Security miss, integer overflow in the user auth path.
Not exploitable due to privsep.
* Update license. md5crypt removed, bcrypt relicensed.
4-Clause license removed.
* Minor spelling fixes in the license file.
* Remove configure option due to the removal of md5crypt.
* Add patch to improve
Security miss, integer overflow in the user auth path.
Not exploitable due to privsep.
* Update license. md5crypt removed, bcrypt relicensed.
4-Clause license removed.
* Minor spelling fixes in the license file.
* Remove configure option due to the removal of md5crypt.
* Add patch to improve
On 3/30/22 19:48, Michael Olbrich wrote:
> On Wed, Mar 30, 2022 at 03:25:39PM +0200, Christian Melki wrote:
>> Security miss, integer overflow in the user auth path.
>> Not exploitable due to privsep.
>>
>> * Update license. md5crypt removed, bcrypt relicensed.
>> 4-Clause license removed.
>> *
On Wed, Mar 30, 2022 at 03:25:39PM +0200, Christian Melki wrote:
> Security miss, integer overflow in the user auth path.
> Not exploitable due to privsep.
>
> * Update license. md5crypt removed, bcrypt relicensed.
> 4-Clause license removed.
> * Minor spelling fixes in the license file.
> *
Hello,
Am Wed, Mar 30, 2022 at 02:40:36PM +0200 schrieb Linnea Gunnarsson:
> A couple of different changes, some new features
> and some removed ones. Nothing big.
According to my notes json-c up to 0.14 is affected by CVE-2020-12762:
https://security-tracker.debian.org/tracker/CVE-2020-12762
On Wed, Mar 30, 2022 at 03:34:13PM +0200, Linnea Gunnarsson wrote:
> Some new firmware updates, mostly bluetooth, IP block,
> and amdgpu.
>
> One security fix for Intel BT 7265.
>
> Updated copyright date in LICENSE.amdgpu
Fails with:
ptxdist: error:
license file
On Wed, Mar 30, 2022 at 01:48:12PM +0200, Alexander Dahl wrote:
> - curl: add --json
> - mesalink: remove support
> - bugfixes
> - license: copyright year bumped
>
> Link: https://curl.se/changes.html#7_82_0
> Signed-off-by: Alexander Dahl
> ---
> rules/libcurl.make | 7 +++
> 1 file
Some fixes and updates.
Added support for MPEG encode/decode and
Fuzzer for OSS-Fuzz and CIFuzz.
Switch to .xz over bz2 for release tarballs.
Fixed Heap buffer overflow in some functions
and one index out of bounds and one uninitalized
variable.
Changelog can be found here:
Minor version bugfix bump.
The project page actually claims that 1.11.0 is the last stable version.
But I cant' see any significant changes that wouldn't call 1.12.1 stable.
Almost looks like someone forgot to update the recommendation.
I'm opting to bump this.
Event codes synced with Linux 5.17.
Added 64-bit LoongArch support along
with some updates.
Changelog can be found here:
https://strace.io/files/5.17/
Signed-off-by: Linnea Gunnarsson
---
rules/strace.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/strace.make b/rules/strace.make
index
Minor bugfix release.
* Update license hashes for c-file.
Code became SPDX license header declaration clean, but
no changes in the actual license conditions.
* Move old patch, applied cleanly.
Signed-off-by: Christian Melki
---
.../0001-Prepare-to-check-for-an-older-UDEV.patch | 0
Very minor bugfixes.
https://sites.google.com/site/fullycapable/release-notes-for-libcap
Signed-off-by: Christian Melki
---
rules/libcap.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/libcap.make b/rules/libcap.make
index df1eeef16..745295e8f 100644
---
Minor bugfixes.
Notable. Alder Lake-N and Raptor Lake-S pciids registered.
Signed-off-by: Christian Melki
---
rules/libdrm.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/libdrm.make b/rules/libdrm.make
index c8f4002b2..033192468 100644
--- a/rules/libdrm.make
Some new firmware updates, mostly bluetooth, IP block,
and amdgpu.
One security fix for Intel BT 7265.
Updated copyright date in LICENSE.amdgpu
Signed-off-by: Linnea Gunnarsson
---
rules/linux-firmware.make | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git
Signed-off-by: Philipp Zabel
---
rules/mesalib.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/mesalib.make b/rules/mesalib.make
index e4ca2092a076..99e434a95700 100644
--- a/rules/mesalib.make
+++ b/rules/mesalib.make
@@ -14,8 +14,8 @@
Security miss, integer overflow in the user auth path.
Not exploitable due to privsep.
* Update license. md5crypt removed, bcrypt relicensed.
4-Clause license removed.
* Minor spelling fixes in the license file.
* Remove configure option due to the removal of md5crypt.
Signed-off-by: Christian
A couple of different changes, some new features
and some removed ones. Nothing big.
Changelog can be found here:
https://github.com/json-c/json-c/blob/master/ChangeLog
Signed-off-by: Linnea Gunnarsson
---
rules/json-c.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
Minor pci, usb, vendor id changes, minor bugfixes.
