Drop unnecessary restriction for QoS mapping.
Also adds tests for vlan QoS mapping.
Link:
https://github.com/systemd/systemd/commit/fe830b84d4002582e7aefb16e5e09fd0195f21c8.patch
PR: https://github.com/systemd/systemd/pull/27761
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
From: Sana Kazi
Add CVE-2023-51767 to CVE_CHECK_IGNORE to avoid in cve-check reports
as upstream does not consider CVE-2023-51767 a bug underlying in
OpenSSH and does not intent to address it in OpenSSH.
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
meta/recipes-connectivity/openssh
From: Sana Kazi
Fix CVE-2021-20223 for sqlite3
Link:
https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b.patch
Signed-off-by: Sana Kazi
---
.../sqlite/files/CVE-2021-20223.patch | 23 +++
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1
/content_encoding.c | 9 +
+ 1 file changed, 9 insertions(+)
+
+CVE: CVE-2022-32206
+Upstream-Status: Backport
[http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.81.0-1ubuntu1.3.debian.tar.xz]
+Comment: Refreshed hunks to fix patch fuzz
+Signed-off-by: Sana Kazi
+
+Index: curl-7.83.1
From: Sana Kazi
Fix below listed CVEs:
CVE-2022-22576
Link:
https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425.patch
CVE-2022-27775
Link:
https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705.patch
CVE-2022-27776
Link:
https://github.com/curl
Fix CVE-2022-0891 for tiff
Link:
https://sources.debian.org/src/tiff/4.1.0+git191117-2%7Edeb10u4/debian/patches/CVE-2022-0891.patch/
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
.../libtiff/files/CVE-2022-0891.patch | 217 ++
meta/recipes-multimedia/libtiff
://nvd.nist.gov/vuln/detail/CVE-2020-16599
https://nvd.nist.gov/vuln/detail/CVE-2021-20294
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
meta/recipes-devtools/binutils/binutils-2.34.inc | 15 +++
1 file changed, 15 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils
(From OE-Core rev: 6ae14b4ff7a655b48c6d99ac565d12bf8825414f)
Signed-off-by: Richard Purdie
(cherry picked from commit e600227b136aa21b54f16e218858d640c8942f73)
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
...99c99f987dc32ae110370cfdd7df7975586b.patch | 28
Hi Richard,
I need all the variables but am also interested in additional information
like CVE_PRODUCT or MAINTAINER. Prepared these changes so that any project
specific additional information like that can be added by appending them in
a recipe or distro specific conf.
Regards,
Sana Kazi
On
:
BUILDHISTORY_EXPORT_RECIPE_VARIABLES += "MAINTAINER"
BUILDHISTORY_EXPORT_PACKAGE_VARIABLES += "MAINTAINER"
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
meta/classes/buildhistory.bbclass | 111 --
1 file changed, 73 insertions(+), 38 deletions(-)
diff
Added test case which uses BUILDHISTORY_EXPORT_RECIPE_VARIABLES
and BUILDHISTORY_EXPORT_PACKAGE_VARIABLES to add LICENSE for glibc as a
sample recipe to buildhistory and the test verifies that expected
license value is written in latest file.
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
:
BUILDHISTORY_EXPORT_RECIPE_VARIABLES += "MAINTAINER"
BUILDHISTORY_EXPORT_PACKAGE_VARIABLES += "MAINTAINER"
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
meta-poky/conf/distro/poky.conf | 2 +
meta/classes/buildhistory.bbclass | 106 +++---
2 files changed, 70 inserti
Whitelist CVE-2016-20012 as the upstream OpenSSH developers
see this as an important security feature and do not intend to
'fix' it.
