aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch104
-rw-r--r--meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb1
-rw-r--r--meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.3.bb (renamed from meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.2.bb)4
-rw-r--r--meta-networking/recipes-connectivity/samba/samba_4.10.10.bb (renamed from meta-networking/recipes-connectivity/samba/samba_4.10.8.bb)20
-rw-r--r--meta-networking/recipes-protocols/quagga/files/bgpd.service4
-rw-r--r--meta-networking/recipes-protocols/quagga/files/ospf6d.service4
-rw-r--r--meta-networking/recipes-protocols/quagga/files/ospfd.service4
-rw-r--r--meta-networking/recipes-protocols/quagga/files/ripd.service4
-rw-r--r--meta-networking/recipes-protocols/quagga/files/ripngd.service4
-rw-r--r--meta-networking/recipes-protocols/quagga/files/zebra.service4
-rw-r--r--meta-networking/recipes-support/wireshark/wireshark_3.0.6.bb (renamed from meta-networking/recipes-support/wireshark/wireshark_3.0.3.bb)4
-rw-r--r--meta-oe/classes/gitpkgv.bbclass15
-rw-r--r--meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb5
-rw-r--r--meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.8.bb (renamed from meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.6.bb)4
-rw-r--r--meta-oe/recipes-dbs/mysql/mariadb-native_10.3.18.bb (renamed from meta-oe/recipes-dbs/mysql/mariadb-native_10.3.16.bb)0
-rw-r--r--meta-oe/recipes-dbs/mysql/mariadb.inc4
-rw-r--r--meta-oe/recipes-dbs/mysql/mariadb_10.3.18.bb (renamed from meta-oe/recipes-dbs/mysql/mariadb_10.3.16.bb)0
-rw-r--r--meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb3
-rw-r--r--meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch38
-rw-r--r--meta-oe/recipes-devtools/php/php_7.3.9.bb1
-rw-r--r--meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch31
-rw-r--r--meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb (renamed from meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb)6
-rw-r--r--meta-python/recipes-devtools/python/python-more-itertools.inc2
23 files changed, 188 insertions, 78 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch
new file mode 100644
index 0000000000..5859dc7ed0
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch
@@ -0,0 +1,104 @@
+From 1f233773962bf1a9c2d228a180eacddb9db2d574 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Tue, 7 May 2019 16:04:29 -0400
+Subject: [PATCH] su to radiusd user/group when rotating logs
+
+The su directive to logrotate ensures that log rotation happens under the
+owner of the logs. Otherwise, logrotate runs as root:root, potentially
+enabling privilege escalation if a RCE is discovered against the
+FreeRADIUS daemon.
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574]
+
+CVE: CVE-2019-10143
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ debian/freeradius.logrotate | 3 +++
+ redhat/freeradius-logrotate | 1 +
+ scripts/logrotate/freeradius | 3 +++
+ suse/radiusd-logrotate | 1 +
+ 4 files changed, 8 insertions(+)
+
+diff --git a/debian/freeradius.logrotate b/debian/freeradius.logrotate
+index 7d837d5..a8d29b7 100644
+--- a/debian/freeradius.logrotate
++++ b/debian/freeradius.logrotate
+@@ -9,6 +9,7 @@
+ notifempty
+
+ copytruncate
++ su freerad freerad
+ }
+
+ # (in order)
+@@ -26,6 +27,7 @@
+ notifempty
+
+ nocreate
++ su freerad freerad
+ }
+
+ # There are different detail-rotating strategies you can use. One is
+@@ -45,4 +47,5 @@
+ notifempty
+
+ nocreate
++ su freerad freerad
+ }
+diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate
+index 360765d..bb97ca5 100644
+--- a/redhat/freeradius-logrotate
