mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-01-01 13:58:06 +00:00
50906d9169
Release Notes: - CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. - CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. - oauth2: Dovecot would send client_id and client_secret as POST parameters to introspection server. These need to be optionally in Basic auth instead as required by OIDC specification. - oauth2: JWT key type check was too strict. - oauth2: JWT token audience was not validated against client_id as required by OIDC specification. - oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol specific error message on all errors. This broke OIDC discovery. - oauth2: JWT aud validation was not performed if aud was missing from token, but was configured on Dovecot. Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> |
||
|---|---|---|
| contrib | ||
| meta-filesystems | ||
| meta-gnome | ||
| meta-initramfs | ||
| meta-multimedia | ||
| meta-networking | ||
| meta-oe | ||
| meta-perl | ||
| meta-python | ||
| meta-webserver | ||
| meta-xfce | ||
| .gitignore | ||
| COPYING.MIT | ||
| README.md | ||
Collection of layers for the OE-core universe
Main layer maintainer: Armin Kuster akuster808@gmail.com
This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories