent developer.
The latest version of p7zip now is 16.02, and that p7zip 16.02 is outdated now.
http://sourceforge.net/projects/p7zip/
2) 7-Zip for Linux/macOS - this package - it's new code with all changes from latest 7-Zip for Windows
Add recipe 7-zip [2] to instead of recipe p7zip[3] in which the upstream is dead since 2016
Use git repo to instead of tarball
Drop obsolete patches
- CVE-2016-9296.patch
- CVE-2017-17969.patch
- CVE-2018-5996.patch
- change_numMethods_from_bool_to_unsigned.patch
- 0001-Fix-two-buffer-overflow-vulnerabilities.patch
- 0001-Fix-narrowing-errors-Wc-11-narrowing.patch
License-Update: DOC/License.txt: Add BSD-2-Clause & BSD-3-Clause
The codec libraries was removed since 21.02 [4]
Refer debian to compile 7-zip [5]
Add link 7z.so to lib7z.so and create wrapper to command 7z
which required running with absolute path to link the library 7z.so
[1] https://salsa.debian.org/debian/7zip/-/blob/master/DOC/readme.txt?ref_type=heads
[2] https://sourceforge.net/projects/p7zip/
[3] https://www.7-zip.org/
[4] https://github.com/p7zip-project/p7zip/commit/6c6ed1eba9ff0c0ded9323600f1f3c686d6b6692
[5] https://salsa.debian.org/debian/7zip/-/blob/master/debian/rules
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
It does not build without it.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-detect-correct-openssl-3.x.patch
removed since it's included in 0.4.13
Changelog:
=========
- Increased maximum PIN length
- Fixed several memory leaks
- Don't include libp11.rc VERSIONINFO into pkcs11
- Reimplement CI with GitHub Actions
- Improved tests
- Added static ENGINE (libpkcas11.a) build
- Added a workaround broken foreign key handling in OpenSSL
3.0.12-3.0.13, 3.1.4-3.1.5, 3.2.0-3.2.1
- Added a workaround for conflicting atexit() callbacks
- Always login with PIN If FORCE_LOGIN is specified in openssl config
- Added OAEP support to RSA_private_decrypt
- Added PKCS11_enumerate_*_ext functions
- Fixed non-null-terminated label padding
- Fixed several object management issues
- Deferred libp11 initialization until needed
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
all libpeas recipes are in meta-gnome now.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Use _stricmp() instead of strcasecmp() on Windows
- Accept --help & --version as aliases to -help & -version
- evargs.c: constify pointer arguments that aren't modified
- evargs.c: Use standard strchr() instead of deprecated index()
- Remove detectableRepeat variable
- Assume target platforms have strcasecmp now
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://github.com/uclouvain/openjpeg/blob/v2.5.3/NEWS.md
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Fix memory not released on error return from pb_decode_ex()
- Fix deprecated MakeClass() call in generator
- Fix compiler error with enums and --c-style
- Fix version conflict with bazel build rules
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Fixed: If the ping statement did not explicitly specify an outgoing address
but a previous ping statement did, the same address was shared by both
statements.
- Fixed: Monit may crash upon stopping if the ping statement is used in
conjunction with the address option.
- Fixed: If a directory is set in the 'allow' option of the 'set httpd'
statement, instead of file or string, Monit hangs on start.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-fix-command-bin-findmnt-bin-lsblk-bin-sort-not-found.patch
removed since it's included in 2.03.29
Changelog:
===========
* Fix renaming of raid sub LVs when converting a volume to raid (2.03.28).
* Fix segfault/VG write error for raid LV 'lvextend -i|--stripes -I|--stripesize'.
* Add configure --enable/disable-sd-notify to control lvmlockd build with sd-notify.
* Allow test mode when lvmlockd is built without dlm support.
* Add a note about RAID + integrity synchronization to lvmraid(7) man page.
* Add a function for running lvconvert --repair on RAID LVs to lvmdbusd.
* Improve option section of man pages for listing commands ({pv,lv,vg}{s,display}).
* And some cleanup mostly in test code.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Socket code has been moved to libimobiledevice-glue library
- Code cleanup (clang-tidy) and improvements
- autoconf: Fix clang-16 breakage
- Add libusbmuxd_version() function to interface
- iproxy: Use updated socket_create API to listen on IPv4 and IPv6 with a single socket
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
