| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904]
(From OE-Core rev: d1f74ec0419dd13a23549cfdc228b91602bfb065)
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
| |
Testing of an SPDX patch corrupted sstate, so bump PR to work around the issue
(From OE-Core rev: cbce426763592e82e6e0ed20f18cedfa4d01f61e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
(From OE-Core rev: 082c31db387957963952c485a436dc38a64498d0)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144]
(From OE-Core rev: e088a7e59532ede45549e6120be43531fa77855a)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8265efa6a2009e06094698532f3fb398cbab6415)
Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;h=8c7bd787defa071c96289b7da9397f673fddb874]
(From OE-Core rev: 1a25a8ebedf39f1a868fcf646684b2eeaa67301f)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
(From OE-Core rev: a3fbe1156fccb3e60a183263a3bde5a8ef6725a8)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 3ea36d92800b139eaaf75995cdd59912b63db9ee)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2956b1aa22129951b8c08ac06ff1ffd66811a26c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/patch/?id=7d374a1869d3a84971d027a7f4233878c8f25a62]
CVE: CVE-2023-28938
(From OE-Core rev: 8cf02e6b60e2916b9e4832590257d5d184258e9c)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fix of CVE-2023-29383.patch contains a bug that it rejects all
characters that are not control ones, so backup another patch named
"0001-Overhaul-valid_field.patch" from upstream to fix it.
(From OE-Core rev: ab48ab23de6f6bb1f05689c97724140d4bef8faa)
Upstream-Status: Backport
[https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
&
https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4]
(From OE-Core rev: a53d446c289f07854e286479cd7e4843ddd0ee8c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
backport
Replace the original "Wrong CRC with ASCII CRC for large files"
patch with upstream backport, and add additional fix on top of
the same problem which upstream detected and fixed.
(From OE-Core rev: 0e167ef0eb7ac62ddb991ce80c27882863d8ee7c)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote
code execution via crafted PostScript documents because they can switch to the
IJS device, or change the IjsServer parameter, after SAFER has been activated.
NOTE: it is a documented risk that the IJS server can be specified on a gs
command line (the IJS device inherently must execute a command to start the IJS server).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-43115
Upstream commit:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
(From OE-Core rev: a43f7277061ee6c30c42c9318e3e9dd076563f5d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780
(From OE-Core rev: 22d2c549ba6d8be137d1d290d9a04691ca1858f2)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport
[https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches?h=ubuntu/focal-security
&
https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212]
(From OE-Core rev: 68412b76948ce185d87fda73ead7b73e5ad6defd)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream commits:
https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
& https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31
(From OE-Core rev: d14dce8ba2a8b4bf05c7c5ea7292b0c2c327f088)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664
Upstream commits:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4ceaf92815302863a8c86fcfcf2347e0118dd3a5
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099
(From OE-Core rev: 13534218ec37706d9decca5b5bd0453e312d72b0)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
| |
(From OE-Core rev: fb37fa3661095b8ebe68c2ffa36aabf35da30b91)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The time and timeout tests are sensitive to system load, and as we run
these on build machines they fail randomly.
[ YOCTO #14371 ]
(From OE-Core rev: d2b62913a5771169265171129fe972c8e252fe04)
(From OE-Core rev: 309f1c6166f8535fa61fd1d01924df3c7fe9fbba)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a84b8d683b4b3f4d30999eac987790896d21eba6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
* Do not call malloc_usable_size
(From OE-Core rev: 143389388bf3a1d9e1407fe5c42fb6bd341a81b8)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5cd967503c0574f45b814572da9503182556b431)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch from upstream master.
There were three changes needed to apply the patch:
* move NEWS change to start of the file
* change file location from src/ps/ to ps/
* change xmalloc/xcmalloc to malloc/cmalloc
The x*malloc functions were introduced in commit in future version.
https://gitlab.com/procps-ng/procps/-/commit/584028dbe513127ef68c55aa631480454bcc26bf
They call the original function plus additionally throw error when out of memory.
https://gitlab.com/procps-ng/procps/-/blob/v4.0.3/local/xalloc.h?ref_type=tags
So this replacement is correct in context of our version.
(From OE-Core rev: 1632c7223b2f8cd595e1ba20bc006c68fc833295)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f
(From OE-Core rev: f70113d1d5b5359c8b668ba43aac362457927d9e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This issue was reported and discusses under [1] which is linked in NVD CVE report.
It was already documented that some parts or libarchive are thread safe and some not.
[2] was now merged to document that also reported function is not thread safe.
So this CVE *now* reports thread race condition for non-thread-safe function.
And as such the CVE report is now invalid.
The issue is still not closed for 2 reasons:
* better document what is and what is not thread safe
* request to public if someone could make these functions thread safe
This should however not invalidate above statment about ignoring this CVE.
