| Age | Commit message (Collapse) | Author |
|---|
|
Fixes in OE-Core added some pkgconfig dependencies back and this flagged
that the .pc file was in ${PN}, not ${PN}-dev. Fix that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit ea4afdb6a846aecd1be5f81f989aee3dfc08cc60)
[fixup for hardknott context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes CVEs:
CVE-2021-32626
CVE-2021-32627
CVE-2021-32628
CVE-2021-32675
CVE-2021-32687
CVE-2021-32762
CVE-2021-41099
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: Apache.org
MR: 113457, 113453
Type: Security Fix
Disposition: Backport from apache.org 2.4.51
ChangeID: 9d7b58f49487baff99bf8f101e53217425a2b81f
Description:
Bug fix only update. LTS version
https://httpd.apache.org/security/vulnerabilities_24.html
Fixes CVEs:
CVE-2021-42013
CVE-2021-41524
CVE-2021-41773
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This upgrade fix CVE-2021-3677
refer: https://www.postgresql.org/support/security/CVE-2021-3677/
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop 2 seccomp patches as seccomp sandbox policy tweaks in new version [1].
[1] https://security.appspot.com/vsftpd/Changelog.txt
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade fix CVE-2021-3618, refer above Changelog
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This upgrade revolves a bunch of CVEs. See more details in:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp.
These CVEs cannot be reolved one by one. Upgrading the package
is the only reasonable way.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
[CVE-2021-33285, CVE-2021-35269, CVE-2021-35268, CVE-2021-33289, CVE-2021-33286, CVE-2021-35266, CVE-2021-33287, CVE-2021-35267, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
"import pyinotify" throws an error for these modules if they are not
included.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport an upstream fix since an uprev would include
potentially-breaking functionality changes.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes:
i) removed patches contained in newer version
ii) LIC_FILES_CHKSUM changed because of the following commits:
6013c7bc Just make it easier for the doc
82d26095 merge duplicate COPYING files
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch from version 0.4.2 upstream since the uprev would add
functionality changes.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Inheriting setuptools3 incorrectly adds the dependency on python3-core
to libiio instead of to libiio-python3 where it belongs.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes with Apache 2.4.49
*) SECURITY: CVE-2021-40438 (cve.mitre.org)
mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
*) SECURITY: CVE-2021-39275 (cve.mitre.org)
core: ap_escape_quotes buffer overflow
*) SECURITY: CVE-2021-36160 (cve.mitre.org)
mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
*) SECURITY: CVE-2021-34798 (cve.mitre.org)
core: null pointer dereference on malformed request
*) SECURITY: CVE-2021-33193 (cve.mitre.org)
mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
*) core/mod_proxy/mod_ssl:
Adding `outgoing` flag to conn_rec, indicating a connection is
initiated by the server to somewhere, in contrast to incoming
connections from clients.
Adding 'ap_ssl_bind_outgoing()` function that marks a connection
as outgoing and is used by mod_proxy instead of the previous
optional function `ssl_engine_set`. This enables other SSL
module to secure proxy connections.
The optional functions `ssl_engine_set`, `ssl_engine_disable` and
`ssl_proxy_enable` are now provided by the core to have backward
compatibility with non-httpd modules that might use them. mod_ssl
itself no longer registers these functions, but keeps them in its
header for backward compatibility.
The core provided optional function wrap any registered function
like it was done for `ssl_is_ssl`.
[Stefan Eissing]
*) mod_ssl: Support logging private key material for use with
wireshark via log file given by SSLKEYLOGFILE environment
variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton]
*) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
"ProxyPassInterpolateEnv On" are configured. PR 65549.
[Joel Self <joelself gmail.com>]
*) mpm_event: Fix children processes possibly not stopped on graceful
restart. PR 63169. [Joel Self <joelself gmail.com>]
*) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
protocols from mod_proxy_http, and a timeout triggering falsely when
using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
upgrade= setting. PRs 65521 and 65519. [Yann Ylavic]
*) mod_unique_id: Reduce the time window where duplicates may be generated
PR 65159
[Christophe Jaillet]
*) mpm_prefork: Block signals for child_init hooks to prevent potential
threads created from there to catch MPM's signals.
[Ruediger Pluem, Yann Ylavic]
*) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
PR 65159" added in 2.4.47.
This causes issue on Windows.
