The current use of RDEPENDS to add a dependency on bats results
in the QA warning/error
lib32-libgpiod package lib32-libgpiod-ptest-dev - suspicious values
'bats-dev' in RRECOMMENDS [multilib]
when building lib32-libgpiod with ptest not enabled. We add the
dependency only if ptest is enabled.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9904bd6a24)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
https://c-ares.org/changelog.html
c-ares version 1.19.1 - May 22 2023
Security:
CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS
query IDs
CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during
cross compilation
Bug fixes:
Fix uninitialized memory warning in test
Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses
ares_getaddrinfo() should allow a port of 0
Fix memory leak in ares_send() on error
Fix comment style in ares_data.h
Remove unneeded ifdef for Windows
Fix typo in ares_init_options.3
Re-add support for Watcom compiler
Sync ax_pthread.m4 with upstream
Windows: Invalid stack variable used out of scope for HOSTS path
Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This release contains bug fixes only.
The following CVEs have been addressed:
CVE-2023-27783
CVE-2023-27784
CVE-2023-27785
CVE-2023-27786
CVE-2023-27787
CVE-2023-27788
CVE-2023-27789
Changelog:
=========
dlt_jnpr_ether_cleanup: check subctx before cleanup by @Marsman1996 in #781
Bug #780 assert tcpedit dlt cleanup by @fklassen in #800
Fix bugs caused by strtok_r by @Marsman1996 in #783
Bug #782#784#785#786#787#788 strtok r isuses by @fklassen in #801
Update en10mb.c by @david-guti in #793
PR #793 ip6 unicast flood by @fklassen in #802
Bug #719 fix overflow check for parse_mpls() by @fklassen in #804
PR #793 - update tests for corrected IPv6 MAC by @fklassen in #805
PR #793 - update tests for vlandel by @fklassen in #806
Feature #773 gh actions ci by @fklassen in #807
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A vulnerability classified as problematic was found in OpenCV
wechat_qrcode Module up to 4.7.0. Affected by this vulnerability
is the function DecodedBitStreamParser::decodeByteSegment of the
file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation
leads to null pointer dereference. The attack can be launched
remotely. The exploit has been disclosed to the public and may
be used. It is recommended to apply a patch to fix this issue.
The associated identifier of this vulnerability is VDB-228547.
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This reverts commit 0abf5af3ff
libopencv-ts package is not empty and libopencv_ts libraries are
not all installed in the -dev package, these libraries are needed
for sdk development listed in opencv4.pc file.
Signed-off-by: Sandeep Gundlupet Raju <sandeep.gundlupet-raju@amd.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Look for level transitions when testing toggling
values because using fixed delays to assume value
changes is not reliable.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
cherry-pick from meta-oe/master 45a8bb2620...
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
These pyc files include references to buildtime TMPDIR, therefore delete
them and let them be regerated during runtime if needed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b1b7ee87ac)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove intltool-native as it is not used, and add autoconf-archive-native.
Also explicitly disable systemd when not selected to be sure it doesn't
automatically enable.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0713297ae9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This can be satisfied via transitive dependencies, but make it an
explicit DEPENDS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2697f5bcf4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
If you try to build libblockdev with an empty PACKAGECONFIG then the
configure fails.
Add autoconf-archive, glib-2.0, and udev; these were implicitly pulled
in via other dependencies. Move kmod to DEPENDS as it's a hard
requirement.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f14663746b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This can be satisfied via transitive dependencies, but make it an
explicit DEPENDS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5fca30d672)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This can be satisfied via transitive dependencies, but make it an
explicit DEPENDS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dbbafeceb4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Recipes are not expected to set FILESPATH directly, they are
expected to use FILESEXTRAPATH.
I can see the seting of FILESPATH in this recipe only wants to
find redis-7 specific patches and files. This could be easily achieved by
using redis-7.0.11/ directory to hold all those files.
Using FILESPATH in this way removes the possibility of overriding
some files (e.g., the redis service file) from other layers via
FILESEXTRAPATH:prepend, which is kind of a common practice and is
actually working for basically all other recipes.
This is because we have:
meta/classes-global/base.bbclass:FILESPATH = "${@base_set_filespath(["${FILE_DIRNAME}/${BP}", "${FILE_DIRNAME}/${BPN}", "${FILE_DIRNAME}/files"], d)}"
And FILESEXTRAPATH is handled in base_set_filespath.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
c-ares is an asynchronous resolver library. c-ares is vulnerable
to denial of service. If a target resolver sends a query, the attacker
forges a malformed UDP packet with a length of 0 and returns them to
the target resolver. The target resolver erroneously interprets the 0
length as a graceful shutdown of the connection. This issue has been
patched in version 1.19.1.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-32067https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
pahole need to line up with kernel's architectures bitsize,
so add it to NON_MULTILIB_RECIPES.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
using libbpf-native provided headers for pahole-native or other application.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ensures that we do not apply empty sed expression which might happen
when building native recipe
Cc: jan vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fcdb991b80)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As per gnulib_2018-03-07 recipe information,
SRCREV = "0d6e3307bbdb8df4d56043d5f373eeeffe4cbef3"
This revision was committed on "2018-12-18".
There is a discrepancy between SRCREV and the recipe version.
Which reports "CVE-2018-17942" as unpatched.
To report "CVE-2018-17942" as patched,
We need to align a recipe name with SRCREV commit date.
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9edbe7033c)
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Use sed to change scripts to reference ${baselib}. The
former set of scripts modified was incomplete.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1cc72c41af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CCFLAGS is used in Make rules which will ensure file remapping options
are used when compiling
Fixes
WARNING: vlan-1.9-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/vconfig.vlan in package vlan-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 26842ecc3b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Configure emits HAVE_CC variable to be used in sourcecode and its built
from CC env var, CC in OE contains buildpaths in --sysroot option,
therefore edit this option out in configure.ac itself and remove all
other workarounds to fix this issue in recipe
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c0a344ab71)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
it encoded PYTHON variable during build which otherwise points to python
on build host which is not correct for cross compiled packages.
Add missing dependency on python3-core which is needed for ibus-setup
script to run
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fe0e3d77eb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
0001-initialize-GdkDragAction-action-to-0.patch
removed since it's included in 44.1
Changelog:
==========
* Resolve some crashes
* Visual bugfixes:
- Tweak style colors in view items
- Show custom emblems from extensions again
- Relayout SELinux property row
- Flip switches correctly
* Other bugfixes:
- Disable some actions when not useful
- Fix dead characters handling in batch rename dialog
- Fix crashes when rapidly opening and closing windows
- Prevent location change when autofs timeouts
- Fix issues with translations in libadwaita widgets
- Drop workarounds for fixed GTK bugs
- Fix other issues
* Enhancements:
- Dismiss toast on undo
- Select right items after some operations
- Paste into expanded folders
- Allow extraction of .tar.zst and .zstd archives
- Performance optimization
* Translation updates
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0398ebda11)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bison/flex emits line directives which can be safely removed from
generated files.
agent_version.h is generated by cmake which has build information like
compiler and cflags etc. which contains buildpaths too, therefore
replace real workdir with <WORKDIR>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0d2df1e4c4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
