| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e && https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1 && https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773
(From OE-Core rev: dd5bbac75b1d8f7ebd83d5c9945bd860e397ba07)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
License-Update: Copyright updated to 2025
0001-sudo.conf.in-fix-conflict-with-multilib.patch refreshed for 1.9.17
(From OE-Core rev: b04af6db102c97f3d4338dbcfdcab927b5194a69)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
This CVE is fixed in the following version bump
This reverts commit d01f888a5ec43fdc8e7bd496ae9317c0fa28da9b.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Pick commit referencing this CVE.
(From OE-Core rev: a8193571c8cdba55f568d831a4546e0fed892be0)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
In http://ftp.debian.org/debian/pool/main/m/minicom/, the
tarball of minicom_2.9.orig.tar.bz2 can not be found.
So the old SRC_URI should be updated.
(From OE-Core rev: 49fcec2041071d44289e03cac087de6b929d6153)
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/sudo-project/sudo/commit/d530367828e3713d09489872743eb92d31fb11ff
(From OE-Core rev: d01f888a5ec43fdc8e7bd496ae9317c0fa28da9b)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability has been identified in the libarchive library. This flaw can be triggered whe
n file streams are piped into bsdtar, potentially allowing for reading past the end of the fi
le. This out-of-bounds read can lead to unintended consequences, including unpredictable prog
ram behavior, memory corruption, or a denial-of-service condition.
CVE-2025-5918-0001 is the dependent commit and CVE-2025-5918-0002 is the actual CVE fix.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5918
Upstream-patches:
https://github.com/libarchive/libarchive/commit/89b8c35ff4b5addc08a85bf5df02b407f8af1f6c
https://github.com/libarchive/libarchive/commit/dcbf1e0ededa95849f098d154a25876ed5754bcf
(From OE-Core rev: 369c164a163b2c7f15ee5fc41130be9feaf7245e)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-
one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-
byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lea
ding to unpredictable program behavior, crashes, or in specific circumstances, could be lever
aged as a building block for more sophisticated exploitation.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5917
Upstream-patch:
https://github.com/libarchive/libarchive/commit/7c02cde37a63580cd1859183fbbd2cf04a89be85
(From OE-Core rev: 2b6832b05bab414df1da7c74a0c6a5e5a9d75b29)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability has been identified in the libarchive library. This flaw
involves an integer overflow that can be triggered when processing a Web
Archive (WARC) file that claims to have more than INT64_MAX - 4 content
bytes. An attacker could craft a malicious WARC archive to induce this
overflow, potentially leading to unpredictable program behavior, memory
corruption, or a denial-of-service condition within applications that
process such archives using libarchive.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5916
Upstream-patch:
https://github.com/libarchive/libarchive/commit/ef093729521fcf73fa4007d5ae77adfe4df42403
(From OE-Core rev: 9c74d3a096fed68d173f8711b373a42f158d6cc7)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap b
uffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer
-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memo
ry buffer, which can result in unpredictable program behavior, crashes (denial of service), o
r the disclosure of sensitive information from adjacent memory regions.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5915
Upstream-patches:
https://github.com/libarchive/libarchive/commit/a612bf62f86a6faa47bd57c52b94849f0a404d8c
(From OE-Core rev: 99fdc86ad57db4d8829a33033918cf78419977af)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability has been identified in the libarchive library, specifically within the archiv
e_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultim
ately lead to a double-free condition. Exploiting a double-free vulnerability can result in m
emory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service
condition.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-5914
Upstream-patch:
https://github.com/libarchive/libarchive/commit/09685126fcec664e2b8ca595e1fc371bd494d209
(From OE-Core rev: b7d8249bda296620a5bbf592f4cdf566b4537563)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the input compiler enables AVX, stack realignment requirements
causes gcc to fail to omit %rbp use, due to which the test fails to
clobber %rbp in inline asm. Disable AVX to build the test on x86_64 so
that the test continues working.
Fix compilation with gcc v13.4+. Cherry picked from oe-core, master branch.
(From OE-Core rev: 54d6fa7bc9f4ae6bdb98862488e8d09200d3bc14)
Signed-off-by: Preeti Sachan <preeti.sachan@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Backport patch for this CVE and also patch for its regression.
(From OE-Core rev: 352525443b1844cdfd28355dfc1444046bbb76e8)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A minor information leak when running Screen with setuid-root
privileges allosw unprivileged users to deduce information
about a path that would otherwise not be available.
Affected are older Screen versions, as well as version 5.0.0.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-46804
Upstream-patch:
https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30
(From OE-Core rev: a313af8ca347797214669406ee86f5239997f7e3)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a short time they PTY is set to mode 666, allowing any user on the
system to connect to the screen session.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-46802
Upstream-patch:
https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
(From OE-Core rev: b17e091eb4681b69c5a050d3fa0f9289f524e205)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1d9be1505462822a2b75a1136a27d25b262b1feb)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc9ba7005fb155f4d5f2be9b23c12d14362a306b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/screen/patch/?id=aa9f51f996a22470b8461d2b6a32e62c7ec30ed5
Upstream commit https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4]
(From OE-Core rev: 69dd9b16fbd18a1a960887ee9479a2e731b5a184)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2025-47268
ping in iputils through 20240905 allows a denial of service (application
error or incorrect data collection) via a crafted ICMP Echo Reply
packet, because of a signed 64-bit integer overflow in timestamp
multiplication.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47268
Patch from:
https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40
(From OE-Core rev: 6b0dd564249754ab8ec20ce69b137466e051501e)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 0d93972dc2d67853b7ddb0d9e55522930fb51df2)
Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1ff8b45da27b533477cf6d9ace7a47f7f3a28b1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Initially, PAM community fixed CVE-2024-10041 in the version v1.6.0 via commit b3020da.
But not all cases were covered with this fix and issues were reported after the release.
In the v1.6.1 release, PAM community fixed these issues via commit b7b9636.
Backport this commit b7b9636, which
Fixes: b3020da ("pam_unix/passverify: always run the helper to obtain shadow password file entries")
Backport from https://github.com/linux-pam/linux-pam/commit/b7b96362087414e52524d3d9d9b3faa21e1db620
(From OE-Core rev: 78a04ce17e7d828c0cf8cae2164882683d46275e)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These is update with only bug and security releases.
On top of previous CVE patches, also CVE-2024-48615 is handled.
Also many security fixes without CVE assigment are included.
Note that upgrade to 3.7.5 on master required fix of test in
python3-libarchive-c, however that recipe does not yet have ptest in
scarthgap and the fix was in test only, not in productive code, so it is
not necessary in scarthgap.
Also remove CVE_STATUS which was obsolete already before this upgrade.
(From OE-Core rev: f20516a3ed8a39d7e4deddf11dd2acd871894048)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This upgrade addresses CVEs:
CVE-2025-27835 CVE-2025-27832
CVE-2025-27831 CVE-2025-27836
CVE-2025-27830 CVE-2025-27833
CVE-2025-27833 CVE-2025-27834
Changelog:
https://ghostscript.readthedocs.io/en/gs10.05.0/News.html
(From OE-Core rev: 2c851f74fa72c30d447d59d450eb9bc036404f55)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick commits from [1] linked from [2] from branch v5.4
[1] https://tukaani.org/xz/xz-cve-2025-31115.patch
[2] https://tukaani.org/xz/threaded-decoder-early-free.html
(From OE-Core rev: 952ea12f08a4e42f787a21fb98adaf4b17d0aee1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
License-Update: homepage update in [1]
[1] https://github.com/tukaani-project/xz/commit/c5c091332c6953a0ce940cb355ea9e99491429fc
(From OE-Core rev: e6565ca37da4821f8e3924fe6bc6a6f4eeedd9a9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* in builds with zip in HOSTTOOLS mc fails with:
ERROR: mc-4.8.31-r0 do_package_qa: QA Issue: File /usr/libexec/mc/extfs.d/uzip in package mc-helpers-perl contains reference to TMPDIR [buildpaths]
and it's because of the path to zip:
mc/4.8.31/package $ grep -R styhead .
./usr/libexec/mc/extfs.d/uzip:my $app_zip = "TMPDIR/hosttools/zip";
* don't use /usr/bin/env as in other cases, because app_zip is then used e.g. with:
my $cmd_addlink = "$app_zip -g -y";
(From OE-Core rev: 4003b5faa1e5acfa025e1d0df4e021e06cf8724c)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Pick commit referencing this MR which was merged to master.
