Minor security and bugfix release. Fixes
CVE-2024-0985: PostgreSQL non-owner REFRESH MATERIALIZED VIEW
CONCURRENTLY executes arbitrary SQL
Additional information is available in the release notes:
https://www.postgresql.org/docs/release/12.18/
Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
with make 4.4, linuxptp do_compile will failed with error:
In file included from clock.c:35:
missing.h:61:9: error: redeclaration of enumerator 'HWTSTAMP_TX_ONESTEP_P2P'
61 | HWTSTAMP_TX_ONESTEP_P2P = 3,
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from clock.c:21:
/buildarea2/WRLCD_Regression/Rerun/build_dir/11201532-build_scp_world_Feature_Test/qemux86-64-standard-std-OE/build/tmp-glibc/work/core2-64-wrs-linux/linuxptp/3.1.1-r0/recipe-sysroot/usr/include/linux/net_tstamp.h:128:9: note: previous definition of 'HWTSTAMP_TX_ONESTEP_P2P' with type 'enum hwtstamp_tx_types'
128 | HWTSTAMP_TX_ONESTEP_P2P,
|
Following change of make 4.4 changes behavior of shell function:
* WARNING: Backward-incompatibility!
Previously makefile variables marked as export were not exported to commands
started by the $(shell ...) function. Now, all exported variables are
exported to $(shell ...).
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport of commit 05c1003c4 ("linuxptp: fix do_compile error").
This is present in dunfell/kirkstone as well. If net_tstamp.h of the
build host disagrees with net_tstamp.h of the OE kernel or I remove
the build host's net_tstamp.h do_compile fails.
Changed Upstream Status to Backport with the git sha as the commit is
now applied upstream.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Minor security and bugfix release. Addresses the following CVEs:
CVE-2023-5868: Memory disclosure in aggregate function calls
CVE-2023-5869: Buffer overrun from integer overflow in array modification
CVE-2023-5870: Role pg_signal_backend can signal certain superuser processes
Additional information is available in the release notes:
https://www.postgresql.org/docs/release/12.17/
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The master branch has been removed in all of the repos used
in SRC_URI. Switch to the main branch instead.
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9962d57f7c)
Backport:
* Updated paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
* NB: cups-filter needs poppler-native but its not available. To fix
this, 5fa0188b8c could be backported.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is 1.0.10 release with few more commits on top.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The CVEs:
* CVE-2019-16868
* CVE-2019-17073
* CVE-2021-44584
* CVE-2022-1526
* CVE-2022-3968
* CVE-2023-43291
... apply to the other "emlog" and can be safely ignored.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is 0.70 release with few more commits on top.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 08edc0b6ac)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
iperf3 before 3.14 allows peers to cause an integer overflow and heap
corruption via a crafted length field.
NVD link: https://nvd.nist.gov/vuln/detail/CVE-2023-38403
Upstream-Status: Backported from 0ef151550d
Signed-off-by: Bhargav Das <bhargav.das@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1 for these components.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes nodejs-native build with gcc-13 on host:
http://errors.yoctoproject.org/Errors/Details/728221/
nodejs-12 doesn't need it yet and nodejs-16 doesn't need it as well
'-DV8_TYPED_ARRAY_MAX_SIZE_IN_HEAP=64' '-D__STDC_FORMAT_MACROS' '-DOPENSSL_NO_PINSHARED' '-DOPENSSL_THREADS' '-DV8_TARGET_ARCH_X64' '-DV8_EMBEDDER_STRING="-node.84"' '-DENABLE_DISASSEMBLER' '-DV8_PROMISE_INTERNAL_FIELD_COUNT=1' '-DENABLE_MINOR_MC' '-DOBJECT_PRINT' '-DV8_INTL_SUPPORT' '-DV8_CONCURRENT_MARKING' '-DV8_ARRAY_BUFFER_EXTENSION' '-DV8_ENABLE_LAZY_SOURCE_POSITIONS' '-DV8_USE_SIPHASH' '-DDISABLE_UNTRUSTED_CODE_MITIGATIONS' '-DV8_WIN64_UNWINDING_INFO' '-DV8_ENABLE_REGEXP_INTERPRETER_THREADED_DISPATCH' '-DV8_SNAPSHOT_COMPRESSION' -ITOPDIR/tmp-glibc/work/x86_64-linux/nodejs-native/14.18.1-r0/recipe-sysroot-native/usr/include -I../deps/v8 -I../deps/v8/include -I.//Release/obj/gen/torque-output-root -I.//Release/obj/gen/generate-bytecode-output-root -pthread -Wno-unused-parameter -m64 -Wno-return-type -fno-strict-aliasing -m64 -O3 -fno-omit-frame-pointer -fdata-sections -ffunction-sections -O3 -fno-rtti -fno-exceptions -std=gnu++1y -MMD -MF .//Release/.deps/Release/obj.host/v8_initializers/gen/torque-output-root/torque-generated/../../deps/v8/src/builtins/array-find-tq-csa.o.d.raw -isystemTOPDIR/tmp-glibc/work/x86_64-linux/nodejs-native/14.18.1-r0/recipe-sysroot-native/usr/include -isystemTOPDIR/tmp-glibc/work/x86_64-linux/nodejs-native/14.18.1-r0/recipe-sysroot-native/usr/include -O2 -pipe -c
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/bits/move.h:37,
from /usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/bits/stl_function.h:60,
from /usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/functional:49,
