linux/meta-openembedded.git/meta-networking, branch stable/kirkstone-nut Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=stable%2Fkirkstone-nut 2023-11-03T14:49:47+00:00 mbedtls: upgrade 3.4.0 -> 3.5.0 2023-11-03T14:49:47+00:00 Beniamin Sandu beniaminsandu@gmail.com 2023-11-01T19:26:29+00:00 urn:sha1:579558c87f25c74519f1fb9716952480f97087e7 * Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites * Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH * Includes aesce compilation fixes Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0 The extra patch fixes x86 32-bit builds. Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> mbedtls: upgrade 2.28.2 -> 2.28.5 2023-10-17T13:07:38+00:00 Yi Zhao yi.zhao@eng.windriver.com 2023-10-13T07:12:36+00:00 urn:sha1:79a6f60dabad9e5b0e041efa91379447ef030482 This release includes security fix for CVE-2023-43615. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> [Minor tweak to get it to apply] Signed-off-by: Armin Kuster <akuster808@gmail.com> mbedtls: set up /usr/bin/hello as alternative 2023-10-17T12:52:32+00:00 Denys Dmytriyenko denis@denix.org 2023-10-07T06:06:23+00:00 urn:sha1:1d0d7f6e776d93474759e4d28f7445646b9b8645 As mbedtls installs this rather generically-named /usr/bin/hello binary, it conflicts with the one provided by lmbench, hence set it up as an alternative to avoid conflicts when both are installed to rootfs or SDK. Signed-off-by: Denys Dmytriyenko <denis@denix.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> mosquitto: add missing Upstream-Status 2023-10-17T12:51:15+00:00 Martin Jansa martin.jansa@gmail.com 2023-10-06T21:05:07+00:00 urn:sha1:8808a69b6c1563f8d41ad34352afb8d274e967aa Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> mosquitto: upgrade 2.0.17 -> 2.0.18 2023-10-17T12:50:47+00:00 Gianfranco Costamagna costamagna.gianfranco@gmail.com 2023-10-06T21:05:06+00:00 urn:sha1:a818281425ef9d180835455fc04b63ff17245a2f Add two patches from Debian, pull requests proposed upstream as 2894 and 2895 to make it start only when board is online, and to fix dynamic websockets link failure Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> mosquitto: upgrade 2.0.15 -> 2.0.17 2023-10-17T12:50:15+00:00 Gianfranco Costamagna costamagna.gianfranco@gmail.com 2023-10-06T21:05:05+00:00 urn:sha1:f6f0669c1f9066ef8530eb45646bca16e616b5f0 Fix for CVE-2023-28366, CVE-2023-0809, CVE-2023-3592 Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> mosquitto: do not automatically depend on dlt-daemon, it's a non-mandatory logging system 2023-10-17T12:47:54+00:00 Gianfranco Costamagna costamagna.gianfranco@gmail.com 2023-10-06T21:05:04+00:00 urn:sha1:f6c58b4f9f2118645f112a1e741c4abec9c465fb Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> mosquitto: upgrade 2.0.14 -> 2.0.15 2023-10-17T12:47:48+00:00 Wang Mingyu wangmy@fujitsu.com 2023-10-06T21:05:03+00:00 urn:sha1:ebfb34db782929f506f2afecdbd6c38614bdff3e Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> open-vm-tools: fix CVE-2023-20867 2023-10-17T12:44:17+00:00 Meenali Gupta meenali.gupta@windriver.com 2023-10-05T07:14:31+00:00 urn:sha1:e2b534cc3a9f178b909c1e15c4b5919c7c0395db A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> samba: fix CVE-2023-34968 2023-10-17T12:42:14+00:00 Polampalli, Archana archana.polampalli@windriver.com 2023-10-03T11:47:40+00:00 urn:sha1:baf6153112e416cf2fe05351a1b007d88f0ef1a4 A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>