aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2019-10-05tcpdump: Fix CVE-2017-16808thud-nextthudPeiran Hong
Backport selected parts of three upstream commits to fix CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read. Upstream-Status: Backport [ several ] Upstream commits fully backported: 46aead6 [CVE-2017-16808/AoE: Add a missing bounds check] Upstream commits partially backported: 7068209 [Use nd_ types in 802.x and FDDI headers.] 84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)] 46aead6 fixes the vulnerability and requires two macros defined in 7068209 and 84ef17a, which are committed after the release of 4.9.2. Only the definition of the macros are taken from the two commits as they impact a wide range of code and are difficult to integrate. CVE: CVE-2017-16808 Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-05polkit: Fix CVE-2018-19788Dan Tran
Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-05mariadb: update SRC_URI, as 5.5.64 has moved to archiveDenys Dmytriyenko
The old URL now gives 404 Not Found Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-04postgres: update to 10.10Armin Kuster
Source: postgres.org MR: 99749, 99235, 98775, 99326 Type: Security Fix Disposition: Backport from postgress.org ChangeID: aa72ce0ba009e6544ee0ae57a042aeb99c339d06 Description: LIC_CHK_SUM update do to year updates drop two patches included in update. Bug fix only updates. 10.10 CVE-2019-10211 CVE-2019-10210 CVE-2019-10208 10.9 CVE-2019-10164 10.8 CVE-2019-10130 CVE-2019-10128 10.6 CVE-2019-10127 CVE-2018-16850 Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-09-04wireshark: Update to 2.6.10 for security fixes.Armin Kuster
Source: wireshark.org MR: 99742, 99743, 99744, 99745, 99746 99747, 99742, 99748, 99062 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: d9a2014ea6271a58633cea8899b63257b8b03cd3 Description: Bug fix update only updates. 2.8.10: wnpa-sec-2019-20 ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619. 2.8.9: wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778. CVE-2019-12295 2.6.8: wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895. wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899. wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894. wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896. wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901. wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903. Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-09-02libedit: Add native and nativesdk to BBCLASSEXTENDMaxime Roussin-Bélanger
To keep support of meta-clang support on thud branch. It depends on libedit native Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-02lua: Security fix for CVE-2019-6706Armin Kuster
Source: lua.org MR: 97553 Type: Security Fix Disposition: Backport from http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html ChangeID: c939b7edcb54274ab0aeebcb7e3dc9f17cc09c2d Description: Affects < 5.3.5 Fixes: CVE-2019-6706 Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-02apache2: upgrade 2.4.39 -> 2.4.41Yi Zhao
Security fixes: CVE-2019-10081 CVE-2019-9517 CVE-2019-10098 CVE-2019-10092 CVE-2019-10097 CVE-2019-10082 See: http://www.apache.org/dist/httpd/CHANGES_2.4.41 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-02apache2: Correct appending to SYSROOT_PREPROCESS_FUNCSPeter Kjellerstedt
A missing space lead to problems if something else was already added to SYSROOT_PREPROCESS_FUNCS. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-02apache2: upgrade 2.4.34 -> 2.4.39Yi Zhao
* Drop apache2-native recipe. Add native to BBCLASSEXTEND in apache2 recipe. * Refresh patches. Drop CVE-2018-11763.patch and apache-configure_perlbin.patch * Cleanup recipe file. Remove obsolete code. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> [Bug fix only update: Includes CVES: CVE-2018-17189 CVE-2018-17199 CVE-2019-0190 CVE-2019-0220 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0211 ] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-02apache2: set CVE_PRODUCTQi.Chen@windriver.com
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-27netkit-rsh: add tag to CVE patchQi.Chen@windriver.com
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-27netkit-rsh: security fixesYi Zhao
Fix CVE-2019-7282, CVE-2019-7283 References: https://nvd.nist.gov/vuln/detail/CVE-2019-7282 https://nvd.nist.gov/vuln/detail/CVE-2019-7283 Patch from: https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-27netkit-rsh: don't build under muslTom Rini
Uses iruserok and ruserok which are GNU extensions available in glibc but not in musl Cc: Khem Raj <raj.khem@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-26ccid: fix SRC_URIMartin Jansa
* alioth.debian.org isn't available anymore * master already has this (was part of the upgrade to newer version) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-25mariadb: update to 5.5.64Armin Kuster
Bug fix only updates: https://mariadb.com/kb/en/library/mariadb-5564-release-notes/ 5.5.64; CVE-2019-2614 CVE-2019-2627 5.5.63; CVE-2019-2529 Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-05-25ntp: upgrade 4.2.8p12 -> 4.2.8p13Andrej Valek
