License-Update: License updated (year updated)
Fix some security issues such as CVE-2021-21702 and remove two
cve patches which already included in the new version.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e418ee4657)
[Bug fix only updates plus: CVE-2020-7071 ]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since commit c4ffcaa2[php: split out phpdbg into a separate package],
package php is empty, we might met error:
nothing provides php needed by php-cli-7.4.9-r0.corei7_64
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9be6b4f5a2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since PHP 7.0 the phpdbg debugger is built by default and gets shipped
in the main php package, increasing its size by several MB; split it
out into a php-phpdbg package, following Debian naming.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c4ffcaa2ab)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This specific statement in ostree recipe breaks the YP compatible
status (yocto-check-layer):
RDEPENDS_${PN}-ptest += " \
...
${@bb.utils.contains('BBFILE_COLLECTIONS', 'meta-python', 'python3-pyyaml', '', d)} \
...
"
Recently python3-pyyaml was moved to OE-core (0a8600f9cec0), and the
ostree recipe was fixed with:
b9ede0cb18 (python3-pyyaml: Do not check for meta-python)
In dunfell, moving python3-pyyaml to OE-core is not a great idea, but
moving it from meta-python to meta-oe allows us to fix ostree YP
compatible issue. Since meta-python depends on meta-oe, it should not
be a change with any visible effect.
python3-cython and python3-pyparsing are collateral damages since they are
dependency for python3-pyyaml, so needed to be moved too.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
commit hash for version 3.9.7 is invalid
because previous commit hashes
chagned by git filter-branch command are restored
Signed-off-by: Peace Lee <iipeace5@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fdbfb6ce99)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport upstream patch for CVE-2019-15133.
Set CVE_PRODUCT to "giflib_project:giflib" which is used
in NVD. https://nvd.nist.gov/vuln/detail/CVE-2019-15133
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 4.19.23:
- Added some missing quotes to configure.py
- Fixed a race condition when calling the PyQt5-specific meta-call
helper.
- Fixed the wrapping of methods that return a Py_Ssize_t.
- The code generator now distinguishes between the copy/assignment
helper and the array helper when determining which helpers can
be generated.
- Fixed the code generation when making a copy of C++ object on
the stack to the heap when the class has no suitable ctor.
- Check there is a public copy ctor when we can't using an
assigment operator as a workaround.
- Preserve any current exception in the implementation of the
wrapper dealloc functions.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 358b398258)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Consolidate inc and bb files into a single bb file.
Fix the broken link for HOMEPAGE.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2bc281393a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade SRCREV to latest as it fixes the below issue:
Running UndefinedBehaviorSanitizer on projects that use
rapidjson triggers 'applying non-zero offset <NN> to null
pointer' findings in 'internal/stack.h' which are hard
to suppress by library users.
Removed "0001-CMake-remove-hardcoded-CMAKECONFIG_INSTALL_DIR-path.patch"
as the changes are already incorporated in the latest
codebase.
As per abi-compliance-checker report the source compatibility
and binary compatibility between previous SRCREV
6a905f9311f82d306da77bd963ec5aa5da07da9c and current
SRCREV 0ccdbf364c577803e2a751f5aededce935314313
is 100% and this patch is already tested on 64bit
ARM (aarch64) in a product with on target CI tests.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 04d9ea0ba7)
Signed-off-by: Harpritkaur Bhandari <Harpritkaur.Bhandari@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2020-35864 is for the rust crate for flatbuffers, not
flatbuffers itself.
https://security-tracker.debian.org/tracker/CVE-2020-35864
"NOT-FOR-US: flatbuffers rust crate"
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Uprev nodejs in order to fix CVE-2020-8277.
This CVE allows an attacker to trigger a DNS request for a host
of their choice, which could trigger a Denial of Service in
nodejs versions < 12.19.1.
See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
CVE: CVE-2020-8277
Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a440154082)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 387f40ce80)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This perhaps is last release in 12.x LTS
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a10f894a8e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport a patch from upstream to take care of build failure e.g.
| ../deps/v8/src/codegen/arm/cpu-arm.cc:38:16: error: write to reserved register 'R7'
| asm volatile("svc 0\n"
| ^
| 1 error generated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 45a2dfdd0f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Drop already upstreamed patches
use builtin uv, it does not build without it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bda3ee6276)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
LIC_FILES_CHKSUM changed to do year updates
This is the last 5.3.x update. This will give us the best
starting point for doing Maintence moving forward.
