is a choice between the two licenses.
Signed-off-by: Massimiliano Minella
Signed-off-by: Shubham Kulkarni
---
meta/recipes-extended/zstd/zstd_1.5.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/zstd/zstd_1.5.2.bb
b/meta/recipes-extended/zstd
From: Priyal Doshi
Signed-off-by: Priyal Doshi
Signed-off-by: Alexandre Belloni
(cherry picked from commit 5abbd0abf992ce8d11f3ae31fb1d83d97f5319fa)
Signed-off-by: Shubham Kulkarni
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions
Thank you Steve!
Thanks,
Shubham Kulkarni
On Tue, Jan 2, 2024 at 11:19 PM Steve Sakoman wrote:
> On Mon, Jan 1, 2024 at 8:26 AM Shubham Kulkarni
> wrote:
> >
> > Hi Steve,
> >
> > Thanks for your response. Will it be possible to merge this patch in
> dunfell
Hi Steve,
Thanks for your response. Will it be possible to merge this patch in
dunfell-nut till Jan 02, if there are no issues with the patch.
Thanks,
Shubham Kulkarni
On Sat, Dec 30, 2023 at 9:03 PM Steve Sakoman wrote:
> On Sat, Dec 30, 2023 at 4:37 AM Shubham Kulkarni
> wrote:
>
of oe-core-contrib.
Thanks,
Shubham Kulkarni
On Tue, Dec 26, 2023 at 10:44 PM Shubham Kulkarni via lists.openembedded.org
wrote:
> From: Shubham Kulkarni
>
> Signed-off-by: Shubham Kulkarni
> ---
> meta/recipes-extended/timezone/timezone.inc | 6 +++---
> 1 file changed,
From: Shubham Kulkarni
Signed-off-by: Shubham Kulkarni
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc
b/meta/recipes-extended/timezone/timezone.inc
index 2960bfefe3
From: Shubham Kulkarni
Signed-off-by: Shubham Kulkarni
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc
b/meta/recipes-extended/timezone/timezone.inc
index 14a1ce18f3
From: Shubham Kulkarni
Add missing files in fix for CVE-2023-24538 & CVE-2023-39318
Upstream Link -
CVE-2023-24538:
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
CVE-2023-39318:
https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c
Si
From: Shubham Kulkarni
Add missing files in fix for CVE-2023-24538 & CVE-2023-39318
Upstream Link -
CVE-2023-24538:
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
CVE-2023-39318:
https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c
Si
From: Shubham Kulkarni
Add missing files in fix for CVE-2023-24538 & CVE-2023-39318
Upstream Link -
CVE-2023-24538:
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
CVE-2023-39318:
https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c
Si
From: Shubham Kulkarni
Add missing files in fix for CVE-2023-24538 & CVE-2023-39318
Upstream Link -
CVE-2023-24538:
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
CVE-2023-39318:
https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c
Si
Thank you for the update Steve!
Thanks,
Shubham Kulkarni
On Fri, Sep 29, 2023 at 9:18 PM Steve Sakoman wrote:
> On Fri, Sep 29, 2023 at 4:47 AM Shubham Kulkarni
> wrote:
> >
> > Hi Steve,
> >
> > Is there any update on this?
>
> It is i
Hi Steve,
Is there any update on this?
Thanks,
Shubham Kulkarni
On Tue, Sep 26, 2023 at 9:38 AM Siddharth via lists.openembedded.org
wrote:
> From: Siddharth Doshi
>
> Upstream-Status: Backport from [
> https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b
From: Shubham Kulkarni
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE
From: Shubham Kulkarni
html/template: disallow actions in JS template literals
Backport from
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2023-24538
From: Shubham Kulkarni
html/template: disallow actions in JS template literals
Backport from
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.14.inc | 3 +
.../go/go-1.14/CVE-2023
From: Shubham Kulkarni
html/template: disallow actions in JS template literals
Backport from
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/go-1.14/CVE-2023
From: Shubham Kulkarni
html/template: disallow actions in JS template literals
Backport from
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2023-24538
tchworks. Could you please
> resend?
>
> Thanks,
>
> Steve
>
> On Sat, Apr 22, 2023 at 6:12 AM Shubham Kulkarni
> wrote:
> >
> > Hi Steve,
> >
> > Is there any issue with this patch? It's not included in the patch
> review list email.
> >
From: Shubham Kulkarni
The vulnerability was introduced in go1.15beta1 with commit d5734d4.
