aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ostree: prevent ostree-native depending on target virtual/kernel to provide ↵stable/honister-nutMartin Jansa4 days1-1/+1
| | | | | | | | | kernel-module-overlay Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c06c5b71eefaa29c5d1b0f3b3cdcfb03663e4d75) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* imlib2: update SRC_URINicolas Dechesne4 days1-1/+1
| | | | | | | | | | | | | | | | | The upstream repo location has changed, it's now https://git.enlightenment.org/old/legacy-imlib2 It's not clear when or why it happened, but the the commit hash we use in SRCREV exists in the 'new' location, so let's at least update the SRC_URI for now, and fix this warning: WARNING: imlib2-1.7.1-r0 do_fetch: Failed to fetch URL git://git.enlightenment.org/legacy/imlib2.git;protocol=https;branch=master, attempting MIRRORS if available Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 62becef1091d21f487e826df7be7dcef3ab8f94c) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* zabbix: Fix sereval CVEsChangqing Li2022-04-162-0/+94
| | | | | | | fix CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.52 -> 2.4.53Yi Zhao2022-04-1611-65/+62
| | | | | | | | | | | | | | | | | | ChangeLog: https://downloads.apache.org/httpd/CHANGES_2.4.53 Security fixes: CVE-2022-23943 CVE-2022-22721 CVE-2022-22720 CVE-2022-22719 Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 81bbe65791459538ab578ac13e612f7dc6f692f0) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: Avoid running `make clean` as it may failPeter Kjellerstedt2022-04-071-0/+1
| | | | | | | | | | | | | | | | Rebuilding net-snmp may cause autotools_preconfigure() to run `make clean`, which in turn can cause `configure`to be run. However, since CACHED_CONFIGUREVARS is not set under those circumstances, `configure` will run with an incorrect configuration and the build will fail with: checking for /etc/printcap... configure: error: cannot check for file existence when cross compiling Avoid the problem by setting CLEANBROKEN = "1". Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* htop: switch branch from master to mainMartin Jansa2022-04-071-1/+1
| | | | | | | | | | | | | | * the branch was renamed in upstream * it's already resolved in meta-oe/kirkstone since this commit: commit cef2d1429bedbc256c5fac7a1a336842865dc2d3 Author: Robert Joslyn <robert.joslyn@redrectangle.org> Date: Sat Jan 15 06:19:04 2022 -0800 Subject: htop: Update to 3.1.2 Upstream renamed the branch to "main", update SRC_URI. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* breakpad: fix branch for gtest in SRC_URIThomas Perrot2022-04-071-1/+1
| | | | | | | | | The commit 4fe018038f87 is in the main branch, so the do_fetch task failed. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b8bb7dc157b248802218fcf80215f80a6c7cd6f3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-lxml: upgrade 4.6.3 -> 4.6.5Trevor Gamblin2022-04-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Release notes (https://github.com/lxml/lxml/blob/master/CHANGES.txt): 4.6.5 (2021-12-12) ================== Bugs fixed ---------- * A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images (CVE-2021-43818). * A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs (CVE-2021-43818). 4.6.4 (2021-11-01) ================== Features added -------------- * GH#317: A new property ``system_url`` was added to DTD entities. Patch by Thirdegree. * GH#314: The ``STATIC_*`` variables in ``setup.py`` can now be passed via env vars. Patch by Isaac Jurado. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libsrtp: Switch branch from master to mainPeter Kjellerstedt2022-04-071-1/+1
| | | | | | | The master branch has been renamed to main in the github repo. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 3.2.10 -> 3.2.12Trevor Gamblin2022-03-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | The delta between 3.2.10 and 3.2.12 contains numerous CVE and other bugfixes. git log --online 3.2.10..3.2.12 shows: fdf209eab8 (tag: 3.2.12) [3.2.x] Bumped version for 3.2.12 release. d16133568e [3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 1a1e8278c4 [3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. a7e89fe776 [3.2.x] Added stub release notes for 3.2.12 and 2.2.27. 027f4c4ceb [3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 0a9a46a1d7 [3.2.x] Post-release version bump. 6e499a28ac (tag: 3.2.11) [3.2.x] Bumped version for 3.2.11 release. 8d2f7cff76 [3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. c7fe895bca [3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. a8b32fe13b [3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. b0aa0709a5 [3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases. ae242235db [3.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. ecd2793897 [3.2.x] Added CVE-2021-44420 to security archive. 1cea03ab00 [3.2.x] Post-release version bump. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.24 -> 2.2.27Trevor Gamblin2022-03-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The delta between 2.2.24 and 2.2.27 contain numerous CVE and other bugfixes. git log --oneline 2.2.24..2.2.27 shows: e541f2d05b (tag: 2.2.27) [2.2.x] Bumped version for 2.2.27 release. c477b76180 [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. c27a7eb9f4 [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 4cafd3aacb [2.2.x] Added stub release notes 2.2.27. 77d0fe5868 [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. e085d46e4b [2.2.x] Post-release version bump. 44e7cca623 (tag: 2.2.26) 2.2.x] Bumped version for 2.2.26 release. 4cb35b384c [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. c9f648ccfa [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 2135637fdd [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 03b733d8a8 [2.2.x] Added stub release notes for 2.2.26 release. b87820668e [2.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. 573e70ea48 [2.2.x] Added CVE-2021-44420 to security archive. 8439938602 [2.2.x] Post-release version bump. 79d8dcefb2 (tag: 2.2.25) [2.2.x] Bumped version for 2.2.25 release. 7cf7d74e8a [2.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 0007a5f9fa [2.2.x] Added requirements.txt to files ignored by Sphinx builds. fac0fdd95d [2.2.x] Added stub release notes for 2.2.25. 4bc10b7955 [2.2.x] Fixed crash building HTML docs since Sphinx 4.3. 5289fcfffe [2.2.x] Configured Read The Docs to build all formats. 9a4a2b2089 [2.2.x] Refs #33247 -- Corrected configuration for Read The Docs. 029c830b71 [2.2.x] Fixed #33247 -- Added configuration for Read The Docs. 12141e3116 [2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required. cf63dd5c1b [2.2.x] Added 'formatter' to spelling wordlist. 05bc1c81aa [2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+. a9c0aa11e7 [2.2.x] Refs #31676 -- Updated technical board description in organization docs. 66008c2af0 [2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. d4d1c2b3db [2.2.x] Refs #31676 -- Removed Core team from organization docs. 8f59f72a20 [2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs. 837ffcfa68 [2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required. dc43667eab [2.2.x] Fixed docs header underlines in security archive. 3e7bb564be [2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive. 48bde7cab4 [2.2.x] Post-release version bump. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* imagemagick: update SRC_URI branch to mainKartikey Rameshbhai Parmar2022-03-151-1/+1
| | | | | | | | | master branch on the repository has been renamed in upstream to main. Signed-off-by: Kartikey Rameshbhai Parmar <kartikey.rameshbhai.parmar@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2487391283890f40c829aecd1808688f60451216) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pw-am.sh: update to new patcwork systemArmin Kuster2022-03-151-1/+1
| | | | | | | | | Point to patchwork.yoctoproject.org Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8b8bfbcadf188cd5b234358590764e20d03d7861) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cdrkit: remove ${PN} from ${PN}-dev RDEPENDSJeremy A. Puhlman2022-02-231-0/+2
| | | | | | | | | | | | | | | If you add -dev packages to an image, as in an sdk, ${PN}-dev is pulled in, which depends on ${PN} which no longer exists in the new package layout. Error: Problem: conflicting requests - nothing provides cdrkit = 1.1.11-r0.1 needed by cdrkit-dev-1.1.11-r0.1.corei7_64 (try to add '--skip-broken' to skip uninstallable packages) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* syslog-ng: adjust control socket locationOvidiu Panait2022-02-201-1/+1
| | | | | | | | | | | | | | | | | | | | Commit [1] changed the pidfile dir to /var/run/syslog-ng. This also changed the location where the control socket is searched for, causing the following error with systemd: root@qemux86-64:~# syslog-ng-ctl config Error connecting control socket, socket='/var/run/syslog-ng/syslog-ng.ctl', error='No such file or directory' Update the systemd service file to point to the new location. [1] 00d1d63e4f7f ("syslog-ng: provide correct PID directory location to restart/stop syslog-ng daemon") Signed-off-by: lmorales <luisalejandro.moralespena@windriver.com> Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* graphviz: native: create /usr/lib/graphviz/config6 in populate_sysrootChristian Eggers2022-02-201-0/+11
| | | | | | | | | | | | | | | | | The `dot` tool requires to be run once after installation in order to create its configuration file. The do_prepare_recipe_sysroot task uses do_populate_sysroot in order to prepare the recipe-sysroot-native. Package postinstall scripts are not executed for -native packages, but files under ${BINDIR}/postinst-* are. This is quite the same as graphviz-setup.sh does for nativesdk. The general idea has been taken from OECORE/meta/classes/pixbufcache.bbclass. Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ebtables: remove perl from RDEPENDSChristian Eggers2022-02-201-1/+1
| | | | | | | | | | The upstream ebtables-legacy-save perl script is replaced by a bash implementation (taken from Fedora). So there's nothing left which RDEPENDs on perl. Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tiptop: update download URL and HOMEPAGETim Orling2022-01-291-2/+4