++++ b/redhat/freeradius-logrotate
+@@ -9,6 +9,7 @@ rotate 4
+ missingok
+ compress
+ delaycompress
++su radiusd radiusd
+
+ #
+ # The main server log
+diff --git a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius
+index 3de435e..eecf631 100644
+--- a/scripts/logrotate/freeradius
++++ b/scripts/logrotate/freeradius
+@@ -17,6 +17,7 @@
+ notifempty
+
+ copytruncate
++ su radiusd radiusd
+ }
+
+ # (in order)
+@@ -34,6 +35,7 @@
+ notifempty
+
+ nocreate
++ su radiusd radiusd
+ }
+
+ # There are different detail-rotating strategies you can use. One is
+@@ -53,4 +55,5 @@
+ notifempty
+
+ nocreate
++ su radiusd radiusd
+ }
+diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate
+index 24d56be..be5a797 100644
+--- a/suse/radiusd-logrotate
++++ b/suse/radiusd-logrotate
+@@ -11,6 +11,7 @@ missingok
+ compress
+ delaycompress
+ notifempty
++su radiusd radiusd
+
+ #
+ # The main server log
+--
+2.7.4
+
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb
index 9da15e07af..8c95bbae3d 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x; \
file://freeradius-fix-quoting-for-BUILT_WITH.patch \
file://freeradius-fix-error-for-expansion-of-macro.patch \
file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
+ file://0001-su-to-radiusd-user-group-when-rotating-logs.patch \
file://radiusd.service \
file://radiusd-volatiles.conf \
"
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.2.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.3.bb
index b0bd942ee8..79d0dbeae4 100644
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.2.bb
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.3.bb
@@ -23,8 +23,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=302d50a6369f5f22efdb674db908167a"
SECTION = "libs"
SRC_URI = "https://tls.mbed.org/download/mbedtls-${PV}-apache.tgz"
-SRC_URI[md5sum] = "37cdec398ae9ebdd4640df74af893c95"
-SRC_URI[sha256sum] = "a6834fcd7b7e64b83dfaaa6ee695198cb5019a929b2806cb0162e049f98206a4"
+SRC_URI[md5sum] = "90ce7c7a001d2514410280706b3ab1a7"
+SRC_URI[sha256sum] = "ec1bee6d82090ed6ea2690784ea4b294ab576a65d428da9fe8750f932d2da661"
inherit cmake
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.10.8.bb b/meta-networking/recipes-connectivity/samba/samba_4.10.10.bb
index d824eacf9e..e002a9da5a 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.10.8.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.10.10.bb
@@ -34,8 +34,8 @@ SRC_URI_append_libc-musl = " \
file://0001-samba-fix-musl-lib-without-innetgr.patch \
"
-SRC_URI[md5sum] = "f3c722bbcd903479008fa1b529f56365"
-SRC_URI[sha256sum] = "c41f05fb567f7359998b451543501c7690a2bf6551d658a76bd6916316a410f4"
+SRC_URI[md5sum] = "dde27447f39d124efe18f719ccf956dd"
+SRC_URI[sha256sum] = "700c734b51610e2feaa0d6744f9bec0c0d8917bca8cc78d5b63a4591f32866a5"
UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.10(\.\d+)+).tar.gz"
@@ -189,15 +189,17 @@ do_install_append() {
sed -i 's:\(#!/bin/\)bash:\1sh:' ${D}${bindir}/onnode
fi
- chmod 0750 ${D}${sysconfdir}/sudoers.d
+ chmod 0750 ${D}${sysconfdir}/sudoers.d || true
rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log
- sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba-gpupdate
- sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba_upgradedns
- sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba_spnupdate
- sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba_kcc
- sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba_dnsupdate
- sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${bindir}/samba-tool
+ for f in samba-gpupdate samba_upgradedns samba_spnupdate samba_kcc samba_dnsupdate; do
