summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ntp: fix ntpdate to wait for subprocessesAdrian Zaharia2021-07-101-0/+5
| | | | | | | | | | | | | | | | | When using systemd, ntpdate-sync script will start in background triggering the start of ntpd without actually exiting. This results in an bind error in ntpd startup. Add wait at the end of ntpdate script to ensure that when the ntpdate.service is marked as finished the oneshot script ntpdate-sync finished and unbind the ntp port Fixes #386 Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 73d5cd5e8d9d8a922b6a8a9d90adf0470a99314e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: add CVE-2006-5201 to allowlistMasaki Ambai2021-07-101-0/+3
| | | | | | | | | CVE-2006-5201 affects only using an RSA key with exponent 3 on Sun Solaris. Signed-off-by: Masaki Ambai <ambai.masaki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 44113dcb5feea5522696d43d00909db41e5e6dbc) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlistAkifumi Chikazawa2021-07-101-0/+3
| | | | | | | | | | CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d49e96aac4616c439a2d778b95a793037dac884e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 ↵Li Wang2021-07-106-0/+239
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2021-30641 CVE-2020-13950: Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service References: https://nvd.nist.gov/vuln/detail/CVE-2020-13950 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966738 https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b CVE-2020-35452: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow References: https://nvd.nist.gov/vuln/detail/CVE-2020-35452 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2020-35452 https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b CVE-2021-26690: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service References: https://nvd.nist.gov/vuln/detail/CVE-2021-26690 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2021-26690 https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 CVE-2021-26691: In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow References: https://nvd.nist.gov/vuln/detail/CVE-2021-26691 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966732 https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b CVE-2021-30641: Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' References: https://nvd.nist.gov/vuln/detail/CVE-2021-30641 Upstream patches: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: fix CVE-2021-23017Changqing Li2021-07-102-0/+47
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.23 -> 2.2.24Trevor Gamblin2021-06-272-9/+9
| | | | | | | | | | Version 2.2.24 contains a fix for CVE-2021-33571 and is the latest LTS release. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fa2d3338fb87a38a66d11735b876ce2320045b0d) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: Upgrade 3.2.3 -> 3.2.4Leon Anavi2021-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 3.2.4: - CVE-2021-33203: Potential directory traversal via admindocs - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses - Fixed a bug in Django 3.2 where a final catch-all view in the admin didn't respect the server-provided value of SCRIPT_NAME when redirecting unauthenticated users to the login page. - Fixed a bug in Django 3.2 where a system check would crash on an abstract model - Prevented unnecessary initialization of unused caches following a regression in Django 3.2 - Fixed a crash in Django 3.2 that could occur when running mod_wsgi with the recommended settings while the Windows colorama library was installed - Fixed a bug in Django 3.2 that would trigger the auto-reloader for template changes when directory paths were specified with strings - Fixed a regression in Django 3.2 that caused a crash of auto-reloader with AttributeError, e.g. inside a Conda environment - Fixed a regression in Django 3.2 that caused a loss of precision for operations with DecimalField on MySQL Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit 624e3e18982775d2ea88e55e16d179420f0575fc) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 3.2.2 -> 3.2.3Trevor Gamblin2021-06-271-1/+1
| | | | | | | | | | | | | | | | | 3.2.3 is a bugfix release: - Prepared for mysqlclient > 2.0.3 support (#32732). - Fixed a regression in Django 3.2 that caused the incorrect filtering of querysets combined with the | operator (#32717). - Fixed a regression in Django 3.2.1 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path (#32718). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit bdf1be7c5511f3d19e4786b9f2bcad88dfb2a9e4) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.22 -> 2.2.23Trevor Gamblin2021-06-272-9/+9
| | | | | | | | | | | | | | 2.2.23 is a bugfix release: - Fixed a regression in Django 2.2.21 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path (#32718). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit f07a8c1376fe9f5eb4fc0ddff8ca1a1b3c3f173b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ntp: add CVE-2016-9312 to allowlistSekine Shigeki2021-06-271-0/+3
| | | | | | | Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 04a7dce6259b43234e0f815dfc1415eca693eddf) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cifs-utils: set ROOTSBINDIR to /usr/sbin if DISTRO_FEATURES has usrmergeGeoff Parker2021-06-271-3/+14
