| Age | Commit message (Collapse) | Author |
|---|
|
The tool depends on the six module, add it, otherwise the following
traceback happens when running it on the target:
Traceback (most recent call last):
File "/usr/bin/dstat", line 32, in <module>
import six
ModuleNotFoundError: No module named 'six'
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Added below patches to fix CVE-2021-3672
1. ares_expand_name-should-escape-more-characters.patch
2. ares_expand_name-fix-formatting-and-handling-of-root.patch
Link: http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz
Signed-off-by: akash hadke <Akash.Hadke@kpit.com>
Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://git.openembedded.org/meta-openembedded
MR: 112165
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-connectivity/krb5?id=69087d69d01a4530e2d588036fcbeaf8856b2ff1
ChangeID: e7cdfd1c4530312b4773103cf58d322451af1421
Description:
CVE-2021-36222:
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC)
in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2
allows remote attackers to cause a NULL pointer dereference and daemon
crash. This occurs because a return value is not properly managed in a
certain situation.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
Patches from:
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 523f6d834d2fddb0ecc73c6d7d8b1845f65f5279)
[Fixup for Dunfell context]
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Source: https://hg.mozilla.org/projects/nss
MR: 106863
Type: Security Fix
Disposition: Backport from https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c and 3f022d5eca5d3cd0e366a825a5681953d76299d0
ChangeID: f7f16ca20fbb2436071fde063fe56aa8b319ce41
Description:
Affects NSS < 3.55
This address both VE-2020-6829 and CVE-2020-12400
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Source: https://git.openembedded.org
MR: 111050
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/c-ares?h=hardknott&id=dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4
ChangeID: dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4
Description:
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4)
[Includes cve: CVE-2020-14354. Bug fix update, no ABI changes]
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
- add an upstream proposed patch 317.patch to fix a build failure with enabled systemd binding
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 01fa60898c2fe65f327bea2f84aaca00aef3f371)
[Stable version, bug fix only]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- drop patches 241 245 275: upstream
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Stable version, bug fix only]
(cherry picked from commit 8c17cac68473f98e663f05bc08b7505c0529e495)
[ Stable version, bug fix only
Fixup for Dunfell context]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
behaviour
Upstream commented to use the second one
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c32d2eb448ce343463dc75cc6120f395e32f0177)
[Fixup for Dunfell context]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a7c9aa13dd94712ea49f535fbbf38d2db54cf7e2)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
service file.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b2fe766703e94cee2e3d1e21f3274789d6cd0c57)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- drop patch 204: upstream
- add gcc-10 build fix proposed upstream 238.patch
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 97092276dd453a4ef67aaec7bdcb0fb3cf1a5ca5)
[Stable version, bug fix only]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: Debian.org
MR: 108848
Type: Security Fix
Disposition: Backport from https://sources.debian.org/data/main/x/xterm/344-1%2Bdeb10u1/debian/patches/CVE-2021-27135.diff
ChangeID: 00f53def87b8b95e62908581f8fb56a69118dd32
Description:
xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
This fixes CVE-2021-27135.
Leverage a patch from Debian.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
The configure script contains hardcoded lookup paths to /usr and other
paths that might interfere with the host. These are overwritten with the
staging dir locations for Poky compatibility.
Backport from meta-oe master rev. 74b66d1911118bac53033f77ba6d3923f4809d5a
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jan-Simon Moeller <dl9pf@gmx.de>
|
|
Lots of bug fixes.
CVE: CVE-2021-21704 CVE-2021-21705
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 69dcf5bac8adfd55f1a40cff1e989ed8806607cb)
[Stable bug fix only updates]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add rdeps as needed
Fixes shebang-size QA warnings
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8cc64128c70c5b6a41b050332abb1d73a10ef4fa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Avoids using installed-vs-shipped
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 566049b4f1ddc049c1f89a5838d1a71bb429faa3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2014-10402.
