| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If DROPBEAR_RSAKEY_DIR has already been set before, e.g. by overwriting
the file dropbear.default, the line will still be appended a second time.
DROPBEAR_RSAKEY_DIR="/path/to/dropbear"
DROPBEAR_EXTRA_ARGS="-B"
DROPBEAR_RSAKEY_DIR=/var/lib/dropbear
(Backport of rev: 6045314d2968f6f5a0877a4dd45f35c766a40e40)
(From OE-Core rev: 8a502301209ef144932ef5071c1a9b738db23270)
Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adresses CVE-2024-2961
Changes:
36280d1ce5 iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
4a7de5e215 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
f4a45af368 AArch64: Check kernel version for SVE ifuncs
7f3c143381 aarch64: fix check for SVE support in assembler
9112cda4c6 aarch64: correct CFI in rawmemchr (bug 31113)
153012dda2 AArch64: Remove Falkor memcpy
90b03336d9 AArch64: Add memset_zva64
d166309459 AArch64: Cleanup emag memset
650300d233 AArch64: Cleanup ifuncs
5bfa9f4369 AArch64: Add support for MOPS memcpy/memmove/memset
c4e222334b Add HWCAP2_MOPS from Linux 6.5 to AArch64 bits/hwcap.h
b9e93c5ff7 AArch64: Improve SVE memcpy and memmove
115c2c7717 AArch64: Improve strrchr
06fad28274 AArch64: Optimize strnlen
3a1557efef AArch64: Optimize strlen
6f2ca6aab9 AArch64: Optimize strcpy
249fff42a8 AArch64: Improve strchrnul
1c1313dbdd AArch64: Optimize strchr
80ad6cd302 AArch64: Improve strlen_asimd
65c4bb41b6 AArch64: Optimize memrchr
23be6f897e AArch64: Optimize memchr
28e40b3909 aarch64: Use memcpy_simd as the default memcpy
c503e2206e aarch64: Cleanup memset ifunc
577bd1e049 AArch64: Fix typo in sve configure check (BZ# 29394)
ea25fe5599 aarch64: Optimize string functions with shrn instruction
2c4ae9faa5 AArch64: Sort makefile entries
2c92d94407 AArch64: Add SVE memcpy
d6d295a95b linux: Use rseq area unconditionally in sched_getcpu (bug 31479)
dda5faa65e Include sys/rseq.h in tst-rseq-disable.c
c9ee9cc8b8 nptl: Unconditionally use a 32-byte rseq area
3cd02612e8 make ‘struct pthread’ a complete type
a24adf3572 support: use 64-bit time_t (bug 30111)
d47c5e4db7 malloc: Use __get_nprocs on arena_get2 (BZ 30945)
1a3326df93 x86_64: Optimize ffsll function code size.
914af4fcca NEWS: Mention bug fixes for 29039/30745/30843
5d1fe26b49 x86-64: Fix the tcb field load for x32 [BZ #31185]
2d87262c1c x86-64: Fix the dtv field load for x32 [BZ #31184]
5f08ec08d0 elf: Fix TLS modid reuse generation assignment (BZ 29039)
01ea8d9dde Revert "elf: Move l_init_called_next to old place of l_text_end in link map"
0222f2392d Revert "elf: Always call destructors in reverse constructor order (bug 30785)"
6aa8380cf5 Revert "elf: Remove unused l_text_end field from struct link_map"
(From OE-Core rev: 016387557c036efb700b01ab915d69a2e46a5740)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/golang/go/commit/e55d7cf8435ba4e58d4a5694e63b391821d4ee9b
(From OE-Core rev: 9ad10bf355665ff799cefd40fb0d1938b0104b08)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A flaw has been discovered in GnuTLS where an application crash can be induced
when attempting to verify a specially crafted .pem bundle using the
"certtool --verify-chain" command.
