From: Lee Chee Yang
import patch from ubuntu to fix CVE-2023-52356 CVE-2023-6277
import from
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
Signed-off-by: Lee Chee Yang
---
v2: fix Upstream-Status format
.../libtiff/tiff/CVE-2023-52356.patch
From: Lee Chee Yang
import patch from ubuntu to fix CVE-2023-52356 CVE-2023-6277
import from
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
Signed-off-by: Lee Chee Yang
---
.../libtiff/tiff/CVE-2023-52356.patch | 55 ++
.../libtiff/tiff/CVE
E-Core rev: 74da05b63634c248910594456dae286947f33da5)
Signed-off-by: Tan Wen Yan
Signed-off-by: Steve Sakoman
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/py
From: Lee Chee Yang
fix CVE-2023-6816 CVE-2024-0408 CVE-2024-0409
Signed-off-by: Lee Chee Yang
---
.../xwayland/xwayland/CVE-2023-6816.patch | 57
.../xwayland/xwayland/CVE-2024-0408.patch | 65 +++
.../xwayland/xwayland/CVE-2024-0409.patch | 47
From: Lee Chee Yang
Changes between 3.1.4 and 3.1.5 [30 Jan 2024]
* A file in PKCS12 format can contain certificates and keys and may
come from
an untrusted source. The PKCS12 specification allows certain fields
to be
NULL, but OpenSSL did not correctly check for this case. A fix has
been
.
(cherry-pick from Oe-Core rev 705d2972b38efc9f331e3635c07ca92f8812b365)
Signed-off-by: Simone Weiß
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../recipes-support/gnutls/{gnutls_3.8.2.bb => gnutls_3.8.3.bb} | 2 +-
1 file changed, 1 insert
kernel
** gnutls-cli: New option --starttls-name
(cherry-pick from Oe-Core rev 3c01bb0be8ddafa0aa1ad996ec524b51fd28f512)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Lee Chee Yang
---
.../recipes-support/gnutls/{gnutls_3.8.1.bb => gnutls_3.8.2.bb} | 2 +-
1 f
c'. [GL #4478]
(cherry-pick from Oe-Core rev d7f31aba343948dbaadafc8c0c66f78e6ffb46e3)
Signed-off-by: Soumya Sambu
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../bind/{bind_9.18.21.bb => bind_9.18.24.bb} | 2 +-
1 file changed, 1 insertion(+),
-based DNS cookies.
(cherry-pick from Oe-core rev b750d54622a0fa0a35d83ddc59f07661e903360b)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
...nd-ensure-searching-for-json-headers-searches-sysr.patch | 6 +++---
.../bind/{bind_9.18.20.bb
From: Lee Chee Yang
Changes between 3.1.4 and 3.1.5 [30 Jan 2024]
* A file in PKCS12 format can contain certificates and keys and may
come from
an untrusted source. The PKCS12 specification allows certain fields
to be
NULL, but OpenSSL did not correctly check for this case. A fix has
been
-22195.
(cherry-pick from Oe-Core rev 8a0524464583d69df7746253f5020c2c125a8e1f)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../python/{python3-jinja2_3.1.2.bb => python3-jinja2_3.1.3.bb} | 2 +-
1 file changed
From: Lee Chee Yang
libxml2 2.11.7
Security
[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
libxml2 2.11.6
Regressions
threads: Fix --with-thread-alloc
xinclude: Fix 'last' pointer in xmlXIncludeCopyNode
Bug fixes
parser: Fix potential us
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../xwayland/xwayland/CVE-2023-6377.patch | 82 +++
.../xwayland/xwayland/CVE-2023-6478.patch | 66 +++
.../xwayland/xwayland_22.1.8.bb | 2 +
3 files changed, 150 insertions(+)
create mode
: 8a0524464583d69df7746253f5020c2c125a8e1f)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../python/{python3-jinja2_3.1.2.bb => python3-jinja2_3.1.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename m
From: Alexander Kanavin
(cherry picked from OE-Core rev: 1e58fa1fff649a4ab07290d2b0e5a8d69d51ef16)
Signed-off-by: Alexander Kanavin
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../python/{python3-jinja2_3.1.1.bb => python3-jinja2_3.1.2
f knowing what the actual problem was.
