summaryrefslogtreecommitdiffstats
path: root/meta-oe
Commit message (Collapse)AuthorAgeFilesLines
...
* p7zip: fix for CVE-2018-5996Virendra Thakur2022-02-062-0/+227
| | | | | | | Add patch to fix CVE-2018-5996 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* udisks2: Fix for CVE-2021-3802Virendra Thakur2022-01-292-0/+64
| | | | | | | Add patch to fix CVE-2021-3802 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dbus-daemon-proxy: add missing `return` statementLeif Middelschulte2022-01-291-1/+1
| | | | | | | | | The missing `return` statement leads to a `SIGABRT`. Signed-off-by: Leif Middelschulte <Leif.Middelschulte@klsmartin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 77479e1c9b7bffb6ad89ae68f80605ad1c65ea75) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* CVE-2021-4034: polkit Local privilege escalation in pkexec due to incorrect ↵Jeremy Puhlman2022-01-272-0/+75
| | | | | | | | | | handling of argument vector Upstream-Status: Backport CVE: CVE-2021-4034 Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* c-ares: bump PV in recipe to 1.16.1Armin Kuster2022-01-271-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: Update to 12.9Robert Joslyn2021-12-272-4/+4
| | | | | | | | | | | | | | | | | | Bug and security fixes. Fix patch fuzz as well to remove bitbake warning. Release notes available at: https://www.postgresql.org/docs/release/12.8/ https://www.postgresql.org/docs/release/12.9/ 12.8 fixes: CVE-2021-3677 12.9 fixes: CVE-2021-23214 CVE-2021-23222 Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libmicrohttpd: Add patch to fix CVE-2021-3466Ernst Sjöstrand2021-12-272-1/+160
| | | | | | | | | | Extract patch from the 0.9.71 release commit. Upstream-Status: Backport CVE: CVE-2021-3466 Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE-2021-43527sana kazi2021-12-182-0/+284
| | | | | | | | Add patch to fix CVE-2021-43527 which causes heap overflow in nss. Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* c-ares: switch from master to mainJeremy Puhlman2021-12-181-1/+1
| | | | | Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* brotli: add patch to fix CVE-2020-8927Spectrejan2021-12-032-1/+47
| | | | | | | | | | Port patch to fix CVE-2020-8927 for brotli from Debian Buster CVE: CVE-2020-8927 Signed-off-by: Jan Kraemer <jan@spectrejan.de> [Fixup to apply with URL changes] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* jansson: whitelist CVE-2020-36325Marta Rybczynska2021-11-301-0/+3
| | | | | | | | | | According to the upstream [1], the bug happens only if the programmer does not follow the API definition. [1] https://github.com/akheron/jansson/issues/548 Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sdbus-c++: don't fetch googletest during do_configureMartin Jansa2021-11-182-3/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * with PTEST_ENABLED it enables with-tests PACKAGECONFIG which instead of using system googletest gmock, tries to fetch googletest from github and fails because branch was recently renamed from master to main | -- Found PkgConfig: /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/pkg-config (found version "0.29.2") | -- Checking for module 'libsystemd>=236' | -- Found libsystemd, version 249 | -- Building with tests | Fetching googletest... | [1/9] Creating directories for 'googletest-populate' | [1/9] Performing download step (git clone) for 'googletest-populate' | Cloning into 'googletest-src'... | fatal: invalid reference: master | CMake Error at googletest-subbuild/googletest-populate-prefix/tmp/googletest-populate-gitclone.cmake:40 (message): | Failed to checkout tag: 'master' | | | FAILED: googletest-populate-prefix/src/googletest-populate-stamp/googletest-populate-download | cd /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps && /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/cmake -P /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps/googletest-subbuild/googletest-populate-prefix/tmp/googletest-populate-gitclone.cmake && /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/cmake -E touch /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps/googletest-subbuild/googletest-populate-prefix/src/googletest-populate-stamp/googletest-populate-download | ninja: build stopped: subcommand failed. | | CMake Error at /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:989 (message): | Build step for googletest failed: 1 | Call Stack (most recent call first): | /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:1118:EVAL:2 (__FetchContent_directPopulate) | /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:1118 (cmake_language) | tests/CMakeLists.txt:17 (FetchContent_Populate) | | | -- Configuring incomplete, errors occurred! * unfortunately this backported patch fixes the fetching failure, because it uses release-${GOOGLETEST_VERSION} tag instead of now non-existent master branch, but is not enough to prevent fetching from github during do_configure: -- Building with tests -- Could NOT find GTest (missing: GTest_DIR) -- Checking for module 'gmock>=1.10.0' -- No package 'gmock' found Fetching googletest... we also need to add googletest dependency to with-tests PACKAGECONFIG was fixed in meta-oe/master with the upgrade to 1.0.0: https://github.com/openembedded/meta-openembedded/commit/b26b66e5da92718b4e99a57fbfaaef9e751c3cfe#diff-48a847e7323703994fd2ce0fcb731ff860fa955a77cdfe39d71a9cc84a042c06L15 then it's ok and not fetching: -- Building with tests -- Looking for pthread.h -- Looking for pthread.h - found Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lmsensors: do not depend on lmsensors-isatools on non-x86lumag2021-11-171-1/+1
| | | | | | | | | | | lmsensors will build isadump and isaset only on x86 architecture. Depending on this package breaks lmsensors on all non-x86 machines. Fix this by enabling ${PN}-isatools dependency only on x86. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE-2020-12403Ranjitsinh Rathod2021-11-173-0/+147
| | | | | | | | | | | | Add patch for CVE-2020-12403 Link: https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update SRC_URI branch and protocolsArmin Kuster2021-11-17272-288/+288
| | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* keyutils: fix install pathAlexander Thoma2021-11-021-12/+3
| | | | | | Signed-off-by: Alexander Thoma a.thoma@rational-online.com Signed-off-by: Florian Wühr f.wuehr@rational-online.com Signed-off-by: Armin Kuster <akuster808@gmail.com>
* grpc: Define SRCREV_FORMATAndreas Weger2021-11-021-0/+1
| | | | | | | | | Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT Signed-off-by: Andreas Weger <weger@hs-mittweida.de> Change-Id: Ib24fce16b3986a465f1c5854166b8f28446b5186 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* spirv-tools: Define SRCREV_FORMATAndreas Weger2021-11-021-0/+1
| | | | | | | | | Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT Signed-off-by: Andreas Weger <weger@hs-mittweida.de> Change-Id: I062eb971a83594315cc674ccb6eba67a14d5656f Signed-off-by: Armin Kuster <akuster808@gmail.com>
* android-tools: Define SRCREV_FORMATKhem Raj2021-11-021-0/+1
| | | | | | | Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pm-qa: fix paths for shell scriptsAnastasios Kavoukis2021-11-021-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cherry-pick the following patch from upstream/master branch, as this fixes the following error(s) seen while running the 'pm-qa' scripts on the targets: cpufreq_01.sh: line 28: ../include/functions.sh: No such file or directory ----------------------------------------------- A commit in the repo of pm-qa: "adf9df9 Fix path to library files and change shebang line" Changed the text that sed was using to replace relative to absolute paths. As a result sed was not effectively finding the text "source ../include" to replace it, as the sed should be now searching for ". ../include". Similarly for "../Switches" Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 06a93a04efe2c2cbae6de93d07962be4dfa35019) Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: update to 5.0.14Armin Kuster2021-10-291-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug fix only updates. see: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES Including these cves: 5.0.14 Security Fixes: * (CVE-2021-41099) Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value [reported by yiyuaner]. * (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms [reported by Microsoft Vulnerability Research]. * (CVE-2021-32687) Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value [reported by Pawel Wieczorkiewicz, AWS]. * (CVE-2021-32675) Denial Of Service when processing RESP request payloads with a large number of elements on many connections. * (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by Meir Shpilraien]. * (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value [reported by sundb]. * (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit [reported by sundb]. * (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer overflow [reported by Meir Shpilraien]. 