aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* python3-urllib3: Upgrade 1.26.4 -> 1.26.5hardknott-nexthardknottLeon Anavi6 days1-1/+1
| | | | | | | | | | | | | | | | | | | | Upgrade to release 1.26.5: - Fixed deprecation warnings emitted in Python 3.10. - Updated vendored six library to 1.16.0. - Improved performance of URL parser when splitting the authority component. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Fixes CVE 2021-33503. (cherry picked from commit bb39c29a46e44fcc082aed0ce8772f4267a41d2d) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pillow: fix CVE-2021-34552Joe Slater8 days3-0/+94
| | | | | | Pull fix from version 8.3.1 back to 8.2.0. Signed-off-by: Joe Slater <joe.slater@windriver.com>
* hiawatha: fix url.Armin Kuster12 days1-1/+1
| | | | | | files moved under a new dir structure. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: add a fix for build failure with kernel 5.13Gianfranco2021-07-182-0/+277
| | | | | | | | | | Its already upstream and also used in Debian and Ubuntu Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d0f2d7c954b9f3befd9470d97de581fe5b1fb2a8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.20 -> 6.1.22Gianfranco2021-07-181-2/+2
| | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 319490178b999a74a82d092320de5d9d2e5c67bd) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.18 -> 6.1.20Gianfranco2021-07-182-26/+2
| | | | | | | | | | | Drop all patches, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: fix failures to start install_db.serviceKai Kang2021-07-181-11/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It fails to start install_db.service when install mariadb-setupdb from a package repo via dnf: root@qemux86-64:~# systemctl status install_db x install_db.service - Install MySQL Community Server Database Loaded: loaded (/lib/systemd/system/install_db.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2021-07-09 02:55:12 UTC; 5s ago Process: 504 ExecStart=/usr/bin/mysql-systemd-start pre (code=exited, status=203/EXEC) Main PID: 504 (code=exited, status=203/EXEC) Jul 09 02:55:12 qemux86-64 systemd[1]: Starting Install MySQL Community Server Database... Jul 09 02:55:12 qemux86-64 systemd[504]: install_db.service: Failed to locate executable /usr/bin/mysql-systemd-start: No such file or directo> Jul 09 02:55:12 qemux86-64 systemd[504]: install_db.service: Failed at step EXEC spawning /usr/bin/mysql-systemd-start: No such file or direct> Jul 09 02:55:12 qemux86-64 systemd[1]: install_db.service: Main process exited, code=exited, status=203/EXEC Jul 09 02:55:12 qemux86-64 systemd[1]: install_db.service: Failed with result 'exit-code'. Jul 09 02:55:12 qemux86-64 systemd[1]: Failed to start Install MySQL Community Server Database. The scripts required by install_db.service are packaged in mariadb-server which depends on mariadb-setupdb already. So move the scripts to mariadb-setupdb to make sure start install_db.service successfully. And move creating user 'mysql' in mariadb-setupdb as well. Packageconfig 'setupdb' has been useless from last upgrade, so remove it at same time. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b7554ae2855483edc0a7d4c533d7d818bbc9e4f8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Upgrade to 10.5.11Zoltán Böszörményi2021-07-184-2/+2
| | | | | | | | | | Forward port musl patches Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 287ffdf1d03731fadd6a90b224d08cf9a3b50de5) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Use qemu to run cross-compiled binariesZoltán Böszörményi2021-07-184-108/+15
| | | | | | | | | This way, mariadb does not depend on mariadb-native anymore. Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6f05b2463a20f99d43c5a7db190dfe3490929247) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Fix build with clang/muslKhem Raj2021-07-182-0/+12
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit abbca30bd61c0ff856785900aac899ab33ead08b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Include missing sys/type.h for ssize_tKhem Raj2021-07-182-0/+16
| | | | | | | | | | | | | | | musl finds this problem in sources where its missing to include needed system header for ssize_t Fixes wsrep-lib/include/wsrep/gtid.hpp:80:5: error: unknown type name 'ssize_t'; did you mean 'size_t'? ssize_t scan_from_c_str(const char* buf, size_t buf_len, ^~~~~~~ size_t Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0298521fcd9eefdd9cd415b58740b972d65cf93c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Upgrade to 10.5.10Khem Raj2021-07-186-56/+10
| | | | | | | | | | | | | | Drop fix-a-building-failure.patch because upstream has made is narrower to apply to emulator builds and not just any cross compiling builds Add missing dependency on boost Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2183f0894110a6913c44bee9a1f4b1cea7639bdc) [Bug fix only update: CVE-2021-2166 CVE-2021-2154 ] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Fix configureAndreas Müller2021-07-182-0/+36
| | | | | | | | | Assume recent CMake upgrade made this pop up. Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ca18e276d63e9fc6fece6a32e88959cbcf84c91b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: fix CVE-2021-29478Tony Tascioglu2021-07-172-0/+43
| | | | | | | | | | | | | | | | | | | | | | This patch backports the fix for CVE-2021-29478 CVE: CVE-2021-29478 Upstream-Status: Backport [https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592] An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2). Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: fix CVE-2021-29477Tony Tascioglu2021-07-172-0/+36
| | | | | | | | | | | | | | | This patch backports the fix for CVE-2021-29477. CVE: CVE-2021-29477 Upstream-Status: Backport [https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9] An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 3.2.4 -> 3.2.5 (fix CVE-2021-35042)Trevor Gamblin2021-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3.2.5 fixes CVE-2021-35042: Potential SQL injection via unsanitized QuerySet.order_by() input. Additional release notes: - Fixed a regression in Django 3.2 that caused a crash of QuerySet.values_list(…, named=True) after prefetch_related() (#32812). - Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when altering BinaryField, JSONField, or TextField to non-nullable (#32503). - Fixed a regression in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a default value (#32832). - Fixed a bug in Django 3.2 where a system check would crash on a model with an invalid app_label (#32863). There is no corresponding uprev for the 2.x LTS branch since it is already at the latest version (2.2.24). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit fe50bd100548500842667210df9757d84ec11b16) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sysbench: fix memory testmassimo toscanelli2021-07-142-1/+43
| | | | | | | | | | | | | | | | | | | In sysbench version 0.4, the tmp variable used by the memory test to execute requests is optimized by the compiler. Caching mechanism reduces the direct accesses to the memory increasing the transfer speed. This leads to false timing estimations that considerably affect read and also random write operations. In sysbench version 1, this issue is fixed adding the volatile modifier to the tmp variable. This prevents compiler optimizations forcing a direct access to the memory. The final result is a realistic transfer speed measurement. Signed-off-by: massimo toscanelli <massimo.toscanelli@leica-geosystems.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 59cce5ad1603c2975684ae15b639e0e3cd688c40) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libiio: fix installing libiio when python3 bindings are enabledSam Van Den Berge2021-07-132-1/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes the following error when libiio is installed when python3 bindings are enabled: ERROR: Execution of '.../libiio/0.21+gitAUTOINC+565bf68ecc-r0/temp/run.do_install.2349473' failed with exit code 1: running build running build_py running install Traceback (most recent call last): File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/build/bindings/python/setup.py", line 77, in _check_libiio_installed raise OSError OSError During handling of the above exception, another exception occurred: Traceback (most recent call last): File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/build/bindings/python/setup.py", line 106, in <module> setup(**config) File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/recipe-sysroot-native/usr/lib/python3.9/site-packages/setuptools/__init__.py", line 153, in setup return distutils.core.setup(**attrs) File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/recipe-sysroot-native/usr/lib/python3.9/distutils/core.py", line 148, in setup dist.run_commands() File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/recipe-sysroot-native/usr/lib/python3.9/distutils/dist.py", line 966, in run_commands self.run_command(cmd) File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/recipe-sysroot-native/usr/lib/python3.9/distutils/dist.py", line 985, in run_command cmd_obj.run() File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/build/bindings/python/setup.py", line 52, in run self._check_libiio_installed() File "/libiio/0.21+gitAUTOINC+565bf68ecc-r0/build/bindings/python/setup.py", line 83, in _check_libiio_installed raise Exception(msg) Exception: The libiio library could not be found. libiio needs to be installed first before the python bindings. The latest release can be found on GitHub: https://github.com/analogdevicesinc/libiio/releases Some time ago a fix for this issue was already discussed here [1]. However in the same discussion also a second issue was being handled. A fix for the second issue was merged in 51f98865da0. The first issue didn't pop up anymore and so a fix was never applied. Recently however after switching from build machine, I started seeing the first issue. I suspect due to build caching the first issue didn't pop up anymore before up until now. With this patch, fixes are now available for both issues handled in [1]. [1]: https://github.com/openembedded/meta-openembedded/issues/248 Signed-off-by: Sam Van Den Berge <sam.van.den.berge@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ntp: fix ntpdate to wait for subprocessesAdrian Zaharia2021-07-101-0/+5
| | | | | | | | | | | | | | | | | When using systemd, ntpdate-sync script will start in background triggering the start of ntpd without actually exiting. This results in an bind error in ntpd startup. Add wait at the end of ntpdate script to ensure that when the ntpdate.service is marked as finished the oneshot script ntpdate-sync finished and unbind the ntp port Fixes #386 Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 73d5cd5e8d9d8a922b6a8a9d90adf0470a99314e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: add CVE-2006-5201 to allowlistMasaki Ambai2021-07-101-0/+3
| | | | | | | | | CVE-2006-5201 affects only using an RSA key with exponent 3 on Sun Solaris. Signed-off-by: Masaki Ambai <ambai.masaki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 44113dcb5feea5522696d43d00909db41e5e6dbc) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlistAkifumi Chikazawa2021-07-101-0/+3
| | | | | | | | | | CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d49e96aac4616c439a2d778b95a793037dac884e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 ↵Li Wang2021-07-106-0/+239
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2021-30641 CVE-2020-13950: Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service References: https://nvd.nist.gov/vuln/detail/CVE-2020-13950 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966738 https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b CVE-2020-35452: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow References: https://nvd.nist.gov/vuln/detail/CVE-2020-35452 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2020-35452 https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b CVE-2021-26690: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service References: https://nvd.nist.gov/vuln/detail/CVE-2021-26690 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2021-26690 https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 CVE-2021-26691: In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow References: https://nvd.nist.gov/vuln/detail/CVE-2021-26691 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966732 https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b CVE-2021-30641: Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' References: https://nvd.nist.gov/vuln/detail/CVE-2021-30641 Upstream patches: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: fix CVE-2021-23017Changqing Li2021-07-102-0/+47
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.23 -> 2.2.24Trevor Gamblin2021-06-272-9/+9
| | | | | | | | | | Version 2.2.24 contains a fix for CVE-2021-33571 and is the latest LTS release. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fa2d3338fb87a38a66d11735b876ce2320045b0d) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: Upgrade 3.2.3 -> 3.2.4Leon Anavi2021-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 3.2.4: - CVE-2021-33203: Potential directory traversal via admindocs - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses - Fixed a bug in Django 3.2 where a final catch-all view in the admin didn't respect the server-provided value of SCRIPT_NAME when redirecting unauthenticated users to the login page. - Fixed a bug in Django 3.2 where a system check would crash on an abstract model - Prevented unnecessary initialization of unused caches following a regression in Django 3.2 - Fixed a crash in Django 3.2 that could occur when running mod_wsgi with the recommended settings while the Windows colorama library was installed - Fixed a bug in Django 3.2 that would trigger the auto-reloader for template changes when directory paths were specified with strings - Fixed a regression in Django 3.2 that caused a crash of auto-reloader with AttributeError, e.g. inside a Conda environment - Fixed a regression in Django 3.2 that caused a loss of precision for operations with DecimalField on MySQL Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 624e3e18982775d2ea88e55e16d179420f0575fc) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 3.2.2 -> 3.2.3Trevor Gamblin2021-06-271-1/+1
| | | | | | | | | | | | | | | | | 3.2.3 is a bugfix release: - Prepared for mysqlclient > 2.0.3 support (#32732). - Fixed a regression in Django 3.2 that caused the incorrect filtering of querysets combined with the | operator (#32717). - Fixed a regression in Django 3.2.1 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path (#32718). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit bdf1be7c5511f3d19e4786b9f2bcad88dfb2a9e4) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.22 -> 2.2.23Trevor Gamblin2021-06-272-9/+9
| | | | | | | | | | | | | | 2.2.23 is a bugfix release: - Fixed a regression in Django 2.2.21 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path (#32718). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit f07a8c1376fe9f5eb4fc0ddff8ca1a1b3c3f173b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ntp: add CVE-2016-9312 to allowlistSekine Shigeki2021-06-271-0/+3
| | | | | | | Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 04a7dce6259b43234e0f815dfc1415eca693eddf) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cifs-utils: set ROOTSBINDIR to /usr/sbin if DISTRO_FEATURES has usrmergeGeoff Parker2021-06-271-3/+14
| | | | | | | | | | | | | | | | Fixes cif-utils recipe build when DISTRO_FEATURES includes 'usrmerge' Add do_configure_prepend() to override ROOTSSBINDIR environment variable so that the utilities are installed in /usr/sbin rather than /sbin. Setting --exec-prefix or --prefix in EXTRA_OECONF does not work. Update do_install_append() to NOT remove /usr/bin /usr/sbin if usrmerge is set in DISTRO_FEATURES Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3c1e72d62ccf2c2f94bf280a2500e23fdb01a57c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* minifi-cpp: set CLEANBROKEN to 1Chen Qi2021-06-271-0/+2
| | | | | | | | | | | | Rebuilding minifi-cpp in old build dir sometimes result in do_compile failure. So set CLEANBROKEN to "1" to workaround this problem. If further investigation is done and the underlying problem is addressed, this setting could be removed. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a9e17243875b82dba698924cf2f1d31408127521) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dovecot: add CVE-2016-4983 to allowlistito-yuichi@fujitsu.com2021-06-271-0/+3
| | | | | | | | | | CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist. Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3613b50a84559ce771866cd1eef1141fa3e6d238) [mkcert.sh does mask 077 first] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: Support building for nativePeter Kjellerstedt2021-06-271-5/+13
| | | | | | | | | | | Due to the sed commands in do_install_append() that removed ${STAGING_DIR_HOST} and it being empty when building for native, it was impossible to add support for building this as native using a bbappend. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 74d58bc6e8f53bff15d2c06865591c325ebb6a7f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: A little clean upPeter Kjellerstedt2021-06-271-19/+16
| | | | | | | | | | | | | | * Remove the explicit dependency on libnl as the libnl PACKAGECONFIG depends on it as necessary. * Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF directly. * Sort the PACKAGECONFIGs. * Some whitespace clean up. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 411c981ef01b9965c22b7c35549dc95023169ea7) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* rapidjson: remove stale LIB_INSTALL_DIRAndrea Adami2021-06-271-1/+1
| | | | | | | | | | | | | | | | | | This was introduced with commit: 2e0fd78 rapidjson: fix cmake artifacts installation for non-default BASELIB case and should have been removed with commit: 5aa127a rapidjson: Remove unwanted patches NOTE: such multilib fixes are not needed after this commit in oe-core: 24f630c cmake.bbclass: Define LIB_SUFFIX Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0ceacaa68e212cc06ea7371a206bdbe21033cc05) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-debug-image: support cases where machines override IMAGE_FSTYPESAndrea Adami2021-06-271-1/+6
| | | | | | | | | | As done for initramfs-kexecboot-image we need to use python to get the desired value for IMAGE_FSTYPES. Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93e139c998857048182ed4169f04cfe350eab013) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-kexecboot-image: support cases where machines override IMAGE_FSTYPESAndrea Adami2021-06-271-2/+6
| | | | | | | | | | | | | | | | test case: zaurus.inc IMAGE_FSTYPES ?= "tar.gz jffs2 jffs2.sum ubi ubifs" IMAGE_FSTYPES_collie ?= "tar.gz jffs2 jffs2.sum" INITRAMFS_FSTYPES ?= "cpio.gz cpio.xz" The last assignment IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" did in fact reset the value to IMAGE_FSTYPES_collie, thus not producing cpio.gz / cpio.xz. Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit cdce92b4e9e82327fe2b3118384c424d7f08cc0c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cyrus-sasl: add CVE-2020-8032 to allowlistito-yuichi@fujitsu.com2021-06-271-0/+3
| | | | | | | | | This affects only openSUSE, so add it to allowlist. Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 711e932b14de57a5f341124470b2f3f131615a25) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* add CVE-2011-2411 to allowlistSekine Shigeki2021-06-271-0/+4
| | | | | | | | | This affects only on HP NonStop Server, so add it to allowlist. Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bb4a4f0ff8d9926137cb152fd3f2808bd9f961ce) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* minifi-cpp: set correct python processor directory in configure fileYi Zhao2021-06-271-0/+3
| | | | | | | | | | | Set an appropriate python processor directory in configure file to fix the minifi startup warning: [org::apache::nifi::minifi::python::PythonCreator] [error] Could not access /etc/minifi/minifi-python/ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a86b772e31079231a04762ed49ec83d32005ca15) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: upgrade 5.9 -> 5.9.1zhengruoqin2021-06-272-9/+12
| | | | | | | | | | | Refresh the following patch: net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5411629c443d0d64b6d10f77d0622626e31a789d) [Bug fix only update - AK] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libeigen: update LICENSE informationOvidiu Panait2021-06-272-2/+58