- Sudo will now log the invoking user's environment as "submitenv"
in the JSON logs. The command's environment ("runenv") is no
longer logged for commands rejected by the sudoers file or an
approval plugin.
(cherry picked from OE
From: Chen Qi
(cherry picked from OE-Core rev 4b2eccc0ee3f2906f9b04de194b9df6e24c2cdf4)
Signed-off-by: Chen Qi
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb} | 2 +-
1 f
From: Wang Mingyu
upgrade include fix for CVE-2023-6377 CVE-2023-6478
(Cherry-pick from OE-Core rev: bf0bb7b94ed4930145af5f1fb3836157daceb6bb)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../xwayland
From: Lee Chee Yang
Upstream docs for CVE-2023-46219:
https://curl.se/docs/CVE-2023-46219.html
Signed-off-by: Lee Chee Yang
---
.../curl/curl/CVE-2023-46219.patch| 131 ++
meta/recipes-support/curl/curl_8.4.0.bb | 1 +
2 files changed, 132 insertions
From: Lee Chee Yang
update include fix for CVE-2023-3019.
CVE-2023-3019 :
https://github.com/qemu/qemu/commit/88e79a2dfda319f9ebec2cc8a5c3c9733716d13f
Signed-off-by: Lee Chee Yang
---
.../qemu/{qemu-native_8.1.2.bb => qemu-native_8.1.4.bb} | 0
...{qemu-system-native_8.1.2.bb =>
From: Lee Chee Yang
import patch from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz
upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57
Signed-off-by: Lee Chee Yang
---
.../curl/curl/CVE-2023-46218.patch| 52
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../curl/curl/CVE-2023-46218.patch| 52 +++
meta/recipes-support/curl/curl_8.4.0.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46218.patch
diff
From: Lee Chee Yang
update include fix for CVE-2023-46218.
skip test 1477 which check that libcurl-errors.3 and the public
header files have the same set of error codes.
Notes: This test is not included in the source tarball.
https://github.com/curl/curl/issues/12462
Release Notes:
curl and
From: Lee Chee Yang
import patch from ubuntu to fix CVE-2023-25584
http://archive.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.34-6ubuntu1.7.debian.tar.xz
upstream patch :
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
Signed-off-by
From: Lee Chee Yang
import patch from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.30.0-9ubuntu0.5.debian.tar.xz
fix:
CVE-2023-31484
CVE-2023-47038
CVE-2023-47100
as per https://ubuntu.com/security/CVE-2023-47100 ,
CVE-2023-47100 is duplicate of CVE-2023-47038.
perl import
ping
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Lee Chee Yang
> Sent: Thursday, November 30, 2023 8:28 PM
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [kirkstone][PATCH 1/
03ef6ed25e802277f13a)
Signed-off-by: Rasmus Villemoes
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
meta/conf/distro/include/security_flags.inc | 1 -
meta/recipes-kernel/perf/perf.bb| 9 +
2 files changed, 9 insertions(+), 1 del
From: Wang Mingyu
upgrade include CVE-2023-46751.
(cherry pick from Oe-Core rev: 9492c2d51a08fbd4c107540a5a833b1a3fb70504 )
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Lee Chee Yang
---
.../{ghostscript_10.02.0.bb => ghostscript_10.02.1.bb} | 2 +-
From: Lee Chee Yang
update include fix for CVE-2023-47100.
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} (99%)
From: Lee Chee Yang
checkout CVE-2023-4692.patch from OE-Core rev:
c89835b37366dde6c74f8221fd5a295ecabf8225
checkout CVE-2023-4693.patch from OE-Core rev:
1a098dba85ec1b875512d75f7eca9026e781
Signed-off-by: Lee Chee Yang
---
.../grub/files/CVE-2023-4692.patch| 97
From: Lee Chee Yang
remove upstreamed
0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
Signed-off-by: Lee Chee Yang
---
...mt.sh-add-32-bit-integer-format-defi.patch | 28 ---
.../{perlcross_1.5.bb => perlcross_1.5.2.bb} | 3 +-
2 files changed, 1 insert
From: Lee Chee Yang
patch file added since Oe-Core rev a9203c46cd64c3ec5e5b00e381bbac85733f85df but
not part of SRC_URI.
