aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* apache2: upgrade 2.4.48 -> 2.4.49hardknott-nexthardknottwangmy2021-09-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes with Apache 2.4.49 *) SECURITY: CVE-2021-40438 (cve.mitre.org) mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic] *) SECURITY: CVE-2021-39275 (cve.mitre.org) core: ap_escape_quotes buffer overflow *) SECURITY: CVE-2021-36160 (cve.mitre.org) mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] *) SECURITY: CVE-2021-34798 (cve.mitre.org) core: null pointer dereference on malformed request *) SECURITY: CVE-2021-33193 (cve.mitre.org) mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] *) core/mod_proxy/mod_ssl: Adding `outgoing` flag to conn_rec, indicating a connection is initiated by the server to somewhere, in contrast to incoming connections from clients. Adding 'ap_ssl_bind_outgoing()` function that marks a connection as outgoing and is used by mod_proxy instead of the previous optional function `ssl_engine_set`. This enables other SSL module to secure proxy connections. The optional functions `ssl_engine_set`, `ssl_engine_disable` and `ssl_proxy_enable` are now provided by the core to have backward compatibility with non-httpd modules that might use them. mod_ssl itself no longer registers these functions, but keeps them in its header for backward compatibility. The core provided optional function wrap any registered function like it was done for `ssl_is_ssl`. [Stefan Eissing] *) mod_ssl: Support logging private key material for use with wireshark via log file given by SSLKEYLOGFILE environment variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton] *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and "ProxyPassInterpolateEnv On" are configured. PR 65549. [Joel Self <joelself gmail.com>] *) mpm_event: Fix children processes possibly not stopped on graceful restart. PR 63169. [Joel Self <joelself gmail.com>] *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d) protocols from mod_proxy_http, and a timeout triggering falsely when using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with upgrade= setting. PRs 65521 and 65519. [Yann Ylavic] *) mod_unique_id: Reduce the time window where duplicates may be generated PR 65159 [Christophe Jaillet] *) mpm_prefork: Block signals for child_init hooks to prevent potential threads created from there to catch MPM's signals. [Ruediger Pluem, Yann Ylavic] *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159" added in 2.4.47. This causes issue on Windows. [Christophe Jaillet] *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted as successful or a staged renewal is replacing the existing certificates. This avoid potential mess ups in the md store file system to render the active certificates non-working. [@mkauf] *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. [Yann Ylavic] *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) connections. If ALPN protocols are provided and sent to the remote server, the received protocol selected is inspected and checked for a match. Without match, the peer handshake fails. An exception is the proposal of "http/1.1" where it is accepted if the remote server did not answer ALPN with a selected protocol. This accomodates for hosts that do not observe/support ALPN and speak http/1.x be default. *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances with others when their URLs contain a '$' substitution. PR 65419 + 65429. [Yann Ylavic] *) mod_dav: Add method_precondition hook. WebDAV extensions define conditions that must exist before a WebDAV method can be executed. This hook allows a WebDAV extension to verify these preconditions. [Graham Leggett] *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other modules apart from versioning implementations to handle the REPORT method. [Graham Leggett] *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and dav_get_resource() to mod_dav.h. [Graham Leggett] *) core: fix ap_escape_quotes substitution logic. [Eric Covener] *) Easy patches: synch 2.4.x and trunk - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp. - mod_ldap: log and abort locking errors. - mod_ldap: style fix for r1831165 - mod_ldap: build break fix for r1831165 - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590) - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case. - mod_rewrite: Save a few cycles. - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED [Christophe Jaillet] *) core/mpm: add hook 'child_stopping` that gets called when the MPM is stopping a child process. The additional `graceful` parameter allows registered hooks to free resources early during a graceful shutdown. [Yann Ylavic, Stefan Eissing] *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the balancer-manager, which can lead to a crash. [Yann Ylavic] *) mpm_event: Fix graceful stop/restart of children processes if connections are in lingering close for too long. [Yann Ylavic] *) mod_md: fixed a potential null pointer dereference if ACME/OCSP server returned 2xx responses without content type. Reported by chuangwen. [chuangwen, Stefan Eissing] *) mod_md: - Domain names in `<MDomain ...