Hi,
Could please help here?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196178):
https://lists.openembedded.org/g/openembedded-core/message/196178
Mute This Topic: https://lists.openembedded.org/mt/98361235/21656
Group Owner:
Hi,
Any idea furhter, what could be the issue?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#195513):
https://lists.openembedded.org/g/openembedded-core/message/195513
Mute This Topic: https://lists.openembedded.org/mt/98361235/21656
Group
Hi,
Could you please help here?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191432):
https://lists.openembedded.org/g/openembedded-core/message/191432
Mute This Topic: https://lists.openembedded.org/mt/102793475/21656
Group Owner:
Hi,
Could you please take this change
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191256):
https://lists.openembedded.org/g/openembedded-core/message/191256
Mute This Topic: https://lists.openembedded.org/mt/97945090/21656
Group Owner:
Hi,
Could you please take this change.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191255):
https://lists.openembedded.org/g/openembedded-core/message/191255
Mute This Topic: https://lists.openembedded.org/mt/97945091/21656
Group Owner:
Hi,
Could you please take this change
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191254):
https://lists.openembedded.org/g/openembedded-core/message/191254
Mute This Topic: https://lists.openembedded.org/mt/98039591/21656
Group Owner:
Hi,
Could you please take this patch
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191136):
https://lists.openembedded.org/g/openembedded-core/message/191136
Mute This Topic: https://lists.openembedded.org/mt/99403409/21656
Group Owner:
Hi,
Could you please take this patch
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191135):
https://lists.openembedded.org/g/openembedded-core/message/191135
Mute This Topic: https://lists.openembedded.org/mt/99403398/21656
Group Owner:
/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
Signed-off-by: Colin McAllister
+Signed-off-by: Pawan Badganchi
---
src/dec/vp8l_dec.c| 46 ++-
src/dec/vp8li_dec.h | 2 +-
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group
Hi Martin,
Extremely sorry Please ignore previous mail.
I have updated the patch CVE-2023-5129.patch.
Please find the link below and ignore this.
https://lists.openembedded.org/g/openembedded-core/message/189271
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76]
Signed-off-by: Colin McAllister
+Signed-off-by: Pawan Badganchi
---
src/dec/vp8l_dec.c| 46 ++-
src/dec/vp8li_dec.h | 2 +-
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group
Hi Martin,
Please ignore previous mail.
I have updated the patch CVE-2023-5129.patch.
Please find the link below and ignore this.
https://lists.openembedded.org/g/openembedded-core/message/189268
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online
/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76]
Signed-off-by: Colin McAllister
+Signed-off-by: Pawan Badganchi
---
src/dec/vp8l_dec.c| 46 ++-
src/dec/vp8li_dec.h | 2 +-
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group
Please ignore this
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189266):
https://lists.openembedded.org/g/openembedded-core/message/189266
Mute This Topic: https://lists.openembedded.org/mt/101991682/21656
Group Owner:
Hi Martin,
I have updated the patch CVE-2023-5129.patch.
Please find the link below and ignore this.
https://lists.openembedded.org/g/openembedded-core/message/189263
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189264):
/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76]
Signed-off-by: Colin McAllister
+Signed-off-by: Pawan Badganchi
---
src/dec/vp8l_dec.c| 46 ++-
src/dec/vp8li_dec.h | 2 +-
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group
From: rajmohan r
Add patch to fix CVE-2023-4863
Reference:
https://tracker.debian.org/pkg/libwebp
https://snapshot.debian.org/archive/debian-debug/20230916T210655Z/pool/main/libw/libwebp/libwebp_1.2.4-0.2%2Bdeb12u1.debian.tar.xz
Upstream-Status: Pending
Signed-off-by: Pawan Badganchi
From: rajmohan r
Add patch to fix CVE-2023-4863
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
Upstream-Status: Pending
Signed-off-by: Pawan Badganchi
---
.../webp/files/CVE-2023-4863.patch
by removing the dependency, restarting the sshd service or starting it manually
will it generates keys?
recipes-core/openssh/files/sshd@.service
@@ -1,14 +1,12 @@
[Unit]
Description=OpenSSH Per-Connection Daemon
- Wants=sshdgenkeys.service
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages
From: Tom Hochstein
When building using an SDK, cmake complains that the target
architecture 'cortexa53-crypto' is unknown. The same build in bitbake
uses the target architecture 'aarch64'.