+ if [ -f "${D}${sbindir}/$f" ]; then
+ sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/$f
+ fi
+ done
+ if [ -f "${D}${bindir}/samba-tool" ]; then
+ sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${bindir}/samba-tool
+ fi
}
diff --git a/meta-networking/recipes-protocols/quagga/files/bgpd.service b/meta-networking/recipes-protocols/quagga/files/bgpd.service
index 76f9f61e73..c1021fbd71 100644
--- a/meta-networking/recipes-protocols/quagga/files/bgpd.service
+++ b/meta-networking/recipes-protocols/quagga/files/bgpd.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/bgpd.conf
[Service]
Type=forking
EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/bgpd.pid
+PIDFile=/run/quagga/bgpd.pid
ExecStart=@SBINDIR@/bgpd -d $bgpd_options -f @SYSCONFDIR@/quagga/bgpd.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/bgpd.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/bgpd.pid
Restart=on-abort
[Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/ospf6d.service b/meta-networking/recipes-protocols/quagga/files/ospf6d.service
index a2e493b423..99d0e6dcaf 100644
--- a/meta-networking/recipes-protocols/quagga/files/ospf6d.service
+++ b/meta-networking/recipes-protocols/quagga/files/ospf6d.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/ospf6d.conf
[Service]
Type=forking
EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/ospf6d.pid
+PIDFile=/run/quagga/ospf6d.pid
ExecStart=@SBINDIR@/ospf6d -d $ospf6d_options -f @SYSCONFDIR@/quagga/ospf6d.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/ospf6d.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/ospf6d.pid
Restart=on-abort
[Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/ospfd.service b/meta-networking/recipes-protocols/quagga/files/ospfd.service
index 0c62cbce58..fe8343be1c 100644
--- a/meta-networking/recipes-protocols/quagga/files/ospfd.service
+++ b/meta-networking/recipes-protocols/quagga/files/ospfd.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/ospfd.conf
[Service]
Type=forking
EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/ospfd.pid
+PIDFile=/run/quagga/ospfd.pid
ExecStart=@SBINDIR@/ospfd -d $ospfd_options -f @SYSCONFDIR@/quagga/ospfd.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/ospfd.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/ospfd.pid
Restart=on-abort
[Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/ripd.service b/meta-networking/recipes-protocols/quagga/files/ripd.service
index 1d20389e8b..7af65ca8a3 100644
--- a/meta-networking/recipes-protocols/quagga/files/ripd.service
+++ b/meta-networking/recipes-protocols/quagga/files/ripd.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/ripd.conf
[Service]
Type=forking
EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/ripd.pid
+PIDFile=/run/quagga/ripd.pid
ExecStart=@SBINDIR@/ripd -d $ripd_options -f @SYSCONFDIR@/quagga/ripd.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/ripd.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/ripd.pid
Restart=on-abort
[Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/ripngd.service b/meta-networking/recipes-protocols/quagga/files/ripngd.service
index 0355ad12a4..9305f86be5 100644
--- a/meta-networking/recipes-protocols/quagga/files/ripngd.service
+++ b/meta-networking/recipes-protocols/quagga/files/ripngd.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/ripngd.conf
[Service]
Type=forking
EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/ripngd.pid
+PIDFile=/run/quagga/ripngd.pid
