summaryrefslogtreecommitdiffstats
path: root/meta-oe
Commit message (Collapse)AuthorAgeFilesLines
...
* capnproto: Fix CVE-2022-46149Virendra Thakur2023-01-192-1/+52
| | | | | | | | | | This patch contains a fix for CVE-2022-46149 Patch backported from : https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9 Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: Fix CVE-2022-2625Hitendra Prajapati2022-12-112-0/+905
| | | | | | | | | Upstream-Status: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5579726bd60a6e7afb04a3548bced348cd5ffd89 Description: CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* flatbuffers: adapt for cross-compilation environmentsIvan Stepic2022-11-251-1/+6
| | | | | | | | | | | | | | | | | | | | | | Flatbuffers contains a library and a schema compiler. The package contains cmake files to discover the libraries and the compiler tool. Currently, all of these cmake files are installed into the target sysroot. However, the compiler utility isn't installed into the sysroot (as it is not runnable on the build machine). When an application that depends on flatbuffers gets built, it uses flatbuffers' exported cmake targets to configure the project. One of the exported targets is FlatcTarget.cmake which expects to see flatc binary in /usr/bin of the sysroot. Since binaries for target don't end up in target sysroot, cmake configuration fails. This patch addresses this problem of flatbuffers' build infrastructure in cross-compiling environments. By removing FlatcTarget.cmake for target builds from the sysroot we essentially skip this step of flatbuffers' configuration. Signed-off-by: Ivan Stepic <Ivan.Stepic@bmw.de> Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
* postgresql: CVE-2022-1552 Autovacuum, REINDEX, and others omit "security ↵Hitendra Prajapati2022-10-302-0/+948
| | | | | | | | | | | | | | restricted operation" sandbox Source: https://git.postgresql.org/gitweb/?p=postgresql.git; MR: 121822 Type: Security Fix Disposition: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ab49ce7c3414ac19e4afb386d7843ce2d2fb8bda && https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=677a494789062ca88e0142a17bedd5415f6ab0aa ChangeID: 5011e2e09f30f76fc27dc4cb5fa98a504d1aaec9 Description: CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
* c-ares: upgrade 1.17.2 -> 1.18.1wangmy2022-09-111-1/+1
| | | | | | | | | | | | | | | | | | c-ares version 1.18.1 - Oct 27 2021 Bug fixes: ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses rather than the sizeof(struct sockaddr_in6) Conflicts: meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e251d7b827d63277a36f1b8094d992303329b866) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* c-ares: remove custom patchesSinan Kaya2022-09-113-108/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Current patch is breaking the library dependencies added by cmake especially when you are static linking. Applications need the ws2_32 library to be linked for mingw32 and with the existing patch this is not getting passed to the users. Current patch seems to address this issue: https://github.com/c-ares/c-ares/issues/373 Both issues are resolved in 1.17.2: 1.17.2-r0/git $ find . | grep c-ares-config.cmake.in ./c-ares-config.cmake.in 1.17.2-r0/git $ find . | grep libcares.pc.cmake ./libcares.pc.cmake Conflicts: meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 621bdc1993d2e8da08b9b240043dc13481cd644f) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* c-ares: upgrade 1.17.1 -> 1.17.2wangmy2022-09-111-8/+5
| | | | | | | | | | | | Conflicts: meta-oe/recipes-support/c-ares/c-ares_1.17.2.bb Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c49173b09c998bb3893ae873f68823647f1a7e18) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* c-ares: Upgrade to 1.17.1 releaseKhem Raj2022-09-112-19/+12
| | | | | | | | | | | | | | | | | | Forward port cmake-install-libcares.pc.patch, drop the need to install pkgconfig files as its already being done by main Makefile Signed-off-by: Khem Raj <raj.khem@gmail.com> Forward port cmake-install-libcares.pc.patch, drop the need to install pkgconfig files as its already being done by main Makefile Conflicts: meta-oe/recipes-support/c-ares/c-ares_1.17.1.bb Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b65f2904191b8d309b3971d4e65c5e1701156b1c) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* Revert "c-ares: Add fix for CVE-2021-3672"Armin Kuster2022-09-113-207/+0
| | | | | | | | | This reverts commit b06724bc274f751004ade2ceeddfb8ec40d93f16. Revert this CVE fix as we upgrade c-ares to 1.18.1 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* cryptsetup: upgrade 2.3.2 -> 2.3.7Yi Zhao2022-09-111-2/+2
| | | | | | | | | | | | | | Stable security bug-fix release that fixes CVE-2021-4122. ReleaseNotes: https://kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.7-ReleaseNotes Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 5dca16b451abf80b1bfacfc533daf447ff4dad7c) This is just the rename and SRC_URI hash updates made to apply to dunfell. Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
