helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2025-12-31 13:38:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,109 Commits 63 Branches 0 Tags
Commit Graph

24109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gyorgy Sarvari
97d4be2839 gupnp-igd: add ptest support 
Execution takes around 10 seconds.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:22 +01:00
Gyorgy Sarvari
590afd1a98 gupnp-av: add ptest support 
It takes around a second to execute the suite.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 65c2f6de55fa662bce0281046ed3f291c414ff82)

Adapted to Kirkstone.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:21 +01:00
Gyorgy Sarvari
535fc775a6 gupnp: add ptest support 
It takes almost 50 seconds on my machine to execute.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e7878d69abd4d1cfaad3f5e5ba9cf7ad00f136bd)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:20 +01:00
Gyorgy Sarvari
ff2b74df62 gssdp: add ptest support 
It is quick, it finished under 20 seconds on my machine.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 27865a96d576160a0e3a0fda6b7e604f19edbc6c)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:19 +01:00
Gyorgy Sarvari
d95d7c8e7b xrdp: add ptest support 
It takes under 10 seconds to run the suite.
Executed succesfully on x86-64, with musl and glibc.

The recipe requires pam DISTRO_FEATURE to be present.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 54ca51b6c6c90ad464a488e1ee271d3fff708955)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:17 +01:00
Gyorgy Sarvari
dcc7681d01 xrdp: patch CVE-2022-23493 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:13 +01:00
Gyorgy Sarvari
fc2c0460ab xrdp: patch CVE-2022-23484 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:11 +01:00
Gyorgy Sarvari
e89a73a759 xrdp: patch CVE-2022-23483 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:10 +01:00
Gyorgy Sarvari
e0e34a0615 xrdp: patch CVE-2022-23481 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:09 +01:00
Gyorgy Sarvari
07291c5d65 xrdp: patch CVE-2022-23480 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:09 +01:00
Gyorgy Sarvari
d2a493539f xrdp: patch CVE-2022-23479 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:08 +01:00
Gyorgy Sarvari
444c8f69d2 xrdp: patch CVE-2022-23478 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:07 +01:00
Gyorgy Sarvari
74b0b81579 xrdp: patch CVE-2022-23477 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:06 +01:00
Gyorgy Sarvari
5709e8f6ec xrdp: patch CVE-2022-23468 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:05 +01:00
Gyorgy Sarvari
f218f0373f xrdp: upgrade 0.9.18 -> 0.9.18.1 
Contains fix for CVE-2022-23613

Changelog: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.18.1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:04 +01:00
Saravanan
e2da1298ac python3-django: fix CVE-2025-32873 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32873

Upstream-patch:
9cd8028f3e/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:59 +01:00
Saravanan
ee59faebac python3-django: fix CVE-2024-53907 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-53907

Upstream-patch:
790eb058b0/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:58 +01:00
Saravanan
64e4cf9933 python3-django: fix CVE-2024-41991 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41991

Upstream-patch:
efea1ef7e2/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:55 +01:00
Khem Raj
edb07bc11e scsirastools: Fix build with usrmerge 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4448cd9ee7e62de0a2787110256c8c0cabb941ee)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-02 13:54:27 +01:00
Gyorgy Sarvari
4a70d6f944 gradm: fix installation with usrmerge enabled 
In case usrmerge DISTRO_FEATURE is enabled, the recipe installs its
binaries into /sbin folder, which however supposed to be a symlink
to /usr/sbin folder, thus ultimately failing the installation.

To avoid this problem, backport a patch from master branch that allows
specifying the installation location.

This is a partial backport of 682657248c654c54ac87edc9bf0a95fb59ff0b1e

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-02 13:54:16 +01:00
Gyorgy Sarvari
bc55ba3d8c babeld: fix installation with usrmerge 
In case usrmerge DISTRO_FEATURE is enabled, the recipe installed
the application to /bin folder, which is however a symlink to /usr/bin,
so the installation ultimately failed.

To fix this, set the correct prefix for the installation.

This is a partial backport of f91983f1f3e897d25ab477fdfb5baed89ccc0daf

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-02 13:54:02 +01:00
Gyorgy Sarvari
6416254c0b fontforge: patch CVE-2024-25081 and CVE-2024-25082 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-25081
https://nvd.nist.gov/vuln/detail/CVE-2024-25082

The same patch fixes both vulnerabilities.
Take the patch from the pull request that is referenced by the
nv report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 20:48:08 +01:00
Gyorgy Sarvari
2491ea2ffb fontforge: patch CVE-2020-5395, CVE-2020-25690 and CVE-2020-5496 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-5395
https://nvd.nist.gov/vuln/detail/CVE-2020-25690
https://nvd.nist.gov/vuln/detail/CVE-2020-5496

The same patch fixes all three.
The patch for CVE-2020-25690 is mentioned in the RedHat bug, which is
referenced in the nvd report.
The patch for CVE-2020-5395 is mentioned in the Github issue that
is referenced in the nvd report.
The patch for CVE-2020-5496 is mentioned in the comments of the issue
that is linked in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 20:48:07 +01:00
Gyorgy Sarvari
48d2305f48 fontforge: ignore CVE-2019-15785 
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-15785

The vulnerability is not present in the currently used version, so
ignore it.

