| Age | Commit message (Collapse) | Author |
|---|
|
This is security release in order to address CVE-2020-1472
(Unauthenticated domain takeover via netlogon ("ZeroLogon")).
See: https://www.samba.org/samba/history/samba-4.10.18.html
Also remove 3 backported patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bebdea8530652ff698885a3f55b0a650de319379)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 47821db8ed0dc81e84d5ba6b873dc14d50f85e07)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 88df26ab74a5d1274127f83b854da2d5747b9952)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This slash is redundant and removing it could help pseudo maintain its database
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fdf7bd0de289927efe5045966608494c4975a2e5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
remove WORKDIR information from config to improve reproducibility.
libgphoto2_port recheck config during compile will set the WORKDIR
info again, so remove this steps after configure.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 42c71fae324c9e9fec0677044a5011d63bc60a11)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix incorrect links and replace the defunct "gitorious" with now popular
"GitLab".
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d80b5a52fd9d91b27b7f1967a0f2d6ccb6e22991)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
remove WORKDIR info from config file to improve reproducibility
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit be95549f2ea5c59c6da6ace852b918cdba3c7822)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 50a487fc0b0123b154db73f79bbb18b23eb234f0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
...
|/usr/lib/python3.8/site-packages/pykwalify/rule.py:343: SyntaxWarning:
'tuple' object is not callable; perhaps you missed a comma?
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a88c7c9bbe7cfb95280d9c4fa10d56ce8a3df8fc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The wireless-regdb has been moved to oe-core. According the commit
message:
wireless-regdb-static should be used with kernel >= 4.15.
wireless-regdb can be used with older kernels and is mostly
irrelevant here, but keeping it in meta-networking would
create needless recipe duplication.
it should replace runtime dependency wireless-regdb with
wireless-regdb-static.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ac313b638068aabc88f0fa9d1888380e94100f31)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The Standard output type "syslog" is obsolete, causing a warning since systemd
version 246 [1].
Please consider using "journal" or "journal+console"
[1] https://github.com/systemd/systemd/blob/master/NEWS#L202
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e61b73e6d388006375c6fe84cc194299c094a526)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The Standard output type "syslog" is obsolete, causing a warning since systemd
version 246 [1].
Please consider using "journal" or "journal+console"
[1] https://github.com/systemd/systemd/blob/master/NEWS#L202
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f9f8904623e5ca3ecea74e983f8d766a785097d4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Since variable was misspelled it was a no-op
* There is no gdbus package (gdbus is in glib-2.0-utils)
* Did not find any pointer in the source that gdbus has to be installed on
target
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4c97b581f3edc7eae683bb651843d7e4c4ddda01)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* it's newaliases not newalias in sbindir
* drop u-a for man pages, because only ssmtp.8 was created which shouldn't
conflict with esmpt
In my build I don't have mailq, sendmail, newaliases as man pages, but binaries in sbindir (and the sbinbinary is called newaliases, not newalias)
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man/man8
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man/man8/ssmtp.8
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/mailq
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/sendmail
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/newaliases
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/ssmtp
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc/ssmtp
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc/ssmtp/revaliases
this added u-a is causing following warnings:
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/mailq.1 or /usr/share/man/man1/mailq.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/newaliases.1 or /usr/share/man/man1/newaliases.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/sendmail.1 or /usr/share/man/man1/sendmail.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/sbin/newalias or /usr/sbin/newalias.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/mailq.1: /usr/share/man/man1/mailq.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/newaliases.1: /usr/share/man/man1/newaliases.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/sendmail.1: /usr/share/man/man1/sendmail.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/sbin/newalias: /usr/sbin/newalias.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/mailq.1 == /usr/share/man/man1/mailq.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/newaliases.1 == /usr/share/man/man1/newaliases.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/sendmail.1 == /usr/share/man/man1/sendmail.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/sbin/newalias == /usr/sbin/newalias
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bdb964c907bd7d6972e09992505a0c4bbbda8fa4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 916b6f15efe924dc66d7908ac0bea554eaf7ac92)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* fixes:
netkit-rsh-0.17-r0 do_package_qa: QA Issue: netkit-rsh: recipe defines ALTERNATIVE_netkit-rsh-client but doesn't inherit update-alternatives. This might fail during do_rootfs later! [missing-update-alternatives]
netkit-rsh-0.17-r0 do_package_qa: QA Issue: netkit-rsh: recipe defines ALTERNATIVE_netkit-rsh-server but doesn't inherit update-alternatives. This might fail during do_rootfs later! [missing-update-alternatives]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e48aabf951c8759d3c3cb93aed87f1b03a788fe3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This includes the following changes:
1.9.10:
- fix ordering cycle with private tmp
1.9.11:
- Fixed wrong version string in v1.9.10
1.9.12:
- Fix a memory leak in havege_destroy
1.9.13:
- Added support for --version
- Updated systemd SystemCallFilter settings
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7e82d252fa558ebb6fe0d07b50a4be6abe40a725)
[Bug fix only update, also fixes https://github.com/openembedded/meta-openembedded/issues/277]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Need this upgrade to work with ell >= 0.33
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changelog:
- Fix issue with handling FT AKMs when not supported.
- Fix issue with handling FILS and RSNE in authenticate.
- Fix issue with handling auto-connection and quick scan.
- Fix issue with sending multiple scan requests.
- Add support for P2P feature and API.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This includes the following changes:
ver 1.7:
Fix issue with APs that send IGTK falsely in big endian.
Fix issue with setting linkmode & operstate for open networks.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Samba version 4.10.17 which has been already available in Dunfell
depends on version 1.5.8 of libldb.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
createlang, droplang, and the tsearch2 module were all removed in the
10.0 release. More details are in the release notes:
https://www.postgresql.org/docs/10/release-10.html
The update from 12.3 to 12.4 is a minor release with bug and security
fixes:
https://www.postgresql.org/docs/current/release-12-4.html
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic
link (symlink) following.
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE
access to the EXTEND MIB provides the ability to run arbitrary commands as
root.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-15861
https://nvd.nist.gov/vuln/detail/CVE-2020-15862
Upstream patches:
https://github.com/net-snmp/net-snmp/commit/2b3e300ade4add03b889e61d610b0db77d300fc3
https://github.com/net-snmp/net-snmp/commit/9cfb38b0aa95363da1466ca81dd929989ba27c1f
https://github.com/net-snmp/net-snmp/commit/114e4c2cec2601ca56e8afb1f441520f75a9a312
https://github.com/net-snmp/net-snmp/commit/2968b455e6f182f329746e2bca1043f368618c73
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205
CVE-2020-15861-0005.patch is the actual fix for CVE-2020-15861 and
CVE-2020-15861-0001.patch through CVE-2020-15861-0004.patch are context
patches needed by the fix to apply cleanly.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
They got overwritten later with the correct values.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0b22ed995fec7ee23c23a9eed8323685af1e1403)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
/usr/src/debug/gnome-settings-daemon/3.34.2-r0/build/../gnome-settings-daemon-3.34.2/plugins/wacom/gsd-wacom-manager.c:195: undefined reference to `gdk_wayland_device_get_node_path'
Signed-off-by: Adrian Bunk <bunk@stusta.de>
[AK: hand applied]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
../babl-0.1.74/babl/babl-fish-reference.c:1064:7: error: ‘for’ loop initial declarations are only allowed in C99 mode
| for (int i = 0; i < n; i++)
| ^
| ../babl-0.1.74/babl/babl-fish-reference.c:1064:7: note: use option -std=c99 or -std=gnu99 to compile your code
Fails on CentOS7 with Arch64
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
build issue seen on CentOS7 and Aarch64 machine
Fixes:
../../vlc-3.0.9.2/src/misc/fourcc_gen.c:75:5: error: ‘for’ loop initial declarations are only allowed in C99 mode
| for (size_t i = 0; i < n; i++)
| ^
| ../../vlc-3.0.9.2/src/misc/fourcc_gen.c:75:5: note: use option -std=c99 or -std=gnu99 to compile your code
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upgrade to release 1.0.5:
- Fix regression in read_parquet() when reading from file-like
objects.
- Fix regression in reading from public S3 buckets.
