aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* gattlib: Place pkgconfig file in correct packagedunfell-nextdunfellRichard Purdie10 days1-1/+1
| | | | | | | | | | | Fixes in OE-Core added some pkgconfig dependencies back and this flagged that the .pc file was in ${PN}, not ${PN}-dev. Fix that. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e9b3476ad9964210d5cdbce4d11b31b50738a4b6) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gattlib: remove includedir from base packageKonrad Weihmann10 days1-1/+1
| | | | | | | | | | | as it's already packaged to ${PN}-dev, so the setting was without any effect anyway Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1d26b2656b87a95b72d674954283ac014da8793b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Update CVE-2020-8037 tagPurushottam Choudhary2021-10-011-0/+1
| | | | | | | | | | CVE tag was missing inside the patch file which is the remedy for CVE-2020-8037 and tracked by cve-check. Signed-off-by: Purushottam Choudhary <purushottam.Choudhary@kpit.com> Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.48 -> 2.4.49wangmy2021-10-011-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: git://git.openembedded.org/meta-openembedded MR: 112702, 113258, 113284, 113290, 113296 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?h=honister&id=54a96fa4feb1a7712f9f3d1190c0d95d89eb6c7c ChangeID: 1576d86baac5a72ea4d2909a8a05c0c87fdce2f1 Description: Changes with Apache 2.4.49 *) SECURITY: CVE-2021-40438 (cve.mitre.org) mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic] *) SECURITY: CVE-2021-39275 (cve.mitre.org) core: ap_escape_quotes buffer overflow *) SECURITY: CVE-2021-36160 (cve.mitre.org) mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] *) SECURITY: CVE-2021-34798 (cve.mitre.org) core: null pointer dereference on malformed request *) SECURITY: CVE-2021-33193 (cve.mitre.org) mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] *) core/mod_proxy/mod_ssl: Adding `outgoing` flag to conn_rec, indicating a connection is initiated by the server to somewhere, in contrast to incoming connections from clients. Adding 'ap_ssl_bind_outgoing()` function that marks a connection as outgoing and is used by mod_proxy instead of the previous optional function `ssl_engine_set`. This enables other SSL module to secure proxy connections. The optional functions `ssl_engine_set`, `ssl_engine_disable` and `ssl_proxy_enable` are now provided by the core to have backward compatibility with non-httpd modules that might use them. mod_ssl itself no longer registers these functions, but keeps them in its header for backward compatibility. The core provided optional function wrap any registered function like it was done for `ssl_is_ssl`. [Stefan Eissing] *) mod_ssl: Support logging private key material for use with wireshark via log file given by SSLKEYLOGFILE environment variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton] *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and "ProxyPassInterpolateEnv On" are configured. PR 65549. [Joel Self <joelself gmail.com>] *) mpm_event: Fix children processes possibly not stopped on graceful restart. PR 63169. [Joel Self <joelself gmail.com>] *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d) protocols from mod_proxy_http, and a timeout triggering falsely when using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with upgrade= setting. PRs 65521 and 65519. [Yann Ylavic] *) mod_unique_id: Reduce the time window where duplicates may be generated PR 65159 [Christophe Jaillet] *) mpm_prefork: Block signals for child_init hooks to prevent potential threads created from there to catch MPM's signals. [Ruediger Pluem, Yann Ylavic] *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159" added in 2.4.47. This causes issue on Windows. [Christophe Jaillet] *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted as successful or a staged renewal is replacing the existing certificates. This avoid potential mess ups in the md store file system to render the active certificates non-working. [@mkauf] *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. [Yann Ylavic] *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) connections. If ALPN protocols are provided and sent to the remote server, the received protocol selected is inspected and checked for a match. Without match, the peer handshake fails. An exception is the proposal of "http/1.1" where it is accepted if the remote server did not answer ALPN with a selected protocol. This accomodates for hosts that do not observe/support ALPN and speak http/1.x be default. *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances with others when their URLs contain a '$' substitution. PR 65419 + 65429. [Yann Ylavic] *) mod_dav: Add method_precondition hook. WebDAV extensions define conditions that must exist before a WebDAV method can be executed. This hook allows a WebDAV extension to verify these preconditions. [Graham Leggett] *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other modules apart from versioning implementations to handle the REPORT method. [Graham Leggett] *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and dav_get_resource() to mod_dav.h. [Graham Leggett] *) core: fix ap_escape_quotes substitution logic. [Eric Covener] *) Easy patches: synch 2.4.x and trunk - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp. - mod_ldap: log and abort locking errors. - mod_ldap: style fix for r1831165 - mod_ldap: build break fix for r1831165 - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590) - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case. - mod_rewrite: Save a few cycles. - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED [Christophe Jaillet] *) core/mpm: add hook 'child_stopping` that gets called when the MPM is stopping a child process. The additional `graceful` parameter allows registered hooks to free resources early during a graceful shutdown. [Yann Ylavic, Stefan Eissing] *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the balancer-manager, which can lead to a crash. [Yann Ylavic] *) mpm_event: Fix graceful stop/restart of children processes if connections are in lingering close for too long. [Yann Ylavic] *) mod_md: fixed a potential null pointer dereference if ACME/OCSP server returned 2xx responses without content type. Reported by chuangwen. [chuangwen, Stefan Eissing] *) mod_md: - Domain names in `<MDomain ...>` can now appear in quoted form. - Fixed a failure in ACME challenge selection that aborted further searches when the tls-alpn-01 method did not seem to be suitable. - Changed the tls-alpn-01 setup to only become unsuitable when none of the dns names showed support for a configured 'Protocols ... acme-tls/1'. This allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost. [Stefan Eissing] *) Add CPING to health check logic. [Jean-Frederic Clere] *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] *) core, h2: common ap_parse_request_line() and ap_check_request_header() code. [Yann Ylavic] *) core: Add StrictHostCheck to allow unconfigured hostnames to be rejected. [Eric Covener] *) htcacheclean: Improve help messages. [Christophe Jaillet] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 54a96fa4feb1a7712f9f3d1190c0d95d89eb6c7c) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit f44e1a2b575826e88b8cb2725e54a7c5d29cf94a) Signed-off-by: Armin Kuster <akuster@mvista.com>
* dstat: Add missing python-six runtime dependencyMarek Vasut2021-09-201-1/+1
| | | | | | | | | | | | | | | The tool depends on the six module, add it, otherwise the following traceback happens when running it on the target: Traceback (most recent call last): File "/usr/bin/dstat", line 32, in <module> import six ModuleNotFoundError: No module named 'six' Signed-off-by: Marek Vasut <marex@denx.de> Cc: Khem Raj <raj.khem@gmail.com> Cc: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* c-ares: Add fix for CVE-2021-3672Neetika Singh2021-09-203-0/+207
| | | | | | | | | | | | | Added below patches to fix CVE-2021-3672 1. ares_expand_name-should-escape-more-characters.patch 2. ares_expand_name-fix-formatting-and-handling-of-root.patch Link: http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz Signed-off-by: akash hadke <Akash.Hadke@kpit.com> Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: Security fix CVE-2021-3448Armin Kuster2021-09-102-0/+1041
| | | | | | | | | | | | | Source: https://thekelleys.org.uk/dnsmasq.git MR: 110238 Type: Security Fix Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2 ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818 Description: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. Signed-off-by: Armin Kuster <akuster@mvista.com>