[Christophe Jaillet]
*) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic]
*) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
as successful or a staged renewal is replacing the existing certificates.
This avoid potential mess ups in the md store file system to render the active
certificates non-working. [@mkauf]
*) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
[Yann Ylavic]
*) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
connections. If ALPN protocols are provided and sent to the
remote server, the received protocol selected is inspected
and checked for a match. Without match, the peer handshake
fails.
An exception is the proposal of "http/1.1" where it is
accepted if the remote server did not answer ALPN with
a selected protocol. This accomodates for hosts that do
not observe/support ALPN and speak http/1.x be default.
*) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
with others when their URLs contain a '$' substitution. PR 65419 + 65429.
[Yann Ylavic]
*) mod_dav: Add method_precondition hook. WebDAV extensions define
conditions that must exist before a WebDAV method can be executed.
This hook allows a WebDAV extension to verify these preconditions.
[Graham Leggett]
*) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
modules apart from versioning implementations to handle the REPORT method.
[Graham Leggett]
*) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
dav_get_resource() to mod_dav.h. [Graham Leggett]
*) core: fix ap_escape_quotes substitution logic. [Eric Covener]
*) Easy patches: synch 2.4.x and trunk
- mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
- mod_ldap: log and abort locking errors.
- mod_ldap: style fix for r1831165
- mod_ldap: build break fix for r1831165
- mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
- mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
- mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
- mod_rewrite: Save a few cycles.
- mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
- core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
[Christophe Jaillet]
*) core/mpm: add hook 'child_stopping` that gets called when the MPM is
stopping a child process. The additional `graceful` parameter allows
registered hooks to free resources early during a graceful shutdown.
[Yann Ylavic, Stefan Eissing]
*) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
balancer-manager, which can lead to a crash. [Yann Ylavic]
*) mpm_event: Fix graceful stop/restart of children processes if connections
are in lingering close for too long. [Yann Ylavic]
*) mod_md: fixed a potential null pointer dereference if ACME/OCSP
server returned 2xx responses without content type. Reported by chuangwen.
[chuangwen, Stefan Eissing]
*) mod_md:
- Domain names in `<MDomain ...>` can now appear in quoted form.
- Fixed a failure in ACME challenge selection that aborted further searches
when the tls-alpn-01 method did not seem to be suitable.
- Changed the tls-alpn-01 setup to only become unsuitable when none of the
dns names showed support for a configured 'Protocols ... acme-tls/1'. This
allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
[Stefan Eissing]
*) Add CPING to health check logic. [Jean-Frederic Clere]
*) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
*) core, h2: common ap_parse_request_line() and ap_check_request_header()
code. [Yann Ylavic]
*) core: Add StrictHostCheck to allow unconfigured hostnames to be
rejected. [Eric Covener]
*) htcacheclean: Improve help messages. [Christophe Jaillet]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 54a96fa4feb1a7712f9f3d1190c0d95d89eb6c7c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
parser: Fix VSLENGTH parsing with trailing garbage
eval: Do not cache value of eflag in evaltree
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 633f2115055dbc529f94eb39487e38ba384f6b83)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Refresh the following patch:
donnot-extract-gdb-during-do-compile.patch
remove-unrecognized-gcc-option-m32-for-mips.patch
0001-printk-add-support-for-lockless-ringbuffer.patch
0002-printk-use-committed-finalized-state-values.patch
Removed since these are included in 7.3.0.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c833f0248954cad69cc14f866eb4003752e0b6eb)
[Fixes issue with 5.10 kernel]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This replicates the fix from canutils.bb, for the same issue. See the link
in the comment for details.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 020b87add3368b259662c5994a5a9d7edaa58085)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The tool depends on the six module, add it, otherwise the following
traceback happens when running it on the target:
Traceback (most recent call last):
File "/usr/bin/dstat", line 32, in <module>
import six
ModuleNotFoundError: No module named 'six'
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 866e2e88911c0975403b6f2be2cd498b34c2b395)
[minor fixup for Hardknott context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes for the following security vulnerabilities:
CVE-2021-2372
CVE-2021-2389
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Refer:
https://c-ares.org/adv_20210810.html
https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83
https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This function has been added upstream as well, therefore the patch is no
longer needed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Gianfranco Costamagna <locutusofborg@debian.org>
(cherry picked from commit 552269da69d3c7d366ca3ad7340de715f06005a5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport from version 6.2.5.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Without the udevrules cryptsetup luksOpen will be hanging with "Udev
cookie 0xd4de0f6 (semid 5) waiting for zero".