CVE: CVE-2014-10402
Ref:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c80b3757ffc762a1577bcf7d0da41ebf1954b3f1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
License-Update: License updated (year updated)
Fix some security issues such as CVE-2021-21702 and remove two
cve patches which already included in the new version.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e418ee4657e084c8b4d42aabf76ff6df99253e91)
[Bug fix only updates plus: CVE-2020-7071 ]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Since commit c4ffcaa2[php: split out phpdbg into a separate package],
package php is empty, we might met error:
nothing provides php needed by php-cli-7.4.9-r0.corei7_64
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9be6b4f5a2ec857475626c74457a94b8d9236fd5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Since PHP 7.0 the phpdbg debugger is built by default and gets shipped
in the main php package, increasing its size by several MB; split it
out into a php-phpdbg package, following Debian naming.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c4ffcaa2ab3fbdef1ce58c253b32d82a57a3e2a8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It is a (non trivial) cherry pick from
(cherry picked from commit b9ede0cb182ab095c863a6a5154bbe259a33f5c0)
python3-pyyaml was moved from meta-python to meta-oe, so that we could
apply this specific patch which breaks basic YP compatible check
script.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This specific statement in ostree recipe breaks the YP compatible
status (yocto-check-layer):
RDEPENDS_${PN}-ptest += " \
...
${@bb.utils.contains('BBFILE_COLLECTIONS', 'meta-python', 'python3-pyyaml', '', d)} \
...
"
Recently python3-pyyaml was moved to OE-core (0a8600f9cec0), and the
ostree recipe was fixed with:
b9ede0cb182a (python3-pyyaml: Do not check for meta-python)
In dunfell, moving python3-pyyaml to OE-core is not a great idea, but
moving it from meta-python to meta-oe allows us to fix ostree YP
compatible issue. Since meta-python depends on meta-oe, it should not
be a change with any visible effect.
python3-cython and python3-pyparsing are collateral damages since they are
dependency for python3-pyyaml, so needed to be moved too.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
inheriting license class which brings in
AVAILABLE_LICENSES into do_configure task checksums class since it wants to
enable thin-provisioning-tools if distro allows GPL-3 automatically, but this
brings issues when other layers which have additional licenses are
provided which ends up in signature mismatches so leave that setting to end-user and keep it disabled by
default with a comment in recipes stating that if needed then the user should enable it via
config metadata or bbappends.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f592e81f11d455546447ddff35b2f89e18c0cc0c)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: mariadb.org
MR: 109670, 110757, 110768
Type: Security Fix
Disposition: Backport from mariadb
ChangeID: 82a82ba3623ff39ca17443d0117d36bcee73e612
Description:
LTS version
https://mariadb.com/kb/en/mariadb-10420-release-notes/
CVE-2021-2166: MariaDB 10.4.19
CVE-2021-2154: MariaDB 10.4.19
CVE-2021-27928: MariaDB 10.4.18
Signed-off-by: Armin kuster <akuster@mvista.com>
|
|
Its already upstream and also used in Debian and Ubuntu
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d0f2d7c954b9f3befd9470d97de581fe5b1fb2a8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 2e15d7eb66624c1755e8670f8c5448e3a9be0a21)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 319490178b999a74a82d092320de5d9d2e5c67bd)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 97a5a4b40c143f71c8bff403c51a061a0d5e8b6f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop all patches, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 703daeb65f49c60636e835ad53fc354ca641ab3f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
gcc 11 needs it on i686
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 57f7692e8ef707535ffa1683aa711de442736ec1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 09eb0ad187fb14ac1bb83a5a8d1ac4e9e9fdb305)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop kernel 5.10 build fixes patches, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f8f2331158b33436bd53142e0e1b4b94f78b37e6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
We need to adjust the vboxguest drivers to build against kernels
5.10+.
These are backports from the virtual box SVN repository and can be
dropped in future uprevs.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 22eaac640f80df44108a5565127181c94645a032)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7839164921ddb340a1bff322a1274c6022cb8565)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
patch, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1cd14bf12472970d75df3172a2b9b0dff71da655)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove patches which are already covered in this new patch
Fixes
step1b: ERROR: modpost: "__get_vm_area_caller" [/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/vboxguestdrivers/6.1.12-r0/vboxguestdrivers-6.1.12/vboxguest/vboxguest.ko] undefined!
step1b: ERROR: modpost: "map_kernel_range" [/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/vboxguestdrivers/6.1.12-r0/vboxguestdrivers-6.1.12/vboxguest/vboxguest.ko] undefined!