[1] https://github.com/libarchive/libarchive/issues/1876
[2] https://github.com/libarchive/libarchive/pull/1875
(From OE-Core rev: 9374e680ae2376589a9bfe4565dfcf4dc9791aa8)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 62c42d4a1029de4fe9b19631cbd34722f6535edf)
Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
import patch from debian to fix CVE-2023-33204
http://security.debian.org/debian-security/pool/updates/main/s/sysstat/sysstat_12.0.3-2+deb10u2.debian.tar.xz
upstream patch:
https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
(From OE-Core rev: c6bc5cfbed71b65753e50aee5a640934e754858a)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-34241
https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
https://security-tracker.debian.org/tracker/CVE-2023-34241
Upstream Patch:
https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2
(From OE-Core rev: 28b25ba7a8c6aa5c5744ca17e8686f2762791c72)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenPrinting CUPS is an open source printing system. In versions 2.4.2
and prior, a heap buffer overflow vulnerability would allow a remote
attacker to launch a denial of service (DoS) attack. A buffer overflow
vulnerability in the function `format_log_line` could allow remote
attackers to cause a DoS on the affected system. Exploitation of the
vulnerability can be triggered when the configuration file `cupsd.conf`
sets the value of `loglevel `to `DEBUG`. No known patches or
workarounds exist at time of publication.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-32324
https://security-tracker.debian.org/tracker/CVE-2023-32324
Upstream Patch:
https://github.com/OpenPrinting/cups/commit/fd8bc2d32589
(From OE-Core rev: cb46ae57abe3069d6a4dc2ab0b8dfce5a4a5bd15)
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179]
(From OE-Core rev: ec0c6f941826903b763be76c450f1d4e0e67908e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to signedness, the checksum is not computed when filesize is bigger
a 2GB. Pick a fix for this problem from CPIO ML, where the fix has been
posted for 5 years. Since CPIO upstream is effectively unresponsive and
any and all attempts to communicate with the maintainer and get the fix
applied upstream failed, add the fix here instead.
(From OE-Core rev: bfff138af4bdd356ac66571e6ad91c1a5599b935)
(From OE-Core rev: 0a8fb1c00e75e8434e0ef433d9074d54f038fba1)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
import patches from ubuntu to fix
CVE-2023-28486
CVE-2023-28487
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/sudo/tree/debian/patches?h=ubuntu/focal-security
Upstream commit https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca & https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b]
(From OE-Core rev: 4870543273bef9831c075ee0bce108c54355a92f)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
(From OE-Core rev: d1f99b928b0a57bec879dde1b1b94c3c09286ea0)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fix CVE-2021-45944.
https://nvd.nist.gov/vuln/detail/CVE-2021-45944
(From OE-Core rev: d966b565d39bf50f058b388235ccea5ab0c2e60b)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Backport fix from https://github.com/libarchive/libarchive/issues/1672
(From OE-Core rev: b23482f9ea1cc930a3d5ecfe5fc465e2f720a949)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This recently got an updated CPE which matches this recipe, but the issue
is related to an entirely different shadow project so ignore it.
(From OE-Core rev: 9d5a05c27a01b3859eae70590ba7dd836abe2719)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2331e98abb09cbcd56625d65c4e5d258dc29dd04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303
Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
(From OE-Core rev: 231360a55bf1b96d6bb1cf94820b08788677c58b)
(From OE-Core rev: af77a413db59863a898c32dc7536b680473ae9c5)
Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a00f15354084cee6b2183fcdbfdfc7826c365da)
Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Riyaz Khan <rak3033@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add CVE-2023-22809.patch to fix CVE-2023-22809.
(From OE-Core rev: 186a5ab41927e6be0920e03e743f32ae4477c58e)
Signed-off-by: Omkar Patil <omkar.patil@kpit.com>
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases (e.g. mingw) this file may not be installed
(From OE-Core rev: a764e19736f24b8bf67ea87d58dd74652d6d81c9)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 547f3a13ee9268bbdd439c96108ba1fe9ab78873)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bc is needed for compiling kernel modules, more specifially
whenr running `make scripts prepare'.
In linux-yocto.inc, we have bc-native in DEPENDS. But we will
need nativesdk-bc in case we compile a kernel module inside
SDK.
(From OE-Core rev: aab8d528ceeb2ee1ab7cffdeff4007fd66275f1b)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 95b5c89066baccb1e64bfba7d9a66feeeb086da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: ff27ea21d7c14086335da5c3e2fac353e44438da)
(From OE-Core rev: 0624c7a77cfc7288fd3154624150b49adce8d8f8)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1596d37ba13db3aff61975a31d865f33333fa45)
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 7ce0cd9ef0b40c23be8fe30fa3bb6ef810464fd0)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2394a481db1b41ad4581e22ba901ac76fa7b3dcd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 2e770eb2213f3d5ff25a75467395ed4738c756ea)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5
(From OE-Core rev: c39fd8264ac623f3cfb26305420b527dd9c4c891)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
(From OE-Core rev: d1bdb663e6a69993d3f42547a27296b606965d47)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: d325f5389a09ba03b4ded7c57c29dad773dbc0af)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ceac0492e75baa63a46365d8b63275437ad5671f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: efcb0b30244007545ab8b0231e003271dcd7fab2)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ecf88d151f265e5efb8e1dde5aba3ee2a8b76d8d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add patch to fix CVE-2021-31566 issue for libarchive
Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz
(From OE-Core rev: 7028803d7d10c0b041a7bda16f9d9261f220459f)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add patch to fix CVE-2021-23177 issue for libarchive
Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz
(From OE-Core rev: 01d7e2c7a0da55a7c00aebed107c1338f5f032b1)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: b0a0abbcc5e631e693b9e896bd0fc9b9432dd297)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b301d5203a4da0a0985670848126c5db762ddc86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: http://git.linux-nfs.org/?p=steved/libtirpc.git;
MR: 120231
Type: Security Fix
Disposition: Backport from http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
ChangeID: 544120a5f10a4717cd2c7291821a012e26b14b7f
Description:
CVE-2021-46828 libtirpc: DoS vulnerability with lots of connections.
(From OE-Core rev: 73d2b640ad665f6ff3c4fbe8f5da4ef0dbb175f2)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add two fixes from debian for two CVEs. From:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355
I wans't able to get the reproducers to work but the added error
checking isn't probably a bad thing.
(From OE-Core rev: 097469513f6dea7c678438e71a152f4e77fe670d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 054be00a632c2918dd1f973e76514e459fc6f017)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid a null pointer dereference.
(From OE-Core rev: 357791da82f767ad695e4476aa12fea3d7db5e04)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 36db85b9b127e5a9f5d3d6e428168cf597ab95f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|