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 60b33e376b2331cd20950f0745336397790d2201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Otherwise cryptsetup-native depends on the target kernel and thus the
target compiler, as can be seen by:
$ bitbake -g cryptsetup-native
$ grep 'cryptsetup.*linux-yocto' task-depends.dot
"cryptsetup-native.do_build" -> "linux-yocto.do_deploy"
"cryptsetup-native.do_build" -> "linux-yocto.do_package_write_rpm"
"cryptsetup-native.do_populate_sysroot" -> "linux-yocto.do_populate_sysroot"
$ grep 'linux-yocto.*gcc-cross' task-depends.dot
"linux-yocto.do_kernel_configme" -> "gcc-cross-x86_64.do_populate_sysroot"
"linux-yocto.do_prepare_recipe_sysroot" -> "gcc-cross-x86_64.do_populate_sysroot"
This also moves the runtime dependencies to near the end of the recipe,
which is more customary.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 497602b4840720e8351ecf961ac6f85103093750)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 056d0892f0e2d1eb30029dbe9810b0800e87e634)
[Bugz fix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2021-36222:
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC)
in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2
allows remote attackers to cause a NULL pointer dereference and daemon
crash. This occurs because a return value is not properly managed in a
certain situation.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
Patches from:
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes:
Fix potential core dumped for strrchr, see https://github.com/DaveGamble/cJSON/pull/546
Fix null pointer crash in cJSON_CreateXxArray, see https://github.com/DaveGamble/cJSON/pull/538
Fix several null pointer problems on allocation failure, see https://github.com/DaveGamble/cJSON/pull/526
Fix a possible dereference of null pointer, see https://github.com/DaveGamble/cJSON/pull/519
Fix windows build failure about defining nan, see https://github.com/DaveGamble/cJSON/pull/518
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fa00ac02df4e3caabe8ba81d1700cec835bcb139)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 340ec8b25eafe644ab760fd784ccef217b7ee864)
[bug fix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- add an upstream proposed patch 317.patch to fix a build failure with enabled systemd binding
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 01fa60898c2fe65f327bea2f84aaca00aef3f371)
[Stable version, bug fix only]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Apply patch made to version 1.20.1 to version 1.18.0.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://git.openembedded.org/meta-openembedded
https://git.openembedded.org/meta-openembedded
MR: 112869, 112835, 105131, 112702, 112829
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745
ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c
Description:
Apache2 2.4.x is an LTS version with bug and CVE fixes.
https://downloads.apache.org/httpd/CHANGES_2.4.48
Includes these CVE fixes:
2.4.48
CVE-2021-31618
2.4.47
CVE-2020-13938
CVE-2020-11985
CVE-2021-33193
CVE-2019-17567
Drop these patches included in update:
CVE-2020-13950.patch
CVE-2020-35452.patch
CVE-2021-26690.patch
CVE-2021-26691.patch
CVE-2021-30641.patch
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ba016d73b5233a43ec6e398b45445d13ddaad745)
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* fix WARNING: linuxptp-3.1-r0 do_fetch: Failed to fetch URL
http://sourceforge.net/projects/linuxptp/files/v3.1/linuxptp-3.1.tgz,
attempting MIRRORS if available
linuxptp-3.1.tgz replace by linuxptp-3.1.1.tgz
* 3.1.1 release note
Version 3.1.1
Fixes:
CVE-2021-3570 linuxptp: missing length check of forwarded messages
CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Commit 2e794f33a43d71bb9861 cherry-picked a fix from master, which used
the new override syntax, which was introduced in poky commit
2abf8a699edd513405be (2021-07-25, "bitbake: bitbake: Switch to using new
override syntax"). However, this change was merged after 3.4_M2 and is
not part of hardknott, so bitbake complains about the new syntax:
ERROR: ParseError at
…/meta-openembedded/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb:20:
unparsed line: 'do_install:append() {'
Revert to the old syntax on the hardknott branch for now.
Fixes: 2e794f33a43d71bb9861 (2021-08-09, "ldns: fix QA Issue after LDFLAGS change")
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Commit bca3bbbf203086794e5b cherry-picked a fix from master, which used
the new override syntax, which was introduced in poky commit
2abf8a699edd513405be (2021-07-25, "bitbake: bitbake: Switch to using new
override syntax"). However, this change was merged after 3.4_M2 and is
not part of hardknott, so bitbake complains about the new syntax:
ERROR: ParseError at
…/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb:20:
unparsed line: 'do_install:append() {'
Revert to the old syntax on the hardknott branch for now.
