Age | Commit message (Collapse) | Author |
|
The patch is identical to the one in commit 36db85b9b1... but
we cannot cherry-pick because of different context in the
.bb file.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Avoid generating non-PIC code.
The patches are taken from master 58b16da805... but we cannot
cherry-pick because zip_3.0.bb context is different.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The asciidoc-py3 repository has been renamed to asciidoc-py.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f78dd3f4c5f0cd738783e75f3796e1da2a2a2ba1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish
(called from sampled_data_continue and interp).
To apply this CVE-2021-45959 patch,
the check-stack-limits-after-function-evalution.patch should be applied first.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-45949
(From OE-Core rev: 5fb43ed64ae32abe4488f2eb37c1b82f97f83db0)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Libarchive 3.5.3 is a security release
Security Fixes:
extended fix for following symlinks when processing the fixup list (#1566, #1617, CVE-2021-31566)
fix invalid memory access and out of bounds read in RAR5 reader (#1491, #1492, #1493, CVE-2021-36976)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f8f39cd5757907d50444203e0e6e2c5ed0a47152)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Some distros like poky-tiny set ENABLE_WIDEC=false, which disables wide
character support for ncurses. The new patch fixes the build of mc for
this case.
Since 9000f8033662, NCURSES_WIDECHAR is set explicitly to 1 for musl.
This doesn't work for ENABLE_WIDEC==false. In this case,
NCURSES_WIDECHAR must be set explicitly to 0, as curses.h does not
record whether the ncurses library has actually been built with or
without wide characters.
Fixes: 9000f8033662 ("mc: upgrade 4.8.25 -> 4.8.26")
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport the fix for CVE-2022-22707, a buffer overflow in mod_extforward.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7758596613cc442f647fd4625b36532f30e6129f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Refer [1], "unpigz -l" failed with error:
$ ./unpigz -l test.txt.gz
compressed original reduced name
228799 209715200 99.9% test.txt
unpigz: can't destroy locked resource (pigz.c:2622:mutex_destroy)
unpigz: abort: internal threads error
or
$ ./unpigz -l test.txt.gz
unpigz: skipping: test.txt.gz unrecognized format
unpigz: can't destroy locked resource (pigz.c:2622:mutex_destroy)
unpigz: abort: internal threads error
[1] https://github.com/madler/pigz/issues/96
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The packageconfig needs to be --disable-systemd as documented in
configure file for cups. With the current value "--without-systemd" the
SYSTEM_DIR variable ends up being set to "no"
It is caused by the --without-* section in configure file resulting in
eval with_$ac_useropt=no ;;
$ac_useropt is "systemd" causing the variable $with_systemd to be set
to "no", because of below test
if test ${with_systemd+y}
then :
withval=$with_systemd; SYSTEMD_DIR="$withval"
else $as_nop
SYSTEMD_DIR=""
fi
cups configure test for i if SYSTEMD_DIR is empty to decide if the init
scripts need to be installed. A value of "no" results in that no init
scripts is installed.
With --disable-systemd it works as expected - installing the init files.
Though cups should properly improve their configure script.
Signed-off-by: Claus Stovgaard <clst@ambu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 967fdd2ba12f22d8e46600ff085833993a32cfeb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
(cherry picked from commit e2518c2eba8c6e486aee3273dc2cba9ab51ffb69)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Add branch name explicitly to SRC_URI where it's not defined and switch
to using https protocol for Github projects.
The change was made using convert-srcuri script in scripts/contrib.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f171f4f528090fc108624de6049274aa4d4880eb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport a patch file from upstream, since doing an uprev of the recipe
to the version with the fix (9.55) would introduce functional changes.
CVE: CVE-2021-3781
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
We're seeing pthread being linked sometimes and not others leading to
non-reproducible target binaries. The reason is mixing the native python
config with the target one. We should use the target one.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3fe5101b335384ef83e96ccc58687fd631164075)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Bash keeps a count of the number of times make was invoked on a directory
and changes the output versioning accordingly. We want deterministic output
so disable this behaviour.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13a039e03195a47c750d5901e96fe81cf523481f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Set shared library name as libbz2.so.1.0.8, version in configure.ac
already synced via do_configure PV substitution.
Signed-off-by: Tom Pollard <tom.pollard@codethink.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07e3abc9d282a54add69a6905ec4248f3104219f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
These three CVEs are specific to the Node package node-tar.
exclude: CVE-2021-37701 CVE-2021-37712 CVE-2021-37713
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9f9317a02d73c1e5aea026683a037e52c996c7bb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2021-36370.
CVE: CVE-2021-36370
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport an upstream patch for the CVE.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 87191ed0303f6552865ad1edcacd674c57f2010c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4accf77ea5b5810cb2330acc6773690ec1b1c71b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
These two CVEs are specific to the Node package node-tar.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bc7216e8148d0dee7b56e6851da6615e93647a0a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
zstd uses 'zstandard' in NVD database. e.g. CVE-2021-24031
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 304eb663e414171d38faeebb3c72e49e6e4e1112)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This is fixed differently upstream [1]
[1] https://github.com/ColinIanKing/stress-ng/commit/7e150ab18b0e8954ca426eb5366000a8f0d01110
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96b1d483ccf2166bf577e73075d5fe57c45bbfdf)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
At the time of writing the qemu kernels don't support vfat filesystems.
There are patches on the list to add that, but as two tests fail without
vfat support, make them skip if vfat isn't available.
[ YOCTO #14470 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17ecb3552cb7d7e7f82cc8b2e1b83f276525cbda)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The recipe was using =, which replaces the default RRECOMMENDS from
ptest.bbclass.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cebcb4ae46b0860179edfe480e8e4d924f931436)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Delete the right log files in run-ptest so the tests can be executed
more than once.
Install config.h so the tests which examine the build configuration will
do the right thing, specifically this causes the tests using libblkid to
execute instead of skip.
Add missing RDEPENDS: mkswap and tune2fs binaries, loop and vfat kernel
modules.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 43bd50cbf902ce92ea613d142fae2524011b8f55)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
We use the SUSE mirror of xinetd. The CVE fix was added to the main repo
after the latest release but is included in the version from the SUSE repo.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We've seen three hangs in cgroup_xattr and two in proc01 so far. The new
plan is just to disable any tests seen to hang. I've had enough of these
causing problems on our testing infrastructure.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This CVE relates to bad ownership of /var/log/cups, which we don't have.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CVE is in the jpeg sources included with ghostscript. We use our own
external jpeg library so this doesn't affect us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Issue applies to use of cpio in SUSE/OBS, doesn't apply to us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch mentioned as the fix for the CVE is applied to the 6.0 source
code. Zip versioning makes CPE entry changes hard.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These CVEs apply to the way logrotate was installed on Gentoo, Debian
and SUSE, exclude from cve-check as they don't apply to OE.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make sure help2man output is reproducible. Fixes:
| .\"·DO·NOT·MODIFY·THIS·FILE!··It·was·generated·by·help2man·1.022. .\"·DO·NOT·MODIFY·THIS·FILE!··It·was·generated·by·help2man·1.022.
| .TH·FSG·"1"·"April·2021"·"FSG·lsb_release·v1.4"·FSG .TH·FSG·"1"·"May·2021"·"FSG·lsb_release·v1.4"·FSG
| .SH·NAME 3 .SH·NAME
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 49371207a7f1fe3d3feb7b8b9aabb62b43ae34d1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Currently the headers are not installed and the ltp-dev package is
empty.
This patch adds an include-install make target in the do_install step to
install them in sysroot which ends up as a working ltp-dev package.