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5efb06176add13c4b8287c9972651dcac94adf79)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patches from upstream [1] to fix the issue
It also requires to apply a patch on 5.8 kernel [2]
[1] https://www.virtualbox.org/ticket/19644
[2] https://www.virtualbox.org/raw-attachment/ticket/19644/local_patches
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9c10ed4baa95648b7735757121e3af8b0aeb8e06)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 21bc66202e18a7b214869e3654b8547ea0ea9cbd)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: MontaVista Software, LLC
MR: 111582, 111965, 111974, 110084
Type: Security Fix
Disposition: Backport from postgres.org
ChangeID: f1e8c58bedd5dd60404e3a0eb120888ad83fdc42
Description:
Bug fix only update.
https://www.postgresql.org/docs/12/release-12-7.html
LIC_FILES_CHKSUM changed do to yr update
Includes these CVEs:
CVE-2021-32027
CVE-2021-32028
CVE-2021-32029
12.6:
CVE-2021-3393
Signed-off-by: Armin kuster <akuster@mvista.com>
|
|
CVE-2006-5201 affects only using an RSA key with exponent 3 on Sun Solaris.
Signed-off-by: Masaki Ambai <ambai.masaki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 44113dcb5feea5522696d43d00909db41e5e6dbc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit ace5cd9a8bb6ba0058caf8a148437820a9336b9c)
[Fixup for Dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Centos 7 has glibc 2.18 and nss-native build fails due to implicit
declaration of function putenv during build. This is because of the
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
putenv(): _XOPEN_SOURCE
|| /* Glibc since 2.19: */ _DEFAULT_SOURCE
|| /* Glibc versions <= 2.19: */ _SVID_SOURCE
and because nss coreconf/Linux.mk only defines
-D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE
So on such system with glibc 2.18, neither macro makes putenv()
available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18
native build case.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Armin Kuster <akuster808@gmail.com>
Cc: Armin Kuster <akuster@mvista.com>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Added fix for below CVE's
CVE-2019-5063
CVE-2019-5064
Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch
Signed-off-by: akash hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The patch recently added for CVE-2021-30004 broke compilation with
CONFIG_TLS=internal. This adds the necessary function to let it
compile again.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d6ef4170747d6668fa940328334055eef3e1e1d6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read
in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/97fefd050976bbbfca9608499f6a7d9fb86e70db]
CVE: CVE-2019-13616
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b]
CVE: CVE-2021-29473
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a9aecd2c32fc8f238f62ef70813e032b6b52c2f2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1581/commits/6628a69c036df2aa036290e6cd71767c159c79ed]
CVE: CVE-2021-29470
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb1400efda77a7289ca20782172bfbe1f457f161)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54]
CVE: CVE-2021-29464
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8c9470bdfaa1d33347ffaf25b3e18d2163667e18)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482
Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp
can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da]
CVE: CVE-2021-3482
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9e7c2c9713dc2824af2a33b0a3feb4f29e7f0269)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b]
CVE: CVE-2021-29463
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8e63ac6c86852a12408c2415be073c71420758ff)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1536/commits/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d]
CVE: CVE-2021-29458
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f0d83c14d9064ce1ee19b92d95c8daf790fe7488)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/0230620e6ea5e2da0911318e07ce6e66d1ebdf22]
CVE: CVE-2021-29457
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5be72693096cef671bf54bf1dd6ee8125614d064)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Adjust incdefs.sh to use cross tools to poke for system functionality
Re-enable using incdefs.sh
export KBUILD_OUTPUT to point to recipe sysroot
(From meta-oe rev: b6022761d6880382c5e6ffa4b3dc6f1ec2ae1e73)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Marek Vasut
Neetika Singh
Yi Zhao
Armin Kuster
Zang Ruochen
Gianfranco
Anatol Belski
Joe Slater
Khem Raj
Kai Kang
Mingli Yu
Changqing Li
Diego Santa Cruz
Nicolas Dechesne
Bruce Ashfield
Hongxu Jia
Masaki Ambai
akash.hadke
Alexander Vickberg
wangmy