* nodejs: Upgrade to 12.22.12Ranjitsinh Rathod2022-09-112-3093/+2
| | | | | | | | | | | | | | As per the below release note, it should be a last release for 12.x stable LTS series. Link: https://github.com/nodejs/node/releases/tag/v12.22.12 Remove CVE-2021-44532 fix as it already available in this release v12.22.12 License-Update: src/gtest additional file in the LICENSE Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
* meta-oe: Add leading whitespace for append operatorKhem Raj2022-08-026-7/+7
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 92441f9d6a958c245a03f89ec44ef2c17dd6b0ee) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xterm: CVE-2022-24130 Buffer overflow in set_sixel in graphics_sixel.cHitendra Prajapati2022-07-162-1/+85
| | | | | | | | | | | | | Source: https://github.com/ThomasDickey/xterm-snapshots/ MR: 115675 Type: Security Fix Disposition: Backport from https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d ChangeID: 6ad000b744527ae863187b570714792fc29467d9 Description: CVE-2022-24130 xterm: Buffer overflow in set_sixel in graphics_sixel.c. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openldap: CVE-2022-29155 OpenLDAP SQL injectionHitendra Prajapati2022-07-162-1/+278
| | | | | | | | | | | | | Source: https://git.openldap.org/openldap/openldap MR: 117821 Type: Security Fix Disposition: Backport from https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 ChangeID: d534808c796600ca5994bcda28938d45405bc7b4 Description: CVE-2022-29155 openldap: OpenLDAP SQL injection Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: move to version v7.4.28Jeroen Hofstee2022-06-151-1/+1
| | | | | | | | CVE: CVE-2021-21703 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708 Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com> [Didn't apply cleanly, corrected.] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* iperf: Set CVE_PRODUCT to "iperf_project:iperf"Akash Hadke2022-06-152-0/+4
| | | | | | | | | | | | | | | Set CVE_PRODUCT as 'iperf_project:iperf' for iperf2 and iperf3 recipes, cve-check class is setting default CVE_PRODUCT to 'iperf2' and 'iperf3' respectively which ignores the iperf CVEs from NVD Database. Reference: CVE-2016-4303 Link: https://nvd.nist.gov/vuln/detail/CVE-2016-4303 Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* grpc: switch from master branch to main for upbMartin Jansa2022-06-151-1/+1
| | | | | | | | | | | | * hardknott and newer branches don't need this as upb repo was removed in: commit 15cff67fd6cdb34e3621368fe9ce94a98356f27a Author: Anatol Belski <anbelski@linux.microsoft.com> Date: Fri Feb 19 12:39:55 2021 +0000 grpc: Upgrade 1.24.3 -> 1.35.0 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* leveldb: switch from master branch to mainMartin Jansa2022-06-151-1/+1
| | | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tesseract-lang: switch from master branch to mainMartin Jansa2022-06-151-1/+1
| | | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: update to 10.4.25Armin Kuster2022-06-053-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: mariadb.org MR: 117530, 117522, 117514, 117506, 117497, 117489, 117481, 117473, 117465, 117457, 117449, 117380, 117364, 117356, 117336, 117212, 117204, 117196, 117180, 117188, 117169, 117161, 117441, 117372 Type: Security Fix Disposition: Backport from mariagdb.org ChangeID: 8bf787570ebe8503d2974af92e17b505e70440e5 Description: LTS version, bug fix only. Include these CVES: CVE-2022-27458 CVE-2022-27457 CVE-2022-27456 CVE-2022-27455 CVE-2022-27452 CVE-2022-27451 CVE-2022-27449 CVE-2022-27448 CVE-2022-27447 CVE-2022-27446 CVE-2022-27445 CVE-2022-27444 CVE-2022-27387 CVE-2022-27386 CVE-2022-27385 CVE-2022-27384 CVE-2022-27383 CVE-2022-27382 CVE-2022-27381 CVE-2022-27380 CVE-2022-27379 CVE-2022-27378 CVE-2022-27377 CVE-2022-27376 Signed-off-by: Armin Kuster <akuster@mvista.com>
* opencl-headers: switch to main branchJulien STEPHAN2022-05-251-1/+1
| | | | | | | master branch was renamed main on upstream project, so update the URI Signed-off-by: Julien STEPHAN <jstephan@baylibre.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opencl-icd-loader: switch to main branchJulien STEPHAN2022-05-251-1/+1
| | | | | | | master branch was renamed main, so update the URI Signed-off-by: Julien STEPHAN <jstephan@baylibre.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openjpeg: Whitelist CVE-2020-27844 and CVE-2015-1239Sana Kazi2022-05-251-0/+14
| | | | | | | | | | | | | | | | | Whitelist CVE-2020-27844 as it is introduced by https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5 but the contents of this patch is not present in openjpeg_2.3.1 Link: https://security-tracker.debian.org/tracker/CVE-2020-27844 Whitelist CVE-2015-1239 as the CVE description clearly states that j2k_read_ppm_v3 function in openjpeg is affected due to CVE-2015-1239 but in openjpeg_2.3.1 this function is not present. Hence, CVE-2015-1239 does not affect openjpeg_2.3.1. Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ostree: prevent ostree-native depending on target virtual/kernel to provide ↵Martin Jansa2022-05-251-1/+1
