summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* krb5: fix CVE-2021-36222Yi Zhao2021-09-102-0/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded MR: 112165 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-connectivity/krb5?id=69087d69d01a4530e2d588036fcbeaf8856b2ff1 ChangeID: e7cdfd1c4530312b4773103cf58d322451af1421 Description: CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. References: https://nvd.nist.gov/vuln/detail/CVE-2021-36222 Patches from: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 523f6d834d2fddb0ecc73c6d7d8b1845f65f5279) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com>
* stunnel: upgrade 5.56 -> 5.57Pierre-Jean Texier2021-09-101-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded MR: 109039 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/stunnel?h=gatesgarth&id=b76712700c79e4627028787ae65ab306c21eed02 ChangeID: 2543a2516b0f00024ed117a1fe33d1157b3d725f Description: Affects < 5.57 License-Update: copyright years updated. This is a bug fix release: - X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed tests on the WSL2 platform. Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b76712700c79e4627028787ae65ab306c21eed02) [Includes CVE-2021-20230 per changelog Full commit https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 ] Signed-off-by: Armin Kuster <akuster@mvista.com>
* nss: Two Security fixes CVE-2020-6829 and 12400Armin Kuster2021-09-052-0/+19790
| | | | | | | | | | | | | | Source: https://hg.mozilla.org/projects/nss MR: 106863 Type: Security Fix Disposition: Backport from https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c and 3f022d5eca5d3cd0e366a825a5681953d76299d0 ChangeID: f7f16ca20fbb2436071fde063fe56aa8b319ce41 Description: Affects NSS < 3.55 This address both VE-2020-6829 and CVE-2020-12400 Signed-off-by: Armin Kuster <akuster@mvista.com>
* c-ares: upgrade 1.16.0 -> 1.16.1Zang Ruochen2021-09-051-1/+1
| | | | | | | | | | | | | | | Source: https://git.openembedded.org MR: 111050 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/c-ares?h=hardknott&id=dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4 ChangeID: dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4 Description: Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4) [Includes cve: CVE-2020-14354. Bug fix update, no ABI changes] Signed-off-by: Armin Kuster <akuster@mvista.com>
* dlt-daemon: update from 2.18.6 to 2.18.7Gianfranco2021-09-052-3/+47
| | | | | | | | | | | | - add an upstream proposed patch 317.patch to fix a build failure with enabled systemd binding Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 01fa60898c2fe65f327bea2f84aaca00aef3f371) [Stable version, bug fix only] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: update to new release 2.18.6Gianfranco Costamagna2021-09-054-146/+1
| | | | | | | | | | | | | | - drop patches 241 245 275: upstream Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> Stable version, bug fix only] (cherry picked from commit 8c17cac68473f98e663f05bc08b7505c0529e495) [ Stable version, bug fix only Fixup for Dunfell context] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: superseed upstream pr #238 patch with pr #245 due to unexpected ↵Gianfranco Costamagna2021-09-052-8/+47
| | | | | | | | | | | | | | behaviour Upstream commented to use the second one Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c32d2eb448ce343463dc75cc6120f395e32f0177) [Fixup for Dunfell context] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: fix build with upstream-proposed patch for MUSL libcGianfranco Costamagna2021-09-052-0/+31
| | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a7c9aa13dd94712ea49f535fbbf38d2db54cf7e2) Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: fix build failure when dlt-dbus is enabled, due to missing ↵Gianfranco2021-09-051-1/+2
| | | | | | | | | | | service file. Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b2fe766703e94cee2e3d1e21f3274789d6cd0c57) Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: update to 2.18.5Gianfranco2021-09-053-150/+37
