Age | Commit message (Collapse) | Author |
|
Backport selected parts of three upstream commits to fix
CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read.
Upstream-Status: Backport
[ several ]
Upstream commits fully backported:
46aead6 [CVE-2017-16808/AoE: Add a missing bounds check]
Upstream commits partially backported:
7068209 [Use nd_ types in 802.x and FDDI headers.]
84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using
pointers (1/n)]
46aead6 fixes the vulnerability and requires two macros defined in
7068209 and 84ef17a, which are committed after the release of 4.9.2.
Only the definition of the macros are taken from the two commits
as they impact a wide range of code and are difficult to integrate.
CVE: CVE-2017-16808
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The old URL now gives 404 Not Found
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: postgres.org
MR: 99749, 99235, 98775, 99326
Type: Security Fix
Disposition: Backport from postgress.org
ChangeID: aa72ce0ba009e6544ee0ae57a042aeb99c339d06
Description:
LIC_CHK_SUM update do to year updates
drop two patches included in update.
Bug fix only updates.
10.10
CVE-2019-10211
CVE-2019-10210
CVE-2019-10208
10.9
CVE-2019-10164
10.8
CVE-2019-10130
CVE-2019-10128
10.6
CVE-2019-10127
CVE-2018-16850
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Source: wireshark.org
MR: 99742, 99743, 99744, 99745, 99746 99747, 99742, 99748, 99062
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: d9a2014ea6271a58633cea8899b63257b8b03cd3
Description:
Bug fix update only updates.
2.8.10:
wnpa-sec-2019-20 ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619.
2.8.9:
wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778. CVE-2019-12295
2.6.8:
wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.
wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.
wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.
wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.
wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.
wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
To keep support of meta-clang support on thud branch.
It depends on libedit native
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: lua.org
MR: 97553
Type: Security Fix
Disposition: Backport from http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
ChangeID: c939b7edcb54274ab0aeebcb7e3dc9f17cc09c2d
Description:
Affects < 5.3.5
Fixes:
CVE-2019-6706
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Security fixes:
CVE-2019-10081
CVE-2019-9517
CVE-2019-10098
CVE-2019-10092
CVE-2019-10097
CVE-2019-10082
See: http://www.apache.org/dist/httpd/CHANGES_2.4.41
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A missing space lead to problems if something else was already added to
SYSROOT_PREPROCESS_FUNCS.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Drop apache2-native recipe.
Add native to BBCLASSEXTEND in apache2 recipe.
* Refresh patches.
Drop CVE-2018-11763.patch and apache-configure_perlbin.patch
* Cleanup recipe file. Remove obsolete code.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[Bug fix only update:
Includes CVES: CVE-2018-17189
CVE-2018-17199
CVE-2019-0190
CVE-2019-0220
CVE-2019-0196
CVE-2019-0197
CVE-2019-0215
CVE-2019-0217
CVE-2019-0211
]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix CVE-2019-7282, CVE-2019-7283
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-7282
https://nvd.nist.gov/vuln/detail/CVE-2019-7283
Patch from:
https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Uses iruserok and ruserok which are GNU extensions available in glibc
but not in musl
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* alioth.debian.org isn't available anymore
* master already has this (was part of the upgrade to newer version)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Bug fix only updates:
https://mariadb.com/kb/en/library/mariadb-5564-release-notes/
5.5.64;
CVE-2019-2614
CVE-2019-2627
5.5.63;
CVE-2019-2529
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
License has been changed due to reformatting, no new stuff added.
Bug fix only update include security fixes:
CVE-2019-8936
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
cpupower is a 'special' recipe since it does "inherit kernelsrc" ,
which essentially means that it doesn't have its own sources, but
reuse the kernel source tree, from virtual/kernel recipe. As such,
checking the license file in cpupower recipe does not seem relevant,
since it does not fetch anything (kernelsrc has "deltask do_fetch")
and the fetching is deferred to the virtual/kernel recipe.
so we are basically checking the COPYING file twice. If there was any
license issue, it would have been caught by virtual/kernel recipe
already.
Hence we remove LIC_FILES_CHKSUM like it is done for perf recipe in
OE-core in meta/recipes-kernel/perf/perf.bb.
It has the nice side effect that BSP layers can use different kernel
versions without worrying about any LICENSE checksum changes in
between kernel versions.
Reported-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7142f09407b81c2221bbf1c5078641ab4bc63ee9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[THUD: fixes usr/include/openssl/rc4.h:74:5: error: unknown type name 'RC4_INT']
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ntpq is the standard query program for ntp,
but ntp-utils depends on perl.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix the following error when attempting to use blivet-gui in anaconda:
Traceback (most recent call first):
File "/usr/lib64/python3.5/site-packages/blivetgui/blivetgui.py", line 153, in supported_filesystems
if self._supported_filesystems:
File "/usr/lib64/python3.5/site-packages/blivetgui/blivetgui.py", line 456, in add_device
supported_filesystems=self.supported_filesystems,
AttributeError: 'BlivetGUIAnaconda' object has no attribute '_supported_filesystems'
Reference:
https://github.com/storaged-project/blivet-gui/pull/100/
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Convert all other instances of explicit PACKAGECONFIG uses
to the PACKAGECONFIG_CONFARGS infrastructure.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Damien Riegel <damien.riegel@gmail.com>
[Damien Riegel: backport from master]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The mosquitto systemd service file instructs systemd to wait
for mosquitto to notify systemd that mosquitto has started
correctly. This isn't working as mosquitto is not *compiled*
with systemd support enabled. As such, systemd restarts
mosquitto every few seconds.
