CVE-2022-4283: xkb: reset the radio_groups pointer to NULL after freeing it
Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c
CVE-2022-46340: Xtest: disallow GenericEvents in XTestSwapFakeInput
Upstream-Status: Backport
On 1/23/23 16:38, Khem Raj wrote:
On Thu, Jan 19, 2023 at 9:25 AM Jeff Law wrote:
On 1/18/23 21:27, Khem Raj wrote:
Signed-off-by: Khem Raj
---
v1 -> v2:
- Fix build on mingw
- Backport fix to build with --disable-gdb
[ ... ]
Note I think this is going to run afoul of grub2 mkimage.
Signed-off-by: Khem Raj
---
...1-parser.h-Including-missing-cstdint.patch | 37 +++
.../vulkan/vulkan-samples_git.bb | 1 +
2 files changed, 38 insertions(+)
create mode 100644
Signed-off-by: Khem Raj
---
...subset-threads.cc-add-missing-cstdio.patch | 34 +++
.../harfbuzz/harfbuzz_6.0.0.bb| 3 +-
2 files changed, 36 insertions(+), 1 deletion(-)
create mode 100644
Signed-off-by: Khem Raj
---
...001-add-missing-cstdint-for-uint16_t.patch | 35 +++
meta/recipes-devtools/apt/apt_2.4.5.bb| 1 +
2 files changed, 36 insertions(+)
create mode 100644
meta/recipes-devtools/apt/apt/0001-add-missing-cstdint-for-uint16_t.patch
diff --git
All,
Below is the list as of top 31 bug owners as of the end of WW03 of who have
open medium or higher bugs and enhancements against YP 4.2. There are 67
possible work days left until the final release candidates for YP 4.2 needs
to be released.
Who
Count
michael.opdenac...@bootlin.com
34
All,
The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:
On Thu, Jan 19, 2023 at 9:25 AM Jeff Law wrote:
>
>
>
> On 1/18/23 21:27, Khem Raj wrote:
> > Signed-off-by: Khem Raj
> > ---
> > v1 -> v2:
> > - Fix build on mingw
> > - Backport fix to build with --disable-gdb
> [ ... ]
> Note I think this is going to run afoul of grub2 mkimage.
>
> In
vim is a 'special' upstream, because:
- they tag every commit with a 'release' tag
https://github.com/vim/vim/tags
- there is a never ending stream of CVE vulnerabilities coming from them
We tried to stick with major versions only and backport the CVEs, but
that quickly became unsustainable. So
In the recipe it includes following:
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = “1”
Should we attempt to remove it, given that this is now 9.0?
> On Jan 17, 2023, at 11:42 AM, Randy MacLeod
> wrote:
>
> Includes fixes for:
> https://nvd.nist.gov/vuln/detail/CVE-2023-0049
>
Add options to enable support for libcloudprovider and tracker
If the cups backend is enabled, the mandatory file backend gets disabled and
thus configure fails. Fix it by not defining the print-backend and just include
cups
as a dependency. Additionally add it as a runtime dependency.
Now, if
Latest compilers are able to figure out that whole code can be optmized
away when CFLAGS has -O2 or more agressive optimizations. In order to
ensure the test is doing the right thing, make the variables global so
compiler is not able to optimize it away.
This fixes build on x86 especially when
Yes, It was intended for the master.
Kind regards,
Vivek
On Mon, 23 Jan 2023 at 10:19 PM, Steve Sakoman wrote:
> Hi Vivek,
>
> You sent two seemingly identical patches for langdale. Was one
> perhaps intended for master?
>
> Steve
>
> On Mon, Jan 23, 2023 at 6:34 AM vkumbhar wrote:
> >
> >
Hi Vivek,
You sent two seemingly identical patches for langdale. Was one
perhaps intended for master?