| | | | | | | | | | | | HOMEPAGE is now https://team.inria.fr/pacap/software/tiptop/ Download link is now https://files.inria.fr/pacap/tiptop/tiptop-2.3.1.tar.gz Use HOMEPAGE url for UPSTREAM_CHECK_URI. Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3a723d762bb77d4dcf6061c6933caf0d2a9104b3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cmocka: use https protocol for fetchingTim Orling2022-01-291-1/+1
| | | | | | | | | Upstream gitlab instance is refusing git:// protocol. Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2a935801692a27b152041bd996ecc1b789a2f6ad) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* snappy: use main branch to fix fetch failureJan Luebbe2022-01-291-1/+1
| | | | | | | | | The project has renamed the master branch to main. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0c9c5c666150bc105cad35b442fa76464885aa1c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dbus-daemon-proxy: add missing `return` statementLeif Middelschulte2022-01-291-1/+1
| | | | | | | | | The missing `return` statement leads to a `SIGABRT`. Signed-off-by: Leif Middelschulte <Leif.Middelschulte@klsmartin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 77479e1c9b7bffb6ad89ae68f80605ad1c65ea75) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-prctl: Use https protocol for git fetcherKhem Raj2022-01-291-1/+1
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* plymouth: switch to KillMode=mixedMingli Yu2022-01-272-0/+44
| | | | | | | | | | | | | | | | | KillMode=none is deprecated, so we need to stop using it [1]. For now, use `KillMode=mixed` and `IgnoreOnIsolate=true` instead. In the future, we should change plymouth to be able to exit and start again without restarting the active animation, but that's going to require some effort. [1] https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/123 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7981762d670ea16150811cded2a0168095bf27b8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* udisks2: upgrade 2.9.3 -> 2.9.4Andreas Müller2022-01-051-1/+1
| | | | | | | | | | | | | | | From announcement: This release was focused on stability and hardening, notably fixing some long-standing race conditions and memory leaks. Default mount options got tweaked towards data safety. All users are strongly advised to upgrade. Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2b2666b7fab2818e75701b82c15d6a1628659259) [Minor fixup for honister context, bug fix only] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.51 -> 2.4.52wangmy2022-01-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== *) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier (cve.mitre.org) A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. *) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier (cve.mitre.org) A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). *) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. *) OpenSSL autoconf detection improvement: pick up openssl.pc in the specified openssl path. *) mod_proxy_connect, mod_proxy: Do not change the status code after we already sent it to the client. *) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request. PR 65725 *) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element(). *) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. *) mpm_event: Restart stopping of idle children after a load peak. PR 65626. *) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request. See PR65731. The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See <https://github.com/icing/mod_h2/issues/212>. *) mod_ssl: Add build support for OpenSSL v3. *) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling. *) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols. *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. *) mod_md: Fix memory leak in case of failures to load the private key. PR 65620 *) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `<MDomain dnsname>` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See <https://github.com/icing/mod_md/issues/268> - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. *) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. *) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. PR 65616. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ea76fc643713915a1618597be8bdbe0e4a3d993e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: update to latest stable 3.4.11Armin Kuster2022-01-022-10/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | For more infromation, see: https://www.wireshark.org/docs/relnotes/wireshark-3.4.11.html refresh 0004-lemon-Remove-line-directives.patch Includes CVEs: 3.4.11: wnpa-sec-2021-16 Gryphon dissector crash. Issue 17737. CVE-2021-4186. wnpa-sec-2021-17 RTMPT dissector infinite loop. Issue 17745. CVE-2021-4185. wnpa-sec-2021-18 BitTorrent DHT dissector infinite loop. Issue 17754. CVE-2021-4184. wnpa-sec-2021-20 RFC 7468 file parser infinite loop. Issue 17801. CVE-2021-4182. wnpa-sec-2021-21 Sysdig Event dissector crash. CVE-2021-4181. 3.4.10: wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929. wnpa-sec-2021-08 Bluetooth HCI_ISO dissector crash. Issue 17649. CVE-2021-39926. wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925. wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924. wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684. wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922. wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928. wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921. wnpa-sec-2021-15 IPPUSB dissector crash. Issue 17705. CVE-2021-39920. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libnet-dns-perl: upgrade 1.32 -> 1.33zhengruoqin2021-12-301-2/+2