Signed-off-by: Lee Chee Yang
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8
From: Lee Chee Yang
remove upstreamed
0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
Signed-off-by: Lee Chee Yang
---
...mt.sh-add-32-bit-integer-format-defi.patch | 28 ---
.../{perlcross_1.5.bb => perlcross_1.5.2.bb} | 3 +-
2 files changed, 1 insert
From: Lee Chee Yang
update include fix for CVE-2023-47100.
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} (99%)
From: Lee Chee Yang
Ignore RHEL specific CVE-2021-20295 CVE-2023-2680.
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/qemu/qemu.inc | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index a24915c35c
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../recipes-gnome/epiphany/epiphany_3.34.4.bb | 1 +
.../epiphany/files/CVE-2022-29536.patch | 46 +++
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
diff
rom commit 74da05b63634c248910594456dae286947f33da5 )
Signed-off-by: Tan Wen Yan
Signed-off-by: Steve Sakoman
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/py
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../xwayland/xwayland/CVE-2023-5367.patch | 85 +++
.../xwayland/xwayland_22.1.8.bb | 4 +-
2 files changed, 88 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE
: fixes GL_INVALID_ENUM errors on ES if there is no quads
( cherry-pick from commit 7d0fc94d09db76d4c4d6ca9d2da1b30768f68c9e )
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../xwayland/{xwayland_23.2.1.bb => xwayland_23.2.2.bb} | 2 +-
1 f
From: Richard Purdie
Drop three backport patches as they're applied upstream.
( cherry-pick from commit 7480ff9064a74858e83e0ae275dbdb78dd6fc2a4 )
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
...u-native_8.1.0.bb => qemu-native_8.1.2.bb} | 0
...e_8.1.0.bb =>
From: Khem Raj
Addresses CVE-2023-45803 [1]
[1]
https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
( cherry-pick from commit befec4d3591bb0dce0e256cf338eb541b2a56b98 )
Signed-off-by: Khem Raj
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
From: Lee Chee Yang
upgrade include fix for CVE-2023-5678.
Changes in 3.2.0
https://www.openssl.org/news/cl32.txt
drop upstreamed 0001-Link-libatomic-on-riscv32.patch.
drop fix_random_labels.patch as fixed by
https://github.com/openssl/openssl/commit/0fbc50ef0cb8894973d4739af62e95be825b7ccf
From: Lee Chee Yang
import patch from ubuntu curl_7.68.0-1ubuntu2.20.
minor change to CVE-2023-28321.patch tests/data/test1397 part
so the patch can be apply.
Signed-off-by: Lee Chee Yang
---
.../curl/curl/CVE-2023-28321.patch| 272 +
.../curl/curl/CVE-2023-28322
From: Lee Chee Yang
Add test for the --hidden argument introduced in Oe-Core
rev 7a111ff58d7390b79e2e63c8059f6c25f40f8977.
Signed-off-by: Lee Chee Yang
---
meta/lib/oeqa/selftest/cases/wic.py | 24
1 file changed, 24 insertions(+)
diff --git a/meta/lib/oeqa/selftest
From: Lee Chee Yang
import patch from ubuntu setuptools_45.2.0-1ubuntu0.1 .
Signed-off-by: Lee Chee Yang
---
.../python/python-setuptools.inc | 2 ++
.../python3-setuptools/CVE-2022-40897.patch | 29 +++
2 files changed, 31 insertions(+)
create mode 100644
From: Lee Chee Yang
take CVE-2021-3782.patch from OE-core rev
09b8ff8d2361b2db001bc963f481db294ccf2170.
Signed-off-by: Lee Chee Yang
---
.../wayland/wayland/CVE-2021-3782.patch | 111 ++
.../wayland/wayland_1.18.0.bb | 1 +
2 files changed, 112
From: Lee Chee Yang
issue in GhostPCL.