(From OE-Core rev: e63819fbabbde3d12df06ae302da70ab990df26d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability
that exploits deterministic behavior in systems like GnuTLS, leading to
side-channel leaks. In specific scenarios, such as when using the
GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in
nonce size from 513 to 512 bits, exposing a potential timing side-channel.
(From OE-Core rev: 18c4f65934331da48c597201c33334578e91a45d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: b7182571242dc4e23e5250a449d90348e62a6abc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From meta-yocto rev: 70d8f77cf21e92d2f610d1b73f24d3faf6d96982)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop unnecessary restriction for QoS mapping.
Also adds tests for vlan QoS mapping.
Link: https://github.com/systemd/systemd/commit/fe830b84d4002582e7aefb16e5e09fd0195f21c8.patch
PR: https://github.com/systemd/systemd/pull/27761
(From OE-Core rev: b5c5e783fe06e3ae3b3e92ffa7f18bee62aca3c0)
Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
Signed-off-by: Sana Kazi <sana.kazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Intermittent failures on autobuilder:
AssertionError: Failed ptests:
{'valgrind': ['memcheck/tests/linux/timerfd-syscall']}
(From OE-Core rev: 19e7d5e717e6d28e0b64bd382f07b8e709526474)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nghttp2 is an implementation of the Hypertext Transfer Protocol
version 2 in C. The nghttp2 library prior to version 1.61.0 keeps
reading the unbounded number of HTTP/2 CONTINUATION frames even
after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0
mitigates this vulnerability by limiting the number of CONTINUATION
frames it accepts per stream. There is no workaround for this
vulnerability.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-28182
(From OE-Core rev: 85e65af4727695d61c225a5911325764f423c331)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2024-24576 only applies when invoking batch files (with the `bat` and `cmd` extensions) on Windows & No other platform or use is affected.
More details about CVE is here: https://nvd.nist.gov/vuln/detail/CVE-2024-24576
(From OE-Core rev: 44e0b6b028657d32de5971d6a42a88767ef8c710)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ruby: RCE vulnerability with .rdoc_options in RDoc
References:
https://github.com/ruby/ruby/pull/10316
https://security-tracker.debian.org/tracker/CVE-2024-27281
(From OE-Core rev: d01b73c51ceead4911a9a9306dbe728f1db2e029)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
(From OE-Core rev: a4a727839e608d114becc709c511651b4f546c6f)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As reported by "make sphinx-lint"
Tabs are even removed in Makefile examples,
as Sphinx turns them to spaces anyway in the generated output.
(From yocto-docs rev: fd1423141e7458ba557db465c171b0b4e9063987)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
To make it more obvious which directories are needed, pass only these to
*mkdir* and use the option `-p` to create the missing parents.
(From yocto-docs rev: 4ddcedca4b09e2c051b33a40659ffce1db2984f5)
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
As reported by "make sphinx-lint"
(From yocto-docs rev: 18d86626406fe07d4f62ef0b9168c0220b3dd90a)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Fixing errors reported by "make sphinx-lint"
(From yocto-docs rev: 45b04c281a567e06fd2904166bcc26603e73e684)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makes it possible to catch errors not reported by sphinx,
such as idle spaces. After customization, this should be used
to enforce our syntax conventions, such as two spaces after a "-"
character to introduce a list item.
Just run "make sphinx-lint".
(From yocto-docs rev: a735549a764f7cfebdc7534761b4d75dc523371a)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 9247fd612db9e551eb58dbe41d31e460f0ad7d72)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's a new yocto-patches mailing list available for all layers that
do not have their own mailing list.
c.f. https://lists.yoctoproject.org/g/yocto/topic/105197684
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: d7fc3e978440d9f5724cbce85de000317a3e0783)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are some syntax warnings returned by Python:
"""
yocto-docs/documentation/conf.py:162: SyntaxWarning: invalid escape sequence '\P'
'passoptionstopackages': '\PassOptionsToPackage{bookmarksdepth=5}{hyperref}',
yocto-docs/documentation/conf.py:163: SyntaxWarning: invalid escape sequence '\s'
'preamble': '\setcounter{tocdepth}{2}',
"""
Backslashes must be doubled in Python string literals to avoid
interpretation as escape sequence, c.f.
https://www.sphinx-doc.org/en/master/latex.html#module-latex.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: 037f99339a4bae60f41f89df37911690b507c9a1)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
reorder CVEs from alphabetical order to numerical order, align it
with text based release notes.