Signed-off-by: Christian Melki
---
rules/hwdata.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/hwdata.make b/rules/hwdata.make
index 5d09b6c81..885aa9111 100644
--- a/rules/hwdata.make
+++ b/rules/hwdata.make
- curl: add --json
- mesalink: remove support
- bugfixes
- license: copyright year bumped
Link: https://curl.se/changes.html#7_82_0
Signed-off-by: Alexander Dahl
---
rules/libcurl.make | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/rules/libcurl.make
curl has its own entry in the SPDX list of licenses. The license is
inspired by MIT / X, but only that.
Link: https://curl.se/docs/copyright.html
Link: https://spdx.org/licenses/curl.html
Fixes: 010b50b484c0 ("libcurl: add license information")
Signed-off-by: Alexander Dahl
---
Signed-off-by: Alexander Dahl
---
rules/libcurl.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/libcurl.make b/rules/libcurl.make
index d1a4dcfa2..5ef387352 100644
--- a/rules/libcurl.make
+++ b/rules/libcurl.make
@@ -23,6 +23,7 @@ LIBCURL_URL :=
Hei hei,
some license stuff and the usual version bump.
Greets
Alex
Alexander Dahl (3):
libcurl: Fix license
libcurl: Add license file hash
libcurl: version bump 7.81.0 -> 7.82.0
rules/libcurl.make | 8
1 file changed, 4 insertions(+), 4 deletions(-)
base-commit:
Thanks, applied as 3114ee08bf379afd475d1379299b2edbb8e1acd4.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:37 +0200, Bruno Thomsen
wrote:
> Fixes CVE-2022-0778 and CERT-EU SA2022-017.
>
> https://media.cert.europa.eu/static/SecurityAdvisories/2022/CERT-EU-SA2022-017.pdf
>
Thanks, applied as 2f2a77e99e76a5722a66b872c05f6cb860a4cb2c.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:36 +0200, Bastian Krause wrote:
> Without SYSTEMD_UDEV_PERSISTENT_V4L v4l2deviceprovider (and
> gst-device-monitor-1.0) will not find any v4l2 devices.
>
>
Thanks, applied as 034969695ee0871f70144023c7500cbc81977b32.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:33 +0200, Rouven Czerwinski
wrote:
> Bump to 3.16.0 and remove it from staging since it now builds again with
> newer gcc versions.
>
> Signed-off-by: Rouven
Thanks, applied as 56455216cdc79006d0f2b6e2c6b51d7a04021b46.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:31 +0200, Rouven Czerwinski
wrote:
> Plugin support is currently not needed so disable it for now.
>
> Signed-off-by: Rouven Czerwinski
> Message-Id:
Thanks, applied as 4988deefcd1397e8d0f7eaa9509086745a8243f4.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:29 +0200, Rouven Czerwinski
wrote:
> Update OP-TEE to 3.16.0 and require python3 cryptography and pyelftools
> instead of the old dependencies.
>
> Signed-off-by:
Thanks, applied as aa468000b9cb29760665bd014fbc8e42e29068c1.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:27 +0200, Rouven Czerwinski
wrote:
> Add the checks for python3 cryptgraphy and pyelftools. These will be
> required for bumping the OP-TEE release.
>
> Signed-off-by:
Thanks, applied as ec6377fc78962ddeb090a5fe85191b398d72513c.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:24 +0200, Alexander Dahl wrote:
> Link: https://mm.icann.org/pipermail/tz-announce/2022-March/70.html
> Signed-off-by: Alexander Dahl
> Message-Id:
Thanks, applied as a6b5274e4a61dd52b60ca185f6563fa88eeebe30.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:22 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-9-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as 3c79eff188fcd49987f2d683672efce6ad7afb1b.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:20 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-8-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as c48ff0b378ce61e41070f91b5a2425b7fc0c3bb1.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:18 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-7-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as c8f08257ba0b286e742bcfbbd6ce39f03e5dad3c.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:16 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-2-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as 249d22dd6ccfc11c8fda50dfe29a578aa97729d2.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:14 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-1-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as 7bba895a7a9c17580d0fdc4dabdbfb76a19bafcf.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:09 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-5-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as 0d27f70f4e6861b87a4768abf8972b9551366aac.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:12 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-6-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as 1af7e8e498905fe0e54382b5e0e9c4f02cb5de98.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:10 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-3-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as f3b27fff9761d7eacb6363004296d35ddc1b706a.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:07 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-4-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
Thanks, applied as a5a8f6c6152502ce7ae7795a64a6e5b3d36bf322.
Michael
[sent from post-receive hook]
On Wed, 30 Mar 2022 09:25:05 +0200, Philipp Zabel
wrote:
> Signed-off-by: Philipp Zabel
> Message-Id: <20220314170552.268081-10-p.za...@pengutronix.de>
> Signed-off-by: Michael Olbrich
>
>
39 matches
Mail list logo