* krb5: fix CVE-2021-36222Yi Zhao2021-09-102-0/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded MR: 112165 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-connectivity/krb5?id=69087d69d01a4530e2d588036fcbeaf8856b2ff1 ChangeID: e7cdfd1c4530312b4773103cf58d322451af1421 Description: CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. References: https://nvd.nist.gov/vuln/detail/CVE-2021-36222 Patches from: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 523f6d834d2fddb0ecc73c6d7d8b1845f65f5279) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com>
* stunnel: upgrade 5.56 -> 5.57Pierre-Jean Texier2021-09-101-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded MR: 109039 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/stunnel?h=gatesgarth&id=b76712700c79e4627028787ae65ab306c21eed02 ChangeID: 2543a2516b0f00024ed117a1fe33d1157b3d725f Description: Affects < 5.57 License-Update: copyright years updated. This is a bug fix release: - X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed tests on the WSL2 platform. Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b76712700c79e4627028787ae65ab306c21eed02) [Includes CVE-2021-20230 per changelog Full commit https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 ] Signed-off-by: Armin Kuster <akuster@mvista.com>
* nss: Two Security fixes CVE-2020-6829 and 12400Armin Kuster2021-09-052-0/+19790
| | | | | | | | | | | | | | Source: https://hg.mozilla.org/projects/nss MR: 106863 Type: Security Fix Disposition: Backport from https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c and 3f022d5eca5d3cd0e366a825a5681953d76299d0 ChangeID: f7f16ca20fbb2436071fde063fe56aa8b319ce41 Description: Affects NSS < 3.55 This address both VE-2020-6829 and CVE-2020-12400 Signed-off-by: Armin Kuster <akuster@mvista.com>
* c-ares: upgrade 1.16.0 -> 1.16.1Zang Ruochen2021-09-051-1/+1
| | | | | | | | | | | | | | | Source: https://git.openembedded.org MR: 111050 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/c-ares?h=hardknott&id=dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4 ChangeID: dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4 Description: Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4) [Includes cve: CVE-2020-14354. Bug fix update, no ABI changes] Signed-off-by: Armin Kuster <akuster@mvista.com>
* dlt-daemon: update from 2.18.6 to 2.18.7Gianfranco2021-09-052-3/+47
| | | | | | | | | | | | - add an upstream proposed patch 317.patch to fix a build failure with enabled systemd binding Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 01fa60898c2fe65f327bea2f84aaca00aef3f371) [Stable version, bug fix only] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: update to new release 2.18.6Gianfranco Costamagna2021-09-054-146/+1
| | | | | | | | | | | | | | - drop patches 241 245 275: upstream Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> Stable version, bug fix only] (cherry picked from commit 8c17cac68473f98e663f05bc08b7505c0529e495) [ Stable version, bug fix only Fixup for Dunfell context] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: superseed upstream pr #238 patch with pr #245 due to unexpected ↵Gianfranco Costamagna2021-09-052-8/+47
| | | | | | | | | | | | | | behaviour Upstream commented to use the second one Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c32d2eb448ce343463dc75cc6120f395e32f0177) [Fixup for Dunfell context] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: fix build with upstream-proposed patch for MUSL libcGianfranco Costamagna2021-09-052-0/+31
| | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a7c9aa13dd94712ea49f535fbbf38d2db54cf7e2) Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: fix build failure when dlt-dbus is enabled, due to missing ↵Gianfranco2021-09-051-1/+2
| | | | | | | | | | | service file. Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b2fe766703e94cee2e3d1e21f3274789d6cd0c57) Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: update to 2.18.5Gianfranco2021-09-053-150/+37
| | | | | | | | | | | | | - drop patch 204: upstream - add gcc-10 build fix proposed upstream 238.patch Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 97092276dd453a4ef67aaec7bdcb0fb3cf1a5ca5) [Stable version, bug fix only] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.46 -> 2.4.48Changqing Li2021-09-026-241/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded https://git.openembedded.org/meta-openembedded MR: 112869, 112835, 105131, 112702, 112829 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745 ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c Description: Apache2 2.4.x is an LTS version with bug and CVE fixes. https://downloads.apache.org/httpd/CHANGES_2.4.48 Includes these CVE fixes: 2.4.48 CVE-2021-31618 2.4.47 CVE-2020-13938 CVE-2020-11985 CVE-2021-33193 CVE-2019-17567 Drop these patches included in update: CVE-2020-13950.patch CVE-2020-35452.patch CVE-2021-26690.patch CVE-2021-26691.patch CVE-2021-30641.patch Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ba016d73b5233a43ec6e398b45445d13ddaad745) Signed-off-by: Armin Kuster <akuster@mvista.com>