License has been changed due to reformatting, no new stuff added. Bug fix only update include security fixes: CVE-2019-8936 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-05-20cpupower: remove LIC_FILES_CHKSUMNicolas Dechesne
cpupower is a 'special' recipe since it does "inherit kernelsrc" , which essentially means that it doesn't have its own sources, but reuse the kernel source tree, from virtual/kernel recipe. As such, checking the license file in cpupower recipe does not seem relevant, since it does not fetch anything (kernelsrc has "deltask do_fetch") and the fetching is deferred to the virtual/kernel recipe. so we are basically checking the COPYING file twice. If there was any license issue, it would have been caught by virtual/kernel recipe already. Hence we remove LIC_FILES_CHKSUM like it is done for perf recipe in OE-core in meta/recipes-kernel/perf/perf.bb. It has the nice side effect that BSP layers can use different kernel versions without worrying about any LICENSE checksum changes in between kernel versions. Reported-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7142f09407b81c2221bbf1c5078641ab4bc63ee9) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-03-24rtmpdump: Switch to using GNU TLS instead of openssl10Khem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> [THUD: fixes usr/include/openssl/rc4.h:74:5: error: unknown type name 'RC4_INT'] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-03-24Split ntpq into an own packageAdrian Bunk
ntpq is the standard query program for ntp, but ntp-utils depends on perl. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-03-24wireless-regdb: update 2018.05.31 -> 2018.10.24Adrian Bunk
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-03-24python3-blivetgui: Fix _supported_filesystems crashOvidiu Panait
Fix the following error when attempting to use blivet-gui in anaconda: Traceback (most recent call first): File "/usr/lib64/python3.5/site-packages/blivetgui/blivetgui.py", line 153, in supported_filesystems if self._supported_filesystems: File "/usr/lib64/python3.5/site-packages/blivetgui/blivetgui.py", line 456, in add_device supported_filesystems=self.supported_filesystems, AttributeError: 'BlivetGUIAnaconda' object has no attribute '_supported_filesystems' Reference: https://github.com/storaged-project/blivet-gui/pull/100/ Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-03-24mosquitto: fully switch over to using PACKAGECONFIG_CONFARGSAndré Draszik
Convert all other instances of explicit PACKAGECONFIG uses to the PACKAGECONFIG_CONFARGS infrastructure. Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Damien Riegel <damien.riegel@gmail.com> [Damien Riegel: backport from master] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-03-24mosquitto: fix build in systemd environmentsAndré Draszik
The mosquitto systemd service file instructs systemd to wait for mosquitto to notify systemd that mosquitto has started correctly. This isn't working as mosquitto is not *compiled* with systemd support enabled. As such, systemd restarts mosquitto every few seconds. For reference, this was introduced in commit a483d344d9fb ("mosquitto: Make enabling systemd also enable build dep on systemd") Because we build mosquitto using the provided Makefile infrastructure, the solution is to add PACKAGECONFIG_CONFARGS to EXTRA_OEMAKE, so that the required make flags are added to the make command line. Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Damien Riegel <damien.riegel@gmail.com> [Damien Riegel: backport from master] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04vim: improve reproducibilityMingli Yu
Clear all_cflags, all_lflags, compiled_user and compiled_sys to avoid introducing build info to improve reproducibility as below: WARNING: vim-8.1.0347-r0 do_package_qa: QA Issue: File /work/core2-64-wrs-linux/vim/8.1.0347-r0/packages-split/vim/usr/bin/vim.vim in package contained reference to tmpdir [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04libgit2: Fix install for multilibAndreas Müller
| ERROR: libgit2-0.27.4-r0 do_package: QA Issue: libgit2: Files/directories were installed but not shipped in any package: | /usr/lib/libgit2.so.0.27.5 | /usr/lib/libgit2.so.27 | /usr/lib/libgit2.so | /usr/lib/pkgconfig | /usr/lib/pkgconfig/libgit2.pc | Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. + reduce 8 spaces by 4 Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04networkmanager: fix QA issue when using modemmanager and ppp in PACKAGECONFIGMarc Ferland
Got the following error when I activated both ppp and modemmanager options: ERROR: networkmanager-1.14.4-r0 do_package: QA Issue: networkmanager: Files/directories were installed but not shipped in any package: /usr/lib/pppd/2.4.5/nm-pppd-plugin.so Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04nmap: Include additional FILES path for certsScott Ellis
If both ncat and ssl are in PACKAGECONFIG then the installer adds a cert bundle to /usr/share/ncat/ca-bundle.crt Signed-off-by: Scott Ellis <scott@jumpnowtek.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04nmap: Fix typo in pcre PACKAGECONFIGScott Ellis