Link: https://security-tracker.debian.org/tracker/CVE-2016-20012
https://ubuntu.com/security/CVE-2016-20012
Signed-off-by: Sana Kazi
Signed-off-by:
Add patch to fix CVE-2021-41617
Link: https://bugzilla.suse.com/attachment.cgi?id=854015
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
.../openssh/openssh/CVE-2021-41617.patch | 52 +++
.../openssh/openssh_8.2p1.bb | 1 +
2 files changed, 53
CVE-2021-423xx-awk.patch fixes below listed CVEs for busybox:
CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
meta/recipes-core/busybox/busybox_1.31.1.bb | 1
ie
(cherry picked from commit 457cc45f51e78a532930d0347de271f24ae0a2ee)
Upstream-Status: Backport
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
meta/recipes-core/systemd/systemd_244.5.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/systemd/systemd_244.5.bb
b/meta/recipes-core/
Added patch for CVE-2020-12674
Link:
http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
...uth-mech-rpa-Fail-on-zero-len-buffer.patch | 30 +++
.../dovecot/dovecot_2.2.36.4.bb
Added patch for CVE-2020-12673
Link:
http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
...tlm-Check-buffer-length-on-responses.patch | 37 +++
.../dovecot/dovecot_2.2.36.4.bb
Added patches to fix CVE-2020-12100
Link:
http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
...-parser-Add-a-message_part_finish-he.patch | 76 +++
...-parser-Change-message_part_append
Added patch to fix CVE-2021-28041.
Link:
http://archive.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_8.2p1-4ubuntu0.3.debian.tar.xz
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
.../openssh/openssh/CVE-2021-28041.patch | 20 +++
.../openssh/openssh_8.2p1.bb
Hi,
Could you please review below patch?
Regards,
Sana Kazi
On Mon, 26 Jul 2021 at 09:16, Sana Kazi wrote:
> From: Sana Kazi
>
> Added test case which uses BUILDHISTORY_EXPORT_RECIPE_VARIABLES
> and BUILDHISTORY_EXPORT_PACKAGE_VARIABLES to add LICENSE for glibc as a
> s
Hi,
Could you please review the patch for master branch to enable exporting
more recipe and package data?
Regards,
Sana Kazi
On Mon, 26 Jul 2021 at 09:15, Sana Kazi wrote:
> From: Sana Kazi
>
> Used BUILDHISTORY_EXPORT_RECIPE_VARIABLES and
> BUILDHISTORY_EXPORT_PACKAGE_VARIABL
From: Sana Kazi
Added test case which uses BUILDHISTORY_EXPORT_RECIPE_VARIABLES
and BUILDHISTORY_EXPORT_PACKAGE_VARIABLES to add LICENSE for glibc as a
sample recipe to buildhistory and the test verifies that expected
license value is written in latest file.
Signed-off-by: Sana Kazi
From: Sana Kazi
Used BUILDHISTORY_EXPORT_RECIPE_VARIABLES and
BUILDHISTORY_EXPORT_PACKAGE_VARIABLES to export recipe and package
data to the latest file of buildhistory and sorted it alphabetically.
This makes extending data in buildhistory git tree simple and avoids
patches to it for users who
From: Sana Kazi
Added test case which uses BUILDHISTORY_EXPORT_RECIPE_VARIABLES
and BUILDHISTORY_EXPORT_PACKAGE_VARIABLES to add LICENSE for glibc as a
sample recipe to buildhistory and the test verifies that expected
license value is written in latest file.
Signed-off-by: Sana Kazi
From: Sana Kazi
Used BUILDHISTORY_EXPORT_RECIPE_VARIABLES and
BUILDHISTORY_EXPORT_PACKAGE_VARIABLES to export recipe and package
data to the latest file of buildhistory and sorted it alphabetically.
This makes extending data in buildhistory git tree simple and avoids
patches to it for users who
Hi Steve,
Whitelisted CVE-2020-15778 because it is reflected in recent CVE metrics which
you mailed on Sunday.
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Steve Sakoman
Sent: Tuesday, April 6, 2021 4:05 AM
To: Sana Kazi
Cc: Patches
can be whitelisted.
Links:
https://securitytracker.com/id?1020730
https://www.securityfocus.com/bid/30794
For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
Hence, it can be whitelisted for 8.2p1
https://nvd.nist.gov/vuln/detail/CVE-2020-15778
Signed-off-by: Sana Kazi
---
meta/recipes
Hi Steve,
I have verified the patch on dunfell branch and it builds successfully.
Please refer the attached do_patch log.
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Steve Sakoman
Sent: Wednesday, March 31, 2021 11:31 PM
To: Sana Kazi
From: Lee Chee Yang
(From OE-Core rev: 38482edf1a31ed0735b746cf0ab3e1adda4199d1)
Signed-off-by: Lee Chee Yang
Signed-off-by: Anuj Mittal
Signed-off-by: Richard Purdie
Signed-off-by: Sana Kazi
---
.../openssh/openssh/CVE-2020-14145.patch | 90 +++
.../openssh
Applied patch for CVE-2020-14145 which fixes
man-in-the-middle attack.
Link:
https://anongit.mindrot.org/openssh.git/patch/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d
Signed-off-by: Sana Kazi
---
.../openssh/openssh/CVE-2020-14145.patch | 97 +++
.../openssh/openssh_8.2p1
Hi,
Could you please review below patch for curl to be upstreamed
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Sana Kazi
Sent: Thursday, January 7, 2021 5:26 PM
To: Openembedded-core@lists.openembedded.org
; raj.k...@gmail.com
Cc: N
Hi,
This patch is merged for master and dunfell. Could you please review it for
gatesgarth.
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Sana Kazi
Sent: Wednesday, March 3, 2021 4:21 PM
To: Openembedded-core@lists.openembedded.org
; r
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not
hadow version 4.81.
Hence, this is applicable for master, gatesgarth and dunfell.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658
Signed-off-by: Sana Kazi
---
meta/recipes-extended/shadow/shadow_4.8.1.bb | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/re
including 7.70.0
- Not affected versions: curl < 7.20.0 and curl >= 7.71.0
Fixes both CVE-2020-8169 and CVE-2020-8177
(From OE-Core rev: f42702baee57ab3d1b7ab7833e72c7d56ad4ee94)
Signed-off-by: Armin Kuster
Signed-off-by: Steve Sakoman
Signed-off-by: Richard Purdie
Signed-off-by: San
From: Ross Burton
The previous fix for CVE-2018-19758 wasn't complete, so backport another patch
to solve it properly.
(From OE-Core rev: aeaca9bb1b1c8bf44818945dc4b2cbd6d4b5cef2)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Sana Kazi
---
.../libsndfile1/CVE
h CVE-2018-13139.patch.
(From OE-Core rev: a5625df8031985e9c60c34068a4a01c36da40eec)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Sana Kazi
---
...aw-fix-multiple-buffer-overflows-432.patch | 107
.../libsndfile1/CVE-2017-12562.patch
From: Changqing Li
(From OE-Core rev: 6f010c9baae5ce2108122d0c6d3b1d630a21)
Signed-off-by: Changqing Li
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Sana Kazi
---
.../libsndfile1/CVE-2018-19432.patch | 115 ++
.../libsndfile
From: Changqing Li
Fixes 4 CVEs which are backported from
https://github.com/erikd/libsndfile/commit/585cc28a93be27d6938f276af0011401b9f7c0ca
(From OE-Core rev: 8f4af329df5373db8910726a6b954652623003dd)
Signed-off-by: Changqing Li
Signed-off-by: Richard Purdie
Signed-off-by: Sana Kazi
-by: Sana Kazi
---
...selective-backport-of-20191012-patch.patch | 158 ++
.../ncurses/ncurses_6.0+20171125.bb | 1 +
2 files changed, 159 insertions(+)
create mode 100644
meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch
diff
Regards,
Sana Kazi
From: Sana Kazi
Sent: Wednesday, January 6, 2021 2:39 PM
To: openembedded-core@lists.openembedded.org
; raj.k...@gmail.com
Cc: Nisha Parrakat ; Aditya Tayade
; Trevor Gamblin ; Armin
Kuster ; Richard Purdie
; Sana Kazi
Subject: [poky
42 matches
Mail list logo