linux/meta-openembedded.git/meta-oe, branch stable/kirkstone-nut Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=stable%2Fkirkstone-nut 2023-11-03T14:52:59+00:00 indent: fix CVE-2023-40305 2023-11-03T14:52:59+00:00 Yogita Urade yogita.urade@windriver.com 2023-10-20T04:56:09+00:00 urn:sha1:7da6cb848bc42b3e6bd5d2b37b52ba75510a6ca0 GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. Reference: https://savannah.gnu.org/bugs/index.php?64503 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> suiteparse: Adapt to upstream branch name changes 2023-11-03T14:49:44+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2023-10-26T13:11:18+00:00 urn:sha1:8274d201cbe36b2fc5feb409b4fc9f84d85afa97 meta-oe master branch already made this change. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> c-ares: CVE-ID correction for CVE-2022-4904 2023-09-27T14:23:10+00:00 Shinu Chandran shinucha@cisco.com 2023-09-25T05:42:56+00:00 urn:sha1:b25e6a9e9111cbc0fc71e0e96c560c5cd2ee845d - The c-ares commit https://github.com/c-ares/c-ares/commit/9903253c347f (Add str len check in config_sortlist to avoid stack overflow), fixes the CVE-2022-4904 instead of CVE-2022-4415 https://security-tracker.debian.org/tracker/CVE-2022-4904 - CVE-ID inside the CVE-2022-4904.patch is wrong in the OE commit[092e125f44f6] - Hence corrected the CVE-ID in CVE-2022-4904.patch Signed-off-by: Shinu Chandran <shinucha@cisco.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> openldap: update to 2.5.16 2023-09-27T14:00:32+00:00 Armin Kuster akuster808@gmail.com 2023-09-27T11:58:07+00:00 urn:sha1:06c077155c6fa02967fa1ee75dc0fd1974264ce3 2.5.x is an LTS version per the project. Drop patch now included. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> freeglut: Add packageconfigs for x11/wayland/gles 2023-09-23T17:38:46+00:00 Khem Raj raj.khem@gmail.com 2023-01-10T10:24:00+00:00 urn:sha1:dd5003603b47bff937123c85f27e03e0eb34a15c helps it compiling on on different openGL implementations which may not implement fulll openGL specs Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a9212722c1b1a2ab29215651063ca94fb114c39b) Signed-off-by: Armin Kuster <akuster808@gmail.com> redis: upgrade 7.0.12 -> 7.0.13 2023-09-23T17:09:01+00:00 Polampalli, Archana archana.polampallii@windriver.com 2023-09-08T06:34:24+00:00 urn:sha1:fcfdcc38085ac5e5f33a813b51642e067ac0e1e0 This release has only security and bug fixes. ChangeLog: https://github.com/redis/redis/releases/tag/7.0.13 Security Fixes: https://nvd.nist.gov/vuln/detail/CVE-2023-41053 $ git log --oneline 7.0.12..7.0.13 49dbedb1d (tag: 7.0.13, origin/7.0) Redis 7.0.13 0f14d3279 Fix sort_ro get-keys function return wrong key number (#12522) 4d67bb6af do not call handleClientsBlockedOnKeys inside yielding command (#12459) 37599fe75 Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451) ea1bc6f62 Process loss of slot ownership in cluster bus (#12344) 646069a90 Skip test for sdsRemoveFreeSpace when mem_allocator is not jemalloc (#11878) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster@mvista.com> rabbitmq-c: Fix CVE-2023-35789 2023-09-23T17:06:57+00:00 Soumya Sambu soumya.sambu@windriver.com 2023-09-06T13:22:04+00:00 urn:sha1:6548426c43a43f5fefcd6b24320eef786309db9b An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-35789 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster@mvista.com> opensc: ignore CVE-2021-34193 2023-09-19T11:55:41+00:00 Jose Quaresma quaresma.jose@gmail.com 2023-09-13T17:01:06+00:00 urn:sha1:43a4259f68b72228bd17b2b5bdf08cb2fa0e6edb The CVE-2021-34193 is a duplicate CVE covering the 5 individual already fixed. https://github.com/OpenSC/OpenSC/pull/2855 Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Armin Kuster <akuster808@gmail.com> hdf5: Fix CVE-2021-37501 2023-09-19T11:55:11+00:00 Mingli Yu mingli.yu@windriver.com 2023-09-11T06:54:00+00:00 urn:sha1:04423e6ee7c1f90db38dd4bff8b1261b638c0774 Backport a patch [1] to fix CVE-2021-37501. [1] https://github.com/HDFGroup/hdf5/commit/b16ec83d4bd79f9ffaad85de16056419f3532887 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> hwloc: fix CVE-2022-47022 2023-09-06T13:13:26+00:00 Soumya Sambu soumya.sambu@windriver.com 2023-09-06T09:23:01+00:00 urn:sha1:a88cb922f91fda95e8a584cee3092083d5ad3e98 An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. References: https://nvd.nist.gov/vuln/detail/CVE-2022-47022 https://github.com/open-mpi/hwloc/issues/544 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>