(From OE-Core rev: a4ff82c789d50a3f411170636679ce46c8f84b25)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from 2023d version, tzcode makefile does not use anymore "cc"
variable for C compiler, due to Makefile refactoring.
Replacing "cc" with "CC" fixes the issue.
(From OE-Core rev: c297d2cd8d28463adca5158c9895f1492754d569)
Signed-off-by: Alessio Cascone <alessio.cascone@vimar.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b3cdfca5ef84ed2054faef9abddef3aeed930e17)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 34b0f99ffd9beab4d400b05f259fc26f3da0386b)
Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a15c4e6793c55c8084a61298ef3695e1db2f60cd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Applications that use Wget to access a remote resource using
shorthand URLs and pass arbitrary user credentials in the URL
are vulnerable. In these cases attackers can enter crafted
credentials which will cause Wget to access an arbitrary host.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-10524
Upstream-patch:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778
(From OE-Core rev: 425c3f55bd316a563597ff6ff95f8104848e2f10)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed race issues for parallel build:
groff: error: couldn't exec soelim: Permission
And:
groff: error: couldn't exec grn: Permission denied
(From OE-Core rev: 44b625a820a22c99f4fa1d4ed6b6de98c5d75884)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
(cherry picked from commit b9ee7ea9ab05a1887c863dc9fccc65cb9e6850df)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add Patch file to fix CVE-2024-20696
CVE: CVE-2024-20696
(From OE-Core rev: a3b0a4a53e99e4faa42a6e7be5713b12acc63dba)
Signed-off-by: Nitin Wankhade <nitin.wankhade@kpit.com>
Signed-off-by: Nikhil R <nikhilr5@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in PAM. The secret information is
stored in memory, where the attacker can trigger the victim
program to execute by sending characters to its standard
input (stdin). As this occurs, the attacker can train the
branch predictor to execute an ROP chain speculatively.
This flaw could result in leaked passwords, such as those
found in /etc/shadow while performing authentications.
References:
https://security-tracker.debian.org/tracker/CVE-2024-10041
Upstream patches:
https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be
(From OE-Core rev: 0e76d9bf150ac3bf96081cc1bda07e03e16fe994)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 76fcb907f4db9ec64669d81e5e9c6baffac71973)
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit c8d3edb2562ea4d980186e78b4abb5a94b1d7b22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a
successful allocation, but the subsequent code directly dereferences the
pointer that receives it, which may lead to null pointer dereference. To
fix this issue, a null pointer check should be added. If it is null,
return exception code AE_NO_MEMORY.
Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-24856
(From OE-Core rev: 5c590ccd1973d343f47e7b7171691400490dfc1a)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible to build the hdtbl examples before grn has been build:
groff: error: couldn't exec grn: No such file or directory
Backport a dependency fix from upstream.
[ YOCTO #15610 ]
(From OE-Core rev: 40003e1f1444f6202b068dcde632571be208594e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d590a32423d05cefc4e7282f971f633b3fa0b941)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
cracklib was dropped as a dependency in libpam v1.5.0
See the following commit as reference:
https://github.com/linux-pam/linux-pam/commit/d702ff714c309069111899fd07c09e31c414c166
(From OE-Core rev: 7d0c32584846f6cd12e5bda046fb7ad8f8821de4)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
avoid-host-contamination.patch
refreshed for 10.04.0
Changelog:
===========
- addresses CVEs: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955, CVE-2024-46956
- add protection for device selection from PostScript input.
- efforts in code hygiene and maintainability continue.
- The usual round of bug fixes, compatibility changes, and incremental improvements.
- add the capability to build with the Tesseract OCR engine.
(From OE-Core rev: a0c802e9b1d8400589aede20e52f40d10a344314)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: bcd4e6d77dc7455a453e69b6d37769ec94cc02ad)
Signed-off-by: Sergei Zhmylev <s.zhmylev@yadro.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7b5824c547b1348713e992a8bebd40577a0c5709)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport fixes for:
* CVE-2024-48957 - Upstream-Status: Backport from https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
* CVE-2024-48958 - Upstream-Status: Backport from https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7
(From OE-Core rev: 8b520c3cea136591128f6601718c23334afd7a55)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from
https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5
&
https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69
&
https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844
&
https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd
&
https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b
Reference: https://security-tracker.debian.org/tracker/CVE-2024-47175
(From OE-Core rev: f00847d91eb9440c9f1bc2f34cd0edd2af490f78)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The contents of the LICENSE file included in the current source code
package match those of Info-ZIP license, which seems to originate from
the year 2007:
This is version 2007-Mar-4 of the Info-ZIP license.