5.0.11 Integer overflow on 32-bit systems (CVE-2021-21309): Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. 5.0.10 This release fixes a potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc. See: https://github.com/redis/redis/pull/7963 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gattlib: Place pkgconfig file in correct packageRichard Purdie2021-10-141-1/+1
| | | | | | | | | | | Fixes in OE-Core added some pkgconfig dependencies back and this flagged that the .pc file was in ${PN}, not ${PN}-dev. Fix that. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e9b3476ad9964210d5cdbce4d11b31b50738a4b6) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gattlib: remove includedir from base packageKonrad Weihmann2021-10-141-1/+1
| | | | | | | | | | | as it's already packaged to ${PN}-dev, so the setting was without any effect anyway Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1d26b2656b87a95b72d674954283ac014da8793b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dstat: Add missing python-six runtime dependencyMarek Vasut2021-09-201-1/+1
| | | | | | | | | | | | | | | The tool depends on the six module, add it, otherwise the following traceback happens when running it on the target: Traceback (most recent call last): File "/usr/bin/dstat", line 32, in <module> import six ModuleNotFoundError: No module named 'six' Signed-off-by: Marek Vasut <marex@denx.de> Cc: Khem Raj <raj.khem@gmail.com> Cc: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* c-ares: Add fix for CVE-2021-3672Neetika Singh2021-09-203-0/+207
| | | | | | | | | | | | | Added below patches to fix CVE-2021-3672 1. ares_expand_name-should-escape-more-characters.patch 2. ares_expand_name-fix-formatting-and-handling-of-root.patch Link: http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz Signed-off-by: akash hadke <Akash.Hadke@kpit.com> Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krb5: fix CVE-2021-36222Yi Zhao2021-09-102-0/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded MR: 112165 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-connectivity/krb5?id=69087d69d01a4530e2d588036fcbeaf8856b2ff1 ChangeID: e7cdfd1c4530312b4773103cf58d322451af1421 Description: CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. References: https://nvd.nist.gov/vuln/detail/CVE-2021-36222 Patches from: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 523f6d834d2fddb0ecc73c6d7d8b1845f65f5279) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com>
* nss: Two Security fixes CVE-2020-6829 and 12400Armin Kuster2021-09-052-0/+19790
| | | | | | | | | | | | | | Source: https://hg.mozilla.org/projects/nss MR: 106863 Type: Security Fix Disposition: Backport from https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c and 3f022d5eca5d3cd0e366a825a5681953d76299d0 ChangeID: f7f16ca20fbb2436071fde063fe56aa8b319ce41 Description: Affects NSS < 3.55 This address both VE-2020-6829 and CVE-2020-12400 Signed-off-by: Armin Kuster <akuster@mvista.com>
* c-ares: upgrade 1.16.0 -> 1.16.1Zang Ruochen2021-09-051-1/+1
| | | | | | | | | | | | | | | Source: https://git.openembedded.org MR: 111050 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/c-ares?h=hardknott&id=dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4 ChangeID: dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4 Description: Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dc25d9f11f3c7abc84700fc1d51fe6c2088a11c4) [Includes cve: CVE-2020-14354. Bug fix update, no ABI changes] Signed-off-by: Armin Kuster <akuster@mvista.com>
* dlt-daemon: update from 2.18.6 to 2.18.7Gianfranco2021-09-052-3/+47
| | | | | | | | | | | | - add an upstream proposed patch 317.patch to fix a build failure with enabled systemd binding Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 01fa60898c2fe65f327bea2f84aaca00aef3f371) [Stable version, bug fix only] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: update to new release 2.18.6Gianfranco Costamagna2021-09-054-146/+1