>` can now appear in quoted form. - Fixed a failure in ACME challenge selection that aborted further searches when the tls-alpn-01 method did not seem to be suitable. - Changed the tls-alpn-01 setup to only become unsuitable when none of the dns names showed support for a configured 'Protocols ... acme-tls/1'. This allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost. [Stefan Eissing] *) Add CPING to health check logic. [Jean-Frederic Clere] *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] *) core, h2: common ap_parse_request_line() and ap_check_request_header() code. [Yann Ylavic] *) core: Add StrictHostCheck to allow unconfigured hostnames to be rejected. [Eric Covener] *) htcacheclean: Improve help messages. [Christophe Jaillet] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 54a96fa4feb1a7712f9f3d1190c0d95d89eb6c7c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dash: upgrade 0.5.11.3 -> 0.5.11.5zangrc2021-09-261-2/+1
| | | | | | | | | | parser: Fix VSLENGTH parsing with trailing garbage eval: Do not cache value of eflag in evaltree Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 633f2115055dbc529f94eb39487e38ba384f6b83) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* crash: upgrade 7.2.9 -> 7.3.0zangrc2021-09-265-563/+14
| | | | | | | | | | | | | | | | Refresh the following patch: donnot-extract-gdb-during-do-compile.patch remove-unrecognized-gcc-option-m32-for-mips.patch 0001-printk-add-support-for-lockless-ringbuffer.patch 0002-printk-use-committed-finalized-state-values.patch Removed since these are included in 7.3.0. Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c833f0248954cad69cc14f866eb4003752e0b6eb) [Fixes issue with 5.10 kernel] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* can-utils: rrecommend iproute2 to make it possible to configure can interfacesAlexander Kanavin2021-09-261-0/+5
| | | | | | | | | | This replicates the fix from canutils.bb, for the same issue. See the link in the comment for details. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 020b87add3368b259662c5994a5a9d7edaa58085) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dstat: Add missing python-six runtime dependencyMarek Vasut2021-09-201-1/+1
| | | | | | | | | | | | | | | | | | The tool depends on the six module, add it, otherwise the following traceback happens when running it on the target: Traceback (most recent call last): File "/usr/bin/dstat", line 32, in <module> import six ModuleNotFoundError: No module named 'six' Signed-off-by: Marek Vasut <marex@denx.de> Cc: Khem Raj <raj.khem@gmail.com> Cc: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 866e2e88911c0975403b6f2be2cd498b34c2b395) [minor fixup for Hardknott context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Upgrade to 10.5.12Mingli Yu2021-09-154-3/+3
| | | | | | | | | Fixes for the following security vulnerabilities: CVE-2021-2372 CVE-2021-2389 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* c-ares: fix CVE-2021-3672Changqing Li2021-09-143-0/+197
| | | | | | | | | | Refer: https://c-ares.org/adv_20210810.html https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: Remove __divmoddi4 patchKhem Raj2021-09-082-37/+0
| | | | | | | | | | This function has been added upstream as well, therefore the patch is no longer needed Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Gianfranco Costamagna <locutusofborg@debian.org> (cherry picked from commit 552269da69d3c7d366ca3ad7340de715f06005a5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: fix CVE-2021-32761Joe Slater2021-09-072-0/+258
| | | | | | | Backport from version 6.2.5. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptsetup: Add runtime dependency on lvm2-udevrules for udevKristian Klausen2021-09-071-1/+1