| | | | | | | | | | | | | | | | | | | | | | | | From COPYING.README: """ Eigen is primarily MPL2 licensed. See COPYING.MPL2 and these links: http://www.mozilla.org/MPL/2.0/ http://www.mozilla.org/MPL/2.0/FAQ.html Some files contain third-party code under BSD or LGPL licenses, whence the other COPYING.* files here. All the LGPL code is either LGPL 2.1-only, or LGPL 2.1-or-later. For this reason, the COPYING.LGPL file contains the LGPL 2.1 text. """ The upstream repository contains multiple COPYING files (various 3rd party code is under different licenses), so update the LICENSE information accordingly. Also, add MINPACK to meta-oe/licenses. Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9efdb6799ed45cf04acde9b435aeb8ccd1f2843c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: upgrade 3.4.5 -> 3.4.6zangrc2021-06-271-1/+1
| | | | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1c3701018ba2d251a72111f1159c9605dbff3992) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libpfm4 4.10.1 : enable arm64 host platformOlivier Georget2021-06-271-1/+2
| | | | | | | | | | libpfm4 is only enabled for powerpc arch as of now. This enables the lib on Arm 64bit platform as well. Signed-off-by: Olivier Georget <olivier.georget@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d02bd486736ba7cc552312849cea4fa33b1e1259) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* thunar: fix CVE-2021-32563Stefan Ghinea2021-06-133-0/+309
| | | | | | | | | | | | | | | | | | | An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. References: https://nvd.nist.gov/vuln/detail/CVE-2021-32563 Upstream patches: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit baa9453d57aa06554c823b5c7bd9c029e1858f89) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mongodb: Change PV to 4.4.6Khem Raj2021-06-131-2/+2
| | | | | | | | | | | | | | | 4.4.6 has been released from same SHA which was used for rc0 Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e17fc085c025550be08353319983f9b89b11831b) [Bug fix only updates: Issues fixed: SERVER-53604: Include original aws iam arn in authenticate audit logs SERVER-52564: Deadlock between step down and MongoDOperationContextSession WT-7442: RTS to open dhandle only when the dhandle has unstable updates WT-7426: Set write generation number when the page image gets created WT-7373: Improve slow random cursor operations on oplog] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mongodb: Update to 4.4.6-rc0Khem Raj2021-06-132-718/+3
| | | | | | | | | | | | | | | | | | Drop upstreamed patch Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 44664a2d66ea848d927164685c283f0ea8d3d12f) [Bug fix only update: Issues fixed: SERVER-55298: Reproduce and Investigate BSONObjectTooLarge error SERVER-53566: Investigate and reproduce "opCtx != nullptr && _opCtx == nullptr" invariant SERVER-51281: mongod live locked SERVER-46686: Explain does not respect maxTimeMS SERVER-45836: Provide more LDAP details (like server IP) at default log level All JIRA issues closed in 4.4.5 4.4.5 Changelog] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix build on Centos 7Marek Vasut2021-06-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Centos 7 has glibc 2.18 and nss-native build fails due to implicit declaration of function putenv during build. This is because of the Feature Test Macro Requirements for glibc (see feature_test_macros(7)): putenv(): _XOPEN_SOURCE || /* Glibc since 2.19: */ _DEFAULT_SOURCE || /* Glibc versions <= 2.19: */ _SVID_SOURCE and because nss coreconf/Linux.mk only defines -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE So on such system with glibc 2.18, neither macro makes putenv() available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18 native build case. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Armin Kuster <akuster808@gmail.com> Cc: Armin Kuster <akuster@mvista.com> Cc: Khem Raj <raj.khem@gmail.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 30148b33b5d750702d7749ac59d8d740d8cb7024) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: upgrade 4.14 -> 4.15Andrej Kozemcak2021-06-062-25/+2
| | | | | | | | | Changes are found at: http://www.squid-cache.org/Versions/v4/changesets Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 77e614754553e64c4bc554ae802dc09e56eb6209) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgtop: fix do_compile errorChangqing Li2021-05-232-0/+39
| | | | | | | | | | | | | | On some distros, such as fedora32, cross compile failed with following error since host library is used. undefined reference to `stat64@GLIBC_2.33' According doc of ld, set searchdir begins with "=", but not hardcoded locations. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a6d1ddf7a9972008261bb84ff4196446d182c683) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgtop: tidy up recipeAndreas Müller2021-05-231-4/+1
| | | | | | | Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 55c0d740bc3553005b8a9e79b172231142c30d20) Signed-off-by: Armin Kuster <akuster808@gmail.com>