| | | | | | | kernel-module-overlay Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lua: fix CVE-2022-28805Steve Sakoman2022-05-253-0/+102
| | | | | | | | | | | | | | | | | | singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Sana Kazi <sana.kazi@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 91e14d3a8e6e67267047473f5c449f266b44f354) Signed-off-by: Omkar Patil <omkar.patil@kpit.com> Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: Fix build on riscvKhem Raj2022-04-192-0/+39
| | | | | | | | | Remove duplicate code Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit aa22894fa352986a62c4530ad8facd8868b2e535) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mongodb: Pass OBJCOPY to scons so it does not use it from hostKhem Raj2022-04-181-0/+2
| | | | | | | | | | | | Fixes objcopy: Unable to recognise the format of the input file `build/opt/mongo/mongos' Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Vincent Prince <vincent.prince.fr@gmail.com.com> (cherry picked from commit e91940073af4e19cd18a09cd12aa381ff60fe54b) [Fix up for Dunfell context: also fixes Please add a conforming MONGO_VERSION=x.y.z[-extra] as an argument to SCons] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Mariadb: update to 10.4.24Armin Kuster2022-04-185-109/+2
| | | | | | | | | | | | | | | | | | | | | | | Source: Mariadb.org MR: 115460, 115507, 1115549, 115549, 115488 Type: Security Fix Disposition: Backport from mariadb.org ChangeID: 722782cefa6805e907ee377a340f1b8bec174079 Description: Bug fix only update, includes these CVES: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 For more information see: https://mariadb.com/kb/en/mariadb-10424-release-notes/ drop mariadb/c11_atomics.patch as its include in the update. drop mariadb/clang_version_header_conflict.patch different fix applied Signed-off-by: Armin Kuster <akuster@mvista.com>
* polkit: fix overlapping changes in recent CVE patchesRalph Siemsen2022-04-182-33/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 17e931e77 ("polkit: fix CVE-2021-3560") contains - upstream commit a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Commit 67ec3e049 ("polkit: Fix for CVE-2021-4115") contains both: - upstream commit a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (CVE-2021-3560) - upstream commit 41cb093f554da8772362654a128a84dd8a5542a7 (CVE-2021-4115) Thus the fix for CVE-2021-3560 is applied twice, resulting in warnings during do_patch. Curiously it neither fails nor complains about patch already applied. Also devtool silently discards the duplicate patch. Drop the duplicate patch, to resolve following warnings: WARNING: polkit-0.116-r0 do_patch: Fuzz detected: Applying patch 0001-GHSL-2021-074-authentication-bypass-vulnerability-in.patch patching file src/polkit/polkitsystembusname.c Hunk #1 succeeded at 438 with fuzz 2 (offset 3 lines). Applying patch CVE-2021-4115.patch patching file src/polkit/polkitsystembusname.c Hunk #4 succeeded at 439 with fuzz 2. Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* multipath-tools: update SRC_URIMinjae Kim2022-04-181-1/+1
| | | | | | | | The git repo for multipath-tools was changed, so update the SRC_URI accordingly with the new link. Signed-off-by:Minjae Kim <flowergom@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: upgrade to 12.22.2Nisha Parrakat2022-04-181-1/+1
| | | | | | | upgrading to next maintainence LTS version Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* spirv-tools: update SRC_URI for googletest to mainArmin Kuster2022-04-181-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* breakpad: Update SRC_URI for protobuf and lssArmin Kuster2022-04-181-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* breakpad: fix branch for gtest in SRC_URIThomas Perrot2022-04-181-2/+2
| | | | | | | | | | The commit 4fe018038f87 is in the main branch, so the do_fetch task failed. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b8bb7dc157b248802218fcf80215f80a6c7cd6f3) [Fix up for Dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cli11: switch from default master branch to main to fix do_fetch failureChristian Ege2022-04-181-1/+1
| | | | | | | The branch was renamed in the upstream repository Signed-off-by: Christian Ege <christian.ege@ifm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* imagemagick: update SRC_URI branch from master to mainDaniel Stadelmann2022-04-181-1/+1
| | | | | | | master branch in imagemagick was renamed to main (https://github.com/ImageMagick/ImageMagick). Similar change is already in master branch for version 7.0.10 (see 248739128389) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openjpeg: Fix multiple CVESana Kazi2022-03-2714-0/+754