| | | | | | | | | Without the udevrules cryptsetup luksOpen will be hanging with "Udev cookie 0xd4de0f6 (semid 5) waiting for zero". Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 60b33e376b2331cd20950f0745336397790d2201) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptsetup: Only recommend kernel modules when building for targetPeter Kjellerstedt2021-09-071-12/+13
| | | | | | | | | | | | | | | | | | | | | | Otherwise cryptsetup-native depends on the target kernel and thus the target compiler, as can be seen by: $ bitbake -g cryptsetup-native $ grep 'cryptsetup.*linux-yocto' task-depends.dot "cryptsetup-native.do_build" -> "linux-yocto.do_deploy" "cryptsetup-native.do_build" -> "linux-yocto.do_package_write_rpm" "cryptsetup-native.do_populate_sysroot" -> "linux-yocto.do_populate_sysroot" $ grep 'linux-yocto.*gcc-cross' task-depends.dot "linux-yocto.do_kernel_configme" -> "gcc-cross-x86_64.do_populate_sysroot" "linux-yocto.do_prepare_recipe_sysroot" -> "gcc-cross-x86_64.do_populate_sysroot" This also moves the runtime dependencies to near the end of the recipe, which is more customary. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 497602b4840720e8351ecf961ac6f85103093750) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptsetup: upgrade 2.3.5 -> 2.3.6zangrc2021-09-071-2/+2
| | | | | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 056d0892f0e2d1eb30029dbe9810b0800e87e634) [Bugz fix only update] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krb5: fix CVE-2021-36222Yi Zhao2021-09-072-0/+122
| | | | | | | | | | | | | | | | | | | | CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. References: https://nvd.nist.gov/vuln/detail/CVE-2021-36222 Patches from: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cjson: upgrade 1.7.14 -> 1.7.15wangmy2021-09-061-1/+1
| | | | | | | | | | | | | | Fixes: Fix potential core dumped for strrchr, see https://github.com/DaveGamble/cJSON/pull/546 Fix null pointer crash in cJSON_CreateXxArray, see https://github.com/DaveGamble/cJSON/pull/538 Fix several null pointer problems on allocation failure, see https://github.com/DaveGamble/cJSON/pull/526 Fix a possible dereference of null pointer, see https://github.com/DaveGamble/cJSON/pull/519 Fix windows build failure about defining nan, see https://github.com/DaveGamble/cJSON/pull/518 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fa00ac02df4e3caabe8ba81d1700cec835bcb139) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: upgrade 3.4.7 -> 3.4.8zhengruoqin2021-09-061-1/+1
| | | | | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 340ec8b25eafe644ab760fd784ccef217b7ee864) [bug fix only update] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: update from 2.18.6 to 2.18.7Gianfranco2021-09-042-3/+47
| | | | | | | | | | | | - add an upstream proposed patch 317.patch to fix a build failure with enabled systemd binding Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 01fa60898c2fe65f327bea2f84aaca00aef3f371) [Stable version, bug fix only] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: fix CVE-2021-3618Joe Slater2021-09-022-0/+109
| | | | | | | Apply patch made to version 1.20.1 to version 1.18.0. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.46 -> 2.4.48Changqing Li2021-09-026-241/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded https://git.openembedded.org/meta-openembedded MR: 112869, 112835, 105131, 112702, 112829 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745 ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c Description: Apache2 2.4.x is an LTS version with bug and CVE fixes. https://downloads.apache.org/httpd/CHANGES_2.4.48 Includes these CVE fixes: 2.4.48 CVE-2021-31618 2.4.47 CVE-2020-13938 CVE-2020-11985 CVE-2021-33193 CVE-2019-17567 Drop these patches included in update: CVE-2020-13950.patch CVE-2020-35452.patch CVE-2021-26690.patch CVE-2021-26691.patch CVE-2021-30641.patch Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ba016d73b5233a43ec6e398b45445d13ddaad745) Signed-off-by: Armin Kuster <akuster@mvista.com>
* gd: fix CVE-2021-38115Sakib Sajal2021-08-262-0/+34
| | | | | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linuxptp: upgrade 3.1 -> 3.1.1Changqing Li2021-08-261-3/+3
| | | | | | | | | | | | | | | | | | | * fix WARNING: linuxptp-3.1-r0 do_fetch: Failed to fetch URL http://sourceforge.net/projects/linuxptp/files/v3.1/linuxptp-3.1.tgz, attempting MIRRORS if available linuxptp-3.1.tgz replace by linuxptp-3.1.1.tgz * 3.1.1 release note Version 3.1.1 Fixes: CVE-2021-3570 linuxptp: missing length check of forwarded messages CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ldns: fix override syntaxRoland Hieber2021-08-251-1/+1