| | | | | | | | | | | | | | - drop patches 241 245 275: upstream Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> Stable version, bug fix only] (cherry picked from commit 8c17cac68473f98e663f05bc08b7505c0529e495) [ Stable version, bug fix only Fixup for Dunfell context] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: superseed upstream pr #238 patch with pr #245 due to unexpected ↵Gianfranco Costamagna2021-09-052-8/+47
| | | | | | | | | | | | | | behaviour Upstream commented to use the second one Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c32d2eb448ce343463dc75cc6120f395e32f0177) [Fixup for Dunfell context] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: fix build with upstream-proposed patch for MUSL libcGianfranco Costamagna2021-09-052-0/+31
| | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a7c9aa13dd94712ea49f535fbbf38d2db54cf7e2) Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: fix build failure when dlt-dbus is enabled, due to missing ↵Gianfranco2021-09-051-1/+2
| | | | | | | | | | | service file. Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b2fe766703e94cee2e3d1e21f3274789d6cd0c57) Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dlt-daemon: update to 2.18.5Gianfranco2021-09-053-150/+37
| | | | | | | | | | | | | - drop patch 204: upstream - add gcc-10 build fix proposed upstream 238.patch Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 97092276dd453a4ef67aaec7bdcb0fb3cf1a5ca5) [Stable version, bug fix only] Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xterm: Security fix for CVE-2021-27135Armin Kuster2021-08-242-0/+69
| | | | | | | | | | | | | | | | Source: Debian.org MR: 108848 Type: Security Fix Disposition: Backport from https://sources.debian.org/data/main/x/xterm/344-1%2Bdeb10u1/debian/patches/CVE-2021-27135.diff ChangeID: 00f53def87b8b95e62908581f8fb56a69118dd32 Description: xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. This fixes CVE-2021-27135. Leverage a patch from Debian. Signed-off-by: Armin Kuster <akuster@mvista.com>
* backport: xmlsec1: Fix configure QA error caused by host lookup pathAnatol Belski2021-08-152-0/+23
| | | | | | | | | | | | The configure script contains hardcoded lookup paths to /usr and other paths that might interfere with the host. These are overwritten with the staging dir locations for Poky compatibility. Backport from meta-oe master rev. 74b66d1911118bac53033f77ba6d3923f4809d5a Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Jan-Simon Moeller <dl9pf@gmx.de>
* php: move to version 7.4.21Joe Slater2021-08-141-1/+2
| | | | | | | | | | | | | | Lots of bug fixes. CVE: CVE-2021-21704 CVE-2021-21705 Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 69dcf5bac8adfd55f1a40cff1e989ed8806607cb) [Stable bug fix only updates] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fvwm: Fix build time paths in target perl/python scriptsKhem Raj2021-08-141-0/+7
| | | | | | | | | Add rdeps as needed Fixes shebang-size QA warnings Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8cc64128c70c5b6a41b050332abb1d73a10ef4fa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fvwm: Package extra files and man pagesKhem Raj2021-08-141-6/+12
| | | | | | | | Avoids using installed-vs-shipped Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 566049b4f1ddc049c1f89a5838d1a71bb429faa3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdbi-perl: fix CVE-2014-10402Kai Kang2021-08-142-1/+59
| | | | | | | | | | | | | | Backport patch to fix CVE-2014-10402. CVE: CVE-2014-10402 Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c80b3757ffc762a1577bcf7d0da41ebf1954b3f1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: Upgrade to 7.4.16Mingli Yu2021-07-263-187/+2
| | | | | | | | | | | | | License-Update: License updated (year updated) Fix some security issues such as CVE-2021-21702 and remove two cve patches which already included in the new version. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e418ee4657e084c8b4d42aabf76ff6df99253e91) [Bug fix only updates plus: CVE-2020-7071 ] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: allow php as emptyChangqing Li2021-07-261-0/+2