(From yocto-docs rev: a2ce17f656758db737c398263efa594604ca2271)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These test suites are full of timing-sensitive test cases, so skip
them too.
[ YOCTO #15321 ]
(From OE-Core rev: f94c74cee8b2650dd3211a49dc7e88bf60d2e6a7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd06c3668dbe9ec1cf9a0a84d7a6bc9851f9c662)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several tests in the test suite which are very dependent on
timing and fail on a loaded host system, so skip them.
[ YOCTO #14825 #14882 #15081 ]
(From OE-Core rev: 161d336a6c57fddb36a0c4e8c2def84ce70128e3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 68beb4f4b5a0bea5d431decddf7656f18ac7a04a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some tests hardcode assumptions on locales, which may not be present in
musl systems e.g., therefore add a way to skip such tests using -skip
option.
Skip unixInit-3* test on musl
(From OE-Core rev: a70f9039259d7d38c5a3e50f7003d3228d1ab692)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit fa66f1cee2d88c2276442e8b4aaeccde5490f9ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1bdcd10930a2998f6bbe56b3ba4c9b6c91203b39.
Causes ptest failures:
{'expat': ['test_accounting_precision',
'test_return_ns_triplet',
'test_column_number_after_parse',
'test_default_current',
'test_external_entity_values']}
(From OE-Core rev: 46fb46c0fff83da85f37a1ea705170a6d2039eff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
backport relevant parts from
https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230424.patch.gz
(From OE-Core rev: 6a54788ebe147ecd8e347ff8d2ba95a1c461d27d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Patch: https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
News: https://github.com/openssl/openssl/commit/daee101e39073d4b65a68faeb2f2de5ad7b05c36
(From OE-Core rev: 42fc40198dfcbb5e96d7f2af7fc134e2b021d82a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b
& https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee
(From OE-Core rev: 223950f9c748f89ee1b2a9df9cd77a0099e74581)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add CVE-2023-51767 to CVE_CHECK_IGNORE to avoid in cve-check reports
as upstream does not consider CVE-2023-51767 a bug underlying in
OpenSSH and does not intent to address it in OpenSSH.
(From OE-Core rev: de4186610335201c69d8952d605bb291f4a7427c)
Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
Signed-off-by: Sana Kazi <sana.kazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2023-47100 is a duplicate of CVE-2023-47038. They have the same
advertised fix commit, which has already been merged into the
perl_5.34.3 sources used in kirkstone.
(From OE-Core rev: 8df158f39f1eed1e3ae88ddf935c67e067b72525)
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Typo prevents cupsd to start correctly with following error:
Unable to read "/etc/cups/cupsd.conf" due to errors.
Using `/usr/sbin/cupsd -t` to check the configuration:
Unknown authorization type Defaul on line 77 of /etc/cups/cupsd.conf.
Unknown Policy Limit directive AuthType on line 77 of /etc/cups/cupsd.conf.
(From OE-Core rev: eab100205bc5cdffc5ccc7752e1ee5abd9ebb58a)
Signed-off-by: Jonathan GUILLOT <jonathan@joggee.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Try to particularly emphasize that it can be used to find
out why something rebuilds when it shouldn't.
(From yocto-docs rev: 1cd543e62e8f1b65e65108d919c2f481001e044c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The documentation of the variable SPDX_NAMESPACE_PREFIX does not exist.
This variable is used to change the prefix of some links in SPDX docs.
