Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=stable%2Fdufell-nut 2021-12-27T21:23:37+00:00 2021-12-27T21:23:37+00:00 Armin kuster akuster808@gamil.com 2021-12-27T21:22:03+00:00 urn:sha1:95969f0f5f4264644a5dbfb6d4fb66e2ac3a2cde Signed-off-by: Armin kuster <akuster808@gamil.com> 2021-12-27T19:50:07+00:00 Robert Joslyn robert.joslyn@redrectangle.org 2021-12-27T18:40:03+00:00 urn:sha1:197453e127c7a30b2b3ef0c24180e2d31c2fb572 Bug and security fixes. Fix patch fuzz as well to remove bitbake warning. Release notes available at: https://www.postgresql.org/docs/release/12.8/ https://www.postgresql.org/docs/release/12.9/ 12.8 fixes: CVE-2021-3677 12.9 fixes: CVE-2021-23214 CVE-2021-23222 Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-12-27T19:50:03+00:00 Ernst Sjöstrand ernst.sjostrand@verisure.com 2021-12-22T09:56:33+00:00 urn:sha1:ddaf5f92cc553ce7deb43a39de7a731a2f081d2d Extract patch from the 0.9.71 release commit. Upstream-Status: Backport CVE: CVE-2021-3466 Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-12-18T19:08:54+00:00 sana kazi sanakazisk19@gmail.com 2021-12-16T10:53:03+00:00 urn:sha1:82264cbf0b69e9f0f07428a48f26f0261aa9a0d8 Add patch to fix CVE-2021-43527 which causes heap overflow in nss. Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-12-18T19:08:51+00:00 Jeremy Puhlman jpuhlman@mvista.com 2021-12-13T23:34:28+00:00 urn:sha1:6025097d083a36d9af3d53d2dd95631a2de87a8d Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-12-03T20:28:09+00:00 Spectrejan jan@spectrejan.de 2021-12-03T09:12:30+00:00 urn:sha1:69f94af4d91215e7d4e225bab54bf3bcfee42f1c Port patch to fix CVE-2020-8927 for brotli from Debian Buster CVE: CVE-2020-8927 Signed-off-by: Jan Kraemer <jan@spectrejan.de> [Fixup to apply with URL changes] Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-12-03T20:23:42+00:00 sana kazi sanakazisk19@gmail.com 2021-12-03T12:29:58+00:00 urn:sha1:fba8ff0d916383ce65045c36ba4c805b5a2dfcc0 Added patch for CVE-2020-12674 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-12-03T20:23:38+00:00 sana kazi sanakazisk19@gmail.com 2021-12-03T12:29:08+00:00 urn:sha1:7804c8e5bd2975c9829e1667ab1954373a3ede48 Added patch for CVE-2020-12673 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-12-03T20:23:33+00:00 sana kazi sanakazisk19@gmail.com 2021-12-03T12:27:19+00:00 urn:sha1:00ad99f4f9a06d66bd5686d2b1dd07c578c8dc2a Added patches to fix CVE-2020-12100 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-11-30T22:40:43+00:00 Marta Rybczynska marta.rybczynska@huawei.com 2021-11-29T18:54:13+00:00 urn:sha1:e0e79bbde23f17185cc59908fee97c0cea098428 According to the upstream [1], the bug happens only if the programmer does not follow the API definition. [1] https://github.com/akheron/jansson/issues/548 Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>