| | | | | | | | | | | | | - drop patch 204: upstream - add gcc-10 build fix proposed upstream 238.patch Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 97092276dd453a4ef67aaec7bdcb0fb3cf1a5ca5) [Stable version, bug fix only] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.46 -> 2.4.48Changqing Li2021-09-026-241/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded https://git.openembedded.org/meta-openembedded MR: 112869, 112835, 105131, 112702, 112829 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745 ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c Description: Apache2 2.4.x is an LTS version with bug and CVE fixes. https://downloads.apache.org/httpd/CHANGES_2.4.48 Includes these CVE fixes: 2.4.48 CVE-2021-31618 2.4.47 CVE-2020-13938 CVE-2020-11985 CVE-2021-33193 CVE-2019-17567 Drop these patches included in update: CVE-2020-13950.patch CVE-2020-35452.patch CVE-2021-26690.patch CVE-2021-26691.patch CVE-2021-30641.patch Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ba016d73b5233a43ec6e398b45445d13ddaad745) Signed-off-by: Armin Kuster <akuster@mvista.com>
* tcpdump: Exclude CVE-2020-8036 from checkArmin Kuster2021-08-241-0/+5
| | | | | | | This issue was introduce in 4.9 by 246ca110 Autosar SOME/IP protocol support which is after 4.9.3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xterm: Security fix for CVE-2021-27135Armin Kuster2021-08-242-0/+69
| | | | | | | | | | | | | | | | Source: Debian.org MR: 108848 Type: Security Fix Disposition: Backport from https://sources.debian.org/data/main/x/xterm/344-1%2Bdeb10u1/debian/patches/CVE-2021-27135.diff ChangeID: 00f53def87b8b95e62908581f8fb56a69118dd32 Description: xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. This fixes CVE-2021-27135. Leverage a patch from Debian. Signed-off-by: Armin Kuster <akuster@mvista.com>
* nginx: fix CVE-2021-3618Joe Slater2021-08-212-0/+90
| | | | | | | | | | | | | | | | | | | | | Source: meta-openembedded.ort MR: 112731 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/nginx?id=f92dbcc4c2723e6ff4e308c8a2e6dc228a6cd7d5 ChangeID: dd3295b606d73e01dd09291d85d529dea17a1a9e Description: Backport with no change a patch from version 1.21.0. This patch was not cherry-picked by nginx to version 1.20.1. Information about this CVE comes from https://ubuntu.com/security/CVE-2021-3618. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f92dbcc4c2723e6ff4e308c8a2e6dc228a6cd7d5) [refesh patch for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com>
* ufw: Fix interpreter for installed ufw and test ufwJate Sujjavanich2021-08-152-16/+6
| | | | | | | | | Revert patch to setup-only-make-one-reference-to-env.patch and make patch for python3 interpreter fix apply to runs of setup.py during self test as well as installs. Reported-by: Kenta Nakamura <Nakamura.Kenta@bp.MitsubishiElectric.co.jp> Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
* backport: xmlsec1: Fix configure QA error caused by host lookup pathAnatol Belski2021-08-152-0/+23
| | | | | | | | | | | | The configure script contains hardcoded lookup paths to /usr and other paths that might interfere with the host. These are overwritten with the staging dir locations for Poky compatibility. Backport from meta-oe master rev. 74b66d1911118bac53033f77ba6d3923f4809d5a Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Jan-Simon Moeller <dl9pf@gmx.de>
* php: move to version 7.4.21Joe Slater2021-08-141-1/+2
| | | | | | | | | | | | | | Lots of bug fixes. CVE: CVE-2021-21704 CVE-2021-21705 Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 69dcf5bac8adfd55f1a40cff1e989ed8806607cb) [Stable bug fix only updates] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fvwm: Fix build time paths in target perl/python scriptsKhem Raj2021-08-141-0/+7
| | | | | | | | | Add rdeps as needed Fixes shebang-size QA warnings Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8cc64128c70c5b6a41b050332abb1d73a10ef4fa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fvwm: Package extra files and man pagesKhem Raj2021-08-141-6/+12
| | | | | | | | Avoids using installed-vs-shipped Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 566049b4f1ddc049c1f89a5838d1a71bb429faa3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bigbuckbunny-1080p: fix sample video URLMichael Opdenacker2021-08-141-1/+1
| | | | | | | | | | | | | Replace a link that's now broken. The original download link on blender.org still works (https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_1080p_surround.avi) but is still extremely slow. Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 223243d649b623db398d2f39f067b4c72b54e710) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdbi-perl: fix CVE-2014-10402Kai Kang2021-08-142-1/+59