Set CMAKE_SYSTEM_PROCESSOR the same as for bitbake.
(From OE-Core rev:
From: Tom Hochstein
When building using an SDK, cmake complains that the target
architecture 'cortexa53-crypto' is unknown. The same build in bitbake
uses the target architecture 'aarch64'.
Set CMAKE_SYSTEM_PROCESSOR the same as for bitbake.
(From OE-Core rev:
This patch filter devices by properties and return a sorted list
only initialized/uninitialized devices.
Signed-off-by: Pawan Badganchi
---
...initialized-or-uninitialized-devices.patch | 192 ++
meta/recipes-core/systemd/systemd_244.5.bb| 1 +
2 files changed, 193
that are already present in the udev database. For consistance
reasons --initialized-match is implemented as well, which filters out devices
that are *not* already present in the udev database.
Signed-off-by: Pawan Badganchi
---
...-initialized-match-nomatch-arguments.patch | 156
Hi,
Could you please take this patch?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180717):
https://lists.openembedded.org/g/openembedded-core/message/180717
Mute This Topic: https://lists.openembedded.org/mt/97818988/21656
Group Owner:
From: rajmohan r
Below patch files to fix CVE-2023-26604
CVE-2023-26604-1.patch, CVE-2023-26604-2.patch and
CVE-2023-26604-3.patch and CVE-2023-26604-4.patch
make pager secure when under euid is changed or explicitly
requested
Reference:
CVE-2023-26604-1.patch:
From: Pawan Badganchi
Below patch fixes the CVE-2022-4645 as well.
0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4645
Signed-off-by: Pawan Badganchi
---
...-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 267
From: Pawan Badganchi
Below patch fixes the CVE-2022-4645 as well.
0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4645
Signed-off-by: Pawan Badganchi
---
...evised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 5
t; describing the changes in this version. See below for example.
>
> Steve
>
> On Tue, Apr 4, 2023 at 3:37 AM Pawan Badganchi
> wrote:
> >
> > Add below patch to fix CVE-2023-23916
> >
> > CVE-2023-23916.patch
> >
> > Link: https://curl.se/docs/CVE-2
Hi Martin,
Removed those line and submitted patch. Please find the patch below.
https://lists.openembedded.org/g/openembedded-core/message/179689
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179690):
-2023-23916
+Upstream-Status: Backport
[https://github.com/curl/curl/commit/119fb187192a9ea13dc.patch]
+Signed-off-by: Pawan Badganchi
+---
+ lib/content_encoding.c | 7 +-
+ lib/urldata.h | 1 +
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test387 | 2 +-
+ tests/data/test418
On Tue, Apr 4, 2023 at 02:58 AM, Martin Jansa wrote:
>
> Upstream-Status
Hi Martin,
Do you mean i should remove Upstream-Status line and keep other 2 lines as it
is.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179681):
Hi steve,
I have reworked on this patch CVE-2023-23916 and submitted. Could you please
take below patch.
https://lists.openembedded.org/g/openembedded-core/message/179676
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179677):
#10492
+
+CVE: CVE-2023-23916
+Upstream-Status: Backport
[https://github.com/curl/curl/commit/119fb187192a9ea13dc.patch]
+Signed-off-by: Pawan Badganchi
+---
+ lib/content_encoding.c | 7 +-
+ lib/urldata.h | 1 +
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test387 | 2
Hi,
Please ignore this patch.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179646):
https://lists.openembedded.org/g/openembedded-core/message/179646
Mute This Topic: https://lists.openembedded.org/mt/98039579/21656
Group Owner:
From: Anuj Chougule
Re-used implicit test suite and converted it into ptest.
Signed-off-by: pawan
---
meta/recipes-devtools/json-c/json-c/run-ptest | 14 +
meta/recipes-devtools/json-c/json-c_0.15.bb | 21 ---
2 files changed, 32 insertions(+), 3 deletions(-)
From: Anuj Chougule
Re-used implicit test suite and converted it into ptest.
Signed-off-by: pawan
---
meta/recipes-devtools/json-c/json-c/run-ptest | 14 +
meta/recipes-devtools/json-c/json-c_0.15.bb | 21 ---
2 files changed, 32 insertions(+), 3 deletions(-)
Hi steve,
This patch is depends on below patch, if u build with this patch it will not
give fuzz error.