Dunfell uses go1.14 version which does not contain the affected code.
Ref: https://security-tracker.debian.org/tracker/CVE-2022-1705
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go
Hi Steve,
Is there any issue with this patch? It's not included in the patch review
list email.
Thanks,
Shubham
On Fri, 21 Apr, 2023, 4:54 pm Shubham Kulkarni,
wrote:
> From: Shubham Kulkarni
>
> The vulnerability was introduced in go1.15beta1 with commit d5734d4.
> Du
From: Shubham Kulkarni
encoding/xml: replace comments inside directives with a space
Backport from
https://github.com/golang/go/commit/a9cfd55e2b09735a25976d1b008a0a3c767494f8
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE
unfell.
Thanks,
Shubham
On Wed, Apr 19, 2023 at 6:03 PM Shubham Kulkarni via lists.openembedded.org
wrote:
> From: Shubham Kulkarni
>
> path/filepath: do not Clean("a/../c:/b") into c:\b on Windows
>
> Backport from
> https://github.com/golang/go/commit/bdf07c2e168baf7
From: Shubham Kulkarni
path/filepath: do not Clean("a/../c:/b") into c:\b on Windows
Backport from
https://github.com/golang/go/commit/bdf07c2e168baf736e4c057279ca12a4d674f18c
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/g
e
> Upstream-status: and Signed-off-by: tags
>
> Thanks for helping fix CVEs!
>
> Steve
>
> On Tue, Apr 18, 2023 at 1:54 AM Shubham Kulkarni
> wrote:
> >
> > From: Shubham Kulkarni
> >
> > path/filepath: do not Clean("a/../c:/b") into c:\b on Window
From: Shubham Kulkarni
path/filepath: do not Clean("a/../c:/b") into c:\b on Windows
Backport from
https://github.com/golang/go/commit/bdf07c2e168baf736e4c057279ca12a4d674f18c
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.1
caused. Please consider this patch for
kirkstone to fix CVE-2022-41723 golang.org/x/net/http2: avoid quadratic
complexity in HPACK decoding.
Regards,
Shubham Kulkarni
On Tue, Mar 28, 2023 at 6:14 PM Shubham Kulkarni via lists.openembedded.org
wrote:
> From: Shubham Kulkarni
>
> Disable cm
From: Shubham Kulkarni
Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.
Backport from
https://github.com/golang/go/commit/5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.17.13.inc | 1
From: Shubham Kulkarni
Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.
Backport from
https://github.com/golang/go/commit/5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.14.inc | 1
From: Shubham Kulkarni
Backport from
https://sourceware.org/git/?p=glibc.git;a=patch;h=801af9fafd4689337ebf27260aa115335a0cb2bc
Signed-off-by: Shubham Kulkarni
---
meta/recipes-core/glibc/glibc/CVE-2023-0687.patch | 82 +++
meta/recipes-core/glibc/glibc_2.35.bb
From: Shubham Kulkarni
Backport from
https://sourceware.org/git/?p=glibc.git;a=patch;h=801af9fafd4689337ebf27260aa115335a0cb2bc
Signed-off-by: Shubham Kulkarni
---
meta/recipes-core/glibc/glibc/CVE-2023-0687.patch | 82 +++
meta/recipes-core/glibc/glibc_2.31.bb
Hi Zheng,
Can you please clear my confusion, if possible.
Thanks,
Shubham
On Mon, Nov 7, 2022 at 7:49 PM Steve Sakoman wrote:
> Hello Zheng,
>
> Could you respond to Shubham's question on your patch?
>
> Thanks,
>
> Steve
>
> On Sun, Nov 6, 2022 at 11
Hello, I am new to this community and trying to understand the CVE patch
fixing process. Kindly correct me if I am wrong with my understanding.
So, this patch is fixing the code present in the file tools/tiffcrop.c . I
can see this patch is having combined changes from following commits:
1] https
Link:
https://github.com/golang/go/commit/28335508913a46e05ef0c04a18e8a1a6beb775ec
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.14.inc | 4 ++
.../go/go-1.14/0001-CVE-2022-32190.patch | 74 +++
.../go/go-1.14/0002-CVE-2022-32190
ff-by: Shubham Kulkarni
---
meta/classes-global/sanity.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes-global/sanity.bbclass
b/meta/classes-global/sanity.bbclass
index 4104694..4a403a2 100644
--- a/meta/classes-global/sanity.bbclass
+++ b/meta/classes-global/sanity.bb
35 matches
Mail list logo