For reference, this was introduced in commit a483d344d9fb
("mosquitto: Make enabling systemd also enable build dep on systemd")
Because we build mosquitto using the provided Makefile
infrastructure, the solution is to add PACKAGECONFIG_CONFARGS
to EXTRA_OEMAKE, so that the required make flags are added
to the make command line.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Damien Riegel <damien.riegel@gmail.com>
[Damien Riegel: backport from master]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Clear all_cflags, all_lflags, compiled_user
and compiled_sys to avoid introducing build
info to improve reproducibility as below:
WARNING: vim-8.1.0347-r0 do_package_qa: QA Issue: File /work/core2-64-wrs-linux/vim/8.1.0347-r0/packages-split/vim/usr/bin/vim.vim in package contained reference to tmpdir [buildpaths]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
| ERROR: libgit2-0.27.4-r0 do_package: QA Issue: libgit2: Files/directories were installed but not shipped in any package:
| /usr/lib/libgit2.so.0.27.5
| /usr/lib/libgit2.so.27
| /usr/lib/libgit2.so
| /usr/lib/pkgconfig
| /usr/lib/pkgconfig/libgit2.pc
| Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
+ reduce 8 spaces by 4
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Got the following error when I activated both ppp and modemmanager
options:
ERROR: networkmanager-1.14.4-r0 do_package: QA Issue: networkmanager: Files/directories were installed but not shipped in any package:
/usr/lib/pppd/2.4.5/nm-pppd-plugin.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
If both ncat and ssl are in PACKAGECONFIG then the installer adds
a cert bundle to
/usr/share/ncat/ca-bundle.crt
Signed-off-by: Scott Ellis <scott@jumpnowtek.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Scott Ellis <scott@jumpnowtek.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[fixup for thud context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
includes:
wnpa-sec-2019-01 The 6LoWPAN dissector could crash. Bug 15217. CVE-2019-5716.
wnpa-sec-2019-02 The P_MUL dissector could crash. Bug 15337. CVE-2019-5717.
wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. Bug 15373. CVE-2019-5718.
wnpa-sec-2019-04 The ISAKMP dissector could crash. Bug 15374. CVE-2019-5719.
For more info see: https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ttf-arphic-uming recipe in meta-oe needs this
source: http://ftp.gnu.org/gnu/non-gnu/chinese-fonts-truetype/LICENSE
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- mips64 port does not exist
- Also convert aarch64 compatible host case to an override
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix following warning:
WARNING:
networkmanager-1.14.4-r0 do_configure:
QA Issue: networkmanager:
invalid PACKAGECONFIG: bluez5glib [invalid-packageconfig]
if conf/local.conf:
PACKAGECONFIG_append_pn-networkmanager = " ifupdown wifi bluez5"
bluez5 is not compiled into nm
appending variable should use a prepending space, see
https://www.yoctoproject.org/docs/2.0/ref-manual/ref-manual.html
Signed-off-by: Thomas Csovcsity <thc.fr13nd@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Luajit depeendency is not available on mips64/aarch64
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
There is the same issue as for libldb, the header has conflicting defs
for unitptr_t. Fix it as done for the other recipe.
Fix
/cmocka/cmocka.h:126:28: error: conflicting types for 'uintptr_t'
typedef unsigned int uintptr_t;
^~~~~~~~~
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Builds with little endianness were not tested before.
Fix for:
purgatory.c:2:10: fatal error: limits.h:
No such file or directory
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Newer versions of clang optimize the calls to use unlocked variants of
these functions
Fixes
| capabilities.c:(.text+0xb4): undefined reference to `fread_unlocked'
| arm-yoe-linux-gnueabi-ld.bfd: capabilities.c:(.text+0x11a): undefined
reference to `fwrite_unlocked'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix build failure on mips64el platforms (missing waf-cross-answers-mips64el).
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The ptpd2 daemon consumes 100% CPU (of a single core) after
some amount of stable runtime. This fix added minimum POSIX
timer interval to prevent from timers firing to quickly for
the process to handle, resulting in 100% CPU and endless signal queue.
Reference: https://github.com/ptpd/ptpd/blob/master/ChangeLog
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* don't mix tabs and spaces for indentation, removes new warning:
meta-oe/recipes-support/open-vm-tools/open-vm-tools_10.3.0.bb: python should use 4 spaces indentation, but found tabs in open-vm-tools_10.3.0.bb, line 107
* remove FILES_${PN}-dbg variable, all .debug directories are
packaged automatically in ${PN}-dbg for long time (at least since
2.1 Krogoth) since this oe-core commit:
commit da5ec06814e105451cca11cce76b5c5231110524
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue Dec 15 15:38:54 2015 +0000
package: Add auto package splitting of .debug files
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Some packages are not supported on all architectures, therefore they
can not be included unconditionally.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|