- Fixed regression in replace() raising an AssertionError when
replacing values in an extension dtype with values of a
different dtype
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5dbc25ea9d4bd4b3f9a150d3893a12b41dd456d3)
[ak: fixes build issue on CentOS7: Bug fix only update
https://github.com/pandas-dev/pandas/releases]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* there is no provider for gcov-native nor gcov-symlinks-native
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e82bb7efa8cf4c3b826b22761d5ba798bc134cb9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes:
# cd /etc/raddb/certs
# ./bootstrap
[snip]
chmod g+r ca.key
openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever'
chmod g+r server.pem
C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org
error 7 at 0 depth lookup: certificate signature failure
140066667427072:error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:../openssl-1.1.1g/crypto/rsa/rsa_ossl.c:553:
140066667427072:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1g/crypto/asn1/a_verify.c:170:
error server.pem: verification failed
make: *** [Makefile:107: server.vrfy] Error 2
It seems the ca.pem mismatchs server.pem which results in failing to
execute "openssl verify -CAfile ca.pem server.pem", so add the logic
to check the file to avoid inconsistency.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 52f5141109fae5f49c5a7334e9ded2b028e16cf6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It fails to compile rdist occasionally when system load of build server
is high:
| In file included from common.c:57:
| ../include/defs.h:49:10: fatal error: y.tab.h: No such file or directory
| 49 | #include "y.tab.h"
| | ^~~~~~~~~
| compilation terminated.
Make $(COMMONOBJS) which include common.o to depends on related header files
and y.tab.h to fix the parallel build failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1bb990c6ca1b149c19404fbe006fb6b372af8c4c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is a security release in order to address the following defects:
CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results.
CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Also backport 3 patches to fix build error with musl.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1609df11530ebb73de863d0c705e16107015dbe3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6443044ca9ec90d6740c42e618830ca52d656f5f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport fix from https://github.com/lua/lua.git.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 698748c1538ed03efbcfdd936cf8317b4f138c29)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f16aa16e917ea440daa3d5bd136338f66a964f5c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is seen with glibc 2.32 where these names are also defined
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5cf2665446f3fdc16b484c64afffaa0ac8373a35)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Ryan Rowe <rrowe@xevo.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cfa786917343589c1756c1bc7cdf62309d29462f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9cf730f22266d63df3cf63998c87918dfa540fb7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When starting radvd without any configuration the following errors would
be triggered.
"""
root@intel-x86-64:~# systemctl status radvd
● radvd.service - Router advertisement daemon for IPv6
Loaded: loaded (/lib/systemd/system/radvd.service; enabled; vendor preset:
enabled)
Active: inactive (dead)
Condition: start condition failed at Tue 2019-09-24 13:29:36 UTC; 3s ago
└─ ConditionPathExists=/etc/radvd.conf was not met
"""
Normally the user should create and configrue the /etc/radvd.conf
manually. However the radvd provide a example file for redhad located
at "radvd/redhat/radvd.conf.empty". When installing, it would copy
radvd/redhat/radvd.conf.empty to /etc/radvd.conf. Also add this empty
conf here to used as an example of configuration
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5af77740a46c334978adc7f37f53ea9a318d3a33)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
netoprintf() was not handling a case where
return value of vsnprintf is greater than
"size"(2nd argument), results in buffer overflow
while adjusting "nfrontp" pointer to point
beyond "netobuf" buffer.
Here is one such case where "nfrontp"
crossed boundaries of "netobuf", and
pointing to another global variable.
(gdb) p &netobuf[8255]
$5 = 0x55c93afe8b1f <netobuf+8255> ""
(gdb) p nfrontp
$6 = 0x55c93afe8c20 <terminaltype> "\377"
(gdb) p &terminaltype
$7 = (char **) 0x55c93afe8c20 <terminaltype>
(gdb)
This resulted in crash of telnetd service
with segmentation fault.
Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 232b82afd405c526f822294509e1d32388544ed4)
[appears to be CVE-2020-10188]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes the occasional error:
# cd /etc/raddb/certs
# ./bootstrap
[snip]
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
Using configuration from ./client.cnf
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
The matching entry has the following details
Type :Valid
Expires on :200908024833Z
Serial Number :02
File name :unknown
Subject Name :/C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
make: *** [Makefile:128: client.crt] Error 1
Add the check to fix the above error and it does the same for server.crt.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0d7522b7df80e45c379ad76addfddd51d0e56e9d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove systemd service template lvm2-pvscan@.service from
SYSTEMD_SERVICE. It should be started/stopped in udev rules file
69-dm-lvm-metad.rules.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d85613d8d1d285c9a1f9cf3cf8b13655220cd8cf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Master (nss version 3.54) is not affected by this issue. This is a backport
from nss version 3.54.
NSS has shown timing differences when performing DSA signatures, which was
exploitable and could eventually leak private keys. This vulnerability affects
Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Upstream patch:
https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This reverts commit 2b384c59733c437027f9b14cc32da19251efd97b.
It appears that there was a change in soname not noted in the changelog.
https://github.com/open-source-parsers/jsoncpp/commit/8b7ea09b8055df01866a5ce4142b12ed8f9f13eb
ABI change appears to have occured.
https://abi-laboratory.pro/index.php?view=timeline&l=jsoncpp
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: wireshark.org
MR: 104620
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 64e3701e4d6bd53972c22c49d655556e6f37e461
Description:
Affects: 3.2.0 to 3.2.4
Includes:
CVE-2020-15466
For more info see: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9019ceb2ccfd32789b7bc680269b3af234ebd397)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixed when rebuild:
DEBUG: Executing shell function autotools_preconfigure
NOTE: make clean
aclocal
autoheader
autoconf
You need to call ./configure with appropriate arguments (again).
make: *** [Makefile:287: config.status] Error 1
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 922e061fdbbc80c44f49866c7b08b2e09e4a3d0a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
With parallel build enabled, we got the following error:
ld: error in libsg.o(.eh_frame); no .eh_frame_hdr table will be created
....
ld: BFD (GNU Binutils) 2.34.0.20200220 internal error, aborting at ../../bfd/merge.c:933 in _bfd_merged_section_offset
....
| make[1]: *** [Makefile:24: libcheckcciss_tur.so] Error 1
| make[1]: *** Waiting for unfinished jobs....
However, looking at the Makefile, it does not seem to have problem.
So disable the parallel build as a workaround.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 45d6317353ea7431e2ffbe0419ba7e07a911265b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
in FILES_${PN}-slurpd:
- ${localstatedir}/volatile/run is already covered by FILES_${PN}-slapd
- ${localstatedir}/run is already covered by FILES_${PN}-slapd
in FILES_${PN}-dev:
- ${libdir}/*.a is already covered by FILES_${PN}-staticdev
remove the settings as they were without effect anyway
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 68988584921332f929f2508a3b2678cb33579290)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ERROR: upm-2.0.0+gitAUTOINC+5cf20df96c-r0 do_package: QA Issue: upm:
Files/directories were installed but not shipped in any package:
/usr/lib/python3.8/site-packages/upm/pyupm_adc121c021.py
/usr/lib/python3.8/site-packages/upm/pyupm_hmc5883l.py
/usr/lib/python3.8/site-packages/upm/_pyupm_mma8x5x.so
/usr/lib/python3.8/site-packages/upm/_pyupm_m24lr64e.so
/usr/lib/python3.8/site-packages/upm/pyupm_tca9548a.py
/usr/lib/python3.8/site-packages/upm/pyupm_mb704x.py
/usr/lib/python3.8/site-packages/upm/_pyupm_ehr.so
......
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit efe14bb04e58dd2028ba7c1521f08e2bd5382130)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Yi Zhao
Zang Ruochen
Khem Raj
Lee Chee Yang
Diego Rondini
Ulrich Ölmann
Hongxu Jia
Robert Yang
Mingli Yu
Andreas Müller
Martin Jansa
Pierre-Jean Texier
Oleksandr Kravchuk
Robert Joslyn
Ovidiu Panait
Adrian Bunk
Armin Kuster
Leon Anavi
Kai Kang
Yue Tao
Ryan Rowe
Alistair Francis
Changqing Li
Julius Hemanth Pitti
Armin Kuster
Qi.Chen@windriver.com
Konrad Weihmann
Zheng Ruoqin