| | | | | | | | | | | | | | Backport patch to fix CVE-2014-10402. CVE: CVE-2014-10402 Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c80b3757ffc762a1577bcf7d0da41ebf1954b3f1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: Upgrade to 7.4.16Mingli Yu2021-07-263-187/+2
| | | | | | | | | | | | | License-Update: License updated (year updated) Fix some security issues such as CVE-2021-21702 and remove two cve patches which already included in the new version. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e418ee4657e084c8b4d42aabf76ff6df99253e91) [Bug fix only updates plus: CVE-2020-7071 ] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: allow php as emptyChangqing Li2021-07-261-0/+2
| | | | | | | | | | | Since commit c4ffcaa2[php: split out phpdbg into a separate package], package php is empty, we might met error: nothing provides php needed by php-cli-7.4.9-r0.corei7_64 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9be6b4f5a2ec857475626c74457a94b8d9236fd5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: split out phpdbg into a separate packageDiego Santa Cruz2021-07-261-1/+2
| | | | | | | | | | | Since PHP 7.0 the phpdbg debugger is built by default and gets shipped in the main php package, increasing its size by several MB; split it out into a php-phpdbg package, following Debian naming. Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c4ffcaa2ab3fbdef1ce58c253b32d82a57a3e2a8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: update to 3.2.15Armin Kuster2021-07-251-1/+1
| | | | | | | | | | | | | | | | | | | | | Source: Wireshark.org MR: 109612, 110462, 112069 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 40f9f8ac2431f32680d4817607badbbe44875260 Description: Bug fix only update: see: https://www.wireshark.org/docs/relnotes/wireshark-3.2.15.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.14.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.13.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.12.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.11.html includes: CVE-2021-22191, CVE-2021-22207, CVE-2021-22235 Signed-off-by: Armin Kuster <akuster@mvista.com>
* ostree: Do not check for meta-pythonNicolas Dechesne2021-07-251-1/+1
| | | | | | | | | | | | It is a (non trivial) cherry pick from (cherry picked from commit b9ede0cb182ab095c863a6a5154bbe259a33f5c0) python3-pyyaml was moved from meta-python to meta-oe, so that we could apply this specific patch which breaks basic YP compatible check script. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-{pyyaml,cython,pyparsing}: move from meta-python to meta-oeNicolas Dechesne2021-07-254-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | This specific statement in ostree recipe breaks the YP compatible status (yocto-check-layer): RDEPENDS_${PN}-ptest += " \ ... ${@bb.utils.contains('BBFILE_COLLECTIONS', 'meta-python', 'python3-pyyaml', '', d)} \ ... " Recently python3-pyyaml was moved to OE-core (0a8600f9cec0), and the ostree recipe was fixed with: b9ede0cb182a (python3-pyyaml: Do not check for meta-python) In dunfell, moving python3-pyyaml to OE-core is not a great idea, but moving it from meta-python to meta-oe allows us to fix ostree YP compatible issue. Since meta-python depends on meta-oe, it should not be a change with any visible effect. python3-cython and python3-pyparsing are collateral damages since they are dependency for python3-pyyaml, so needed to be moved too. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-jinja2: remove recipeNicolas Dechesne2021-07-252-46/+0
| | | | | | | | | | | | | It was moved to OE-core/dunfell in cc0f56a788c3 (python3-jinja2: Import from meta-oe/meta-python) However it was not removed from meta-oe, as such this recipe is now duplicated, for no good reason. Worse than that, the version in meta-oe and oe-core differ. OE-core has 2.11.3 and meta-oe is older with 2.11.2. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-markupsafe: remove recipeNicolas Dechesne2021-07-252-5/+0
| | | | | | | | | | | | It was moved to OE-core/dunfell in ec222f6af5f8 (python3-markupsafe: Import from meta-oe/meta-python) However it was not removed from meta-oe, as such this recipe is now duplicated, for no good reason. The version in meta-oe and oe-core match so, it's really a no-op. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdevmapper,lvm2: Do not inherit licenseKhem Raj2021-07-251-3/+2