GhostPCL not part of this GhostScript recipe.
Signed-off-by: Lee Chee Yang
---
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
b/meta
From: Lee Chee Yang
remove obsolete SERIAL_CONSOLES_CHECK.
Signed-off-by: Lee Chee Yang
---
meta/conf/documentation.conf | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
index 23a9c0fe7b..d03c497c0e 100644
--- a/meta/conf
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
index 871b36440f..206c6ccae7 100644
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/qemu/qemu.inc | 4
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 5526eacb960..83bd5d7e67d 100644
--- a/meta/recipes-devtools/qemu
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/qemu/qemu.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index b331f87c0d..78c495516f 100644
--- a/meta/recipes-devtools/qemu
From: wangmy
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
(cherry picked from commit cb05578af3ace6e3983f93e16d9ad1ac2a65fbe2)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.11.bb => python3-urllib3_1.26.12.bb} | 2 +-
1 file changed, 1 insertion(+), 1 delet
tps://github.com/urllib3/urllib3/issues/2899>'__)
* Fix IDNA handling of '\x80' byte ('#2901
<https://github.com/urllib3/urllib3/issues/2901>'__)
Signed-off-by: Wang Mingyu
Signed-off-by: Richard Purdie
(cherry picked from commit 8e062efbac29a81831c3060bcae601
From: Lee Chee Yang
1.26.17 (2023-10-02)
Added the Cookie header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can
be set via Retry.remove_headers_on_redirect. (CVE-2023-43804)
1.26.16 (2023-05-23)
Fixed thread-safety issue
gyu
Signed-off-by: Richard Purdie
(cherry picked from commit a8a26a92dfe367472daf086a33a1b30ff6d17540)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.9.bb => python3-urllib3_1.26.10.bb} | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
rename meta/recipes-devtoo
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit dbe07ff87e2cb1a8276e69a43c7cdbb9ae6e5493)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.10.bb => python3-urllib3_1.26.11.bb}
: Richard Purdie
(cherry picked from commit 55ab1bf20e6893088acb6460e9004dac8e205559)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.13.bb => python3-urllib3_1.26.14.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.13
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit b18552f69a2eb8900981a10ba386dc4f862b29c3)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.12.bb => python3-urllib3_1.26.13.bb}
From: Lee Chee Yang
1.26.17 (2023-10-02)
Added the Cookie header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can
be set via Retry.remove_headers_on_redirect. (CVE-2023-43804)
1.26.16 (2023-05-23)
Fixed thread-safety issue
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-4504.patch | 42 +++
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
diff
From: Lee Chee Yang
changelog
Added the Cookie header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can
be set via Retry.remove_headers_on_redirect. (CVE-2023-43804)
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
v2: update qemu.inc, rebase on latest HEAD
(926eb08fe325e2ea13098f99d920840b9354ceb9)
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2020-24165.patch| 94 +++
2 files changed, 95
From: Lee Chee Yang
Notes for BIND 9.18.19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)
ISC would
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-4504.patch | 42 +++
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
diff
From: Ross Burton
(cherry-pick from commit 769576f36aac9652525beec5c7e8a4d26632b844 )
Signed-off-by: Ross Burton
Signed-off-by: Alexandre Belloni
Signed-off-by: Lee Chee Yang
---
meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-4504.patch | 42 +++
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
diff
From: Lee Chee Yang
drop patch which is already part of 5.1.3.
0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3964):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/1eb002596e3761d88de4aeea3158692b82fb6307
0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch(CVE
From: Wang Mingyu
Changelog:
Deprecate the 'dialup' and 'heartbeat-interval' options.
Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured.