| | | | | | | | | | | | | | | | Fixes cif-utils recipe build when DISTRO_FEATURES includes 'usrmerge' Add do_configure_prepend() to override ROOTSSBINDIR environment variable so that the utilities are installed in /usr/sbin rather than /sbin. Setting --exec-prefix or --prefix in EXTRA_OECONF does not work. Update do_install_append() to NOT remove /usr/bin /usr/sbin if usrmerge is set in DISTRO_FEATURES Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3c1e72d62ccf2c2f94bf280a2500e23fdb01a57c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* minifi-cpp: set CLEANBROKEN to 1Chen Qi2021-06-271-0/+2
| | | | | | | | | | | | Rebuilding minifi-cpp in old build dir sometimes result in do_compile failure. So set CLEANBROKEN to "1" to workaround this problem. If further investigation is done and the underlying problem is addressed, this setting could be removed. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a9e17243875b82dba698924cf2f1d31408127521) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dovecot: add CVE-2016-4983 to allowlistito-yuichi@fujitsu.com2021-06-271-0/+3
| | | | | | | | | | CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist. Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3613b50a84559ce771866cd1eef1141fa3e6d238) [mkcert.sh does mask 077 first] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: Support building for nativePeter Kjellerstedt2021-06-271-5/+13
| | | | | | | | | | | Due to the sed commands in do_install_append() that removed ${STAGING_DIR_HOST} and it being empty when building for native, it was impossible to add support for building this as native using a bbappend. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 74d58bc6e8f53bff15d2c06865591c325ebb6a7f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: A little clean upPeter Kjellerstedt2021-06-271-19/+16
| | | | | | | | | | | | | | * Remove the explicit dependency on libnl as the libnl PACKAGECONFIG depends on it as necessary. * Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF directly. * Sort the PACKAGECONFIGs. * Some whitespace clean up. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 411c981ef01b9965c22b7c35549dc95023169ea7) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* rapidjson: remove stale LIB_INSTALL_DIRAndrea Adami2021-06-271-1/+1
| | | | | | | | | | | | | | | | | | This was introduced with commit: 2e0fd78 rapidjson: fix cmake artifacts installation for non-default BASELIB case and should have been removed with commit: 5aa127a rapidjson: Remove unwanted patches NOTE: such multilib fixes are not needed after this commit in oe-core: 24f630c cmake.bbclass: Define LIB_SUFFIX Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0ceacaa68e212cc06ea7371a206bdbe21033cc05) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-debug-image: support cases where machines override IMAGE_FSTYPESAndrea Adami2021-06-271-1/+6
| | | | | | | | | | As done for initramfs-kexecboot-image we need to use python to get the desired value for IMAGE_FSTYPES. Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93e139c998857048182ed4169f04cfe350eab013) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-kexecboot-image: support cases where machines override IMAGE_FSTYPESAndrea Adami2021-06-271-2/+6
| | | | | | | | | | | | | | | | test case: zaurus.inc IMAGE_FSTYPES ?= "tar.gz jffs2 jffs2.sum ubi ubifs" IMAGE_FSTYPES_collie ?= "tar.gz jffs2 jffs2.sum" INITRAMFS_FSTYPES ?= "cpio.gz cpio.xz" The last assignment IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" did in fact reset the value to IMAGE_FSTYPES_collie, thus not producing cpio.gz / cpio.xz. Signed-off-by: Andrea Adami <andrea.adami@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit cdce92b4e9e82327fe2b3118384c424d7f08cc0c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cyrus-sasl: add CVE-2020-8032 to allowlistito-yuichi@fujitsu.com2021-06-271-0/+3
| | | | | | | | | This affects only openSUSE, so add it to allowlist. Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 711e932b14de57a5f341124470b2f3f131615a25) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* add CVE-2011-2411 to allowlistSekine Shigeki2021-06-271-0/+4
| | | | | | | | | This affects only on HP NonStop Server, so add it to allowlist. Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bb4a4f0ff8d9926137cb152fd3f2808bd9f961ce) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* minifi-cpp: set correct python processor directory in configure fileYi Zhao2021-06-271-0/+3
| | | | | | | | | | | Set an appropriate python processor directory in configure file to fix the minifi startup warning: [org::apache::nifi::minifi::python::PythonCreator] [error] Could not access /etc/minifi/minifi-python/ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a86b772e31079231a04762ed49ec83d32005ca15) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: upgrade 5.9 -> 5.9.1zhengruoqin2021-06-272-9/+12
| | | | | | | | | | | Refresh the following patch: net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5411629c443d0d64b6d10f77d0622626e31a789d) [Bug fix only update - AK] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libeigen: update LICENSE informationOvidiu Panait2021-06-272-2/+58
