date:20221016

[OE-core] [dunfell][PATCH] postgresql: Fix CVE-2022-2625

2022-10-16 Thread Hitendra Prajapati

Upstream-Status: Backport from 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5579726bd60a6e7afb04a3548bced348cd5ffd89
Description:
CVE-2022-2625 postgresql: Extension scripts replace objects not 
belonging to the extension.

Signed-off-by: Hitendra Prajapati 
---
 .../postgresql/files/CVE-2022-2625.patch  | 904 ++
 .../recipes-dbs/postgresql/postgresql_12.9.bb |   1 +
 2 files changed, 905 insertions(+)
 create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch

diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch 
b/meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch
new file mode 100644
index 00..6417d8a2b7
--- /dev/null
+++ b/meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch
@@ -0,0 +1,904 @@
+From 84375c1db25ef650902cf80712495fc514b0ff63 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati 
+Date: Thu, 13 Oct 2022 10:35:32 +0530
+Subject: [PATCH] CVE-2022-2625
+
+Upstream-Status: Backport 
[https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5579726bd60a6e7afb04a3548bced348cd5ffd89]
+CVE: CVE-2022-2625
+Signed-off-by: Hitendra Prajapati 
+---
+ doc/src/sgml/extend.sgml  |  11 --
+ src/backend/catalog/pg_collation.c|  49 --
+ src/backend/catalog/pg_depend.c   |  74 -
+ src/backend/catalog/pg_operator.c |   2 +-
+ src/backend/catalog/pg_type.c |   7 +-
+ src/backend/commands/createas.c   |  18 ++-
+ src/backend/commands/foreigncmds.c|  19 ++-
+ src/backend/commands/schemacmds.c |  25 ++-
+ src/backend/commands/sequence.c   |   8 +
+ src/backend/commands/statscmds.c  |   4 +
+ src/backend/commands/view.c   |  16 +-
+ src/backend/parser/parse_utilcmd.c|  10 ++
+ src/include/catalog/dependency.h  |   2 +
+ src/test/modules/test_extensions/Makefile |   5 +-
+ .../expected/test_extensions.out  | 153 ++
+ .../test_extensions/sql/test_extensions.sql   | 110 +
+ .../test_ext_cine--1.0--1.1.sql   |  26 +++
+ .../test_extensions/test_ext_cine--1.0.sql|  25 +++
+ .../test_extensions/test_ext_cine.control |   3 +
+ .../test_extensions/test_ext_cor--1.0.sql |  20 +++
+ .../test_extensions/test_ext_cor.control  |   3 +
+ 21 files changed, 540 insertions(+), 50 deletions(-)
+ create mode 100644 
src/test/modules/test_extensions/test_ext_cine--1.0--1.1.sql
+ create mode 100644 src/test/modules/test_extensions/test_ext_cine--1.0.sql
+ create mode 100644 src/test/modules/test_extensions/test_ext_cine.control
+ create mode 100644 src/test/modules/test_extensions/test_ext_cor--1.0.sql
+ create mode 100644 src/test/modules/test_extensions/test_ext_cor.control
+
+diff --git a/doc/src/sgml/extend.sgml b/doc/src/sgml/extend.sgml
+index 53f2638..bcc7a80 100644
+--- a/doc/src/sgml/extend.sgml
 b/doc/src/sgml/extend.sgml
+@@ -1109,17 +1109,6 @@ SELECT * FROM 
pg_extension_update_paths('extension_namesearch_path.  However, no mechanism currently exists
+   to require that.
+  
+-
+- 
+-  Do not use CREATE OR REPLACE
+-  FUNCTION, except in an update script that must change the
+-  definition of a function that is known to be an extension member
+-  already.  (Likewise for other OR REPLACE options.)
+-  Using OR REPLACE unnecessarily not only has a risk
+-  of accidentally overwriting someone else's function, but it creates a
+-  security hazard since the overwritten function would still be owned by
+-  its original owner, who could modify it.
+- 
+ 
+
+ 
+diff --git a/src/backend/catalog/pg_collation.c 
b/src/backend/catalog/pg_collation.c
+index dd99d53..ba4c3ef 100644
+--- a/src/backend/catalog/pg_collation.c
 b/src/backend/catalog/pg_collation.c
+@@ -78,15 +78,25 @@ CollationCreate(const char *collname, Oid collnamespace,
+* friendlier error message.  The unique index provides a backstop 
against
+* race conditions.
+*/
+-  if (SearchSysCacheExists3(COLLNAMEENCNSP,
+-
PointerGetDatum(collname),
+-
Int32GetDatum(collencoding),
+-
ObjectIdGetDatum(collnamespace)))
++  oid = GetSysCacheOid3(COLLNAMEENCNSP,
++Anum_pg_collation_oid,
++PointerGetDatum(collname),
++Int32GetDatum(collencoding),
++
ObjectIdGetDatum(collnamespace));
++  if (OidIsValid(oid))
+   {
+   if (quiet)
+   return InvalidOid;
+   else if (if_not_exists)
+   {
++  /*
++

[OE-core] [PATCH] vulkan-loader: Move libvulkan.so to main package

2022-10-16 Thread Tom Hochstein

Since libvulkan.so is commonly loaded dynamically, put it in the main
package.

Signed-off-by: Tom Hochstein 
---
 meta/recipes-graphics/vulkan/vulkan-loader_1.3.216.0.bb | 5 +
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-graphics/vulkan/vulkan-loader_1.3.216.0.bb 
b/meta/recipes-graphics/vulkan/vulkan-loader_1.3.216.0.bb
index 15a079879b..698ce112dc 100644
--- a/meta/recipes-graphics/vulkan/vulkan-loader_1.3.216.0.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-loader_1.3.216.0.bb
@@ -35,6 +35,11 @@ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 
'wayland x11', d)}"
 PACKAGECONFIG[x11] = "-DBUILD_WSI_XLIB_SUPPORT=ON -DBUILD_WSI_XCB_SUPPORT=ON, 
-DBUILD_WSI_XLIB_SUPPORT=OFF -DBUILD_WSI_XCB_SUPPORT=OFF, libxcb libx11 
libxrandr"
 PACKAGECONFIG[wayland] = "-DBUILD_WSI_WAYLAND_SUPPORT=ON, 
-DBUILD_WSI_WAYLAND_SUPPORT=OFF, wayland"
 
+# libvulkan.so is commonly loaded dynamically, so put it in the main package
+SOLIBS = ".so*"
+FILES_SOLIBSDEV = ""
+INSANE_SKIP:${PN} += "dev-so"
+
 RRECOMMENDS:${PN} = "mesa-vulkan-drivers"
 
 UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P\d+(\.\d+)+)"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171900): 
https://lists.openembedded.org/g/openembedded-core/message/171900
Mute This Topic: https://lists.openembedded.org/mt/94372555/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

2022-10-16 Thread Jacob Kroon


On 10/16/22 14:05, Alexander Kanavin wrote:

On Sun, 16 Oct 2022 at 09:56, Jacob Kroon  wrote:

I do think it is reasonable to ask for not being mail-bombed with
machine generated emails.

I am asking for either to:
* put them on a separate mailing list
* merge them into one email

If keeping core updated still is "Alex's problem" then the AUH emails
are not having the intended effect *anyway*.


They do help, just not to the level I would like. They also provide an
easy way for someone who is not yet a contributor to become one,
particularly when AUH did succeed and produced a working patch that
doesn't need manual fixing. They also make the maintenance problem
known and visible. Sweeping it all under the carpet as suggested would
make the situation worse, not better.



Don't put words in my mouth. I gave two alternatives, not to sweep them 
under the carpet. A third option would be to publish the AUH results on 
some webpage and post the link.



If you do not want to mix those emails with those written by humans, I
trust your email client has a filter system. I still cling to the
belief that you would want to help the core, and only personal
circumstances prevent you, and therefore this filter will be set to
put those mails into a separate folder instead of deleting them
ouright.


Fine, I'll setup filtering to forward all AUH emails to the trashbin then.

Jacob

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171899): 
https://lists.openembedded.org/g/openembedded-core/message/171899
Mute This Topic: https://lists.openembedded.org/mt/94354924/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

2022-10-16 Thread Bruce Ashfield

On Sun, Oct 16, 2022 at 9:57 AM Bruce Ashfield 
wrote:

>
>
> On Sun, Oct 16, 2022 at 8:05 AM Alexander Kanavin 
> wrote:
>
>> On Sun, 16 Oct 2022 at 09:56, Jacob Kroon  wrote:
>> > I do think it is reasonable to ask for not being mail-bombed with
>> > machine generated emails.
>> >
>> > I am asking for either to:
>> > * put them on a separate mailing list
>> > * merge them into one email
>> >
>> > If keeping core updated still is "Alex's problem" then the AUH emails
>> > are not having the intended effect *anyway*.
>>
>> They do help, just not to the level I would like. They also provide an
>> easy way for someone who is not yet a contributor to become one,
>> particularly when AUH did succeed and produced a working patch that
>> doesn't need manual fixing. They also make the maintenance problem
>> known and visible. Sweeping it all under the carpet as suggested would
>> make the situation worse, not better.
>>
>> If you do not want to mix those emails with those written by humans, I
>> trust your email client has a filter system. I still cling to the
>> belief that you would want to help the core, and only personal
>> circumstances prevent you, and therefore this filter will be set to
>> put those mails into a separate folder instead of deleting them
>> ouright.
>>
>
> I'm with Alex on this.
>
> The email need to be visible and they need to be separate.
>

And by "separate", I mean not consolidated into a giant digest or report.

Bruce


>
> People can write filters, or mark them as read the few times they come
> out. That level
> of effort is not much of an ask, compared to trying to keep things up to
> date, and to
> keep everyone informed.
>
> Cheers,
>
> Bruce
>
>
>
>>
>> Alex
>>
>> 
>>
>>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await thee
> at its end
> - "Use the force Harry" - Gandalf, Star Trek II
>
>

-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171898): 
https://lists.openembedded.org/g/openembedded-core/message/171898
Mute This Topic: https://lists.openembedded.org/mt/94354924/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

2022-10-16 Thread Bruce Ashfield

On Sun, Oct 16, 2022 at 8:05 AM Alexander Kanavin 
wrote:

> On Sun, 16 Oct 2022 at 09:56, Jacob Kroon  wrote:
> > I do think it is reasonable to ask for not being mail-bombed with
> > machine generated emails.
> >
> > I am asking for either to:
> > * put them on a separate mailing list
> > * merge them into one email
> >
> > If keeping core updated still is "Alex's problem" then the AUH emails
> > are not having the intended effect *anyway*.
>
> They do help, just not to the level I would like. They also provide an
> easy way for someone who is not yet a contributor to become one,
> particularly when AUH did succeed and produced a working patch that
> doesn't need manual fixing. They also make the maintenance problem
> known and visible. Sweeping it all under the carpet as suggested would
> make the situation worse, not better.
>
> If you do not want to mix those emails with those written by humans, I
> trust your email client has a filter system. I still cling to the
> belief that you would want to help the core, and only personal
> circumstances prevent you, and therefore this filter will be set to
> put those mails into a separate folder instead of deleting them
> ouright.
>

I'm with Alex on this.

The email need to be visible and they need to be separate.

People can write filters, or mark them as read the few times they come out.
That level
of effort is not much of an ask, compared to trying to keep things up to
date, and to
keep everyone informed.

Cheers,

Bruce



>
> Alex
>
> 
>
>

-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171897): 
https://lists.openembedded.org/g/openembedded-core/message/171897
Mute This Topic: https://lists.openembedded.org/mt/94354924/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for langdale on Sun 16 Oct 2022 03:30:01 AM HST

2022-10-16 Thread Steve Sakoman

Branch: langdale

New this week: 1 CVEs
CVE-2022-3358 (CVSS3: 7.5 HIGH): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 *

Removed this week: 0 CVEs

Full list:  Found 3 unpatched CVEs
CVE-2022-3352 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3352 *
CVE-2022-3358 (CVSS3: 7.5 HIGH): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 *
CVE-2022-41556 (CVSS3: 7.5 HIGH): lighttpd 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556 *

For further information see: 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171896): 
https://lists.openembedded.org/g/openembedded-core/message/171896
Mute This Topic: https://lists.openembedded.org/mt/94363638/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for kirkstone on Sun 16 Oct 2022 03:00:01 AM HST

2022-10-16 Thread Steve Sakoman

Branch: kirkstone

New this week: 2 CVEs
CVE-2021-36369 (CVSS3: 7.5 HIGH): dropbear 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36369 *
CVE-2022-3358 (CVSS3: 7.5 HIGH): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 *

Removed this week: 11 CVEs
CVE-2022-2795 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2795 *
CVE-2022-2881 (CVSS3: 8.2 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2881 *
CVE-2022-2906 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2906 *
CVE-2022-29154 (CVSS3: 7.4 HIGH): rsync:rsync-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29154 *
CVE-2022-3080 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3080 *
CVE-2022-3278 (CVSS3: 5.5 MEDIUM): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3278 *
CVE-2022-32893 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32893 *
CVE-2022-3296 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3296 *
CVE-2022-3297 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3297 *
CVE-2022-3324 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3324 *
CVE-2022-38127 (CVSS3: 5.5 MEDIUM): 
binutils:binutils-cross-testsuite:binutils-cross-x86_64 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38127 *