ExecStart=@SBINDIR@/ripngd -d $ripngd_options -f @SYSCONFDIR@/quagga/ripngd.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/ripngd.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/ripngd.pid
Restart=on-abort
[Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/zebra.service b/meta-networking/recipes-protocols/quagga/files/zebra.service
index e4fb6c808d..e34af72426 100644
--- a/meta-networking/recipes-protocols/quagga/files/zebra.service
+++ b/meta-networking/recipes-protocols/quagga/files/zebra.service
@@ -7,10 +7,10 @@ ConditionPathExists=@SYSCONFDIR@/quagga/zebra.conf
[Service]
Type=forking
EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/zebra.pid
+PIDFile=/run/quagga/zebra.pid
ExecStartPre=@BASE_SBINDIR@/ip route flush proto zebra
ExecStart=@SBINDIR@/zebra -d $zebra_options -f @SYSCONFDIR@/quagga/zebra.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/zebra.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/zebra.pid
Restart=on-abort
[Install]
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.0.3.bb b/meta-networking/recipes-support/wireshark/wireshark_3.0.6.bb
index a3c0b49982..ccaa0c94a3 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.0.3.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.0.6.bb
@@ -12,8 +12,8 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
-SRC_URI[md5sum] = "e945d76a57db2c3e6cf776f95da2cf0e"
-SRC_URI[sha256sum] = "af92729c781d870110885c31ebcbe4c4224ed51bb580d00c896fe9746994211c"
+SRC_URI[md5sum] = "c6f8d12a3efe21cc7885f7cb0c4bd938"
+SRC_URI[sha256sum] = "a87f4022a0c15ddbf1730bf1acafce9e75a4e657ce9fa494ceda0324c0c3e33e"
PE = "1"
diff --git a/meta-oe/classes/gitpkgv.bbclass b/meta-oe/classes/gitpkgv.bbclass
index 2d9680a35c..ab591bd45c 100644
--- a/meta-oe/classes/gitpkgv.bbclass
+++ b/meta-oe/classes/gitpkgv.bbclass
@@ -7,8 +7,8 @@
# NN equals the total number of revs up to SRCREV
# GITHASH is SRCREV's (full) hash
#
-# - GITPKGVTAG which is the output of 'git describe' allowing for
-# automatic versioning
+# - GITPKGVTAG which is the output of 'git describe --tags --exact-match'
+# allowing for automatic versioning
#
# gitpkgv.bbclass assumes the git repository has been cloned, and
# contains SRCREV. So ${GITPKGV} and ${GITPKGVTAG} should never be
@@ -87,10 +87,8 @@ def get_git_pkgv(d, use_tags):
if not os.path.exists(rev_file) or os.path.getsize(rev_file)==0:
commits = bb.fetch2.runfetchcmd(
- "cd %(repodir)s && "
- "git rev-list %(rev)s -- 2> /dev/null "
- "| wc -l" % vars,
- d, quiet=True).strip().lstrip('0')
+ "git --git-dir=%(repodir)s rev-list %(rev)s -- 2>/dev/null | wc -l"
+ % vars, d, quiet=True).strip().lstrip('0')
if commits != "":
oe.path.remove(rev_file, recurse=False)
@@ -105,9 +103,8 @@ def get_git_pkgv(d, use_tags):
if use_tags:
try:
output = bb.fetch2.runfetchcmd(
- "cd %(repodir)s && "
- "git describe %(rev)s 2>/dev/null" % vars,
- d, quiet=True).strip()
+ "git --git-dir=%(repodir)s describe %(rev)s --tags --exact-match 2>/dev/null"
+ % vars, d, quiet=True).strip()
ver = gitpkgv_drop_tag_prefix(output)
except Exception:
ver = "0.0-%s-g%s" % (commits, vars['rev'][:7])
diff --git a/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb b/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
index 6133b3a270..92c902b750 100644
--- a/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
+++ b/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/linux-nvme/nvme-cli"
SECTION = "console/utils"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022"
-DEPENDS = "util-linux util-linux-native"
+DEPENDS = "util-linux"
PV .= "+git${SRCPV}"
SRC_URI = "git://github.com/linux-nvme/nvme-cli.git"
@@ -21,6 +21,7 @@ do_install() {
pkg_postinst_ontarget_${PN}() {
