[oe] [meta-oe] [PATCH] redis: fix service redis-server restart not working under sysvinit

and is ignored in the implementation provided by busybox package. A repeated check if the process is still running and another try with another signal after a timeout will effectively simulate a stop with --retry=TERM/5/KILL/5 schedule. Signed-off-by: Stefan Ghinea --- .../redis/redis-7/init-redis-server

[oe] [meta-networking] [PATCH] mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393

if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. References: https://nvd.nist.gov/vuln/detail/CVE-2022-46392 https://nvd.nist.gov/vuln/detail/CVE-2022-46393 Upstream patches: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 Signed-off-by: Stefan Ghi

[oe] [PATCH] thunar: fix CVE-2021-32563

://nvd.nist.gov/vuln/detail/CVE-2021-32563 Upstream patches: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 Signed-off-by: Stefan Ghinea --- .../thunar/thunar/CVE-2021-32563-1.patch

Re: [oe] [PATCH] [oe-devel] [meta-python] python3-django: fix CVE-2021-28658

] Hello Stehan, On 4/16/21 8:24 AM, Stefan Ghinea wrote: In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. References

[oe] [PATCH] [oe-devel] [meta-python] python3-django: fix CVE-2021-28658

Upstream patches: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 Signed-off-by: Stefan Ghinea --- .../CVE-2021-28658.patch | 289 ++ .../python/python3-django_2.2.16.bb | 2 + 2 files changed, 291 insertions

[oe] [PATCH V2] [OE-devel] [meta-openembedded] hostapd: fix CVE-2021-30004

=a0541334a6394f8237a4393b7372693cd7e96f15 Signed-off-by: Stefan Ghinea --- .../hostapd/hostapd/CVE-2021-30004.patch | 123 ++ .../hostapd/hostapd_2.9.bb| 1 + 2 files changed, 124 insertions(+) create mode 100644 meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch diff

[oe] [PATCH] [OE-devel] [meta-openembedded] hostapd: fix CVE-2021-30004

=a0541334a6394f8237a4393b7372693cd7e96f15 Signed-off-by: Stefan Ghinea --- .../hostapd/hostapd/CVE-2021-30004.patch | 123 ++ .../hostapd/hostapd_2.9.bb| 1 + 2 files changed, 124 insertions(+) create mode 100644 meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch diff

[oe] [PATCH] [OE-devel] [meta-openembedded] quagga: fix do_fetch warning

WARNING: quagga-1.2.4-r0 do_fetch: Failed to fetch URL https://download.savannah.gnu.org/releases/quagga/quagga-1.2.4.tar.gz;, attempting MIRRORS if available Signed-off-by: Stefan Ghinea --- meta-networking/recipes-protocols/quagga/quagga.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion