Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Survey 20221017 #4290

Merged
merged 60 commits into from
Nov 27, 2022
Merged

Security Survey 20221017 #4290

merged 60 commits into from
Nov 27, 2022

Commits on Nov 27, 2022

  1. openssl: update to 1.1.1q (Security, #3958, #4249) 

    * Fixes CVE-2022-2068 and CVE-2022-1292
* Replace CROSS:-BUILD with ab_match_arch
* Change build configuration for riscv64 to `linux64-riscv64`

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    ca01ac5 View commit details
    Browse the repository at this point in the history

  2. openssl+32: update to 1.1.1q (Security, #3958, #4249) 

    * Fixes CVE-2022-{1292,2068,2097};
* Disable tests for optenv32 building

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    639268a View commit details
    Browse the repository at this point in the history

  3. cups: update to 2.4.2 (Security, #4015) 

    * Fixes CVE-2022-26691

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    a62cc54 View commit details
    Browse the repository at this point in the history

  4. bind: update to 9.16.33 (Security, #4250) 

    * Fix multiple security issues regarding to the bind utility.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    01e4889 View commit details
    Browse the repository at this point in the history

  5. dhcp: update to 4.4.3.P1 (Security, #4240) 

    * From this version ISC's dhcp will become EOL, which means unless severe
security issue is founded the upstream may not release any further updates.
Due to such reasons the package may be dropped in future. Users are suggested
to switch another implementation like kea or dhcpcd.
* Dropped unneeded/outdated patch 0002-iproute2.patch
* Increase verbosity.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    663f3f9 View commit details
    Browse the repository at this point in the history

  6. zlib: (upstream patch) fix CVE-2022-37434; #4097 

    Signed-off-by: Camber Huang <camber@poi.science>
    @MingcongBai @CamberLoid
    MingcongBai authored and CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    10ee2e3 View commit details
    Browse the repository at this point in the history

  7. aosc-aaa: bump core to 9.1.5 for zlib security fix 

    Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    d5e885e View commit details
    Browse the repository at this point in the history

  8. git: update to 2.38.1 (Security, #4265) 

    * Fixes CVE-2022-{39253,39260}
* Updated systemd unit file from Archlinux

Ref: https://github.com/archlinux/svntogit-packages/blob/29f368bdeabc4dd6ae05a8f90ddfcab044c8c5b7/trunk/git-daemon@.service

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    754cded View commit details
    Browse the repository at this point in the history

  9. python-2: fix mailcap vulnerabilty (Security, #4306) 

    * Add a patch 0002-Ubuntu-CVE-2015-20107.patch to fix the security issue.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    a914b1b View commit details
    Browse the repository at this point in the history

  10. python-3: Update to 3.10.8 (Security, #4305) 

    * Fixes multiple security vulnerablities. See release note for more details.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    622fd0d View commit details
    Browse the repository at this point in the history

  11. squid: update to 5.7 (Security, #4259) 

    * Fixes CVE-2021-46784, CVE-2022-41317, CVE-2022-41318

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    697ad1e View commit details
    Browse the repository at this point in the history

  12. libxml2: update to 2.10.3 (Security, #4267) 

    * Fixes CVE-2022-29824, CVE-2022-23308, CVE-2022-40303, CVE-2022-40304
* Dropped merged patches.
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    4da4dcc View commit details
    Browse the repository at this point in the history

  13. libxml2+32: update to 2.10.3 (Security, #4267) 

    * Fixes CVE-2022-29824, CVE-2022-23308, CVE-2022-40303, CVE-2022-40304
* Dropped merged patches.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    c2816db View commit details
    Browse the repository at this point in the history

  14. kitty: update to 0.26.4 (Security, #4239) 

    * Fixes CVE-2022-41322

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    b26d33f View commit details
    Browse the repository at this point in the history

  15. openjpeg: update to 2.5.0 (Security, #4270) 

    * Fix some vulnerabilities. See issue for more details.
* Add jbigkit as builddep, which only includes static library.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    f1c3b85 View commit details
    Browse the repository at this point in the history

  16. chromium: update to 106.0.5249.119 

    * Including security fixes. Issue number not assigned
* Modify patchset from gentoo. Imported new & dropped old patches.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    5c8576c View commit details
    Browse the repository at this point in the history

  17. google-chrome: update to 106.0.5249.119 

    * Including security fixes. Issue number not assigned.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    dd86153 View commit details
    Browse the repository at this point in the history

  18. poppler: fix CVE-2021-30860 (#4246) 

    * Patch ported from Debian Sid, which is backported from upstream

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    4f849d5 View commit details
    Browse the repository at this point in the history

  19. chromium: fix FTBFS via adapting a patch from an issue in upstream 

    * The BUILD.gn file of angle lacks including dirs of wayland protocol, which
leads to a FTBFS. The patch will fix it.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    3a96ccf View commit details
    Browse the repository at this point in the history

  20. xz: update to 5.2.7 

    * Drop merged CVE-2022-1271 patch.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    1b9708d View commit details
    Browse the repository at this point in the history

  21. expat: Update to 2.4.9 (Security, #4244) 

    * Fixes CVE-2022-25236 CVE-2022-40674

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    25fba79 View commit details
    Browse the repository at this point in the history

  22. vim: update to 9.0.0814 (Security, not assigned) 

    * Include several fixes for security vulnerabilities. Detailed list is omitted
* Increase verbosity of building process

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    e051fe1 View commit details
    Browse the repository at this point in the history

  23. unzip: downgrade to 6.0 (Chrrey-picked from retro) 

    Signed-off-by: Camber Huang <camber@poi.science>
    @MingcongBai @CamberLoid
    MingcongBai authored and CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    c88dcbd View commit details
    Browse the repository at this point in the history

  24. unzip: fix CVE-2022-0529 and 0530 

    * Patch 0033 is adapted from debian's patchset

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    4c687b7 View commit details
    Browse the repository at this point in the history

  25. xterm: update to 375 (Security, #4307) 

    * Fixed CVE-2021-27135 and CVE-2022-24130
* Increase output verbosity of beyond file

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    c68aa8d View commit details
    Browse the repository at this point in the history

  26. curl: Update to 7.86.0 (Security, #4274) 

    * Fixed multiple security vulnerabilities. See issue for details.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    1a5d3c2 View commit details
    Browse the repository at this point in the history

  27. libilbc: new, 3.0.4

    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    8bf01f7 View commit details
    Browse the repository at this point in the history

  28. bcg729: new, 1.1.1

    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    02372e5 View commit details
    Browse the repository at this point in the history

  29. wireshark: update to 4.0.0 (Security, #4272) 

    * Fix CVE-2022-3190
* Increase build output verbosity

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    c77ca72 View commit details
    Browse the repository at this point in the history

  30. ntfs-3g: update to 2022.10.3 (Security, #4281) 

    * Fixes CVE-2022-40284, which may lead to an arbitary code execution;
* Sover stays at 89, so no rebuild of reverse dependent is required.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    e257a06 View commit details
    Browse the repository at this point in the history

  31. rpm: update to 4.18.0 (Security, #4283) 

    * Fix CVE-2021-3521, CVE-2021-35937, CVE-2021-35938, CVE-2021-35939
* Removes buggy autogen.sh to use autoreconf

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    b68997c View commit details
    Browse the repository at this point in the history

  32. expat: Update to 2.5.0 (Security, #4244) 

    * Fix CVE-2022-43680
* Add a beyond file to install manpage
* Sover stays at 1, therefore no rebuild is required

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    cc53633 View commit details
    Browse the repository at this point in the history

  33. libksba: update to 1.6.2 (Security, #4308) 

    * Fix CVE-2022-3515

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    5bb2a43 View commit details
    Browse the repository at this point in the history

  34. open-vm-tools: update to 12.1.0 (Security, #4284) 

    * Fix CVE-2022-31676
* Add some TO-DOs at defines file, including some features related to recent
pakreqs.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    5cc8361 View commit details
    Browse the repository at this point in the history

  35. libtiff: Update to 4.4.0 (Security, #4309) 

    * Fix multiple vulnerablilites between 4.0.10 and 4.4.0;
* Add "--disable-static" to manually suppress building of static library;
* Include a security patchset from upstream devlopment branch.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    b2511d8 View commit details
    Browse the repository at this point in the history