Signed-off-by: Scott Ellis <scott@jumpnowtek.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04mozjs: Fix symbol visibility with clang/libc++Khem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> [fixup for thud context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04nmap: Fix build with clang8/musl/libc++Khem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04wireshark: update to 2.6.6Armin Kuster
includes: wnpa-sec-2019-01 The 6LoWPAN dissector could crash. Bug 15217. CVE-2019-5716. wnpa-sec-2019-02 The P_MUL dissector could crash. Bug 15337. CVE-2019-5717. wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. Bug 15373. CVE-2019-5718. wnpa-sec-2019-04 The ISAKMP dissector could crash. Bug 15374. CVE-2019-5719. For more info see: https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04licenses: Add Arphic-Public-License textKhem Raj
ttf-arphic-uming recipe in meta-oe needs this source: http://ftp.gnu.org/gnu/non-gnu/chinese-fonts-truetype/LICENSE Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04luajit: Disable for mips n64/n32 hostsKhem Raj
- mips64 port does not exist - Also convert aarch64 compatible host case to an override Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04fix networkmanager apppendthc
Fix following warning: WARNING: networkmanager-1.14.4-r0 do_configure: QA Issue: networkmanager: invalid PACKAGECONFIG: bluez5glib [invalid-packageconfig] if conf/local.conf: PACKAGECONFIG_append_pn-networkmanager = " ifupdown wifi bluez5" bluez5 is not compiled into nm appending variable should use a prepending space, see https://www.yoctoproject.org/docs/2.0/ref-manual/ref-manual.html Signed-off-by: Thomas Csovcsity <thc.fr13nd@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04mpv: Disable lua on mips/aarch64Khem Raj
Luajit depeendency is not available on mips64/aarch64 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04packagegroup-meta-oe: Remove unbuildable packages on risc-v from rdepKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04packagegroup-meta-oe: Exclude android-tools breakpad on ppcKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04packagegroup-meta-oe: Exclude unbuildable packages on mips64Khem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04python-pyparted/python3-pyparted: drop incorrect and redundant PVHongxu Jia
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04srecord: GPL-3.0 and LGPL-3.0 is correct licenseKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04samba: fix build on qemumips64 with muslAndrea Adami
There is the same issue as for libldb, the header has conflicting defs for unitptr_t. Fix it as done for the other recipe. Fix /cmocka/cmocka.h:126:28: error: conflicting types for 'uintptr_t' typedef unsigned int uintptr_t; ^~~~~~~~~ Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04kexec-tools-klibc: fix build for mipsel and mips64elAndrea Adami
Builds with little endianness were not tested before. Fix for: purgatory.c:2:10: fatal error: limits.h: No such file or directory Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04klibc: Fix build with clangKhem Raj
Newer versions of clang optimize the calls to use unlocked variants of these functions Fixes | capabilities.c:(.text+0xb4): undefined reference to `fread_unlocked' | arm-yoe-linux-gnueabi-ld.bfd: capabilities.c:(.text+0x11a): undefined reference to `fwrite_unlocked' Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04waf-cross-answers: Add cross-answers-mips64el.txtAndrea Adami
Fix build failure on mips64el platforms (missing waf-cross-answers-mips64el). Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04modemmanager: Fix build with clangKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04ptpd: fixed the issue of ptpd2 daemon takes 100% CPUHaiqing Bai
The ptpd2 daemon consumes 100% CPU (of a single core) after some amount of stable runtime. This fix added minimum POSIX timer interval to prevent from timers firing to quickly for the process to handle, resulting in 100% CPU and endless signal queue. Reference: https://github.com/ptpd/ptpd/blob/master/ChangeLog Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04open-vm-tools: fix indentation and drop FILES_${PN}-dbgMartin Jansa
* don't mix tabs and spaces for indentation, removes new warning: meta-oe/recipes-support/open-vm-tools/open-vm-tools_10.3.0.bb: python should use 4 spaces indentation, but found tabs in open-vm-tools_10.3.0.bb, line 107 * remove FILES_${PN}-dbg variable, all .debug directories are packaged automatically in ${PN}-dbg for long time (at least since 2.1 Krogoth) since this oe-core commit: commit da5ec06814e105451cca11cce76b5c5231110524 Author: Richard Purdie <richard.purdie@linuxfoundation.org> Date: Tue Dec 15 15:38:54 2015 +0000 package: Add auto package splitting of .debug files Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04packagegroup-meta-oe: Remove packages which don't build for muslKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-02-04packagegroup-meta-oe: Remove arch specific packages as neededKhem Raj
Some packages are not supported on all architectures, therefore they can not be included unconditionally. Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>