${sbindir}/nvme gen-hostnqn > ${sysconfdir}/nvme/hostnqn
+ ${bindir}/uuidgen > ${sysconfdir}/nvme/hostid
}
PACKAGES =+ "${PN}-dracut ${PN}-zsh-completion"
@@ -28,3 +29,5 @@ PACKAGES =+ "${PN}-dracut ${PN}-zsh-completion"
FILES_${PN} += "${systemd_system_unitdir}"
FILES_${PN}-dracut = "${libdir}/dracut/dracut.conf.d"
FILES_${PN}-zsh-completion = "${datadir}/zsh/site-functions"
+
+RDEPENDS_${PN} = "util-linux-uuidgen"
diff --git a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.6.bb b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.8.bb
index 92d4fe0f4f..3cd21cc0df 100644
--- a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.6.bb
+++ b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.8.bb
@@ -14,8 +14,8 @@ DEPENDS = "glib-2.0 libgudev intltool-native libxslt-native"
SRC_URI = "http://www.freedesktop.org/software/ModemManager/ModemManager-${PV}.tar.xz \
"
-SRC_URI[md5sum] = "7452a94f0d1ca361ae51ff1d287c53f5"
-SRC_URI[sha256sum] = "3c2ca73782215664141042422759899ca9846440fc26d6223c7cf7ea4dd3c996"
+SRC_URI[md5sum] = "c05ac4246c81cc15d617c4a129232988"
+SRC_URI[sha256sum] = "cbe174078dbdf3f746a55f0004353d3c27da2a31da553036d90fc7dc34a0169a"
S = "${WORKDIR}/ModemManager-${PV}"
diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.3.16.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.3.18.bb
index e1a038dfa3..e1a038dfa3 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb-native_10.3.16.bb
+++ b/meta-oe/recipes-dbs/mysql/mariadb-native_10.3.18.bb
diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc
index f1c71feebe..e1ae58ae7a 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb.inc
+++ b/meta-oe/recipes-dbs/mysql/mariadb.inc
@@ -19,8 +19,8 @@ SRC_URI = "http://archive.mariadb.org/${BP}/source/${BP}.tar.gz \
file://clang_version_header_conflict.patch \
file://fix-arm-atomic.patch \
"
-SRC_URI[md5sum] = "11220d0b94c5c24caa2e1e9eaba38e31"
-SRC_URI[sha256sum] = "39e9723eaf620afd99b0925b2c2a5a50a89110ba50040adf14cce7cf89e5e21b"
+SRC_URI[md5sum] = "b3524c0825c3a1c255496daea38304a0"
+SRC_URI[sha256sum] = "69456ca85bf9d96c6d28b4ade2a9f6787d79a602e27ef941f9ba4e0b55dddedc"
UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases"
diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.3.16.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.3.18.bb
index de24c920f0..de24c920f0 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb_10.3.16.bb
+++ b/meta-oe/recipes-dbs/mysql/mariadb_10.3.18.bb
diff --git a/meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb b/meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb
index f812606e70..9fd5ee15be 100644
--- a/meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb
+++ b/meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb
@@ -35,9 +35,6 @@ EXTRA_OECMAKE = "\
-DWITH_TESTS=OFF \
-DWITH_TOOLS=OFF \
"
-do_compile_prepend() {
- sed -i 's/set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror -Wno-error=shadow")/set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror -Wno-error=shadow -Wno-error=deprecated-copy -Wno-error=pessimizing-move")/' ${S}/CMakeLists.txt
-}
do_install_append() {
# fix for qa check buildpaths
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
new file mode 100644
index 0000000000..7e20063bd6
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
@@ -0,0 +1,38 @@
+From ab061f95ca966731b1c84cf5b7b20155c0a1c06a Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka@php.net>
+Date: Sat, 12 Oct 2019 15:56:16 +0100
+Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE)
+
+CVE: CVE-2019-11043
+
+Fixed in php version 7.3.11.
