Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since it is not used in the tcpdump recipe anymore.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 01b55a8a55)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This upgrade adds some new features and fixes numerous bugs including
the following CVEs:
CVE: CVE-2017-16808 (AoE)
CVE: CVE-2018-14468 (FrameRelay)
CVE: CVE-2018-14469 (IKEv1)
CVE: CVE-2018-14470 (BABEL)
CVE: CVE-2018-14466 (AFS/RX)
CVE: CVE-2018-14461 (LDP)
CVE: CVE-2018-14462 (ICMP)
CVE: CVE-2018-14465 (RSVP)
CVE: CVE-2018-14881 (BGP)
CVE: CVE-2018-14464 (LMP)
CVE: CVE-2018-14463 (VRRP)
CVE: CVE-2018-14467 (BGP)
CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
CVE: CVE-2018-10105 (SMB - too unreliably reproduced,
SMB printing disabled)
CVE: CVE-2018-14880 (OSPF6)
CVE: CVE-2018-16451 (SMB)
CVE: CVE-2018-14882 (RPL)
CVE: CVE-2018-16227 (802.11)
CVE: CVE-2018-16229 (DCCP)
CVE: CVE-2018-16301 (was fixed in libpcap)
CVE: CVE-2018-16230 (BGP)
CVE: CVE-2018-16452 (SMB)
CVE: CVE-2018-16300 (BGP)
CVE: CVE-2018-16228 (HNCP)
CVE: CVE-2019-15166 (LMP)
CVE: CVE-2019-15167 (VRRP)
CVE: CVE-2018-14879 (tcpdump -V)
Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since the fix is included in the upgrade.
Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch",
"unnecessary-to-check-libpcap.patch", and "add-ptest.path" since
the upgrade renamed configure.in to configure.ac and made changes
to the file.
Added PACKAGECONFIG for smb. It is disabled by default in
the upgraded version in both the package's configure script and this
bitbake recipe since it is insecure.
Modified the parsing of ptest result to align with the new output
format.
With core-image-minimal on qemux86-64/kvm:
Recipe | Passed | Failed | Skipped | Time(s)
Before | 408 | 0 | 2 | 4
After | 431 | 11 | 2 | 10
11 test failed after the upgrade since libpcap is not upgraded
alongside with tcpdump.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 71535e2f0e)
[Upgrade is a resonable path do to the # of patches needed to address
all this issues]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a meta package which collects a bunch of 100dpi font packages
together which all are also under MIT license, Custom is not a known
type moreover MIT is well suited for this recipe for compatibility
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c95c94d689)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The ymorin.is-a-geek.org site has been down since September and there
is no indication of when, if ever, it will be back. Retrieve the
repository from GitLab instead, recommended by the maintainer, Yann E
Morin.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Extend to native builds, this is useful for unit tests.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes build with -Werror=return-type
twofish.c: In function 'init_twofish':
twofish.c:45:1: error: control reaches end of non-void function [-Werror=return-type]
45 | PyMODINIT_FUNC init_twofish(void) { }
| ^~~~~~~~~~~~~~
twofish.c: In function 'PyInit__twofish':
twofish.c:46:1: error: control reaches end of non-void function [-Werror=return-type]
46 | PyMODINIT_FUNC PyInit__twofish(void) { }
| ^~~~~~~~~~~~~~
cc1: some warnings being treated as errors
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* qt4 support is gone -> move to qt5
* while at it remove noop libtool copy
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a086334bce)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* An issue in meta-mortsgna was reported. Discussion is found at [1]
* We do similar in meta-gnome's gvfs for same reason [2]
* This is a bugfix which should apply and work for many release-branches
Fixes:
| Error: Transaction check error:
| file /etc/polkit-1/rules.d conflicts between attempted installs of polkit-group-rule-datetime-1.0-r0.cortexa7t2hf_neon_vfpv4 and polkit-0.115-r0.cortexa7t2hf_neon_vfpv4
[1] https://github.com/schnitzeltony/meta-mortsgna/issues/11
[2] fd1a0c9210/meta-gnome/recipes-gnome/gvfs/gvfs_1.41.2.bb (L72)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a47d385612)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
archive.mariadb.org does not go 404 on releases over time
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
We do not pass CFLAGS to build and fortify sources needs some
optimization to be enabled, its better to reset the additional flags and
let the build system add them as it needs
Fixes build failures like
tools/include/tools/libc_compat.h:11:21: error: static declaration of 'reallocarray' follows non-static declaration
| 11 | static inline void *reallocarray(void *ptr, size_t nmemb, size_t size)
| | ^~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d46e1e767f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
clang would emit bcmp built-in for musl bases system
but here we do not link in musl C library, so its best
to disable it
Fixes
git/usr/klibc/memmem.c:38: undefined reference to `bcmp'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andrea Adami <andrea.adami@gmail.com>
(cherry picked from commit 11bc2775af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There are errors of apache2 about files conflicts when multilib enabled:
| Error: Transaction check error:
| file /etc/apache2/extra/httpd-ssl.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /etc/apache2/httpd.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /usr/sbin/envvars conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /usr/sbin/envvars-std conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
It makes libexecdir point to ${libdir}. Reset to ${libexecdir} which could
eliminate file conflicts of the conf files. And remove /usr/sbin/envvars and
/usr/sbin/envvars-std which only used by apachectl. They only add standard
library path ${libdir} to LD_LIBRARY_PATH, so remove them to avoid multilib
file conflicts.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8d4d608b4e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Need to link with libatomics for 64bit atomics support
Fixes
i686-yoe-linux/i686-yoe-linux-ld: networking.o: in function `createClient':
| /usr/src/debug/redis/4.0.14-r0/redis-4.0.14/src/networking.c:103: undefined reference to `__atomic_fetch_add_8'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2b49254d61)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport selected parts of three upstream commits to fix
CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read.
