Beside other bugfixes, it contains fixes for CVE-2025-12817 and CVE-2025-12818.
Release notes: https://www.postgresql.org/docs/release/14.20/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297
The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is
not present in the recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 071a45c9d76c9a222c8fbaa50089a8af44f44e74)
Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".
Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit
In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".
Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e87e51da49fe121be8f6dd4cec3263a345f2f876)
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
CVE-2025-47917 is that the function mbedtls_x509_string_to_names() takes
a head argument and performs a deep free() on it.
Backport patch to fix CVE-2025-47917 and drop the modification in doc
file and comment in header file which lack of context.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe fetches from multiple repositories, however the SRCREV_FORMAT
variable wasn't set. Due to this the recipe couldn't reuse sstate artifacts from
a mirror, only threw warnings:
WARNING: gosu-1.14-r0 do_package_qa_setscene: ExpansionError('SRCPV',
'${@bb.fetch2.get_srcrev(d)}', FetchError('The SRCREV_FORMAT variable
must be set when multiple SCMs are used.\nThe SCMs are:
git://github.com/tianon/gosu.git;branch=master;protocol=https
git://github.com/opencontainers/runc;name=runc;branch=main;protocol=https', None))
WARNING: Setscene task (/cocto/kirkstone-next/meta-openembedded/meta-oe/recipes-support/
gosu/gosu_1.14.bb:do_package_qa_setscene) failed with exit code '1' - real task
will be run instead
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It fetches from multiple repositories, but didn't have SRCREV_FORMAT
set. Because of this, the recipe couldn't use sstate artifacts from
a mirror, just threw many warnings:
WARNING: sysdig-0.28.0-r0 do_package_qa_setscene: ExpansionError('SRCPV',
'${@bb.fetch2.get_srcrev(d)}', FetchError('The SRCREV_FORMAT variable
must be set when multiple SCMs are used.\nThe SCMs
are:\ngit://github.com/draios/sysdig.git;branch=dev;protocol=https;name=sysdig
git://github.com/falcosecurity/libs;protocol=https;branch=master;name=falco;subdir=git/falcosecurity-libs',
None))
WARNING: Setscene task (/cocto/kirkstone-next/meta-openembedded/meta-oe/recipes-extended/sysdig/sysdig_0.28.0.bb
:do_package_qa_setscene) failed with exit code '1' - real task will be run instead
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It takes around a second to execute the suite.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 65c2f6de55fa662bce0281046ed3f291c414ff82)
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It takes almost 50 seconds on my machine to execute.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e7878d69abd4d1cfaad3f5e5ba9cf7ad00f136bd)
Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It is quick, it finished under 20 seconds on my machine.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 27865a96d576160a0e3a0fda6b7e604f19edbc6c)
Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It takes under 10 seconds to run the suite.
Executed succesfully on x86-64, with musl and glibc.
The recipe requires pam DISTRO_FEATURE to be present.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 54ca51b6c6c90ad464a488e1ee271d3fff708955)
Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In case usrmerge DISTRO_FEATURE is enabled, the recipe installs its
binaries into /sbin folder, which however supposed to be a symlink
to /usr/sbin folder, thus ultimately failing the installation.
To avoid this problem, backport a patch from master branch that allows
specifying the installation location.
This is a partial backport of 682657248c654c54ac87edc9bf0a95fb59ff0b1e
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In case usrmerge DISTRO_FEATURE is enabled, the recipe installed
the application to /bin folder, which is however a symlink to /usr/bin,
so the installation ultimately failed.
To fix this, set the correct prefix for the installation.
This is a partial backport of f91983f1f3e897d25ab477fdfb5baed89ccc0daf
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-15785
The vulnerability is not present in the currently used version, so
ignore it.
Current version: 20190801
First vulnerable version: 20190813
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
