Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=mickledore-next 2024-01-07T18:15:11+00:00 2024-01-07T18:15:11+00:00 Meenali Gupta meenali.gupta@windriver.com 2023-12-21T03:45:50+00:00 urn:sha1:8e1f0fa6bfac0e96fedc666fe9066f92c85afb27 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2024-01-07T18:15:11+00:00 Alexandre Belloni alexandre.belloni@bootlin.com 2023-12-20T14:47:09+00:00 urn:sha1:b0d67900ae9e8911f734c25c0674fe55df8cd188 The current SRCREV is not on any branch anymore, switch to the 1.12.4 branch HEAD which is similar and the only change is irrelevant. Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-04T14:47:03+00:00 Joe Slater joe.slater@windriver.com 2023-11-27T20:24:04+00:00 urn:sha1:f29290563cb821fae95340ba959749641c69ed7f Version 4.2.5 fixes CVE-2023-36053 and CVE-2023-41164. Version 4.2.7 fixes CVE-2023-46695 and CVE-2023-43665. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-04T14:47:03+00:00 Christian Eggers ceggers@arri.de 2023-11-24T07:40:24+00:00 urn:sha1:ad7da539788b28436dfecaaf88768a0ca2c013e5 Branch "master" has been renamed to "main". Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-04T14:47:03+00:00 Khem Raj raj.khem@gmail.com 2023-11-22T09:40:26+00:00 urn:sha1:c6eb66377af7f06105a938b8a947f3a17660c672 License-Update: Year changed [1] Remove build directory from include directives in generated sourcecode via gdbus-codegen Upgrade includes fix for CVE-2019-6498 [1] https://github.com/labapart/gattlib/commit/5c87eda925c597e72107b5026c6b8d490ce76d62 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Tan Wen Yan <wen.yan.tan@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-04T14:47:03+00:00 Benjamin Bara benjamin.bara@skidata.com 2023-11-22T03:14:24+00:00 urn:sha1:d1cb0ddb0142d43e4258818b0bf302ff3706ddb6 Changelog: ========= This release contains two security related fixes. One each for VP8 and VP9. - Upgrading: This release is ABI compatible with the previous release. - Bug fixes: https://crbug.com/1486441 (CVE-2023-5217) Fix to a crash related to VP9 encoding (#1642) Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Tan Wen Yan <wen.yan.tan@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-04T14:47:03+00:00 Hitendra Prajapati hprajapati@mvista.com 2023-11-15T18:34:21+00:00 urn:sha1:8d511904a5850439d44253af15a21cb3c0b2f6fa Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> (cherry picked from commit 919a2074586ff957362ae2dbd3438fa648bb9bee) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-11-17T02:49:15+00:00 Mingli Yu mingli.yu@windriver.com 2023-11-10T11:52:40+00:00 urn:sha1:aa5e8edabbc414d8ec1b2ad63c8743c7baf99626 * Backport 2 patches [1] [2] to fix the build failure under tests dir. * Fetch the test data during do_fetch phase to avoid internet access during test as some tests need test data. # ./run-ptest PASS: test-algorithms_cpp11 PASS: test-allocator_cpp11 PASS: test-alt-string_cpp11 PASS: test-assert_macro_cpp11 PASS: test-binary_formats_cpp11 [snip] PASS: test-unicode5_cpp11 PASS: test-user_defined_input_cpp11 PASS: test-windows_h_cpp11 PASS: test-wstring_cpp11 [1] https://github.com/nlohmann/json/commit/6cec5aefc97ad219b6fd5a4132f88f7c8f6800ee [2] https://github.com/nlohmann/json/commit/660d0b58565073975d6f5d94365d6cbf150a4cf8 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 013b4d50432a3eba08a9cb54b9edf6b25a6378a8) Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-11-17T02:49:15+00:00 Narpat Mali narpat.mali@windriver.com 2023-11-15T11:56:20+00:00 urn:sha1:3265d38e8344081d9780a43d27bc26f748b4187c This upgrade incorporates the CVE-2023-46316 fix. Changelog: ---------- - Fix command line parsing in wrappers. References: https://security-tracker.debian.org/tracker/CVE-2023-46316 https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/ Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-11-17T02:49:15+00:00 Archana Polampalli archana.polampalli@windriver.com 2023-11-14T05:49:15+00:00 urn:sha1:76ed1e8bc43bf26c9b33d96696d5acb46743c001 A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-34058 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>