You no need to take this patch also now because in kirkstone it is already
available.
Could you please build once again, i think fuz error will not get.
On Mon, Apr 3, 2023 at 03:34 AM, Pawan Badganchi wrote:
>
> Hi steve,
> I am talking about this cve *CVE-2023-23916*.
>
> Could you please build this patch
Hi steve,
I am talking about this cve CVE-2023-23916.
Could you please build this patch as CVE-2023-23914, CVE-202
Hi steve,
I am talking about this cve *CVE-2023-23916*.
Could you please build this patch with below patch.
https://lists.openembedded.org/g/openembedded-core/message/179015
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179607):
This reverts commit 66575e31b76894e217350350307b30d3684ba4fa.
Revert CVE-2021-3507 for qemu as it is not applicable for qemu6.2
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3507
Conflicts:
meta/recipes-devtools/qemu/qemu.inc
Signed-off-by: pawan
---
Hi,
Please ignore this.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179305):
https://lists.openembedded.org/g/openembedded-core/message/179305
Mute This Topic: https://lists.openembedded.org/mt/97945083/21656
Group Owner:
From: Khem Raj
This helps in building rsync without autoconf patch, since it will be a
while that the round trip is made, better to apply this patch here until
next release of autoconf.
(From OE-Core rev: 11522b98697befcf13076a90cec4f8ade1fa0645)
Signed-off-by: Khem Raj
Signed-off-by:
From: Khem Raj
(From OE-Core rev: c53d465865d4a9c109322074c2653a3a8b665238)
Signed-off-by: Khem Raj
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 51d8e0e20e2965517a64e954d51a23be52e5f4f3)
Signed-off-by: pawan
---
From: Khem Raj
This helps in building rsync without autoconf patch, since it will be a
while that the round trip is made, better to apply this patch here until
next release of autoconf.
(From OE-Core rev: 11522b98697befcf13076a90cec4f8ade1fa0645)
Signed-off-by: Khem Raj
Signed-off-by:
Hello steve,
Could you please build this patch with below patch. This is the latest version
and please ignore previous sent patches.
https://lists.openembedded.org/g/openembedded-core/message/179015
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online
Hello Steve,
Could you please build again including CVE-2023-23914 And CVE-2023-23195.
On Fri, 24 Mar, 2023, 9:10 pm Steve Sakoman, wrote:
> On Thu, Mar 23, 2023 at 9:57 PM Pawan Badganchi
> wrote:
> >
> > From: Pawan Badganchi
> >
> > Add below patch to fix C
Please ignore this patch.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179018):
https://lists.openembedded.org/g/openembedded-core/message/179018
Mute This Topic: https://lists.openembedded.org/mt/97818979/21656
Group Owner:
Please ignore this patch.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179017):
https://lists.openembedded.org/g/openembedded-core/message/179017
Mute This Topic: https://lists.openembedded.org/mt/97818981/21656
Group Owner:
From: Pawan Badganchi
Add below patch to fix CVE-2023-23916
CVE-2023-23916.patch
Link: https://curl.se/docs/CVE-2023-23916.html
Signed-off-by: Pawan Badganchi
Signed-off-by: Pawan Badganchi
---
.../curl/curl/CVE-2023-23916.patch| 222 ++
meta/recipes-support
From: Pawan Badganchi
Add below patches to fix CVE-2023-23914, CVE-2023-23915
CVE-2023-23914_5-1.patch
CVE-2023-23914_5-2.patch
CVE-2023-23914_5-3.patch
CVE-2023-23914_5-4.patch
CVE-2023-23914_5-5.patch
Link:
https://curl.se/docs/CVE-2023-23914.html
https://curl.se/docs/CVE-2023-23915.html
From: Pawan Badganchi
Add below patch to fix CVE-2023-23916
CVE-2023-23916.patch
Link: https://curl.se/docs/CVE-2023-23916.html
Signed-off-by: Pawan Badganchi
Signed-off-by: Pawan Badganchi
---
.../curl/curl/CVE-2023-23916.patch| 222 ++
meta/recipes-support
From: Pawan Badganchi
Add below patches to fix CVE-2023-23914, CVE-2023-23915
CVE-2023-23914_5-1.patch
CVE-2023-23914_5-2.patch
CVE-2023-23914_5-3.patch
CVE-2023-23914_5-4.patch
CVE-2023-23914_5-5.patch
Link:
https://curl.se/docs/CVE-2023-23914.html
https://curl.se/docs/CVE-2023-23915.html
Hi Steve,
Could you please take this patch to kirkstone branch?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178812):
https://lists.openembedded.org/g/openembedded-core/message/178812
Mute This Topic:
Hi Steve,
Could you please take this patch to kirkstone branch?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178811):
https://lists.openembedded.org/g/openembedded-core/message/178811
Mute This Topic:
Hello steve,
We have not taken patch from actual upstream because we have curl version 7.82
and in the actual upstream curl version is 7.88. So in our source code one
variable is absent. Hence i had taken from launchpad. Now i have taken backport
patch curl(7.81) from ubuntu trusted upstream.
