| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution,
which accepts a parameter to control the maximum number of records returned
(query string: `n`). This vulnerability allows a malicious user to submit an
unreasonably large value for `n,` causing the allocation of a massive string
array, possibly causing a denial of service through excessive use of memory.
References:
https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the insane.bbclass upstream-status check hasn't been made
default, users of meta-virtualization may have it enabled in their
distros .. so the effect is the same. We must have this tracking
tag in out patches.
This is a bulk update to add the tag and silence the QA message.
As packages get updated, the normal/routine process of checking
the patches will continue, and the status fields may (or may not)
get more useful.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With oe-core commit c23f9e80492e4b [tcmode-default: use
go-binary-native by default], we must explictly call the proper
cross go binary, versus just the go-native variant.
These builds were working by luck, since the go compiler was capable
of building the target binaries previously (in its build-from-source
creation). We fixup the calls and we no longer see fpu build issues:
fatal error: gnu/stubs-soft.h: No such file or directory
7 | # include <gnu/stubs-soft.h>
| ^~~~~~~~~~~~~~~~~~
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Follow the bouncing docker-registry package. Rather than use the docker hub
registry container, we can have finer grained control if we clone and build
the docker-distribution repository directly.
Since this is distinct from the main docker package/codebase, we break the
registry back out into its own package.
We also create a baseline configuration and .service file that can be the
basis for more complex implementations.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|