Signed-off-by: Jonas Höppner <jonas.hoeppner@garz-fricke.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6943da4444cd71053650be0c9212bc25ac53137)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
grap2graph which converts a GRAP diagram into a cropped image fails
to run as below:
$ grap2graph
/usr/bin/grap2graph: line 89: convert: command not found
/usr/bin/grap2graph: warning: falling back to old '-crop 0x0' trim method
/usr/bin/grap2graph: line 104: convert: command not found
/usr/bin/grap2graph: line 103: grap: command not found
Considering we don't often need to convert a GRAP diagram into
a cropped image and the recipe ImageMagick which provides convert
command is in meta-oe layer, so don't ship the related files to
avoid the confusion about the above run time error.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 251be7279a475ee18c0c53fe9795bb37bffc2b45)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
>From go 1.16, module-aware mode is enabled by default, regardless of
whether a go.mod file is present in the current working directory or a
parent directory.
Above change makes go-helloworld build fail when doing offline build or
proxy.golang.org is not accessible.
This fix is kind of workaround, as from go1.17, GOPATH mode will be
dropped, and GO111MODULE is ignored.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropped patch supserseded by https://github.com/asciidoc-py/asciidoc-py/pull/172
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE_VERSION_SUFFIX in "patch" to treat version string with suffix "pX"
or "patchX" as patched release.
also update testcases to cover this changes and set CVE_VERSION_SUFFIX
for sudo.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Shave fuzz off the Makefile-sort-all-wildcard-file-list-expansions patch
CHANGELOG:
v1.4.9 (Mar 1, 2021)
bug: Use `umask()` to Constrain Created File Permissions (#2495, @felixhandte)
bug: Make Simple Single-Pass Functions Ignore Advanced Parameters (#2498, @terrelln)
api: Add (De)Compression Tracing Functionality (#2482, @terrelln)
api: Support References to Multiple DDicts (#2446, @senhuang42)
api: Add Function to Generate Skippable Frame (#2439, @senhuang42)
perf: New Algorithms for the Long Distance Matcher (#2483, @mpu)
perf: Performance Improvements for Long Distance Matcher (#2464, @mpu)
perf: Don't Shrink Window Log when Streaming with a Dictionary (#2451, @terrelln)
cli: Fix `--output-dir-mirror`'s Rejection of `..`-Containing Paths (#2512, @felixhandte)
cli: Allow Input From Console When `-f`/`--force` is Passed (#2466, @felixhandte)
cli: Improve Help Message (#2500, @senhuang42)
tests: Remove Flaky Tests (#2455, #2486, #2445, @Cyan4973)
tests: Correctly Invoke md5 Utility on NetBSD (#2492, @niacat)
tests: Avoid Using `stat -c` on NetBSD (#2513, @felixhandte)
build: Zstd CLI Can Now be Linked to Dynamic `libzstd` (#2457, #2454 @Cyan4973)
build: Hide and Avoid Using Static-Only Symbols (#2501, #2504, @skitt)
build: CMake: Enable Only C for lib/ and programs/ Projects (#2498, @concatime)
build: CMake: Use `configure_file()` to Create the `.pc` File (#2462, @lazka)
build: Fix Fuzzer Compiler Detection & Update UBSAN Flags (#2503, @terrelln)
build: Add Guards for `_LARGEFILE_SOURCE` and `_LARGEFILE64_SOURCE` (#2444, @indygreg)
build: Improve `zlibwrapper` Makefile (#2437, @Cyan4973)
contrib: Add `recover_directory` Program (#2473, @terrelln)
doc: Change License Year to 2021 (#2452 & #2465, @terrelln & @senhuang42)
doc: Fix Typos (#2459, @ThomasWaldmann)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Replace the libswapon reproducibility workaround with the solution
preferred by upstream.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There was still a remaining issue with reporoducibility based upon the
make version from the host system. Some versions added whitespace for
XXX+=<tab> (e.g. 4.1) and some versions do not (e.g. 4.3).
Replace the determinism patches with those submitted upstream both
for this issue and the previous one.
The LC_ALL setting for sort is dropped as it didn't fix an issue as hoped.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Further issues were highlighted by autobuilder testing, extend the second patch
to cover them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|