Its a bug fix only update. See http://www.lua.org/work/diffs-lua-5.3.5-lua-5.3.6.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Appending ${TMPDIR} to ${D} doesn't make any sense, because both are
absolute paths. And additionally, the code fails:
rmdir: failed to remove '/usr/src/oe/tmp-musl/work/core2-64-oe-linux-musl/php/7.1.9-r0/image//usr': Directory not empty
Signed-off-by: Max Kellermann <max.kellermann@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit f6338892d9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 7.4.9:
- Fixed: Upgrade apache2handler's php_apache_sapi_get_request_time
to return usec
- Fixed: BSTR to PHP string conversion not binary safe
- Fixed: DCOM does not work with Username, Password parameter
- Fixed: serialize() and unserialize() methods can not be called
statically
- Fixed: Segfault in php_str_replace_common
- Fixed: Assertion failure if dumping closure with unresolved
static variable
- Fixed: Assertion failure when assigning property of string
offset by reference
- Fixed: HT iterators not removed if empty array is destroyed
- Fixed: Changing array during undef index RW error segfaults
- Fixed: Use after free if changing array during undef var during
array write fetch
- Fixed: Use after free if string used in undefined index warning
is changed
- Fixed: Public non-static property in child should take priority
over private static
- Fixed: getimagesize function silently truncates after a null
byte
- Fixed: finfo_file crash (FILEINFO_MIME)
- Fixed: ftp_size on large files
- Fixed: mb_strimwidth does not trim string
- Fixed: Use of freed hash key in the phar_parse_zipfile function
- Fixed: ::getStaticProperties() ignores property modifications
- Fixed: ::getStaticPropertyValue() throws on protected props
- Fixed: Use after free when type duplicated into
ReflectionProperty gets resolved
- Fixed: Can't copy() large 'data://' with open_basedir
- Fixed: dns_check_record() always return true on Alpine
- Fixed: array_walk() does not respect property types
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f46931abf0)
[Bug fix on update. lts version]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Because CVE-2019-14274.patch is included in ice-mcpp.patch, the cve-check-tool fails to correctly judge the CVE of the OSS. CVE-2019-14274.patch is separated from ice-mcpp.patch to fix the problem.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9301b77e32)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 81874b2392)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Unfortunately 489d3b4b93 did not completely
fix the problem - if you try cleaning and rebuilding protobuf-c-native it
doesn't take long to reproduce the issue on a 32-core machine. I spent
some time trying to debug this but failed, there is still a race between
generating t.test-full.pb.h and compiling cxx_generate_packed_data.c
despite BUILT_SOURCES and explicit dependencies. I even tried converting
the multiple target rules to use grouped targets (&:), that didn't fix it
either. Disabling parallelism as a workaround only costs ~20s and it
turns out that upstream is switching to Meson soon anyway:
https://github.com/protobuf-c/protobuf-c/pull/340
Signed-off-by: Paul Eggleton <paul.eggleton@linux.microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3251fe210a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The following issue and PR describe an issue with nlohmann-json and
GCC10.
https://github.com/nlohmann/json/issues/1920https://github.com/nlohmann/json/pull/2034
Confirmed that this fixed the issue seen in OpenBMC when pulling in the
latest upstream meta-openembedded.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 12b707c52d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The source of the issue is the update for PHP 7.4 support in
0001-opcache-config.m4-enable-opcache.patch (commit 7cc7a9ec). Instead
of working around the issue in the recipe file, update the patch to
restore the call to PHP_ADD_LIBRARY().
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3cfd16be4e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Explicitly specifying -lrt is required for opcache to be linked against
the proper dependencies. Additionally, PHP disables libdl when it
detects a cross-compilation environment for some reason. In order to
load any type of extension, re-enabling libdl is required.
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0145cb4645)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
PHP 7.4 enables libxml by default and removed it as a configurable
option.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7aeef522ff)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--enable-zip and --with-libzip were removed in PHP 7.x.
These are replaced by --with-zip --with-zlib-dir.
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6690afa59e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since uftrace-0.9.4 was released, there has been some important bug
fixes. It would be better to include such bug fix commits so this patch
updates the commit hash to more stable one.
The bug fix patches are as follows:
[1] a0fbee404b
[2] 251ba74a72
[3] 19e6f0d4b3
[4] d648bbffed
Signed-off-by: Honggyu Kim <honggyu.kp@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: License updated (year updated)
note: for 7.4, pear is disabled by default,
and it will be deprecated in future.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
cJSON aims to be the dumbest possible parser that you can get your
job done with. It's a single file of C, and a single header file.
Homepage: https://github.com/DaveGamble/cJSON
Signed-off-by: Ting Liu <ting.liu@nxp.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Risc-V ADB implementation is based on ARM64 implemtentation.
The core change is leverage fence command to implement memroy barrier
featrue.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
LUA_CPATH_DEFAULT for *.so files should include
LUA_ROOT/lib64/lua/LUA_VDIR not LUA_ROOT/lib/lua/LUA_VDIR
Signed-off-by: Haseeb Ashraf <Haseeb_Ashraf@mentor.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