* tcpdump: Exclude CVE-2020-8036 from checkArmin Kuster2021-08-241-0/+5
| | | | | | | This issue was introduce in 4.9 by 246ca110 Autosar SOME/IP protocol support which is after 4.9.3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xterm: Security fix for CVE-2021-27135Armin Kuster2021-08-242-0/+69
| | | | | | | | | | | | | | | | Source: Debian.org MR: 108848 Type: Security Fix Disposition: Backport from https://sources.debian.org/data/main/x/xterm/344-1%2Bdeb10u1/debian/patches/CVE-2021-27135.diff ChangeID: 00f53def87b8b95e62908581f8fb56a69118dd32 Description: xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. This fixes CVE-2021-27135. Leverage a patch from Debian. Signed-off-by: Armin Kuster <akuster@mvista.com>
* nginx: fix CVE-2021-3618Joe Slater2021-08-212-0/+90
| | | | | | | | | | | | | | | | | | | | | Source: meta-openembedded.ort MR: 112731 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/nginx?id=f92dbcc4c2723e6ff4e308c8a2e6dc228a6cd7d5 ChangeID: dd3295b606d73e01dd09291d85d529dea17a1a9e Description: Backport with no change a patch from version 1.21.0. This patch was not cherry-picked by nginx to version 1.20.1. Information about this CVE comes from https://ubuntu.com/security/CVE-2021-3618. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f92dbcc4c2723e6ff4e308c8a2e6dc228a6cd7d5) [refesh patch for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com>
* ufw: Fix interpreter for installed ufw and test ufwJate Sujjavanich2021-08-152-16/+6
| | | | | | | | | Revert patch to setup-only-make-one-reference-to-env.patch and make patch for python3 interpreter fix apply to runs of setup.py during self test as well as installs. Reported-by: Kenta Nakamura <Nakamura.Kenta@bp.MitsubishiElectric.co.jp> Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
* backport: xmlsec1: Fix configure QA error caused by host lookup pathAnatol Belski2021-08-152-0/+23
| | | | | | | | | | | | The configure script contains hardcoded lookup paths to /usr and other paths that might interfere with the host. These are overwritten with the staging dir locations for Poky compatibility. Backport from meta-oe master rev. 74b66d1911118bac53033f77ba6d3923f4809d5a Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Jan-Simon Moeller <dl9pf@gmx.de>
* php: move to version 7.4.21Joe Slater2021-08-141-1/+2
| | | | | | | | | | | | | | Lots of bug fixes. CVE: CVE-2021-21704 CVE-2021-21705 Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 69dcf5bac8adfd55f1a40cff1e989ed8806607cb) [Stable bug fix only updates] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fvwm: Fix build time paths in target perl/python scriptsKhem Raj2021-08-141-0/+7
| | | | | | | | | Add rdeps as needed Fixes shebang-size QA warnings Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8cc64128c70c5b6a41b050332abb1d73a10ef4fa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fvwm: Package extra files and man pagesKhem Raj2021-08-141-6/+12
| | | | | | | | Avoids using installed-vs-shipped Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 566049b4f1ddc049c1f89a5838d1a71bb429faa3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bigbuckbunny-1080p: fix sample video URLMichael Opdenacker2021-08-141-1/+1
| | | | | | | | | | | | | Replace a link that's now broken. The original download link on blender.org still works (https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_1080p_surround.avi) but is still extremely slow. Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 223243d649b623db398d2f39f067b4c72b54e710) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdbi-perl: fix CVE-2014-10402Kai Kang2021-08-142-1/+59
| | | | | | | | | | | | | | Backport patch to fix CVE-2014-10402. CVE: CVE-2014-10402 Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c80b3757ffc762a1577bcf7d0da41ebf1954b3f1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: Upgrade to 7.4.16Mingli Yu2021-07-263-187/+2
| | | | | | | | | | | | | License-Update: License updated (year updated) Fix some security issues such as CVE-2021-21702 and remove two cve patches which already included in the new version. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e418ee4657e084c8b4d42aabf76ff6df99253e91) [Bug fix only updates plus: CVE-2020-7071 ] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: allow php as emptyChangqing Li2021-07-261-0/+2