| | | | | | | | | | | | | | | inheriting license class which brings in AVAILABLE_LICENSES into do_configure task checksums class since it wants to enable thin-provisioning-tools if distro allows GPL-3 automatically, but this brings issues when other layers which have additional licenses are provided which ends up in signature mismatches so leave that setting to end-user and keep it disabled by default with a comment in recipes stating that if needed then the user should enable it via config metadata or bbappends. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f592e81f11d455546447ddff35b2f89e18c0cc0c) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ufw: backport patches, update RRECOMMENDS, python3 support, testsJate Sujjavanich2021-07-249-7/+18155
| | | | | | | | | | | | | | | | | Backport patches: using conntrack instead of state eliminating warning support setup.py build (python 3) adjust runtime tests to use daytime port (netbase changes) empty out IPT_MODULES (nf conntrack warning) check-requirements patch for python 3.8 Update, add patches for python 3 interpreter Add ufw-test package. Backport fixes for check-requirements script Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell For dunfell Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hiawatha: fix url.Armin Kuster2021-07-241-1/+1
| | | | | | | | files moved under a new dir structure. ERROR: hiawatha-10.10-r0 do_fetch: Fetcher failure for URL: 'http://hiawatha-webserver.org/files/hiawatha-10.10.tar.gz'. Unable to fetch URL from any source. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: update to 10.4.20Armin Kuster2021-07-213-2/+2
| | | | | | | | | | | | | | | | | | Source: mariadb.org MR: 109670, 110757, 110768 Type: Security Fix Disposition: Backport from mariadb ChangeID: 82a82ba3623ff39ca17443d0117d36bcee73e612 Description: LTS version https://mariadb.com/kb/en/mariadb-10420-release-notes/ CVE-2021-2166: MariaDB 10.4.19 CVE-2021-2154: MariaDB 10.4.19 CVE-2021-27928: MariaDB 10.4.18 Signed-off-by: Armin kuster <akuster@mvista.com>
* vboxguestdrivers: add a fix for build failure with kernel 5.13Gianfranco2021-07-192-0/+277
| | | | | | | | | | | | Its already upstream and also used in Debian and Ubuntu Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d0f2d7c954b9f3befd9470d97de581fe5b1fb2a8) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 2e15d7eb66624c1755e8670f8c5448e3a9be0a21) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.20 -> 6.1.22Gianfranco2021-07-191-2/+2
| | | | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 319490178b999a74a82d092320de5d9d2e5c67bd) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 97a5a4b40c143f71c8bff403c51a061a0d5e8b6f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.18 -> 6.1.20Gianfranco2021-07-192-26/+2
| | | | | | | | | | | | | Drop all patches, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 703daeb65f49c60636e835ad53fc354ca641ab3f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: Add __divmoddi4 builtin supportKhem Raj2021-07-192-0/+37
| | | | | | | | gcc 11 needs it on i686 Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 57f7692e8ef707535ffa1683aa711de442736ec1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386Gianfranco2021-07-192-0/+24
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 09eb0ad187fb14ac1bb83a5a8d1ac4e9e9fdb305) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.16 -> 6.1.18Gianfranco2021-07-194-491/+2
| | | | | | | | | | Drop kernel 5.10 build fixes patches, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f8f2331158b33436bd53142e0e1b4b94f78b37e6) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: fix build against kernel v5.10+Bruce Ashfield2021-07-194-0/+489
| | | | | | | | | | | | | We need to adjust the vboxguest drivers to build against kernels 5.10+. These are backports from the virtual box SVN repository and can be dropped in future uprevs. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 22eaac640f80df44108a5565127181c94645a032) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.14 -> 6.1.16Gianfranco Costamagna2021-07-191-2/+2
| | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7839164921ddb340a1bff322a1274c6022cb8565) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8 compatibility ↵Gianfranco Costamagna2021-07-192-5049/+2