Steve
On Mon, Jan 23, 2023 at 6:34 AM vkumbhar wrote:
>
> From: Vivek Kumbhar
>
> Signed-off-by: Vivek Kumbhar
> ---
> .../openssl/openssl/CVE-2022-3996.patch | 43
From: Vivek Kumbhar
Signed-off-by: Vivek Kumbhar
---
.../openssl/openssl/CVE-2022-3996.patch | 43 +++
.../openssl/openssl_3.0.7.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644
From: Vivek Kumbhar
Signed-off-by: Vivek Kumbhar
---
.../openssl/openssl/CVE-2022-3996.patch | 43 +++
.../openssl/openssl_3.0.7.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644
On Mon, 2023-01-23 at 13:29 +, Ross Burton wrote:
> On 23 Jan 2023, at 12:42, Alexander Kanavin wrote:
> >
> > On Mon, 23 Jan 2023 at 13:40, Ross Burton wrote:
> > > > CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg
> > > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 *
> >
On 23 Jan 2023, at 13:35, Richard Purdie
wrote:
>> I’ve started braindumping into
>> https://wiki.yoctoproject.org/wiki/CVE_Triage, when it’s expanded and
>> complete we can link to it. Or maybe we should just start a
>> Maintainers book in the documentation?
>
> Lets put it in the manual. The
The logic in the previous commit was reversed, update to fix it.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb
On Mon, 2023-01-23 at 13:29 +, Ross Burton wrote:
> On 23 Jan 2023, at 12:42, Alexander Kanavin wrote:
> >
> > On Mon, 23 Jan 2023 at 13:40, Ross Burton wrote:
> > > > CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg
> > > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 *
> >
On 23 Jan 2023, at 12:42, Alexander Kanavin wrote:
>
> On Mon, 23 Jan 2023 at 13:40, Ross Burton wrote:
>>> CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg
>>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 *
>>> CVE-2022-3551 (CVSS3: 6.5 MEDIUM): xserver-xorg
>>>
Signed-off-by: Ross Burton
---
.../ppp/ppp/CVE-2022-4603.patch | 48 +++
meta/recipes-connectivity/ppp/ppp_2.4.9.bb| 1 +
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
diff --git
Signed-off-by: Ross Burton
---
.../ppp/ppp/CVE-2022-4603.patch | 48 +++
meta/recipes-connectivity/ppp/ppp_2.4.9.bb| 1 +
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
diff --git
On Mon, 23 Jan 2023 at 13:40, Ross Burton wrote:
> > CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 *
> > CVE-2022-3551 (CVSS3: 6.5 MEDIUM): xserver-xorg
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 *
>
>
On 22 Jan 2023, at 12:04, Steve Sakoman via lists.openembedded.org
wrote:
> CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 *
> CVE-2022-3551 (CVSS3: 6.5 MEDIUM): xserver-xorg
>
Okay, Sure.
Kind Regards,
Vivek
On Mon, Jan 23, 2023 at 5:37 PM Ross Burton wrote:
> Can you also send this for langdale and master?
>
> Ross
>
> > On 20 Jan 2023, at 02:56, vkumbhar via lists.openembedded.org mvista@lists.openembedded.org> wrote:
> >
> > From: Vivek Kumbhar
> >
> >
Can you also send this for langdale and master?
Ross
> On 20 Jan 2023, at 02:56, vkumbhar via lists.openembedded.org
> wrote:
>
> From: Vivek Kumbhar
>
> Signed-off-by: Vivek Kumbhar
> ---
> .../openssl/openssl/CVE-2022-3996.patch | 43 +++
>
On Mon, 23 Jan 2023 at 09:08, Mikko Rapeli wrote:
> > I was hoping something simpler would suffice. I don't think I have a
> > lot of interest in going beyond this, particularly given the likely
> > impacts, both code wise and socially. If people don't want to do this I
> > am really running low
Hi,
On Sun, Jan 22, 2023 at 10:19:29PM +, Richard Purdie wrote:
> I was hoping something simpler would suffice. I don't think I have a
> lot of interest in going beyond this, particularly given the likely
> impacts, both code wise and socially. If people don't want to do this I
> am really
29 matches
Mail list logo