from ../deps/v8/src/codegen/code-stub-assembler.h:8,
from ../deps/v8/src/builtins/builtins-promise-gen.h:8,
from ../deps/v8/src/builtins/builtins-async-gen.h:8,
from ../deps/v8/src/builtins/builtins-async-function-gen.cc:5:
/usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/type_traits: In instantiation of ‘struct std::is_convertible<v8::internal::Cell, v8::internal::Object>’:
../deps/v8/src/codegen/tnode.h:262:72: required from ‘const bool v8::internal::is_subtype<v8::internal::Cell, v8::internal::Cell>::value’
../deps/v8/src/codegen/tnode.h:346:75: required by substitution of ‘template<class U, typename std::enable_if<v8::internal::is_subtype<U, v8::internal::Cell>::value, int>::type <anonymous> > v8::internal::TNode<v8::internal::Cell>::TNode(const v8::internal::TNode<T>&) [with U = v8::internal::Cell; typename std::enable_if<v8::internal::is_subtype<U, v8::internal::Cell>::value, int>::type <anonymous> = <missing>]’
../deps/v8/src/codegen/code-stub-assembler.h:1868:33: required from here
/usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/type_traits:1417:30: error: invalid use of incomplete type ‘class v8::internal::Cell’ [-fpermissive]
1417 | : public __bool_constant<__is_convertible(_From, _To)>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../deps/v8/src/objects/objects.h:26,
from ../deps/v8/src/objects/fixed-array.h:10,
from ../deps/v8/src/objects/contexts.h:8,
from ../deps/v8/src/execution/thread-local-top.h:10,
from ../deps/v8/src/execution/isolate-data.h:12,
from ../deps/v8/src/execution/isolate.h:24,
from ../deps/v8/src/codegen/interface-descriptors.h:14,
from ../deps/v8/src/codegen/callable.h:8,
from ../deps/v8/src/codegen/code-factory.h:8,
from ../deps/v8/src/compiler/code-assembler.h:17,
from ../deps/v8/src/codegen/code-stub-assembler.h:15:
../deps/v8/src/objects/object-list-macros.h:19:7: note: forward declaration of ‘class v8::internal::Cell’
19 | class Cell;
| ^~~~
In file included from ../deps/v8/src/codegen/interface-descriptors.h:12:
../deps/v8/src/codegen/tnode.h: In instantiation of ‘const bool v8::internal::is_subtype<v8::internal::Cell, v8::internal::Cell>::value’:
../deps/v8/src/codegen/tnode.h:346:75: required by substitution of ‘template<class U, typename std::enable_if<v8::internal::is_subtype<U, v8::internal::Cell>::value, int>::type <anonymous> > v8::internal::TNode<v8::internal::Cell>::TNode(const v8::internal::TNode<T>&) [with U = v8::internal::Cell; typename std::enable_if<v8::internal::is_subtype<U, v8::internal::Cell>::value, int>::type <anonymous> = <missing>]’
../deps/v8/src/codegen/code-stub-assembler.h:1868:33: required from here
../deps/v8/src/codegen/tnode.h:262:72: error: ‘value’ is not a member of ‘std::is_convertible<v8::internal::Cell, v8::internal::Object>’
262 | std::is_convertible<T, Object>::value);
| ^~~~~
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* MJ: remove AUTHORS modification from the original patch from
nodejs-16, so that the same patch does apply for both 14 and 12
versions used in dunfell
* MJ: gcc-13 isn't used for target builds in dunfell, but can be used
on host, so this is useful backport for nodejs-native
* MJ: this fixes default nodejs-native-12, nodejs-native-14 with negative
D_P might need additional fix on top
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add Base64 encode/decode library, some packages e.g. sysdig can benefit
from it
Disable parallel make as it races at times
make[1]: *** No rule to make target 'libb64.a', needed by 'c-example1'. Stop.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6946f40707)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As per gnulib_2018-03-07 recipe information,
SRCREV = "0d6e3307bbdb8df4d56043d5f373eeeffe4cbef3"
This revision was committed on "2018-12-18".
There is a discrepancy between SRCREV and the recipe version.
Which reports "CVE-2018-17942" as unpatched.
To report "CVE-2018-17942" as patched,
We need to align a recipe name with SRCREV commit date.
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9edbe7033c)
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Chromium 112 needs nodejs-native version 14 or later.
Add the nodejs_14.18.1 recipe from kirkstone:
246b20b92 nodejs: Upgrade to 14.18.1
but, use DEFAULT_PREFERENCE to make sure that the default version of nodejs
remains 12.x.
7 patches which were modified between nodejs 12 & nodejs 14 were renamed by
adding the suffix "-nodejs14". Note there are some common patches used by
nodejs 12 & 14 so, that will require attention during future maintenance.
In addition, there were 3 CVE-2022* patches which applied cleanly to nodejs
14 so, they were added to the nodejs 14 recipe. One patch, CVE-llhttp.patch
conflicted so, it has not been applied in nodejs 14 yet.
Nodejs 14 compile for qemux86-64 but, no run-time testing has been performed.
For chromium, we would either require users to modify the local.conf file or
we may create a dunfell specific branch in meta-browser.
See: https://github.com/OSSystems/meta-browser/pull/709
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
