[OE-core][kirkstone][PATCH v4] openssh: Remove BSD-4-clause contents completely from codebase

From: Riyaz Khan Below upstream commit removed BSD-4-Clause from the LICENSE variable, Link: https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8 But actually if we check from the source code of the openssh for this version (8.9p1), there are some files (openbsd-

[OE-core][master][PATCH v3] openssh: Remove BSD-4-clause contents completely from codebase

From: Riyaz Khan Below upstream commit removed BSD-4-Clause from the LICENSE variable, Link: https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8 But actually if we check from the source code of the openssh for this version (8.9p1), there are some files (openbsd-

[OE-core] [meta][master][PATCH v2] openssh: Remove BSD-4-clause contents completely from codebase

From: Riyaz Khan Below upstream commit removed BSD-4-Clause from the LICENSE variable, Link: https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8 But actually if we check from the source code of the openssh for this version (8.9p1), there are some files (openbsd-

[OE-core][master][PATCH v4] openssh: Remove BSD-4-clause contents completely from codebase

As upstream removed this BSD-4-clause license, there are still some files has this license. Below file affected by this BSD-4-clause contents when below command is executed grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort

[OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause contents completely from codebase

As upstream removed this BSD-4-clause license, there are still some files has this license. Below file affected by this BSD-4-clause contents when below command is executed grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort

[OE-core][kirkstone][PATCH v2] openssh: Remove BSD-4-clause contents completely from codebase

As upstream removed this BSD-4-clause license, there are still some files has this license. Below file affected by this BSD-4-clause contents when below command is executed grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort

[OE-core][kirkstone][PATCH] openssh: Remove BSD-4-clause contents completely from codebase

As upstream removed this BSD-4-clause license, there are still some files has this license. Below file affected by this BSD-4-clause contents when below command is executed grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort

[OE-core] [meta][dunfell][PATCH] tar: CVE-2022-48303

From: Rodolfo Quesada Zumbado Fixes CVE-2022-48303 by checking Base-256 encoding is at least 2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrate

[OE-core] [meta][dunfell][PATCH] rpm: Fix rpm CVE CVE-2021-3521

From: Riyaz Khan Links: Dependent Patches: CVE-2021-3521-01 https://github.com/rpm-software-management/rpm/commit/b5e8bc74b2b05aa557f663fe227b94d2bc64fbd8 CVE-2021-3521-02 https://github.com/rpm-software-management/rpm/commit/9f03f42e2614a68f589f9db8fe76287146522c0c CVE-2021-3521-03 https://githu

[OE-core] [meta][dunfell][PATCH 2/2] sdbus-c++-tools: Upgrade sdbus-c++-tools 1.1.0 to 1.2.0

From: Riyaz Khan Update SHA value in SRCREV. Reference link: https://github.com/Kistler-Group/sdbus-cpp/releases/tag/v1.2.0 Signed-off-by: Riyaz Khan --- .../{sdbus-c++-tools_1.1.0.bb => sdbus-c++-tools_1.2.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recip

[OE-core] [meta][dunfell][PATCH 1/2] sdbus-c++: Upgrade sdbus-c++ 1.1.0 to 1.2.0

From: Riyaz Khan Add SHA value in SRCREV and remove 7f437a6e06d2ec3abd3e2fd1101ab6aab386bc44.patch as this this patch is already part of 1.2.0 Source. Reference link: https://github.com/Kistler-Group/sdbus-cpp/releases/tag/v1.2.0 Signed-off-by: Riyaz Khan --- ...7a6e06d2ec3abd3e2fd1101ab6aab3

[OE-core] [meta][dunfell][PATCH] python3: Fix CVE-2021-28861 for python3

From: Riyaz Khan Add patch to fix CVE-2021-28861 CVE-2021-28861.patch Link: https://github.com/python/cpython/commit/4dc2cae3abd75f386374d0635d00443b897d0672 Signed-off-by: Riyaz Khan --- .../python/python3/CVE-2021-28861.patch | 135 ++ .../recipes-devtools/python/pyth

[OE-core][dunfell][PATCH v1] libxml2: Fix CVE-2022-29824 for libxml2

. + +CVE: CVE-2022-29824 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/b07251215ef48c70c6e56f7351406c47cfca4d5b] + +Signed-off-by: Riyaz Ahmed Khan + +--- + tree.c | 9 +++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/tree.c b/tree.c +index

[OE-core][dunfell][PATCH v2] curl: Add fix for CVE-2022-27781 CVE-2022-27782

-off-by: Riyaz Ahmed Khan + +--- + lib/vtls/nss.c | 8 + 1 file changed, 8 insertions(+) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 5b7de9f81895..569c0628feb5 100644 +--- a/lib/vtls/nss.c b/lib/vtls/nss.c +@@ -983,6 +983,9 @@ static void display_cert_info(struct Curl_easy

[OE-core][dunfell][PATCH v2] curl: Add fix for CVE-2022-27781 CVE-2022-27782

/5c7da89d404bf59c8dd82a001119a16d18365917] + +Signed-off-by: Riyaz Ahmed Khan + +--- + lib/vtls/nss.c | 8 + 1 file changed, 8 insertions(+) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 5b7de9f81895..569c0628feb5 100644 +--- a/lib/vtls/nss.c b/lib/vtls/nss.c +@@ -983,6 +983,9

[OE-core] [meta-oe][dunfell][PATCH] curl: Add fix for CVE-2022-27781 CVE-2022-27782

Add patches for CVE issues: CVE-2022-27781 CVE-2022-27782 CVE-2022-27781 Link: [https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917] CVE-2022-27782 Link: [https://github.com/curl/curl/commit/1645e9b44505abd5cbaf65da5282c3f33b5924a5] Signed-off-by: Riyaz Ahmed Khan