Full list:  Found 18 unpatched CVEs
CVE-2018-25032 (CVSS3: 7.5 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25032 *
CVE-2021-28861 (CVSS3: 7.4 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28861 *
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 7.8 HIGH): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 7.8 HIGH): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
CVE-2021-36369 (CVSS3: 7.5 HIGH): dropbear 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36369 *
CVE-2021-3750 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3750 *
CVE-2021-3782 (CVSS3: 9.8 CRITICAL): wayland:wayland-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3782 *
CVE-2022-2867 (CVSS3: 8.8 HIGH): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2867 *
CVE-2022-2868 (CVSS3: 8.1 HIGH): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 *
CVE-2022-2869 (CVSS3: 8.8 HIGH): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2869 *
CVE-2022-2953 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2953 *
CVE-2022-2962 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962 *
CVE-2022-3352 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3352 *
CVE-2022-3358 (CVSS3: 7.5 HIGH): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 *
CVE-2022-38128 (CVSS3: 5.5 MEDIUM): 
binutils:binutils-cross-testsuite:binutils-cross-x86_64 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38128 *
CVE-2022-41556 (CVSS3: 7.5 HIGH): lighttpd 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556 *

For further information see: 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171895): 
https://lists.openembedded.org/g/openembedded-core/message/171895
Mute This Topic: https://lists.openembedded.org/mt/94363284/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for dunfell on Sun 16 Oct 2022 02:30:01 AM HST

2022-10-16 Thread Steve Sakoman

Branch: dunfell

New this week: 4 CVEs
CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 *
CVE-2021-36369 (CVSS3: 7.5 HIGH): dropbear 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36369 *
CVE-2022-2928 (CVSS3: 7.5 HIGH): dhcp 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2928 *
CVE-2022-2929 (CVSS3: 6.5 MEDIUM): dhcp 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2929 *

Removed this week: 0 CVEs

Full list:  Found 90 unpatched CVEs
CVE-2018-25032 (CVSS3: 7.5 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25032 *
CVE-2020-15469 (CVSS3: 2.3 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 *
CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
CVE-2020-15859 (CVSS3: 3.3 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 *
CVE-2020-17380 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380 *
CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 *
CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 *
CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 *
CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 *
CVE-2020-29510 (CVSS3: 5.6 MEDIUM): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 *
CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 *
CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35504 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504 *
CVE-2020-35505 (CVSS3: 4.4 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 *
CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 *
CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 *
CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 *
CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 *
CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 *
CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 *
CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 *
CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 *
CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 *
CVE-2021-20225 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 *
CVE-2021-20233 (CVSS3: 8.2 HIGH): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 *
CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 *
CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 *
CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 *
CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 *
CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-33194 (CVSS3: 7.5 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33194 *
CVE-2021-33195 (CVSS3: 7.3 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33195 *
CVE-2021-33198 (CVSS3: 7.5 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33198 *
CVE-2021-3409 (CVSS3: 5.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3409 *
CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 *
CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 *
CVE-2021-3507 (CVSS3: 6.1 MEDIUM): qemu:qemu-native:qemu-sy

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

2022-10-16 Thread Alexander Kanavin

On Sun, 16 Oct 2022 at 09:56, Jacob Kroon  wrote:
> I do think it is reasonable to ask for not being mail-bombed with
> machine generated emails.
>
> I am asking for either to:
> * put them on a separate mailing list
> * merge them into one email
>
> If keeping core updated still is "Alex's problem" then the AUH emails
> are not having the intended effect *anyway*.

They do help, just not to the level I would like. They also provide an
easy way for someone who is not yet a contributor to become one,
particularly when AUH did succeed and produced a working patch that
doesn't need manual fixing. They also make the maintenance problem
known and visible. Sweeping it all under the carpet as suggested would
make the situation worse, not better.