From: Pawan Badganchi
Add below patch to fix CVE-2023-23916
CVE-2023-23916.patch
Link: https://packages.ubuntu.com/source/jammy/curl
Signed-off-by: Pawan Badganchi
Signed-off-by: pawan
---
.../curl/curl/CVE-2023-23916.patch| 222 ++
meta/recipes-support/curl
From: Pawan Badganchi
Add below patches to fix CVE-2023-23914, CVE-2023-23915
CVE-2023-23914_5-1.patch
CVE-2023-23914_5-2.patch
CVE-2023-23914_5-3.patch
CVE-2023-23914_5-4.patch
CVE-2023-23914_5-5.patch
Link: https://packages.ubuntu.com/source/jammy/curl
Signed-off-by: Pawan Badganchi
Signed
From: Pawan Badganchi
Add below patch to fix CVE-2023-23916
CVE-2023-23916.patch
Link: https://launchpad.net/ubuntu/+source/curl/7.87.0-2ubuntu2/
Signed-off-by: Pawan Badganchi
Signed-off-by: pawan
---
.../curl/curl/CVE-2023-23916.patch| 223 ++
meta/recipes
From: Pawan Badganchi
Add below patches to fix CVE-2023-23914, CVE-2023-23915
CVE-2023-23914_5-1.patch
CVE-2023-23914_5-2.patch
CVE-2023-23914_5-3.patch
CVE-2023-23914_5-4.patch
CVE-2023-23914_5-5.patch
Link: https://launchpad.net/ubuntu/+source/curl/7.87.0-2ubuntu2/
Signed-off-by: Pawan
From: Omkar Patil
Add CVE-2023-22809.patch to fix CVE-2023-22809.
Signed-off-by: Omkar Patil
Signed-off-by: pawan
---
.../sudo/files/CVE-2023-22809.patch | 113 ++
meta/recipes-extended/sudo/sudo_1.8.32.bb | 1 +
2 files changed, 114 insertions(+)
create mode
From: Pawan Badganchi
Add below patch to fix CVE-2022-37454
CVE-2022-37454.patch
Link: https://security-tracker.debian.org/tracker/CVE-2022-37454
Link:
https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631
Signed-off-by: Pawan Badganchi
Signed-off-by: pawan
From: Pawan Badganchi
Add below patch to fix CVE-2016-3709
CVE-2016-3709.patch
Link:
https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f
Signed-off-by: Pawan Badganchi
---
.../libxml/libxml2/CVE-2016-3709.patch| 89 +++
meta/recipes-core
From: Pawan Badganchi
Add below patch to fix CVE-2016-3709
CVE-2016-3709.patch
Link:
https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f
Signed-off-by: Pawan Badganchi
---
.../libxml/libxml2/CVE-2016-3709.patch| 89 +++
meta/recipes-core
From: Pawan Badganchi
As per debian, the issue is fixed by a feature called
"agent restriction" in openssh 8.9.
Urgency is unimportant as per debian, Hence this CVE is whitelisting.
Link:
https://security-tracker.debian.org/tracker/CVE-2021-36368
https://bugzilla.mindrot.org/show_bug.c
From: Pawan Badganchi
Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
CVE-2022-25308.patch
Link:
https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1
CVE-2022-25309.patch
Link:
https://github.com/fribidi/fribidi/commit
From: Pawan Badganchi
Add below patch to fix CVE-2022-1215
CVE-2022-1215.patch
Link:
https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28
Signed-off-by: Pawan Badganchi
---
.../wayland/libinput/CVE-2022-1215.patch | 361
66 matches
Mail list logo