| | | | | | | | | | | | | | | | | | Commit 2e794f33a43d71bb9861 cherry-picked a fix from master, which used the new override syntax, which was introduced in poky commit 2abf8a699edd513405be (2021-07-25, "bitbake: bitbake: Switch to using new override syntax"). However, this change was merged after 3.4_M2 and is not part of hardknott, so bitbake complains about the new syntax: ERROR: ParseError at …/meta-openembedded/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb:20: unparsed line: 'do_install:append() {' Revert to the old syntax on the hardknott branch for now. Fixes: 2e794f33a43d71bb9861 (2021-08-09, "ldns: fix QA Issue after LDFLAGS change") Signed-off-by: Roland Hieber <rhi@pengutronix.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curlpp: fix override syntaxRoland Hieber2021-08-251-1/+1
| | | | | | | | | | | | | | | | | | Commit bca3bbbf203086794e5b cherry-picked a fix from master, which used the new override syntax, which was introduced in poky commit 2abf8a699edd513405be (2021-07-25, "bitbake: bitbake: Switch to using new override syntax"). However, this change was merged after 3.4_M2 and is not part of hardknott, so bitbake complains about the new syntax: ERROR: ParseError at …/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb:20: unparsed line: 'do_install:append() {' Revert to the old syntax on the hardknott branch for now. Fixes: bca3bbbf203086794e5b (2021-08-09, "curlpp: fix QA Issue after LDFLAGS change") Signed-off-by: Roland Hieber <rhi@pengutronix.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: fix CVE-2021-3560Mingli Yu2021-08-212-0/+32
| | | | | | | | | | | Backport a patch [1] to fix CVE-2021-3560. [1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b65c646b25a2652de02ba2adbbef942b5b475e7f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fvwm: Fix build time paths in target perl/python scriptsKhem Raj2021-08-151-0/+7
| | | | | | | | | Add rdeps as needed Fixes shebang-size QA warnings Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8cc64128c70c5b6a41b050332abb1d73a10ef4fa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fvwm: Package extra files and man pagesKhem Raj2021-08-151-6/+12
| | | | | | | | Avoids using installed-vs-shipped Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 566049b4f1ddc049c1f89a5838d1a71bb429faa3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: fix CVE-2021-32625Tony Tascioglu2021-08-142-0/+62
| | | | | | | | | | | | | CVE: CVE-2021-32625 Upstream-Status: Backport [e9a1438ac4c52aa68dfa2a8324b6419356842116] Fix integer overflow in STRALGO LCS (CVE-2021-32625) (#9011) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bigbuckbunny-1080p: fix sample video URLMichael Opdenacker2021-08-141-1/+1
| | | | | | | | | | | | | Replace a link that's now broken. The original download link on blender.org still works (https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_1080p_surround.avi) but is still extremely slow. Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 223243d649b623db398d2f39f067b4c72b54e710) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ldns: fix QA Issue after LDFLAGS changeTony Battersby2021-08-141-0/+7
| | | | | | | | | | | | | | | Adding -f*-prefix-map to LDFLAGS caused the following issue: QA Issue: ldns.pc failed sanity test (tmpdir) Fix by filtering out -f*-prefix-map from *.pc files. [YOCTO #14481] Signed-off-by: Tony Battersby <tonyb@cybernetics.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a4791bf2f37de55dd51971d34ac2252d3cf68f30) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curlpp: fix QA Issue after LDFLAGS changeTony Battersby2021-08-141-0/+7
| | | | | | | | | | | | | | | Adding -f*-prefix-map to LDFLAGS caused the following issue: QA Issue: curlpp.pc failed sanity test (tmpdir) Fix by filtering out -f*-prefix-map from *.pc files. [YOCTO #14481] Signed-off-by: Tony Battersby <tonyb@cybernetics.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c40e01b0fce73bc289d9499b204350359afc7884) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdbi-perl: fix CVE-2014-10402Kai Kang2021-08-142-1/+59
| | | | | | | | | | | | | | Backport patch to fix CVE-2014-10402. CVE: CVE-2014-10402 Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c80b3757ffc762a1577bcf7d0da41ebf1954b3f1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ndpi: fix CVE-2021-36082Changqing Li2021-08-102-0/+117
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Update SRC_URIMingli Yu2021-08-071-1/+1
| | | | | | | | | | | | | | The previous SRC_URI only stores the latest source tarball and we will meet do_fetch issue if not upgrade timely. Update the SRC_URI which stores all versions to fix some warning like below: WARNING: mariadb-10.5.9-r0 do_fetch: Failed to fetch URL https://downloads.mariadb.org/interstitial/mariadb-10.5.9/source/mariadb-10.5.9.tar.gz, attempting MIRRORS if available Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit da798f15ffd93759e1ba3f21bd1ba80c73e962af) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: redefine log-error itemMingli Yu2021-08-012-6/+1
| | | | | | | | | | | | | | | | | | | | | The log-error item which defined in my.cnf is "/var/log/mysqld.err" previouly and it's not consistent with which created in install_db service file which will call mysql-systemd-start to create the file "/var/log/mysqld.log". And it fails when boot with sysvinit as below: $ service mysqld start Starting MariaDB.210727 04:05:03 mysqld_safe Logging to '/var/log/mysqld.err'. 210727 04:05:03 mysqld_safe Starting mariadbd daemon with databases from /var/lib/mysql /usr/bin/mysqld_safe_helper: Can't create/write to file '/var/log/mysqld.err' (Errcode: 13 "Permission denied") So make the log-error item consistent to fix the above failure and also remove the related workaround when boot with systemd. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1a4144d954692ad68121d16adae09dc990e8ab1f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.22 -> 6.1.24Gianfranco2021-08-012-279/+3
| | | | | | | | | | | Drop patch to fix build failure with kernel 5.13, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 66b5131e266a6e4a82b467d58cb657a28a2e4b7e) [stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pm-qa: fix paths for shell scriptsAnastasios Kavoukis2021-08-011-1/+2
| | | | | | | | | | | | | | | | | | | | A commit in the repo of pm-qa: "adf9df9 Fix path to library files and change shebang line" Changed the text that sed was using to replace relative to absolute paths. As a result sed was not effectively finding the text "source ../include" to replace it, as the sed should be now searching for ". ../include". Similarly for "../Switches" Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 06a93a04efe2c2cbae6de93d07962be4dfa35019) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Suppress eol in functionfs setup scripts (#147)Devendra Tewari2021-08-013-4/+4
| | | | | | | | | | Stray newline character causes errors in functionfs setup scripts used by android-tools-adbd.service, when using musl libc and/or toybox. Signed-off-by: Devendra Tewari <devendra.tewari@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit db5f48734404a52ee5323659082f1d6baa225ca7) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: fix QA Issue after LDFLAGS changeTony Battersby2021-08-011-0/+5
| | | | | | | | | | | | | | | Adding -f*-prefix-map to LDFLAGS caused the following issue: QA Issue: netsnmp-agent.pc failed sanity test (tmpdir) Fix by filtering out -f*-prefix-map from *.pc files. [YOCTO #14481] Signed-off-by: Tony Battersby <tonyb@cybernetics.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5e042ac2079bffa3ae3d9839a50bf6a3d3f1930a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: move to version 7.4.21Joe Slater2021-08-011-1/+2
| | | | | | | | | | | Lots of bug fixes. CVE: CVE-2021-21704 CVE-2021-21705 Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* htop: Add ncurses-terminfo-base to RDEPENDSPaulo Neves2021-08-011-0/+2
| | | | | | | | Without it there are no terminal configurations on the target and htop refuses to run. (cherry picked from commit b5d74f8a6bd33e8468dd04d990f08d89d1e6928a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openlldp: fix segfaultLi Wang2021-08-012-0/+332
| | | | | | | | | | | | | | | | | | | ~ lldpad -d ~ 8021q: 802.1Q VLAN Support v1.8 ~ 8021q: adding VLAN 0 to HW filter on device eth0 ~ lldpad[xxx]: segfault at 0 ip xxx sp xxx error 4 in lldpad[xxx+xxx] ~ Code: xxx the issue is introduced by: 0002-lldp_head-rename-and-make-extern.patch Upstream patches: https://github.com/intel/openlldp/commit/ed6a8e5a75f56b7034a46294a0bf2a9a7fd14fbc Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 145f59ba75c992c4ce1f808308c041c1f7519244) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtalloc: upgrade 2.3.2 -> 2.3.3wangmy2021-08-011-3/+3