Current version: 20190801
First vulnerable version: 20190813

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 20:48:06 +01:00
Gyorgy Sarvari
67bb8e4b16 yasm: patch CVE-2021-33456 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1e2731fce05d15020fddf3dca5d8ee42ec3c04e1)
 2025-11-30 20:48:05 +01:00
Gyorgy Sarvari
68a44fe280 yasm: patch CVE-2021-33464 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66a0b01b52e5d1cd2af4c41ae0b67541464874e6)
 2025-11-30 20:48:04 +01:00
Gyorgy Sarvari
5fb0376aed yasm: patch CVE-2023-29579 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cc30757a7fd0af5f60b9a6408b3eb94c0810acda)
 2025-11-30 20:48:03 +01:00
Gyorgy Sarvari
b6eb044866 yasm: add alternative CVE_PRODUCT 
There are multiple vendors for yasm:

$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm

Both products refer to the same application

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93f85e4fd2fb124cb047f6b378cf0052a1f102aa)
 2025-11-30 20:48:01 +01:00
Saravanan
8b438a9d7b python3-django: fix CVE-2024-39330 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-39330

Upstream-patch:
2b00edc015

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:36 +01:00
Saravanan
740980aaba python3-django: fix CVE-2024-39329 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-39329

Upstream-patch:
156d3186c9

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:34 +01:00
Saravanan
21d389c8f9 python3-django: fix CVE-2025-57833 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-57833

Upstream-patch:
31334e6965

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:32 +01:00
Saravanan
0b554678b6 python3-django: fix CVE-2024-56374 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-56374

Upstream-patch:
ad866a1ca3

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:31 +01:00
Saravanan
540b79e3ee python3-django: fix CVE-2025-26699 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-26699

Upstream-patch:
e88f7376fe

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:30 +01:00
Saravanan
666ec505b4 python3-django: fix CVE-2024-27351 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-27351

Upstream-patch:
072963e4c4

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:29 +01:00
Saravanan
d4a5c4cf6c python3-django: upgrade 4.2.17 -> 4.2.26 
Fixes CVE-2025-64459, CVE-2025-64458, CVE-2025-59682, CVE-2025-59681,
CVE-2025-57833, CVE-2025-48432, CVE-2025-32873, CVE-2025-26699, CVE-2024-56374
and other bug fixes.

Release notes:
https://docs.djangoproject.com/en/dev/releases/4.2.18/
https://docs.djangoproject.com/en/dev/releases/4.2.19/
https://docs.djangoproject.com/en/dev/releases/4.2.20/
https://docs.djangoproject.com/en/dev/releases/4.2.21/
https://docs.djangoproject.com/en/dev/releases/4.2.22/
https://docs.djangoproject.com/en/dev/releases/4.2.23/
https://docs.djangoproject.com/en/dev/releases/4.2.24/
https://docs.djangoproject.com/en/dev/releases/4.2.25/
https://docs.djangoproject.com/en/dev/releases/4.2.26/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:28 +01:00
Saravanan
252b82edd5 python3-django: upgrade 3.2.23 -> 3.2.25 
Fixes CVE-2024-27351, CVE-2024-24680 and other bugfixes.

Release notes:
https://docs.djangoproject.com/en/dev/releases/3.2.24/
https://docs.djangoproject.com/en/dev/releases/3.2.25/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:24 +01:00
Gyorgy Sarvari
a12478e722 libraw: patch CVE-2025-43964 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43964

Pick the patch that is referenced by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
0e30e2ab37 libraw: patch CVE-2025-43963 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43963

Pick the patch that is referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
cb0fcd1ae4 libraw: patch CVE-2025-43961 and CVE-2025-43962 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43961
https://nvd.nist.gov/vuln/detail/CVE-2025-43962

Pick the patch that is mentioned by the nvd reports - the
same patch fixes both vulnerabilities.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
309e9688d5 libraw: patch CVE-2023-1729 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1729

Pick the patch that is mentioned to solve the issue in the issue
linked from the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
730f4c000c libraw: ignore CVE-2020-35535 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35535

The fix is already included in the used revision.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
298f329594 libraw: ignore CVE-2020-35534 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35534

The fix is already included in the currently used revision.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
ce9b6df403 libraw: ignore CVE-2020-35533 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35533

The fix is already included in the currently used revision.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
73891ac756 libraw: ignore CVE-2020-35532 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35532

The fix is already included in the currently used revision.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
34f34b93d9 libraw: ignore CVE-2020-35531 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35531

The fix is already included in the currently used revision.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
27f77ae006 libraw: ignore CVE-2020-35530 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35530

The fix is already included in the currently used revision.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
8f89a8c732 tigervnc: ignore CVE-2014-8241 
Details: https://nvd.nist.gov/vuln/detail/CVE-2014-8241

The vulnerability is about a potential null-pointer dereference, because
of a malloc result is not verified[1].

The vulnerable code has been refactored since completely[2], and the code isn't
present anymore in the codebase.

[1]: https://github.com/TigerVNC/tigervnc/issues/993#issuecomment-612874972 - attachment
[2]: b8a24f055f

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
4cf5f8cc31 libao: ignore CVE-2017-11548 
Both Suse[1] and Debian[2] disputes that this is a vulnerability in libao.
Based on their investigation while an issue exists, it is not in libao, however
higher in the audio-toolchain, most likely in libmad or mpg321. There seem to
be nothing to be fixed about this in libao - ignore this CVE due to this.

[1]: https://bugzilla.suse.com/show_bug.cgi?id=1081767
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a993eb8b93f16e3a16c9a1ab2eb0939cb2331593)

Reworked for Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00
Gyorgy Sarvari
f81db4757e cockpit: set correct CVE_PRODUCT 
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit af4df551eec582844a8b56154117915ace1596cd)
 2025-11-30 15:13:57 +01:00
Gyorgy Sarvari
91c15953c0 libde265: patch CVE-2022-1253 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-1253

Pick the patch from the nvd report.

The patch is only partially backported, because part of the vulnerable
code was introuced only in a later version.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:57 +01:00