Mark a primary server as temporarily unreachable if the TCP conne
From: Lee Chee Yang
release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory
From: Lee Chee Yang
release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Hemraj, Deepthi via
> lists.openembedded.org
> Sent: Wednesday, September 6, 2023 3:32 PM
> To: openembedded-core@lists.openembedded.org
> Cc: randy.macl...@windriver.com; umesh
/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
( cherry picked from commit 1568df72136f46f0767bba56c10c48bf2a1ec259 )
Signed-off-by: Archana Polampalli
Signed-off-by: Steve Sakoman
Signed-off-by: Lee Chee Yang
---
.../nasm/nasm/CVE-2022-44370.patch| 104 ++
meta/recipes-devtools/nasm/nasm_2.15.05.bb
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../xorg-lib/libxpm/CVE-2022-46285.patch | 40 +++
.../xorg-lib/libxpm_3.5.13.bb | 2 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/qemu/qemu.inc | 3 +-
.../qemu/qemu/CVE-2020-24165.patch| 94 +++
2 files changed, 96 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020
From: Alexander Kanavin
Use autotools-brokensep as new version needs that.
upgrade include fix for CVE-2020-21686 and CVE-2022-29654
(cherry picked from commit c9c724ffa36757b56e70bc8d7b880c0c5777b153)
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee
From: Lee Chee Yang
https://docs.python.org/release/3.8.18/whatsnew/changelog.html#changelog
Release date: 2023-08-24
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification
+1,35 @@
+CVE: CVE-2022-48554
+Upstream-Status: Backport [
https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ]
+Signed-off-by: Lee Chee Yang
+
+From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas
+Date: Mon, 14 Feb 2022 16:26:10
From: Chee Yang Lee
Release date: 2023-08-24
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification) and treating sent unencrypted data as if
it were post-handshake TLS encrypted
+Upstream-Status: Backport [
https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45
]
+Signed-off-by: Lee Chee Yang
+
+
+From 642eec48ff3adfdb7a9e562b6d7fc865d1733f45 Mon Sep 17 00:00:00 2001
+From: lutianxiong
+Date: Fri, 29 May 2020 01:25:40 +0800
+Subject: [PATCH
From: Sakib Sajal
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.6..go1.20.7 origin/release-branch.go1.20
adb775e309 (tag: go1.20.7, origin/release-branch.go1.20)
[release-branch.go1.20] go1.20.7
659f2a2207 [release-branch.go1.20] crypto/tls: restrict RSA keys in
certificates
From: Alexander Kanavin
(cherry picked from commit 7d5bb3a4690ef61a1fee21773b4717e829789e32)
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
Signed-off-by: Chee Yang Lee
---
.../0001-Don-t-search-system-for-headers-libraries.patch| 2 +-
...1-Lib-sysconfig.py-use-prefi
From: Chee Yang Lee
upgrade include fix for CVE-2023-40217
Release notes:
https://docs.python.org/3/whatsnew/changelog.html#python-3-11-5-final
Signed-off-by: Chee Yang Lee
---
.../python/{python3_3.11.4.bb => python3_3.11.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-
From: Alexander Kanavin
upgrade include fix for CVE-2023-24329
(cherry picked from commit f7f163ebe8c53de4314d04595c1fbcc7af2deccc )
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Chee Yang Lee
---
...1-Don-t-search-system-for
From: Chee Yang Lee
The same patch also fix CVE-2022-4645 CVE-2023-30774
CVE-2022-4645 - https://gitlab.com/libtiff/libtiff/-/issues/277
CVE-2023-30774 - https://gitlab.com/libtiff/libtiff/-/issues/463
Signed-off-by: Chee Yang Lee
---
meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch |
From: Chee Yang Lee
upgrade also include fix for CVE-2023-2829.
License-Update: removed trailing whitespace from COPYRIGHT
also remove obsolete configuration option epoll and devpoll:
https://github.com/isc-projects/bind9/commit/6b6076c882a00028197b04a827f6cf8e7a5369de
Signed-off-by: Chee Yang
From: Chee Yang Lee
upgrade also include fix for CVE-2023-2829.
License-Update: removed trailing whitespace from COPYRIGHT
Signed-off-by: Chee Yang Lee
---
.../bind/bind-9.18.11/CVE-2023-2828.patch | 197 --
.../bind/bind-9.18.11/CVE-2023-2911.patch | 97 -
..
From: Chee Yang Lee
update include fix for CVE-2023-38633.
Signed-off-by: Chee Yang Lee
---
.../librsvg/{librsvg_2.54.5.bb => librsvg_2.54.6.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-gnome/librsvg/{librsvg_2.54.5.bb => librsvg_2.54.6.bb}
(97%)
@@ -0,0 +1,31 @@
+CVE: CVE-2023-38559
+Upstream-Status: Backport [
https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=d81b82c70bc1 ]
+Signed-off-by: Lee Chee Yang
+
+From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
+From: Chris Liddell
+Date: Mon, 17 Jul 2023 14:06:37 +0100
From: Chee Yang Lee
upgrade include fix for CVE-2023-38633
Signed-off-by: Chee Yang Lee
---
.../librsvg/{librsvg_2.52.7.bb => librsvg_2.52.10.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-gnome/librsvg/{librsvg_2.52.7.bb => librsvg_2.52.10.bb}
(96%)
[https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde]
+Signed-off-by: Lee Chee Yang
+
+
+From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
+From: SaltyMilk
+Date: Mon, 10 Jul 2023 21:43:28 +0200
+Subject: [PATCH] fopen: optimize
+
+Closes #11419
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Polampalli, Archana via
> lists.openembedded.org
> Sent: Tuesday, August 8, 2023 1:24 AM
> To: openembedded-core@lists.openembedded.org
> Cc: hari.gpil...@windriver.com
> Subject
.
+
+CVE: CVE-2023-33204
+Upstream-Status: Backport [ upstream:
https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
+debian:
http://security.debian.org/debian-security/pool/updates/main/s/sysstat/sysstat_12.0.3-2+deb10u2.debian.tar.xz
]
+Signed-off-by: Lee Chee Yang
From: Chee Yang Lee
License-Update: update year to 2023
https://github.com/python/cpython/commit/30afa75ad8deca57a2bd0218f8fd6b3437c89507
Release Notes for 3.8.15:
Security content in this release
CVE-2022-40674: bundled libexpat was upgraded from 2.4.7 to 2.4.9 which
fixes a heap use-after-free
/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5]
+Signed-off-by: Lee Chee Yang
+
+---
+ requests/sessions.py | 4 +++-
+ tests/test_requests.py | 20
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/requests/sessions.py b/requests/sessions.py
+index 6cb3b4dae3
From: Narpat Mali
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote
attackers
to cause a denial of service via HTML in a crafted package or custom
PackageIndex
page. There is a Regular Expression Denial of Service (ReDoS) in
package_index.py.
CVE: CVE-2022-40897
Upstre
From: Chee Yang Lee
import patches from ubuntu to fix
CVE-2020-15469
CVE-2020-15859
CVE-2020-17380
CVE-2020-35504
CVE-2020-35505
CVE-2021-3409
CVE-2022-26354
https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/focal-security
Combine patches for both CVE-2020-25085 a
From: Chee Yang Lee
import patches from ubuntu to fix
CVE-2020-15469
CVE-2020-15859
CVE-2020-17380
CVE-2020-35504
CVE-2020-35505
CVE-2021-3409
CVE-2022-26354
https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/focal-security
Combine patches for both CVE-2020-25085 a
From: Chee Yang Lee
Signed-off-by: Chee Yang Lee
---
.../libksba/libksba/CVE-2022-3515.patch | 47 +++
meta/recipes-support/libksba/libksba_1.3.5.bb | 1 +
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-support/libksba/libksba/CVE-2022-3515.patch
diff
From: Chee Yang Lee
This patch fix CVE-2021-45944.
https://nvd.nist.gov/vuln/detail/CVE-2021-45944
Signed-off-by: Chee Yang Lee
---
.../check-stack-limits-after-function-evalution.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/meta/recipes-extended/ghostsc
From: Chee Yang Lee
upgrade include fix for CVE-2022-41722 CVE-2022-41723 CVE-2022-41724
CVE-2022-41725 CVE-2023-24532
Release notes:
go1.19.5 (released 2023-01-10) includes fixes to the compiler, the
linker, and the crypto/x509, net/http, sync/atomic, and syscall
packages. See the Go 1.19.5 mi
1 - 100 of 307 matches
Mail list logo