+
+Upstream-Status: Backport [https://git.php.net/repository/php-src.git]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ NEWS | 4 +-
+ sapi/fpm/fpm/fpm_main.c | 4 +-
+ .../tests/bug78599-path-info-underflow.phpt | 61 +++++++++++++++++++
+ sapi/fpm/tests/tester.inc | 11 +++-
+ 4 files changed, 75 insertions(+), 5 deletions(-)
+ create mode 100644 sapi/fpm/tests/bug78599-path-info-underflow.phpt
+
+diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
+index 24a7e5d56a..50f92981f1 100644
+--- a/sapi/fpm/fpm/fpm_main.c
++++ b/sapi/fpm/fpm/fpm_main.c
+@@ -1209,8 +1209,8 @@ static void init_request_info(void)
+ path_info = script_path_translated + ptlen;
+ tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
+ } else {
+- path_info = env_path_info ? env_path_info + pilen - slen : NULL;
+- tflag = (orig_path_info != path_info);
++ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
++ tflag = path_info && (orig_path_info != path_info);
+ }
+
+ if (tflag) {
+--
+2.17.1
+
diff --git a/meta-oe/recipes-devtools/php/php_7.3.9.bb b/meta-oe/recipes-devtools/php/php_7.3.9.bb
index a5c7b9b6ba..e886cb1a23 100644
--- a/meta-oe/recipes-devtools/php/php_7.3.9.bb
+++ b/meta-oe/recipes-devtools/php/php_7.3.9.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://0001-acinclude.m4-don-t-unset-cache-variables.patch \
file://0001-Use-pkg-config-for-libxml2-detection.patch \
file://debian-php-fixheader.patch \
file://CVE-2019-6978.patch \
+ file://CVE-2019-11043.patch \
"
SRC_URI_append_class-target = " \
file://pear-makefile.patch \
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
deleted file mode 100644
index b494ca687e..0000000000
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001
-From: Philippe Duveau <pduveau@users.noreply.github.com>
-Date: Tue, 24 Sep 2019 20:45:25 +0200
-Subject: [PATCH] Out of bounds issue
-
-Add a new sanity check after determining the level len.
----
- contrib/pmdb2diag/pmdb2diag.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6]
-CVE: CVE-2019-17040
-Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
-diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c
-index 2b5916301..5810eb4df 100644
---- a/contrib/pmdb2diag/pmdb2diag.c
-+++ b/contrib/pmdb2diag/pmdb2diag.c
-@@ -134,6 +134,10 @@ CODESTARTparse2
- ABORT_FINALIZE(0);
- }
-
-+ /* let recheck with the real level len */
-+ if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len)
-+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
-+
- DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity);
-
- end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ;
---
-2.17.1
-
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
index bd0dbc1a2d..8287d2b7fe 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
@@ -23,15 +23,14 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t
file://rsyslog.logrotate \
file://use-pkgconfig-to-check-libgcrypt.patch \
file://run-ptest \
- file://0001-Out-of-bounds-issue.patch \
"
SRC_URI_append_libc-musl = " \
file://0001-Include-sys-time-h.patch \
"
-SRC_URI[md5sum] = "6e9aa4ef4cad8ae49affa0a786cc9e2f"
-SRC_URI[sha256sum] = "f8c8e53b651e03a011667c60bd2d4dba7a7cb6ec04b247c8ea8514115527863b"
+SRC_URI[md5sum] = "6d4d94359d083f449f089b8dbb93c423"
+SRC_URI[sha256sum] = "0219ee692f31a39743acb62aaf4196b644ce94edf386df4605fd6a11a4fe0c93"
UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"
@@ -40,6 +39,7 @@ inherit autotools pkgconfig systemd update-rc.d ptest
EXTRA_OECONF += "--disable-generate-man-pages ap_cv_atomic_builtins=yes"
EXTRA_OECONF += "--enable-imfile-tests"
+EXTRA_OECONF_remove_mipsarch = "ap_cv_atomic_builtins=yes"
# first line is default yes in configure
PACKAGECONFIG ??= " \
diff --git a/meta-python/recipes-devtools/python/python-more-itertools.inc b/meta-python/recipes-devtools/python/python-more-itertools.inc
index 41c334e8d7..8d814a6f03 100644
--- a/meta-python/recipes-devtools/python/python-more-itertools.inc
+++ b/meta-python/recipes-devtools/python/python-more-itertools.inc
@@ -5,5 +5,3 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3396ea30f9d21389d7857719816f83b5"
SRC_URI[md5sum] = "f647bfd27243a7bebe53b5ddb6a3b1c4"
SRC_URI[sha256sum] = "409cd48d4db7052af495b09dec721011634af3753ae1ef92d2b32f73a745f832"
-
-inherit pypi setuptools3