(From yocto-docs rev: 0055b7ea1cdf72359695e08fe6d2ca9a405fba51)
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
According to errors reported by "make stylecheck"
(From yocto-docs rev: b3aaf4523190f7528d49c29a9aea234bb1647eae)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* this is often confused to apply for e.g. meta-oe as well
where it doesn't apply as meta-oe has own ML mentioned
in README.
(From yocto-docs rev: 98102408fe5468529e040a138f09c8fbc5fe065a)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 8267ccacea77a657cf92bcd2b48bec5f2ef61849)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Allowing to remove nested parentheses in the text!
(From yocto-docs rev: a0ba062f8b31426f80ccd760e29b054405ee2a8e)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Instead of "manpage(s)" or "man page(s)".
To address one of the errors reported by "make stylecheck"
(From yocto-docs rev: f6e69f8877d1d33200993f21b448e7fa3cf7859b)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Plus a few text styling improvements, some reported by "make stylecheck"
(From yocto-docs rev: ce0e83716197773d8eae0c2f0edc1cf290ebd60f)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use the "Vale" (https://vale.sh) tool to perform text style checks
Run "make stylecheck" to run the checks.
This just checks the text, not the Sphinx syntax style choices.
(From yocto-docs rev: e3e4ba2aa963d4d178c4e9e842e66f4ee4bd3736)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Backports missing license from master to kirkstone.
(From OE-Core rev: 26a878cbfbb3bc7a6e892e105577ebf8138ce150)
Signed-off-by: Colin McAllister <colin.mcallister@garmin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using the gcc-sanitizers as part of the SDK on a Linux with a newer
kernel, the ASAN fails randomly. This was seen on Ubuntu 22.04.
This is also described at
https://stackoverflow.com/questions/77894856/possible-bug-in-gcc-sanitizers
Backport the fix from LLVM project, as gcc has not yet backported
anything for the 11 series.
(From OE-Core rev: 7af8e24d6c60a01e398b10a57939947fb156feec)
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/urllib3/urllib3/releases/tag/1.26.18
Major changes in python3-urllib3 1.26.18:
- Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (CVE-2023-45803)
(cherry picked from OE-Core rev: 74da05b63634c248910594456dae286947f33da5)
(From OE-Core rev: c473f32184ea0ab41f6eb4c8dcc1d7bb5fd7b16f)
Signed-off-by: Tan Wen Yan <wen.yan.tan@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
import patch from ubuntu to fix CVE-2023-52356 CVE-2023-6277
import from
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
(From OE-Core rev: 4728df36bb3888df4d3cc0db1fd66138e865c511)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://gitlab.com/qemu-project/qemu/-/commit/405484b29f6548c7b86549b0f961b906337aa68a
Reference: https://security-tracker.debian.org/tracker/CVE-2023-6683
(From OE-Core rev: f099f9ff95c42444cbfa63630a6f160fd98997ed)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
import patch from ubuntu to fix
CVE-2024-2398
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/?h=ubuntu%2Fjammy-security
Upstream commit https://github.com/curl/curl/commit/deca8039991886a559b67bcd6701db800a5cf764]
(From OE-Core rev: 67026cbb62e166b6a9f5509708531ebe0f36c36d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libexpat through 2.5.0 allows a denial of service (resource consumption) because
many full reparsings are required in the case of a large token for which multiple
buffer fills are needed.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52425
Changes related to test directory are not included as most of the files are not present
and are introduced in the later version.
(From OE-Core rev: 1bdcd10930a2998f6bbe56b3ba4c9b6c91203b39)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
fix CVE-2023-6816 CVE-2024-0408 CVE-2024-0409
(From OE-Core rev: e8feba36e09aefffcafcebc85ec75abb5b97b3eb)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The HTTP/2 protocol allows a denial of service (server resource consumption)
because request cancellation can reset many streams quickly, as exploited in
the wild in August through October 2023.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-44487
https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832
(From OE-Core rev: 0156b57dcdb2e5acdd9421a7c24c235f13da2d97)
Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
