Backport selected parts of three upstream commits to fix
CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read.
Upstream-Status: Backport
[ several ]
Upstream commits fully backported:
46aead6 [CVE-2017-16808/AoE: Add a missing bounds check]
Upstream commits partially backported:
7068209 [Use nd_ types in 802.x and FDDI headers.]
84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using
pointers (1/n)]
46aead6 fixes the vulnerability and requires two macros defined in
7068209 and 84ef17a, which are committed after the release of 4.9.2.
Only the definition of the macros are taken from the two commits
as they impact a wide range of code and are difficult to integrate.
CVE: CVE-2017-16808
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
To keep support of meta-clang support on thud branch.
It depends on libedit native
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A missing space lead to problems if something else was already added to
SYSROOT_PREPROCESS_FUNCS.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Uses iruserok and ruserok which are GNU extensions available in glibc
but not in musl
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* alioth.debian.org isn't available anymore
* master already has this (was part of the upgrade to newer version)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
License has been changed due to reformatting, no new stuff added.
Bug fix only update include security fixes:
CVE-2019-8936
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
cpupower is a 'special' recipe since it does "inherit kernelsrc" ,
which essentially means that it doesn't have its own sources, but
reuse the kernel source tree, from virtual/kernel recipe. As such,
checking the license file in cpupower recipe does not seem relevant,
since it does not fetch anything (kernelsrc has "deltask do_fetch")
and the fetching is deferred to the virtual/kernel recipe.
so we are basically checking the COPYING file twice. If there was any
license issue, it would have been caught by virtual/kernel recipe
already.
Hence we remove LIC_FILES_CHKSUM like it is done for perf recipe in
OE-core in meta/recipes-kernel/perf/perf.bb.
It has the nice side effect that BSP layers can use different kernel
versions without worrying about any LICENSE checksum changes in
between kernel versions.
Reported-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7142f09407)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ntpq is the standard query program for ntp,
but ntp-utils depends on perl.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix the following error when attempting to use blivet-gui in anaconda:
Traceback (most recent call first):
File "/usr/lib64/python3.5/site-packages/blivetgui/blivetgui.py", line 153, in supported_filesystems
if self._supported_filesystems:
File "/usr/lib64/python3.5/site-packages/blivetgui/blivetgui.py", line 456, in add_device
supported_filesystems=self.supported_filesystems,
AttributeError: 'BlivetGUIAnaconda' object has no attribute '_supported_filesystems'
Reference:
https://github.com/storaged-project/blivet-gui/pull/100/
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Convert all other instances of explicit PACKAGECONFIG uses
to the PACKAGECONFIG_CONFARGS infrastructure.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Damien Riegel <damien.riegel@gmail.com>
[Damien Riegel: backport from master]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The mosquitto systemd service file instructs systemd to wait
for mosquitto to notify systemd that mosquitto has started
correctly. This isn't working as mosquitto is not *compiled*
with systemd support enabled. As such, systemd restarts
mosquitto every few seconds.
For reference, this was introduced in commit a483d344d9
("mosquitto: Make enabling systemd also enable build dep on systemd")
Because we build mosquitto using the provided Makefile
infrastructure, the solution is to add PACKAGECONFIG_CONFARGS
to EXTRA_OEMAKE, so that the required make flags are added
to the make command line.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Damien Riegel <damien.riegel@gmail.com>
[Damien Riegel: backport from master]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| ERROR: libgit2-0.27.4-r0 do_package: QA Issue: libgit2: Files/directories were installed but not shipped in any package:
| /usr/lib/libgit2.so.0.27.5
| /usr/lib/libgit2.so.27
| /usr/lib/libgit2.so
| /usr/lib/pkgconfig
| /usr/lib/pkgconfig/libgit2.pc
| Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
+ reduce 8 spaces by 4
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Got the following error when I activated both ppp and modemmanager
options:
ERROR: networkmanager-1.14.4-r0 do_package: QA Issue: networkmanager: Files/directories were installed but not shipped in any package:
/usr/lib/pppd/2.4.5/nm-pppd-plugin.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
If both ncat and ssl are in PACKAGECONFIG then the installer adds
a cert bundle to
/usr/share/ncat/ca-bundle.crt
Signed-off-by: Scott Ellis <scott@jumpnowtek.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
includes:
wnpa-sec-2019-01 The 6LoWPAN dissector could crash. Bug 15217. CVE-2019-5716.
wnpa-sec-2019-02 The P_MUL dissector could crash. Bug 15337. CVE-2019-5717.
wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. Bug 15373. CVE-2019-5718.
wnpa-sec-2019-04 The ISAKMP dissector could crash. Bug 15374. CVE-2019-5719.
For more info see: https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
- mips64 port does not exist
- Also convert aarch64 compatible host case to an override
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix following warning:
WARNING:
networkmanager-1.14.4-r0 do_configure:
QA Issue: networkmanager:
invalid PACKAGECONFIG: bluez5glib [invalid-packageconfig]
if conf/local.conf:
PACKAGECONFIG_append_pn-networkmanager = " ifupdown wifi bluez5"
bluez5 is not compiled into nm
appending variable should use a prepending space, see
https://www.yoctoproject.org/docs/2.0/ref-manual/ref-manual.html
Signed-off-by: Thomas Csovcsity <thc.fr13nd@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There is the same issue as for libldb, the header has conflicting defs
for unitptr_t. Fix it as done for the other recipe.
Fix
/cmocka/cmocka.h:126:28: error: conflicting types for 'uintptr_t'
typedef unsigned int uintptr_t;
^~~~~~~~~
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Builds with little endianness were not tested before.
Fix for:
purgatory.c:2:10: fatal error: limits.h:
No such file or directory
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Newer versions of clang optimize the calls to use unlocked variants of
these functions
Fixes
| capabilities.c:(.text+0xb4): undefined reference to `fread_unlocked'
| arm-yoe-linux-gnueabi-ld.bfd: capabilities.c:(.text+0x11a): undefined
reference to `fwrite_unlocked'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The ptpd2 daemon consumes 100% CPU (of a single core) after
some amount of stable runtime. This fix added minimum POSIX
timer interval to prevent from timers firing to quickly for
the process to handle, resulting in 100% CPU and endless signal queue.
Reference: https://github.com/ptpd/ptpd/blob/master/ChangeLog
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* don't mix tabs and spaces for indentation, removes new warning:
meta-oe/recipes-support/open-vm-tools/open-vm-tools_10.3.0.bb: python should use 4 spaces indentation, but found tabs in open-vm-tools_10.3.0.bb, line 107
* remove FILES_${PN}-dbg variable, all .debug directories are
packaged automatically in ${PN}-dbg for long time (at least since
2.1 Krogoth) since this oe-core commit:
commit da5ec06814e105451cca11cce76b5c5231110524
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue Dec 15 15:38:54 2015 +0000
package: Add auto package splitting of .debug files
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Some packages are not supported on all architectures, therefore they
can not be included unconditionally.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