Upstream-Status: Backport
[ several ]
Upstream commits fully backported:
46aead6 [CVE-2017-16808/AoE: Add a missing bounds check]
Upstream commits partially backported:
7068209 [Use nd_ types in 802.x and FDDI headers.]
84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using
pointers (1/n)]
46aead6 fixes the vulnerability and requires two macros defined in
7068209 and 84ef17a, which are committed after the release of 4.9.2.
Only the definition of the macros are taken from the two commits
as they impact a wide range of code and are difficult to integrate.
CVE: CVE-2017-16808
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62fc26075a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* now with virtual/kernel dependency dropped we don't want to depend on kernel signature just for
this RRECOMMENDS
* fixes:
=== Comparing signatures for task do_package_write_ipk.sigdata between hammerhead and mako ===
ERROR: oprofile different signature for task do_package_write_ipk.sigdata between hammerhead and mako
NOTE: Starting bitbake server...
runtaskdeps changed:
['binutils/binutils_2.32.bb.do_packagedata', -linux/linux-lg-hammerhead_git.bb.do_packagedata, +linux/linux-lg-mako_git.bb.do_packagedata, 'opkg-utils/opkg-utils_0.4.1.bb.do_populate_sysroot:virtual:native oprofile/oprofile_1.3.0.bb.do_package oprofile/oprofile_1.3.0.bb.do_packagedata pseudo/pseudo_git.bb.do_populate_sysroot:virtual:native xz/xz_5.2.4.bb.do_populate_sysroot:virtual:native']
linux/linux-lg-hammerhead_git.bb.do_packagedata with hash 0c5215deb4737611ad413f57cf5fbdef8a9b2cc6d04035f754a4e93fb38f61d1
changed to
linux/linux-lg-mako_git.bb.do_packagedata with hash 0f3b34773ca3e590739754c25959feb7cdcd67cf7904ac7fe6cc535e8d6519a8
Dependency on task linux/linux-lg-mako_git.bb.do_packagedata was added with hash 0f3b34773ca3e590739754c25959feb7cdcd67cf7904ac7fe6cc535e8d6519a8
Dependency on task linux/linux-lg-hammerhead_git.bb.do_packagedata was removed with hash 0c5215deb4737611ad413f57cf5fbdef8a9b2cc6d04035f754a4e93fb38f61d1
ERROR: 1 errors found in /home/jenkins/workspace/luneos-unstable/webos-ports/tmp-glibc/sstate-diff/1563368432/signatures.mako.do_package_write_ipk.sigdata.log
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ae65eb496b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Commit c6e963f9e ("lvm2: Add RDEPEND on lvm2 to lvm2-udevrules") added
a package dependency due to lvm2-udevrules needs dmsetup, however
dmsetup was moved to libdevmapper in commit 269d009a81 ("lvm2:
libdevicemapper package needs udev rules and dmsetup"), so this
dependency should be only for libdevmapper instead of the full package.
With the current implementation, a package that has a dependency with
lvm2-udev rules will include also many unnecessary packages like lvm2,
lvm2-scripts, etc. and their dependencies.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a security release on the 0.27 branch.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This includes the fix for CVE-2019-13132.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace source zip ball with tarball for net-snmp to avoid zip bomb issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
openvpn only provides options to update a pid file but not to check it
for running processes. Consecutive issued start commands therefore lead
to multiple running processes with the same configurations, which is the
origin of all kinds of problems of which unnecessary resource usage is the least.
Using start-stop-daemon the pid file is inspected for running processes
before start.
Signed-off-by: Fabian Klemp <fabian.klemp@axino-group.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
exfat-utils has been moved long ago to github. Update HOMEPAGE.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fuse-exfat has been moved long ago to github. Update URLs.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
License-Update:
The address of Free Software Foundation updated
Bug fixes:
MDEV-19490: show tables fails when selecting the information_schema database
MDEV-19541: InnoDB crashes when trying to recover a corrupted page
More details check:
https://jira.mariadb.org/browse/MDEV-19490https://jira.mariadb.org/browse/MDEV-19541
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[Note: This is a maintenance release from the 2.9 branch of libfuse.]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This includes deletion of a frequency where transmission
is no longer legal in Japan.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* phoronix-test-suite is allarch, but util-linux and lsb aren't
=== Comparing signatures for task do_package_write_ipk.sigdata between qemux86 and qemux86copy ===
ERROR: phoronix-test-suite different signature for task do_package_write_ipk.sigdata between qemux86 and qemux86copy
Hash for dependent task lsb/lsb_5.0.bb.do_packagedata changed from 7baca400e354b600fe967ea615032052 to 67888a6c7511339a873b547745287ef2
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
