Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=mickledore-net 2023-08-03T20:46:11+00:00 2023-08-03T20:46:11+00:00 Beniamin Sandu beniaminsandu@gmail.com 2023-08-03T20:25:50+00:00 urn:sha1:75cf318cef3b4ee81fad2782cf063ecd69ba8842 Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-07-25T11:15:34+00:00 Polampalli, Archana archana.polampalli@windriver.com 2023-07-20T11:35:41+00:00 urn:sha1:03fd1d368ac19793b3e4c35159ba2ce802247e4d yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. References: https://nvd.nist.gov/vuln/detail/CVE-2023-31975 https://github.com/yasm/yasm/issues/210 Upstream patches: https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-07-25T11:14:34+00:00 Jasper Orschulko jasper@fancydomain.eu 2023-07-19T10:52:53+00:00 urn:sha1:40bcb0e09f6216d2e8e50709849ac31f80c06f7b Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-07-25T11:13:43+00:00 Mingli Yu mingli.yu@windriver.com 2023-07-19T03:06:12+00:00 urn:sha1:9c62a90f3f758ed4a7f5dfb4fcd3c1c3bf44ad5a Update the SRC_URI to fix the do_fetch warning. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-07-25T11:13:33+00:00 Mingli Yu mingli.yu@windriver.com 2023-07-19T03:06:11+00:00 urn:sha1:cb365a53787e59181c0b37f28cff15b36cb42fe6 Update the SRC_URI to fix the do_fetch error. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-07-25T11:13:21+00:00 Polampalli, Archana archana.polampalli@windriver.com 2023-07-18T15:36:28+00:00 urn:sha1:d9bd685f6e279c7cb50f568cafb2606bd0dcb41a Refresh 0001-Disable-running-gyp-files-for-bundled-deps.patch against 18.16.1 License-Update: Add missing licenses for Ada [1] BSD, Simduf [2] BSD, posteject [3] MIT [1] https://github.com/nodejs/node/commit/0bc4c17e5705ea042cda392343d7301bb91873ed [2] https://github.com/nodejs/node/commit/c9845fc3341fcdce298ad7f1630e329d71a6e746 [3] https://github.com/nodejs/node/commit/4aaec0726694ad0d3cb05d7f2593a90363c32f32 The list of the CVEs are fixed in this relase: CVE-2023-30581 CVE-2023-30585 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 https://github.com/nodejs/node/releases/tag/v18.16.1 https://github.com/nodejs/node/releases/tag/v18.16.0 https://github.com/nodejs/node/releases/tag/v18.15.0 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-07-25T11:12:13+00:00 Joe Slater joe.slater@windriver.com 2023-07-17T14:54:32+00:00 urn:sha1:b5f5c8859cdb1f68cb697022378d24ff8963fb26 The current use of RDEPENDS to add a dependency on bats results in the QA warning/error lib32-libgpiod package lib32-libgpiod-ptest-dev - suspicious values 'bats-dev' in RRECOMMENDS [multilib] when building lib32-libgpiod with ptest not enabled. We add the dependency only if ptest is enabled. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9904bd6a24ed9327bd05926ba28f9c2ea49e34dd) Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-07-16T19:15:41+00:00 Chee Yang Lee chee.yang.lee@intel.com 2023-07-12T08:03:31+00:00 urn:sha1:7d4883e0a037a68dd0ed6676cb81238afe38561d https://c-ares.org/changelog.html c-ares version 1.19.1 - May 22 2023 Security: CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation Bug fixes: Fix uninitialized memory warning in test Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses ares_getaddrinfo() should allow a port of 0 Fix memory leak in ares_send() on error Fix comment style in ares_data.h Remove unneeded ifdef for Windows Fix typo in ares_init_options.3 Re-add support for Watcom compiler Sync ax_pthread.m4 with upstream Windows: Invalid stack variable used out of scope for HOSTS path Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-07-16T19:15:37+00:00 Chee Yang Lee chee.yang.lee@intel.com 2023-07-12T05:57:53+00:00 urn:sha1:6c46f263d55b484d935873b088117d2107cc45ea affects <= 0.13.0 Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-06-23T12:02:41+00:00 Soumya via soumya.sambu@windriver.com 2023-06-15T16:04:45+00:00 urn:sha1:9eaadb6a674ce45b4c05e8b1880e5c6db0c0a4e6 A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547. Signed-off-by: Soumya <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>