| | | | | | | | | | | Since commit c4ffcaa2[php: split out phpdbg into a separate package], package php is empty, we might met error: nothing provides php needed by php-cli-7.4.9-r0.corei7_64 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9be6b4f5a2ec857475626c74457a94b8d9236fd5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: split out phpdbg into a separate packageDiego Santa Cruz2021-07-261-1/+2
| | | | | | | | | | | Since PHP 7.0 the phpdbg debugger is built by default and gets shipped in the main php package, increasing its size by several MB; split it out into a php-phpdbg package, following Debian naming. Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c4ffcaa2ab3fbdef1ce58c253b32d82a57a3e2a8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: update to 3.2.15Armin Kuster2021-07-251-1/+1
| | | | | | | | | | | | | | | | | | | | | Source: Wireshark.org MR: 109612, 110462, 112069 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 40f9f8ac2431f32680d4817607badbbe44875260 Description: Bug fix only update: see: https://www.wireshark.org/docs/relnotes/wireshark-3.2.15.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.14.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.13.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.12.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.11.html includes: CVE-2021-22191, CVE-2021-22207, CVE-2021-22235 Signed-off-by: Armin Kuster <akuster@mvista.com>
* ostree: Do not check for meta-pythonNicolas Dechesne2021-07-251-1/+1
| | | | | | | | | | | | It is a (non trivial) cherry pick from (cherry picked from commit b9ede0cb182ab095c863a6a5154bbe259a33f5c0) python3-pyyaml was moved from meta-python to meta-oe, so that we could apply this specific patch which breaks basic YP compatible check script. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-{pyyaml,cython,pyparsing}: move from meta-python to meta-oeNicolas Dechesne2021-07-254-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | This specific statement in ostree recipe breaks the YP compatible status (yocto-check-layer): RDEPENDS_${PN}-ptest += " \ ... ${@bb.utils.contains('BBFILE_COLLECTIONS', 'meta-python', 'python3-pyyaml', '', d)} \ ... " Recently python3-pyyaml was moved to OE-core (0a8600f9cec0), and the ostree recipe was fixed with: b9ede0cb182a (python3-pyyaml: Do not check for meta-python) In dunfell, moving python3-pyyaml to OE-core is not a great idea, but moving it from meta-python to meta-oe allows us to fix ostree YP compatible issue. Since meta-python depends on meta-oe, it should not be a change with any visible effect. python3-cython and python3-pyparsing are collateral damages since they are dependency for python3-pyyaml, so needed to be moved too. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-jinja2: remove recipeNicolas Dechesne2021-07-252-46/+0
| | | | | | | | | | | | | It was moved to OE-core/dunfell in cc0f56a788c3 (python3-jinja2: Import from meta-oe/meta-python) However it was not removed from meta-oe, as such this recipe is now duplicated, for no good reason. Worse than that, the version in meta-oe and oe-core differ. OE-core has 2.11.3 and meta-oe is older with 2.11.2. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-markupsafe: remove recipeNicolas Dechesne2021-07-252-5/+0
| | | | | | | | | | | | It was moved to OE-core/dunfell in ec222f6af5f8 (python3-markupsafe: Import from meta-oe/meta-python) However it was not removed from meta-oe, as such this recipe is now duplicated, for no good reason. The version in meta-oe and oe-core match so, it's really a no-op. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdevmapper,lvm2: Do not inherit licenseKhem Raj2021-07-251-3/+2
| | | | | | | | | | | | | | | inheriting license class which brings in AVAILABLE_LICENSES into do_configure task checksums class since it wants to enable thin-provisioning-tools if distro allows GPL-3 automatically, but this brings issues when other layers which have additional licenses are provided which ends up in signature mismatches so leave that setting to end-user and keep it disabled by default with a comment in recipes stating that if needed then the user should enable it via config metadata or bbappends. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f592e81f11d455546447ddff35b2f89e18c0cc0c) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ufw: backport patches, update RRECOMMENDS, python3 support, testsJate Sujjavanich2021-07-249-7/+18155
