Pick patches according to oe-core patch for this CVE in wpa-supplicant.
Leave out commit which patched only files not present in hostapd.
Note that Debian just picked the last commit (actually fixing the CVE)
and removed not-applicable parts, but it is probably better to be
consistent with oe-core status.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Fetch the needed Git tag by using BB_GIT_SHALLOW_EXTRA_REFS. This fixes
the following autotools configuration error:
| build-aux/git-version-gen: WARNING: .gitarchivever doesn't contain valid version tag
| build-aux/git-version-gen: ERROR: Can't find valid version. Please use valid git repository, released tarball or version tagged archive
| configure.ac:22: error: AC_INIT should be called with package and version arguments
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Refresh patches, drop patch 3238, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Upgrade to mosquitto 2.0.21. Update the patch status for issue 2895 and create a
new patch for an issue introduced in 2.0.19 which causes connections to get down
when the clock is changed.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This is a header only package. It may be useful to the native machine
but it is definitely useful for the nativesdk machine.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This includes CVE-fix for CVE-2023-26819.
Removed CVE-2025-57052, as the issue was already resolved
in v1.7.19.
Changelog:
==========
https://github.com/DaveGamble/cJSON/blob/master/CHANGELOG.md
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the
function run_jq_tests of the file jq_test.c of the component JSON Parser.
Executing manipulation can lead to reachable assertion. The attack
requires local access. The exploit has been publicly disclosed and may be
utilized. Other versions might be affected as well.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9403
Upstream-patch:
a4d9d54010
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* According to latest comment [1] and the mentioned pull request [2],
build an ENABLE(WEBASSEMBLY) && !ENABLE(JIT) configuration is
supported, so original issue already fixed in current version, the
EXTRA_OECMAKE setting is not needed anymore.
* This EXTRA_OECMAKE setting causes following configure error on
beaglebone-yocto, remove the setting to let the configure process
decide the configuration:
CMake Error at Source/cmake/WebKitFeatures.cmake:312 (message):
ENABLE_JIT conflicts with ENABLE_C_LOOP. You must disable one or the other.
[YOCTO #15254]
[1] https://github.com/WebKit/WebKit/pull/17447
[2] https://github.com/WebKit/WebKit/pull/17688
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Changelog:
=============
- config file parser dynamically allocates linebuffer to allow multithreaded applications
- parse time values in model configuration file
- config file generator: added missing code for GSEControl
- Config file generator: support multiple access points for GOOSE and SMV control blocks
- config file generator: added code to add SMVCBs to config files
- IED server: added code to create SMVCBs with the dynamic model API
- MMS server: added support for write access with component alternate access
- MMS client: added function MmsConnection_writeVariableComponent to write to variables with alternate component access
- make write access to RCB elements configurable according to ReportSettings
- Added function IedConnection_setLocalAddress to define local IP address and optionally local port of a client connection
- IED server: added ControlAction_getSynchroCheck and ControlAction_getInterlockCheck functions
- fixed - IEC 61580 server: dataset is not released when RCB.Datset is set to empty string by client
- PAL: fixed wrong order of function arguments for fread and fwrite functions
- MMS client: parsing of servicecsSupported in MMS init response is off by one
- fixed - potential memory leaks in goose publisher code
- fixed - server sends dchg report when only dupd is enabled in RCB
- GOOSE subscriber: fixed - possible heap corruption in parseAllData due to missing validity check in bit-string handling
- IED server: fixed problem with implicit ResvTms setting when reserved with RptEna
- IED server: fixed - segmentation fault when compiled with CONFIG_MMS_THREADLESS_STACK
- fixed - MMS server: messages can be corrupted when TCP buffer is full
- fixed - .NET: IedConenction.WriteDataSetValues throws a NullReferenceException
- fixed - server send invalid response- when client uses wrong ctlModel
- fixed - IedConnection_setRCBValuesAsync crashes when RCB is already reserved by other client
- fixed - outstanding call not released in IedConnection_getDataSetDirectoryAsync
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1b0f933f5b079c60e03a9e73fc5f4957792b911a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30202
Backport the patch mentioned in the details of the link.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Details https://nvd.nist.gov/vuln/detail/CVE-2025-25066
CVE was fixed by [1] but the change [2] which introduced CVE was not present this version (4.2).
$ git tag --no-contains b9348e9 | grep 4.2
4.2
[1] 678697b5eb
[2] b9348e9d6e
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Poppler ia a library for rendering PDF files, and examining or
modifying their structure. A use-after-free (write) vulnerability
has been detected in versions Poppler prior to 25.10.0 within the
StructTreeRoot class. The issue arises from the use of raw pointers
to elements of a `std::vector`, which can lead to dangling pointers
when the vector is resized. The vulnerability stems from the way that
refToParentMap stores references to `std::vector` elements using raw
pointers. These pointers may become invalid when the vector is resized.
This vulnerability is a common security problem involving the use of
raw pointers to `std::vectors`. Internally, `std::vector `stores its
elements in a dynamically allocated array. When the array reaches its
capacity and a new element is added, the vector reallocates a larger
block of memory and moves all the existing elements to the new location.
At this point if any pointers to elements are stored before a resize
occurs, they become dangling pointers once the reallocation happens.
Version 25.10.0 contains a patch for the issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-52885
Upstream patch:
4ce27cc826
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
yasm commit 9defefae was discovered to contain a NULL pointer
dereference via the yasm_section_bcs_append function at section.c.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-22653
Upstream-patch:
121ab150b3
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This is gentoo specific CVE.
NVD tracks this as version-less CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 36a7e409d8dcee804f911174291a0c72b8037934)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Current version (1.6.9) is not affected. Issue was addressed in version 1.3.0
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 17bcf478a512c7d75baa3b68e8f650aff7d17bbe)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Changelog:
6.2.19:
(CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
(CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
6.2.20:
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a22715b82584696dec489914d8bb9ccf73b5600)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 889ccce6848276fa68b3736b345552a533bc6bd2)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
The version don't match and only the Jenkins plugin is affected.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 524acf0542cafed3f5e82cd94291a653f6cf86e1)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Our hash does not point to exact tag and CVE patch is already in.
We use: 33a8a275928b186381bb0aea0f9778e330e57ec3
Fix: 60b813a770
git describe --tags --match=v0.2 33a8a275928b186381bb0aea0f9778e330e57ec3 60b813a770e42fdb0e85c1d2da7a55327784b8d6
v0.2-262-g33a8a27
v0.2-85-g60b813a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e5a12d52522f10026570a5c48d6662a5359c4887)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>