| | | | | | | | | | | | | | | | License-Update: change "the above copyright" to "the original copyright" Changelog: ========= Fix rt.cpan.org #137768 Test t/05-SVCB.t on Perl 5.18.0 fails with deep recursion. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 347a9d7456fbc705c58113adf397025a0cd12e24) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libfile-slurper-perl: upgrade 0.012 -> 0.013wangmy2021-12-301-2/+1
| | | | | | | | | | | Changelog: ========= Always split on newlines in read_lines Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d830b7ad4a957a4667d000f840d9442db13250d2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openipmi: upgrade 2.0.31 -> 2.0.32Yi Zhao2021-12-301-2/+2
| | | | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 35aa5959c6bc2fa0458b90f4892cffd1da8189f0) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postfix: upgrade 3.6.2 -> 3.6.3Yi Zhao2021-12-301-1/+1
| | | | | | | | | | | Release Notes: http://www.postfix.org/announcements/postfix-3.6.3.html Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 45fee2d0cec121808c6dda150b0d9ab990c74a72) [3.6.x is a stable release] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: upgrade 2.5.4 -> 2.5.5zhengruoqin2021-12-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========= Fix error in example firewall.sh script configure: remove useless -Wno-* from default CFLAGS Add argv_insert_head__empty_argv__head_only to argv tests Move deprecation of SWEET32/64bit block size ciphers to 2.7 Include --push-remove in the output of --help. Move '--push-peer-info' documentation from 'server' to 'client options' add test case(s) to notice 'openvpn --show-cipher' crashing BUILD: enable CFG and Spectre mitigation for MSVC Fix loading PKCS12 files on Windows msvc: fix product version display msvc: add missing header to project file config-msvc.h: fix OpenSSL-related defines contrib/vcpkg-ports: remove openssl port GitHub Actions: use latest working lukka/run-vcpkg Use network address for emulated DHCP server as a default Load OpenSSL config on Windows from trusted location ring_buffer.h: fix GCC warning about unused function ssh_openssl.h: remove unused declaration vcpkg/pkcs11-helper: compatibility with latest vcpkg config-msvc.h: indicate key material export support Don't use BF-CBC in unit tests if we don't have it Define have_blowfish variable in ncp unit tests doc link-options.rst: Use free open-source dynamic-DNS provider URL Fix some more wrong defines in config-msvc.h Ensure the current common_name is in the environment for scripts Require EC key support in Windows builds resolvconf fails with -p Update IRC information in CONTRIBUTING.rst doc/man (vpn-network-options): fix foreign_option_{n} typo README.down-root: Fix plugin module name Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2867330535cd93067d1fc005f0cdf5984a4c43fb) [2.5.x is a stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: fix CVE-2021-23214,CVE-2021-23222Changqing Li2021-12-283-0/+249
| | | | | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8e57fb9b1e4da504ceeaadcff2fe38555a47b6b6) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 3.2.5 -> 3.2.10Trevor Gamblin2021-12-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From the release notes page (https://docs.djangoproject.com/en/4.0/releases/3.2.10/): Django 3.2.10 fixes a security issue with severity “low” and a bug in 3.2.9. CVE-2021-44420: Potential bypass of an upstream access control based on URL paths HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths. Bugfixes Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with BinaryField on PostgreSQL, which is memoryview-backed (#33333). Django 3.2.9 fixes a bug in 3.2.8 and adds compatibility with Python 3.10. Bugfixes Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering a field with a functional index (#33194). Django 3.2.8 fixes two bugs in 3.2.7. Bugfixes Fixed a bug in Django 3.2 that caused incorrect links on read-only fields in the admin (#33077). Fixed a regression in Django 3.2 that caused incorrect selection of items across all pages when actions were placed both on the top and bottom of the admin change-list view (#33083). Django 3.2.7 fixes a bug in 3.2.6. Bugfixes Fixed a regression in Django 3.2 that caused the incorrect offset extraction from fixed offset timezones (#32992). Django 3.2.6 fixes several bugs in 3.2.5. Bugfixes Fixed a regression in Django 3.2 that caused a crash validating "NaN" input with a forms.DecimalField when additional constraints, e.g. max_value, were specified (#32949). Fixed a bug in Django 3.2 where a system check would crash on a model with a reverse many-to-many relation inherited from a parent class (#32947). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 446a503acf6854b3357571044f396e6815f6bd9e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* googletest: Switch branch from master to mainPeter Kjellerstedt2021-12-181-1/+1
| | | | | | | The master branch has been renamed to main in the github repo. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gattlib: Explicitly disable Python supportPeter Kjellerstedt2021-12-181-0/+1
| | | | | | | | | | | | Under some configuration, CMake may pick up the existence of python from the native recipe sysroot and use that when linking for target, resulting in the following error: ld: .../recipe-sysroot-native/usr/lib/libpython3.10.so: error adding symbols: file in wrong format Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fb-test: fix SRC_URIOleksandr Kravchuk2021-12-081-3/+1
| | | | | | | | | | | Original repo doesn't exist any more. Even though I couldn't find any new official repo, this is the only one on github that contains used commit hash. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c57e4d5faa3d1c4b23173a4f26b2cd1aff846b34) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyzmq: set precise BSD licenseRoss Burton2021-12-081-1/+1
| | | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 57647ea0d6b87a02bf812192ae39f2d81644b744) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-posix-ipc: remove spurious dependenciesRoss Burton2021-12-081-10/+0
| | | | | | | | | | | pip isn't needed to build, and adding the empty string to RDEPENDS is most certainly meaningless. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 57ae325941d3a71eaeeca107ecef69d664a3f710) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-posix-ipc: set precise BSD licenseRoss Burton2021-12-081-1/+1
| | | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 4b526f42ed8db2c45bdfa7d1ba0a37e444676e1f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-lxml: set precise BSD licenseRoss Burton2021-12-081-2/+2
| | | | | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Also update the HOMEPAGE. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 45e5b27db6f34cefeb4d66197161fbfa9ebd476a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-gevent: update licenseRoss Burton2021-12-081-5/+2
| | | | | | | | | | gevent is MIT, and it embeds copies of Python which is Python-2.0. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 91b516cc80ea9f46cdf94bd4ce6a168c240b5c58) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-gevent: use system libraries instead of embeddingRoss Burton2021-12-082-40/+8
| | | | | | | | | | | | | gevent by default will build its own c-ares and libuv, but that build needs patches and embedded libraries are bad form. DEPEND on the recipes instead, and turn off embedding. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 2d63ec9476690a0da648c805dc3fdb9b0201bbbb) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-crypto-vectors: set precise BSD licenseRoss Burton2021-12-081-2/+4
| | | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit cf172e66fe8f0ba6f676beb1eae6efb7c00d8b1a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-cryptography: set precise BSD licenseRoss Burton2021-12-081-2/+4
| | | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 378dbb135b4ce6f44cf647e8aa08f01497c160cb) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pcsc-lite: set precise BSD licenseRoss Burton2021-12-081-6/+6
| | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2755ba786a1d8e54b065320b7a35bfe8f31ef847) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libkcapi: set precise BSD licenseRoss Burton2021-12-081-1/+1
| | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c8384c874f804d591427ab1d70b08a7881285b15) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: set precise BSD licenseRoss Burton2021-12-081-1/+1
| | | | | | | | | | "BSD" is ambiguous, use the precise licenses BSD-2-Clause and BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 4004a2279e11287407d820b997bb043b6ffe6fa7) [Fixed up for Honistor context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sg3-utils: set precise BSD licenseRoss Burton2021-12-081-1/+1
| | | | | | | | | "BSD" is ambiguous, use the precise license BSD-2-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3e5651b6b4027ffa768492ed4083c4220b4e59e6) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dash: set precise BSD licenseRoss Burton2021-12-081-1/+1
| | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 09aa844891f7ffae50a8ad7112c8f64737df17f0) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlrpc-c: set precise BSD licenseRoss Burton2021-12-081-1/+1
| | | | | | | | | "BSD" is ambiguous, use the precise license BSD-3-Clause. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 11af3bd25062bd63b4c00918e4f08cf6813ae7de) Signed-off-by: Armin Kuster <akuster808@gmail.com>