If you do not want to mix those emails with those written by humans, I
trust your email client has a filter system. I still cling to the
belief that you would want to help the core, and only personal
circumstances prevent you, and therefore this filter will be set to
put those mails into a separate folder instead of deleting them
ouright.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171893): 
https://lists.openembedded.org/g/openembedded-core/message/171893
Mute This Topic: https://lists.openembedded.org/mt/94354924/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for master on Sun 16 Oct 2022 02:00:01 AM HST

2022-10-16 Thread Steve Sakoman

Branch: master

New this week: 1 CVEs
CVE-2022-3358 (CVSS3: 7.5 HIGH): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 *

Removed this week: 0 CVEs

Full list:  Found 3 unpatched CVEs
CVE-2022-3352 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3352 *
CVE-2022-3358 (CVSS3: 7.5 HIGH): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 *
CVE-2022-41556 (CVSS3: 7.5 HIGH): lighttpd 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556 *

For further information see: 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171892): 
https://lists.openembedded.org/g/openembedded-core/message/171892
Mute This Topic: https://lists.openembedded.org/mt/94362472/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

2022-10-16 Thread Jacob Kroon


Hi Alex,

On 10/16/22 09:24, Alexander Kanavin wrote:
We are asking for help here with version updates. Specifically that you 
take at least some of these reports and act on them. If you don’t want 
to do this, fine, but demanding that those reports are not produced 
because deleting them inconveniences you is both unreasonable and 
antagonizing. Keeping core updated should not be ‘Alex problem’ but it 
de facto is.




I do think it is reasonable to ask for not being mail-bombed with 
machine generated emails.


I am asking for either to:
* put them on a separate mailing list
* merge them into one email

If keeping core updated still is "Alex's problem" then the AUH emails 
are not having the intended effect *anyway*.



Alex

On Sun 16. Oct 2022 at 8.50, Jacob Kroon > wrote:


Another AUH mail bomb, another time where I am pressing "delete" 148
times in my email client. I don't review machine generated emails.
I would not cry if AUH mails were sent to a designated mailing list,
one
that I am not subscribed to.

Jacob



Jacob

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171891): 
https://lists.openembedded.org/g/openembedded-core/message/171891
Mute This Topic: https://lists.openembedded.org/mt/94354924/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

2022-10-16 Thread Alexander Kanavin

We are asking for help here with version updates. Specifically that you
take at least some of these reports and act on them. If you don’t want to
do this, fine, but demanding that those reports are not produced because
deleting them inconveniences you is both unreasonable and antagonizing.
Keeping core updated should not be ‘Alex problem’ but it de facto is.

Alex

On Sun 16. Oct 2022 at 8.50, Jacob Kroon  wrote:

> Another AUH mail bomb, another time where I am pressing "delete" 148
> times in my email client. I don't review machine generated emails.
> I would not cry if AUH mails were sent to a designated mailing list, one
> that I am not subscribed to.
>
> Jacob
>
> On 10/16/22 00:03, Auto Upgrade Helper wrote:
> > Hello,
> >
> > this email is a notification from the Auto Upgrade Helper
> > that the automatic attempt to upgrade the recipe *acpid* to *2.0.34* has
> Succeeded.
> >
> > Next steps:
> >  - apply the patch: git am 0001-acpid-upgrade-2.0.33-2.0.34.patch
> >  - check the changes to upstream patches and summarize them in the
> commit message,
> >  - compile an image that contains the package
> >  - perform some basic sanity tests
> >  - amend the patch and sign it off: git commit -s --reset-author
> --amend
> >  - send it to the appropriate mailing list
> >
> > Alternatively, if you believe the recipe should not be upgraded at this
> time,
> > you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that
> > automatic upgrades would no longer be attempted.
> >
> > Please review the attached files for further information and
> build/update failures.
> > Any problem please file a bug at
> https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler
> >
> > Regards,
> > The Upgrade Helper
> >
> >
> >
> > 
> >
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#171890): 
https://lists.openembedded.org/g/openembedded-core/message/171890
Mute This Topic: https://lists.openembedded.org/mt/94354924/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH] postgresql: Fix CVE-2022-2625

[OE-core] [PATCH] vulkan-loader: Move libvulkan.so to main package

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

[OE-core] OE-core CVE metrics for langdale on Sun 16 Oct 2022 03:30:01 AM HST

[OE-core] OE-core CVE metrics for kirkstone on Sun 16 Oct 2022 03:00:01 AM HST

[OE-core] OE-core CVE metrics for dunfell on Sun 16 Oct 2022 02:30:01 AM HST

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

[OE-core] OE-core CVE metrics for master on Sun 16 Oct 2022 02:00:01 AM HST

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

Re: [OE-core] [AUH] acpid: upgrading to 2.0.34 SUCCEEDED

12 matches

Site Navigation

Mail list logo

Footer information