  36. freerdp: update to 2.8.1 (Security, #4313) 

    * Fix CVE-2022-39282, CVE-2022-39283

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    107f4c5 View commit details
    Browse the repository at this point in the history

  37. lighttpd: backport patch to fix CVE-2022-22707 

    Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    b6e4851 View commit details
    Browse the repository at this point in the history

  38. nokogiri: update to 1.13.9 (Security, #4310) 

    * Fix CVE-2022-24836, CVE-2022-29181

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    51389c5 View commit details
    Browse the repository at this point in the history

  39. opensc: update to 0.22.0 (Security, #4289) 

    * Fixes CVEs. See issue for details.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    2228e22 View commit details
    Browse the repository at this point in the history

  40. libgcrypt: update to 1.9.4 (Security, #4311) 

    * Fix CVE-2021-33560 and CVE-2021-40528

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    b62f420 View commit details
    Browse the repository at this point in the history

  41. mariadb: Update to 10.9.4 

    * Include security fix. Issue number not assigned and acutal list is omitted;
* Use array on CMAKE_AFTER to include comments;
* May need further attention.
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    fc6a2a9 View commit details
    Browse the repository at this point in the history

  42. virglrenderer: Update to 0.10.3 (Security, #4312)

    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    3f0fecd View commit details
    Browse the repository at this point in the history

  43. sqlite: update to 3.39.4 

    Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    203f271 View commit details
    Browse the repository at this point in the history

  44. bind: Update CHKSUM of root.hint 

    Root.hint version: 20221109

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    60e407e View commit details
    Browse the repository at this point in the history

  45. chromium: update to 107.0.5304.110

    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    9d44aab View commit details
    Browse the repository at this point in the history

  46. google-chrome: update to 107.0.5304.110 

    Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    7e71c5e View commit details
    Browse the repository at this point in the history

  47. vim: update to 9.0.0859 

    * Follow upstream's latest tag

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    0d4c993 View commit details
    Browse the repository at this point in the history

  48. xmlsec: update to 1.2.36 

    * This update/rebuild will fix a linker error when building open-vm-tools, as
previous update of libxml2.

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    43490b5 View commit details
    Browse the repository at this point in the history

  49. mariadb: drop merged patch 

    * Dropped patch: 0001-buildfix-fix-improper-cmake-file.patch

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    d0ff35f View commit details
    Browse the repository at this point in the history

  50. sqlite: update CHKSUM of version 3.39.4 

    Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    3817cf9 View commit details
    Browse the repository at this point in the history

  51. chromium: update patchset for version 107.x 

    * Drop merged patch and update patch from gentoo

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    ce0736b View commit details
    Browse the repository at this point in the history

  52. chromium: use system-shipped wayland and libffi 

    * Add wayland and libffi as chromium's runtime dependencies

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    bbc6f22 View commit details
    Browse the repository at this point in the history

  53. bind: Update CHKSUM of root.hint 

    Root.hint version: 20221115

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    a263dbd View commit details
    Browse the repository at this point in the history

  54. chromium: add qt-5 as runtime dependency 

    Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    abd5364 View commit details
    Browse the repository at this point in the history

  55. fcgi: update to 2.4.2 

    Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    c8e4935 View commit details
    Browse the repository at this point in the history

  56. autobuild3: update to 1.6.69 

    Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    d39966b View commit details
    Browse the repository at this point in the history

  57. wireshark: make asciidoctor as builddep 

    asciidoctor is used to generate documents. Making it as a building dependency.
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    b4b5950 View commit details
    Browse the repository at this point in the history

  58. expat: lint script 

    * Trailing blank line in beyond

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    0ac3222 View commit details
    Browse the repository at this point in the history

  59. google-chrome: update to 107.0.5304.121 

    Fix CVE-2022-4135, a heap-based buffer overflow in GPU
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    f4073a0 View commit details
    Browse the repository at this point in the history

  60. chromium: update to 107.0.5304.121 

    Fix CVE-2022-4135, a heap-based buffer overflow in GPU

Signed-off-by: Camber Huang <camber@poi.science>
    @CamberLoid
    CamberLoid committed Nov 27, 2022
    Configuration menu
    Copy the full SHA
    e411bdd View commit details
    Browse the repository at this point in the history