Fixes: bca3bbbf203086794e5b (2021-08-09, "curlpp: fix QA Issue after LDFLAGS change")
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch [1] to fix CVE-2021-3560.
[1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b65c646b25a2652de02ba2adbbef942b5b475e7f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add rdeps as needed
Fixes shebang-size QA warnings
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8cc64128c70c5b6a41b050332abb1d73a10ef4fa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Avoids using installed-vs-shipped
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 566049b4f1ddc049c1f89a5838d1a71bb429faa3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE: CVE-2021-32625
Upstream-Status: Backport [e9a1438ac4c52aa68dfa2a8324b6419356842116]
Fix integer overflow in STRALGO LCS (CVE-2021-32625) (#9011)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Replace a link that's now broken.
The original download link on blender.org still works
(https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_1080p_surround.avi)
but is still extremely slow.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 223243d649b623db398d2f39f067b4c72b54e710)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: ldns.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a4791bf2f37de55dd51971d34ac2252d3cf68f30)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: curlpp.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c40e01b0fce73bc289d9499b204350359afc7884)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2014-10402.
CVE: CVE-2014-10402
Ref:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c80b3757ffc762a1577bcf7d0da41ebf1954b3f1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The previous SRC_URI only stores the latest source tarball and we
will meet do_fetch issue if not upgrade timely.
Update the SRC_URI which stores all versions to fix some warning
like below:
WARNING: mariadb-10.5.9-r0 do_fetch: Failed to fetch URL https://downloads.mariadb.org/interstitial/mariadb-10.5.9/source/mariadb-10.5.9.tar.gz, attempting MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit da798f15ffd93759e1ba3f21bd1ba80c73e962af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The log-error item which defined in my.cnf is "/var/log/mysqld.err"
previouly and it's not consistent with which created in install_db
service file which will call mysql-systemd-start to create the file
"/var/log/mysqld.log".
And it fails when boot with sysvinit as below:
$ service mysqld start
Starting MariaDB.210727 04:05:03 mysqld_safe Logging to '/var/log/mysqld.err'.
210727 04:05:03 mysqld_safe Starting mariadbd daemon with databases from /var/lib/mysql
/usr/bin/mysqld_safe_helper: Can't create/write to file '/var/log/mysqld.err' (Errcode: 13 "Permission denied")
So make the log-error item consistent to fix the above failure
and also remove the related workaround when boot with systemd.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a4144d954692ad68121d16adae09dc990e8ab1f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop patch to fix build failure with kernel 5.13, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66b5131e266a6e4a82b467d58cb657a28a2e4b7e)
[stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A commit in the repo of pm-qa:
"adf9df9 Fix path to library files and change shebang line"
Changed the text that sed was using to replace relative to
absolute paths.
As a result sed was not effectively finding the text
"source ../include" to replace it, as the sed should be now
searching for ". ../include".
Similarly for "../Switches"
Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 06a93a04efe2c2cbae6de93d07962be4dfa35019)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Stray newline character causes errors in functionfs setup scripts
used by android-tools-adbd.service, when using musl libc and/or toybox.
Signed-off-by: Devendra Tewari <devendra.tewari@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit db5f48734404a52ee5323659082f1d6baa225ca7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: netsnmp-agent.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5e042ac2079bffa3ae3d9839a50bf6a3d3f1930a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Lots of bug fixes.
CVE: CVE-2021-21704 CVE-2021-21705
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Without it there are no terminal configurations on the target
and htop refuses to run.
(cherry picked from commit b5d74f8a6bd33e8468dd04d990f08d89d1e6928a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Richard Purdie
Changqing Li
Armin Kuster
Mingli Yu
Chen Qi
Trevor Gamblin
Sakib Sajal
Peter Kjellerstedt
wangmy
zangrc
Alexander Kanavin
Marek Vasut
Khem Raj
Joe Slater
Kristian Klausen
Yi Zhao
zhengruoqin
Gianfranco
Roland Hieber
Tony Tascioglu
Michael Opdenacker
Tony Battersby
Kai Kang
Anastasios Kavoukis
Devendra Tewari
Paulo Neves