| | | | | | | | | | | | | | | | | Add patch to fix below CVE: CVE-2019-12973 CVE-2020-15389 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* p7zip: Fix for CVE-2016-9296Virendra Thakur2022-03-272-0/+28
| | | | | | | Add patch to fix CVE-2016-9296 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: fix CVE-2021-3560Mingli Yu2022-03-272-0/+34
| | | | | | | | | | | | | Backport a patch [1] to fix CVE-2021-3560. [1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Squashed together 6000f5a3b and 7f4f1ee71 Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* p7zip: refresh patchesArmin Kuster2022-03-272-42/+44
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.vom>
* p7zip: build and package lib7z.so needed for fastbootNisha Parrakat2022-03-272-2/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | a) use option 7z to build the lib7z.so library This is needed for android-tools for building fastboot from android-tools b) Packaged the lib7z.so and codec libraries as a part of this recipe Fastboot RDepends on it lib7z.so c) Fixed a C++17 forbidden error when lib7z.so is built fixes the below error | ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)': | ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 | 308 | numMethods++; | | ^~~~~~~~~~ | ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 | 318 | numMethods++; Signed-off-by: Nisha Parrakat <Nisha.Parrakat@kpit.com> Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Akash Hadke <Akash.Hadke@kpit.com> Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> (cherry picked from commit 3c36a8efe2a964c3aa9bfcd836cee3f80a837fcd) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* googletest: Switch branch from master to mainPeter Kjellerstedt2022-03-271-1/+1
| | | | | | | | | The master branch has been renamed to main in the github repo. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* protobuf: fix patch fuzzRoss Burton2022-03-271-8/+17
| | | | | | | | | | | | | Applying patch CVE-2021-22570.patch patching file src/google/protobuf/descriptor.cc Hunk #1 succeeded at 2603 with fuzz 1 (offset -23 lines). Hunk #2 succeeded at 2817 with fuzz 1 (offset -14 lines). Hunk #3 succeeded at 4006 (offset -17 lines). Hunk #4 succeeded at 4050 (offset -18 lines). Hunk #5 succeeded at 4368 (offset -18 lines). Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: Fix for CVE-2021-4115Ranjitsinh Rathod2022-03-273-0/+121
| | | | | | | | | | Add patch to fix CVE-2021-4115 Also, add a support patch to cleanly apply CVE patch Link: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/109 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* protobuf: Fix CVE-2021-22570Sana Kazi2022-02-232-0/+65
| | | | | | | | | | | | | | | | Fix CVE-2021-22570. Link: https://koji.fedoraproject.org/koji/buildinfo?buildID=1916865 Link: https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch Remove first and second hunk because the second argument in InsertIfNotPresent() function is of type const char* const& but the first and second hunk makes the type of second argument as const string which is not compatible with the type of second argument in InsertIfNotPresent(). Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptsetup: Add runtime dependency on lvm2-udevrules for udevKristian Klausen2022-02-231-1/+1
| | | | | | | | | | | | Without the udevrules cryptsetup luksOpen will be hanging with "Udev cookie 0xd4de0f6 (semid 5) waiting for zero". Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 60b33e376b2331cd20950f0745336397790d2201) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 32f1d758a14bba35d67a75778ae747f1ff5c5482) [Minor fixup for Dunfell] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* graphviz: native: create /usr/lib/graphviz/config6 in populate_sysrootChristian Eggers2022-02-201-0/+11
| | | | | | | | | | | | | | | | | The `dot` tool requires to be run once after installation in order to create its configuration file. The do_prepare_recipe_sysroot task uses do_populate_sysroot in order to prepare the recipe-sysroot-native. Package postinstall scripts are not executed for -native packages, but files under ${BINDIR}/postinst-* are. This is quite the same as graphviz-setup.sh does for nativesdk. The general idea has been taken from OECORE/meta/classes/pixbufcache.bbclass. Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Add fix for CVE-2022-22747Ranjitsinh Rathod2022-02-132-0/+64
| | | | | | | | Add a patch to fix CVE-2022-22747 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: Fix for CVE-2021-44532Virendra Thakur2022-02-062-0/+3091
| | | | | | | | Add patch to fix CVE-2021-44532 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linuxptp: Update to 2.0.1Robert Joslyn2022-02-061-3/+2
| | | | | | | Fixes CVE-2021-3570 and CVE-2021-3571 Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 04:42:49 +0000