| | | | | | | | | | | Since commit c4ffcaa2[php: split out phpdbg into a separate package], package php is empty, we might met error: nothing provides php needed by php-cli-7.4.9-r0.corei7_64 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9be6b4f5a2ec857475626c74457a94b8d9236fd5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: split out phpdbg into a separate packageDiego Santa Cruz2021-07-261-1/+2
| | | | | | | | | | | Since PHP 7.0 the phpdbg debugger is built by default and gets shipped in the main php package, increasing its size by several MB; split it out into a php-phpdbg package, following Debian naming. Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c4ffcaa2ab3fbdef1ce58c253b32d82a57a3e2a8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ostree: Do not check for meta-pythonNicolas Dechesne2021-07-251-1/+1
| | | | | | | | | | | | It is a (non trivial) cherry pick from (cherry picked from commit b9ede0cb182ab095c863a6a5154bbe259a33f5c0) python3-pyyaml was moved from meta-python to meta-oe, so that we could apply this specific patch which breaks basic YP compatible check script. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-{pyyaml,cython,pyparsing}: move from meta-python to meta-oeNicolas Dechesne2021-07-254-0/+97
| | | | | | | | | | | | | | | | | | | | | | | | | | This specific statement in ostree recipe breaks the YP compatible status (yocto-check-layer): RDEPENDS_${PN}-ptest += " \ ... ${@bb.utils.contains('BBFILE_COLLECTIONS', 'meta-python', 'python3-pyyaml', '', d)} \ ... " Recently python3-pyyaml was moved to OE-core (0a8600f9cec0), and the ostree recipe was fixed with: b9ede0cb182a (python3-pyyaml: Do not check for meta-python) In dunfell, moving python3-pyyaml to OE-core is not a great idea, but moving it from meta-python to meta-oe allows us to fix ostree YP compatible issue. Since meta-python depends on meta-oe, it should not be a change with any visible effect. python3-cython and python3-pyparsing are collateral damages since they are dependency for python3-pyyaml, so needed to be moved too. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdevmapper,lvm2: Do not inherit licenseKhem Raj2021-07-251-3/+2
| | | | | | | | | | | | | | | inheriting license class which brings in AVAILABLE_LICENSES into do_configure task checksums class since it wants to enable thin-provisioning-tools if distro allows GPL-3 automatically, but this brings issues when other layers which have additional licenses are provided which ends up in signature mismatches so leave that setting to end-user and keep it disabled by default with a comment in recipes stating that if needed then the user should enable it via config metadata or bbappends. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f592e81f11d455546447ddff35b2f89e18c0cc0c) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: update to 10.4.20Armin Kuster2021-07-213-2/+2
| | | | | | | | | | | | | | | | | | Source: mariadb.org MR: 109670, 110757, 110768 Type: Security Fix Disposition: Backport from mariadb ChangeID: 82a82ba3623ff39ca17443d0117d36bcee73e612 Description: LTS version https://mariadb.com/kb/en/mariadb-10420-release-notes/ CVE-2021-2166: MariaDB 10.4.19 CVE-2021-2154: MariaDB 10.4.19 CVE-2021-27928: MariaDB 10.4.18 Signed-off-by: Armin kuster <akuster@mvista.com>
* vboxguestdrivers: add a fix for build failure with kernel 5.13Gianfranco2021-07-192-0/+277
| | | | | | | | | | | | Its already upstream and also used in Debian and Ubuntu Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d0f2d7c954b9f3befd9470d97de581fe5b1fb2a8) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 2e15d7eb66624c1755e8670f8c5448e3a9be0a21) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.20 -> 6.1.22Gianfranco2021-07-191-2/+2
| | | | | | | | | | | Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 319490178b999a74a82d092320de5d9d2e5c67bd) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 97a5a4b40c143f71c8bff403c51a061a0d5e8b6f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vboxguestdrivers: upgrade 6.1.18 -> 6.1.20Gianfranco2021-07-192-26/+2
| | | | | | | | | | | | | Drop all patches, now part of upstream codebase Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7) [Stable branch] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 703daeb65f49c60636e835ad53fc354ca641ab3f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 04:42:57 +0000