| | | | | | | | | | | | | | | | | Backport patches: using conntrack instead of state eliminating warning support setup.py build (python 3) adjust runtime tests to use daytime port (netbase changes) empty out IPT_MODULES (nf conntrack warning) check-requirements patch for python 3.8 Update, add patches for python 3 interpreter Add ufw-test package. Backport fixes for check-requirements script Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell For dunfell Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hiawatha: fix url.Armin Kuster2021-07-241-1/+1
| | | | | | | | files moved under a new dir structure. ERROR: hiawatha-10.10-r0 do_fetch: Fetcher failure for URL: 'http://hiawatha-webserver.org/files/hiawatha-10.10.tar.gz'. Unable to fetch URL from any source. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: update to 10.4.20Armin Kuster2021-07-213-2/+2
| | | | | | | | | | | | | | | | | | Source: mariadb.org MR: 109670, 110757, 110768 Type: Security Fix Disposition: Backport from mariadb ChangeID: 82a82ba3623ff39ca17443d0117d36bcee73e612 Description: LTS version https://mariadb.com/kb/en/mariadb-10420-release-notes/ CVE-2021-2166: MariaDB 10.4.19 CVE-2021-2154: MariaDB 10.4.19 CVE-2021-27928: MariaDB 10.4.18 Signed-off-by: Armin kuster <akuster@mvista.com>
* vboxguestdrivers: add a fix for build failure with kernel 5.13Gianfranco2021-07-192-0/+277
| | | | | | | | | | | | Its already upstream and also used in Debian and Ubuntu Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d0f2d7c954b9f3befd9470d97de581fe5b1fb2a8) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 2e15d7eb66624c1755e8670f8c5448e3a9be0a21) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.20 -> 6.1.22Gianfranco2021-07-191-2/+2
| | | | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 319490178b999a74a82d092320de5d9d2e5c67bd) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 97a5a4b40c143f71c8bff403c51a061a0d5e8b6f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.18 -> 6.1.20Gianfranco2021-07-192-26/+2
| | | | | | | | | | | | | Drop all patches, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 703daeb65f49c60636e835ad53fc354ca641ab3f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: Add __divmoddi4 builtin supportKhem Raj2021-07-192-0/+37
| | | | | | | | gcc 11 needs it on i686 Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 57f7692e8ef707535ffa1683aa711de442736ec1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386Gianfranco2021-07-192-0/+24
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 09eb0ad187fb14ac1bb83a5a8d1ac4e9e9fdb305) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.16 -> 6.1.18Gianfranco2021-07-194-491/+2
| | | | | | | | | | Drop kernel 5.10 build fixes patches, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f8f2331158b33436bd53142e0e1b4b94f78b37e6) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: fix build against kernel v5.10+Bruce Ashfield2021-07-194-0/+489
| | | | | | | | | | | | | We need to adjust the vboxguest drivers to build against kernels 5.10+. These are backports from the virtual box SVN repository and can be dropped in future uprevs. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 22eaac640f80df44108a5565127181c94645a032) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.14 -> 6.1.16Gianfranco Costamagna2021-07-191-2/+2
| | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7839164921ddb340a1bff322a1274c6022cb8565) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8 compatibility ↵Gianfranco Costamagna2021-07-192-5049/+2
| | | | | | | | | | | patch, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1cd14bf12472970d75df3172a2b9b0dff71da655) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: Fix build with kernel 5.8Khem Raj2021-07-196-303/+5047
| | | | | | | | | | | | Remove patches which are already covered in this new patch Fixes step1b: ERROR: modpost: "__get_vm_area_caller" [/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/vboxguestdrivers/6.1.12-r0/vboxguestdrivers-6.1.12/vboxguest/vboxguest.ko] undefined! step1b: ERROR: modpost: "map_kernel_range" [/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/vboxguestdrivers/6.1.12-r0/vboxguestdrivers-6.1.12/vboxguest/vboxguest.ko] undefined! Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5efb06176add13c4b8287c9972651dcac94adf79) Signed-off-by: Armin Kuster <akuster808@gmail.com>