| | | | | | | | | | | patch, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1cd14bf12472970d75df3172a2b9b0dff71da655) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: Fix build with kernel 5.8Khem Raj2021-07-196-303/+5047
| | | | | | | | | | | | Remove patches which are already covered in this new patch Fixes step1b: ERROR: modpost: "__get_vm_area_caller" [/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/vboxguestdrivers/6.1.12-r0/vboxguestdrivers-6.1.12/vboxguest/vboxguest.ko] undefined! step1b: ERROR: modpost: "map_kernel_range" [/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/vboxguestdrivers/6.1.12-r0/vboxguestdrivers-6.1.12/vboxguest/vboxguest.ko] undefined! Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5efb06176add13c4b8287c9972651dcac94adf79) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: fix failed to compile with kernel 5.8.0Hongxu Jia2021-07-195-1/+305
| | | | | | | | | | | | | | Backport patches from upstream [1] to fix the issue It also requires to apply a patch on 5.8 kernel [2] [1] https://www.virtualbox.org/ticket/19644 [2] https://www.virtualbox.org/raw-attachment/ticket/19644/local_patches Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9c10ed4baa95648b7735757121e3af8b0aeb8e06) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.6 -> 6.1.12Gianfranco Costamagna2021-07-191-2/+2
| | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 21bc66202e18a7b214869e3654b8547ea0ea9cbd) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: update to 12.7Armin kuster2021-07-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Source: MontaVista Software, LLC MR: 111582, 111965, 111974, 110084 Type: Security Fix Disposition: Backport from postgres.org ChangeID: f1e8c58bedd5dd60404e3a0eb120888ad83fdc42 Description: Bug fix only update. https://www.postgresql.org/docs/12/release-12-7.html LIC_FILES_CHKSUM changed do to yr update Includes these CVEs: CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 12.6: CVE-2021-3393 Signed-off-by: Armin kuster <akuster@mvista.com>
* sysprof: Enable sysprofd/libsysprof only when polkit in DISTRO_FEATURESKhem Raj2021-07-121-1/+3
| | | | | | | | | | | | | | | This change is cherry-picked from upstream/master. It fixes yocto-check-layer error: ERROR: Nothing PROVIDES 'polkit' (but /home/builder/src/base/meta-openembedded/meta-gnome/recipes-kernel/sysprof/sysprof_3.34.1.bb DEPENDS on or otherwise requires it) polkit was skipped: missing required distro feature 'polkit' (not in DISTRO_FEATURES) ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: akash hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tracker-miners: Check for commercial license to enable ffmpegKhem Raj2021-07-121-1/+1
| | | | | | | | | | | | | | | | This change is cherry-picked from upstream/master branch. This fixes below yocto-layer-check error: ERROR: Nothing PROVIDES 'ffmpeg' (but /home/builder/src/base/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker-miners_2.3.3.bb DEPENDS on or otherwise requires it) ffmpeg was skipped: because it has a restricted license 'commercial'. Which is not whitelisted in LICENSE_FLAGS_WHITELIST ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'tracker-miners', 'ffmpeg'] Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: akash hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: add CVE-2006-5201 to allowlistMasaki Ambai2021-07-101-0/+3
| | | | | | | | | | | | CVE-2006-5201 affects only using an RSA key with exponent 3 on Sun Solaris. Signed-off-by: Masaki Ambai <ambai.masaki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 44113dcb5feea5522696d43d00909db41e5e6dbc) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit ace5cd9a8bb6ba0058caf8a148437820a9336b9c) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ntp: fix ntpdate to wait for subprocessesAdrian Zaharia2021-07-101-0/+5
| | | | | | | | | | | | | | | | | | | When using systemd, ntpdate-sync script will start in background triggering the start of ntpd without actually exiting. This results in an bind error in ntpd startup. Add wait at the end of ntpdate script to ensure that when the ntpdate.service is marked as finished the oneshot script ntpdate-sync finished and unbind the ntp port Fixes #386 Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 73d5cd5e8d9d8a922b6a8a9d90adf0470a99314e) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit f52ce99b468eff95b6e36caf41fb50808a26f8d5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 12:42:22 +0000