| | | | | | | | | | | | | | | | | | | | | | | | From COPYING.README: """ Eigen is primarily MPL2 licensed. See COPYING.MPL2 and these links: http://www.mozilla.org/MPL/2.0/ http://www.mozilla.org/MPL/2.0/FAQ.html Some files contain third-party code under BSD or LGPL licenses, whence the other COPYING.* files here. All the LGPL code is either LGPL 2.1-only, or LGPL 2.1-or-later. For this reason, the COPYING.LGPL file contains the LGPL 2.1 text. """ The upstream repository contains multiple COPYING files (various 3rd party code is under different licenses), so update the LICENSE information accordingly. Also, add MINPACK to meta-oe/licenses. Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9efdb6799ed45cf04acde9b435aeb8ccd1f2843c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: upgrade 3.4.5 -> 3.4.6zangrc2021-06-271-1/+1
| | | | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1c3701018ba2d251a72111f1159c9605dbff3992) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libpfm4 4.10.1 : enable arm64 host platformOlivier Georget2021-06-271-1/+2
| | | | | | | | | | libpfm4 is only enabled for powerpc arch as of now. This enables the lib on Arm 64bit platform as well. Signed-off-by: Olivier Georget <olivier.georget@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d02bd486736ba7cc552312849cea4fa33b1e1259) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* thunar: fix CVE-2021-32563Stefan Ghinea2021-06-133-0/+309
| | | | | | | | | | | | | | | | | | | An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. References: https://nvd.nist.gov/vuln/detail/CVE-2021-32563 Upstream patches: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit baa9453d57aa06554c823b5c7bd9c029e1858f89) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mongodb: Change PV to 4.4.6Khem Raj2021-06-131-2/+2
| | | | | | | | | | | | | | | 4.4.6 has been released from same SHA which was used for rc0 Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e17fc085c025550be08353319983f9b89b11831b) [Bug fix only updates: Issues fixed: SERVER-53604: Include original aws iam arn in authenticate audit logs SERVER-52564: Deadlock between step down and MongoDOperationContextSession WT-7442: RTS to open dhandle only when the dhandle has unstable updates WT-7426: Set write generation number when the page image gets created WT-7373: Improve slow random cursor operations on oplog] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mongodb: Update to 4.4.6-rc0Khem Raj2021-06-132-718/+3
| | | | | | | | | | | | | | | | | | Drop upstreamed patch Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 44664a2d66ea848d927164685c283f0ea8d3d12f) [Bug fix only update: Issues fixed: SERVER-55298: Reproduce and Investigate BSONObjectTooLarge error SERVER-53566: Investigate and reproduce "opCtx != nullptr && _opCtx == nullptr" invariant SERVER-51281: mongod live locked SERVER-46686: Explain does not respect maxTimeMS SERVER-45836: Provide more LDAP details (like server IP) at default log level All JIRA issues closed in 4.4.5 4.4.5 Changelog] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix build on Centos 7Marek Vasut2021-06-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Centos 7 has glibc 2.18 and nss-native build fails due to implicit declaration of function putenv during build. This is because of the Feature Test Macro Requirements for glibc (see feature_test_macros(7)): putenv(): _XOPEN_SOURCE || /* Glibc since 2.19: */ _DEFAULT_SOURCE || /* Glibc versions <= 2.19: */ _SVID_SOURCE and because nss coreconf/Linux.mk only defines -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE So on such system with glibc 2.18, neither macro makes putenv() available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18 native build case. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Armin Kuster <akuster808@gmail.com> Cc: Armin Kuster <akuster@mvista.com> Cc: Khem Raj <raj.khem@gmail.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 30148b33b5d750702d7749ac59d8d740d8cb7024) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: upgrade 4.14 -> 4.15Andrej Kozemcak2021-06-062-25/+2
| | | | | | | | | Changes are found at: http://www.squid-cache.org/Versions/v4/changesets Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 77e614754553e64c4bc554ae802dc09e56eb6209) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgtop: fix do_compile errorChangqing Li2021-05-232-0/+39
| | | | | | | | | | | | | | On some distros, such as fedora32, cross compile failed with following error since host library is used. undefined reference to `stat64@GLIBC_2.33' According doc of ld, set searchdir begins with "=", but not hardcoded locations. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a6d1ddf7a9972008261bb84ff4196446d182c683) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgtop: tidy up recipeAndreas Müller2021-05-231-4/+1
| | | | | | | Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 55c0d740bc3553005b8a9e79b172231142c30d20) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opencv: Disable tbb on riscv/muslKhem Raj2021-05-231-0/+3
| | | | | | | | | getcontext|setcontext functionality is provided via libucontext for musl but this library is not yet ported to RISCV Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a116630318789f08ebc6f350c37ef43f0884cb30) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: upgrade 13.2 -> 13.3zangrc2021-05-232-2/+2
| | | | | | | | | | | Refresh the following patch: 0001-configure.in-bypass-autoconf-2.69-version-check.patch Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 48cb359db26f4fa0efb811c24a6306a56bf60483) [Bug fix update] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trace-cmd: Conflict resolutionwangmy2021-05-231-0/+2
| | | | | | | | | perf(oe-core) also uses the doc included in plugins/, so package it in own subdirs of trace-cmd. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d8402fdd6f6710effd763a0a9c06c83255e39722) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sysdig: disable building for ppcSaul Wold2021-05-231-0/+2
| | | | | | | | | Sysdig depends on tbb which no longer builds for powerpc Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 433603cb7dd0243856509a552ff354dbc0fccd95) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opencv: remove tbb packageconfig for powerpcSaul Wold2021-05-231-0/+3
| | | | | | | | | Since tbb does not build for powerpc remove it from the enabled list Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e0581ad12f42427932e24abad97399c54f4b75f7) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: fix building with CONFIG_TLS=internalAlexander Vickberg2021-05-222-0/+46
| | | | | | | | | | | The patch recently added for CVE-2021-30004 broke compilation with CONFIG_TLS=internal. This adds the necessary function to let it compile again. Signed-off-by: Alexander Vickberg <wickbergster@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d6ef4170747d6668fa940328334055eef3e1e1d6) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libsdl: Fix CVE-2019-13616wangmy2021-05-222-0/+28
| | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/97fefd050976bbbfca9608499f6a7d9fb86e70db] CVE: CVE-2019-13616 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 57ae91d2914de96b1de69bfcb089a427ee3cb0ed) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29473wangmy2021-05-222-0/+22
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b] CVE: CVE-2021-29473 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a9aecd2c32fc8f238f62ef70813e032b6b52c2f2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29470wangmy2021-05-222-0/+33
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1581/commits/6628a69c036df2aa036290e6cd71767c159c79ed] CVE: CVE-2021-29470 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bb1400efda77a7289ca20782172bfbe1f457f161) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29464wangmy2021-05-222-0/+73
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464 The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54] CVE: CVE-2021-29464 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8c9470bdfaa1d33347ffaf25b3e18d2163667e18) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-3482wangmy2021-05-222-1/+56
| | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482 Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da] CVE: CVE-2021-3482 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9e7c2c9713dc2824af2a33b0a3feb4f29e7f0269) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29463wangmy2021-05-222-1/+122
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b] CVE: CVE-2021-29463 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8e63ac6c86852a12408c2415be073c71420758ff) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29458wangmy2021-05-222-1/+39
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1536/commits/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d] CVE: CVE-2021-29458 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f0d83c14d9064ce1ee19b92d95c8daf790fe7488) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29457wangmy2021-05-222-1/+28
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457 The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/0230620e6ea5e2da0911318e07ce6e66d1ebdf22] CVE: CVE-2021-29457 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5be72693096cef671bf54bf1dd6ee8125614d064) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* uftrace: Fix a plthook crash on aarch64 with binutils2.35.1 and later ↵wangmy2021-05-223-28/+48
| | | | | | | | | versions on aarch64 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 54feab11a1866435107df366005b50aba3b8d1cd) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pymongo: Upgrade 3.11.3 -> 3.11.4Leon Anavi2021-05-221-1/+1
| | | | | | | | | | | | | | | Upgrade to release 3.11.4: - Bug fix where a MongoClient would mistakenly attempt to create minPoolSize connections to arbiter nodes - Bug fix that prevented PyMongo from retrying writes after a writeConcernError on MongoDB 4.4+ Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit dcb9ecc1e5720c9614b1cd27575e1e4886dff5c1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-rfc3339-validator: Upgrade 0.1.3 -> 0.1.4Leon Anavi2021-05-221-1/+1
| | | | | | | | | | | | Upgrade to release 0.1.4: - Fix test failure on darwin Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit b5fb8390df11253fc7b20cd7a31db136f1d19a5c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 3.2 -> 3.2.2Trevor Gamblin2021-05-221-2/+2
| | | | | | | | | | Version 3.2.2 includes a fix for CVE-2021-32052. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit d97e1b7cfdcabc7d03e408c9888564551972e808) Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 09:41:28 +0000