| | | | | | | | | | | | | | License-Update: add note: ** NOTE! The following LGPL license applies to the talloc ** library. This does NOT imply that all of Samba is released ** under the LGPL "GNU General Public License" changed to "GNU Lesser General Public License" Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 173cf5fd6b3fa2b0ee74ccb5fc11a96319943821) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nghttp2: upgrade 1.43.0 -> 1.44.0wangmy2021-08-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | v1.44.0 changelog: lib: Port new ngtcp2 map implementation doc: Replace master with main build: Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS build: Add more --with-* configure flags build: Add LIBTOOL_LDFLAGS configure variable third-party: Bump llhttp to 6.0.2 src: Replace black-list with block-list nghttpx: Fix max distance in weight group/address cycle comparison nghttpx: Set connect_blocker and live_check after shuffling addresses nghttpx: Replace master with main nghttpx: Remove trailing white space after $method log variable (https://github.com/nghttp2/nghttp2/pull/1553) h2load: Add --rps option (https://github.com/nghttp2/nghttp2/pull/1559) h2load: Allow unit in -D option asio: fix some typos (Patch from Jan Kundrát) (https://github.com/nghttp2/nghttp2/pull/1550) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b767b37e3aabc3c9e95adb7eb469bd6d32979fb8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: update to 3.4.7Armin Kuster2021-08-011-1/+1
| | | | | | | | | | Stable branch bug fix update. Includes: CVE-2021-22235 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b68fe48192f0e029a1ca60a8f72199fbbccd3c1e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-urllib3: Upgrade 1.26.4 -> 1.26.5Leon Anavi2021-07-301-1/+1
| | | | | | | | | | | | | | | | | | | | Upgrade to release 1.26.5: - Fixed deprecation warnings emitted in Python 3.10. - Updated vendored six library to 1.16.0. - Improved performance of URL parser when splitting the authority component. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Fixes CVE 2021-33503. (cherry picked from commit bb39c29a46e44fcc082aed0ce8772f4267a41d2d) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pillow: fix CVE-2021-34552Joe Slater2021-07-273-0/+94
| | | | | | Pull fix from version 8.3.1 back to 8.2.0. Signed-off-by: Joe Slater <joe.slater@windriver.com>
* hiawatha: fix url.Armin Kuster2021-07-241-1/+1
| | | | | | files moved under a new dir structure. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: add a fix for build failure with kernel 5.13Gianfranco2021-07-182-0/+277
| | | | | | | | | | Its already upstream and also used in Debian and Ubuntu Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d0f2d7c954b9f3befd9470d97de581fe5b1fb2a8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.20 -> 6.1.22Gianfranco2021-07-181-2/+2
| | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 319490178b999a74a82d092320de5d9d2e5c67bd) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.18 -> 6.1.20Gianfranco2021-07-182-26/+2
| | | | | | | | | | | Drop all patches, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: fix failures to start install_db.serviceKai Kang2021-07-181-11/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It fails to start install_db.service when install mariadb-setupdb from a package repo via dnf: root@qemux86-64:~# systemctl status install_db x install_db.service - Install MySQL Community Server Database Loaded: loaded (/lib/systemd/system/install_db.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2021-07-09 02:55:12 UTC; 5s ago Process: 504 ExecStart=/usr/bin/mysql-systemd-start pre (code=exited, status=203/EXEC) Main PID: 504 (code=exited, status=203/EXEC) Jul 09 02:55:12 qemux86-64 systemd[1]: Starting Install MySQL Community Server Database... Jul 09 02:55:12 qemux86-64 systemd[504]: install_db.service: Failed to locate executable /usr/bin/mysql-systemd-start: No such file or directo> Jul 09 02:55:12 qemux86-64 systemd[504]: install_db.service: Failed at step EXEC spawning /usr/bin/mysql-systemd-start: No such file or direct> Jul 09 02:55:12 qemux86-64 systemd[1]: install_db.service: Main process exited, code=exited, status=203/EXEC Jul 09 02:55:12 qemux86-64 systemd[1]: install_db.service: Failed with result 'exit-code'. Jul 09 02:55:12 qemux86-64 systemd[1]: Failed to start Install MySQL Community Server Database. The scripts required by install_db.service are packaged in mariadb-server which depends on mariadb-setupdb already. So move the scripts to mariadb-setupdb to make sure start install_db.service successfully. And move creating user 'mysql' in mariadb-setupdb as well. Packageconfig 'setupdb' has been useless from last upgrade, so remove it at same time. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b7554ae2855483edc0a7d4c533d7d818bbc9e4f8) Signed-off-by: Armin Kuster <akuster808@gmail.com>