(From OE-Core rev: 3739a1af61ff6f0faca23bb565f9e71666953715)
(From OE-Core rev: c9bc2bc9c9d0482b13b27505b57df050ebe01898)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The contents of the LICENSE file included in the current source code
package match those of Info-ZIP license, which seems to originate from
the year 2009:
This is version 2009-Jan-02 of the Info-ZIP license.
(From OE-Core rev: e7c9368e56a6ad90b4ffbba1b765e2b3a331c796)
(From OE-Core rev: f4b84a234662bc8f68e54d4753d9f03e4c2e7931)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
new URL for sources: http://ftp.midnight-commander.org/
(From OE-Core rev: 7e11701698a9f38a5e3e0499c0c2edd98d32a85d)
Signed-off-by: Benjamin Szőke <egyszeregy@freemail.hu>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 03c4052718a9b8392b25e1770630317b8cf29fbe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Fixed error handling when reading a mixed "1setOf" attribute.
- Fixed scheduler start if there is only domain socket to listen on
0001-use-echo-only-in-init.patch
0002-don-t-try-to-run-generated-binaries.patch
0004-cups-fix-multilib-install-file-conflicts.patch
refreshed for 2.4.10.
(From OE-Core rev: 01039c35a89de4bbd1410b3ee08a99cf325adf2b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd7a978d2d7feb11f6c265ba812c8ca29912ebc6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libmnl autoconf autodetects doxygen to generate manpages.
If doxygen is provided via hosttools, the build fails.
Also until now manpages were not needed.
So explicitly disable doxygen in configure step.
(From OE-Core rev: 8d7bbf4d6936d831e341e9443a6b3711be09c7ab)
(From OE-Core rev: fdce1a6f1143edc577f12c7e8fab878ec69c3c9a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd started to warn about used but unset environment variables.
Let us set watchdog_module=none which is used by the watchdog.service to get
rid of the following warning:
watchdog.service: Referenced but unset environment variable evaluates to an empty string: watchdog_module
(From OE-Core rev: 953ea8fa9e3e6a34cbb42e56743fb7c6cf98ff2a)
Signed-off-by: Wadim Egorov <w.egorov@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8f1dc796c7298373e61d806e63bc121128c1c27c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes a memory corruption issue when iptables (with
enabled PACKAGECONFIG libnftnl) is used to access rules created by
nft.
To reproduce the issue:
nft add chain ip filter TESTCHAIN { meta mark set 123 \;}
iptables -t filter -n -L TESTCHAIN
This produced the following output:
Chain TESTCHAIN (0 references)
target prot opt source destination
MARK 0 -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x7b
malloc(): corrupted top size
Aborted (core dumped)
This commit fixes this issue.
(From OE-Core rev: fa3873cfcda862d8aad564966070af216e4903c6)
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 81d8c2567d9319e68854217022bb038546b6298a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0bc555fce11e1d25928310961c53aefd407fbd23)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also replace the hashbangs using /bin/gawk to use
${bindir}/gawk
This fixes issues such as
https://github.com/riscv/meta-riscv/issues/384
(From OE-Core rev: 64ae7492c69599019ef2bec62a834335539908ef)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9f58ad97f6587322b716de1c9dc409bb4e1376f0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the libnftnl PACKAGECONFIG is enabled, the "iptables" symlink is correctly
points to xtables-nft-multi, however the "iptables-save" and
"iptables-restore" are still point to the xtables-legacy-multi.
So, when the "iptables" command is used it's using the nftables backend
where is the "iptables-save/restore" are using the legacy backend.
This is not consistent with other distros (e.g. Ubuntu).
The issue was identified when testing the UFW firewall with nftables backend.
(From OE-Core rev: 2c0d03ed7bb9c17b1c3ccefd00bf3a4ede9e291f)
Signed-off-by: Kirill Yatsenko <kiriyatsenko@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6579e4333b74232d8b576c399eab88e37da881ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
