it depends on accountservice package which already needs this
DISTRO_FEATURE
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Backported from Honister
(cherry-picked from commit e7251cf6ba)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
RPCoRDMA: Frame end cleanup for global write offsets
Upstream-Status: Backport from [3c8be14c82]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Minor security and bugfix release. Addresses the following CVEs:
CVE-2023-5868: Memory disclosure in aggregate function calls
CVE-2023-5869: Buffer overrun from integer overflow in array modification
CVE-2023-5870: Role pg_signal_backend can signal certain superuser processes
Additional information is available in the release notes:
https://www.postgresql.org/docs/release/12.17/
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Reduces the impact of HTTP/2 Stream Reset flooding in the nginx product
(CVE-2023-44487).
See: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
This patch only reduces the impact and does not completely mitigate the CVE
in question, the latter being due to a design flaw in the HTTP/2 protocol
itself. For transparancy reasons I therefore opted to not mark the
CVE as resolved, so that integrators can decide for themselves, wheither to
enable HTTP/2 support or allow HTTP/1.1 connections only.
Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The master branch has been removed in all of the repos used
in SRC_URI. Switch to the main branch instead.
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This upgrade incorporates the CVE-2023-46316 fix and other bug fixes.
Changelog:
----------
- Interpret ipv4-mapped ipv6 addresses (::ffff:A.B.C.D) as true ipv4.
- Return back more robast poll(2) loop handling.
- Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1 (Eric Dumazet, SF bug #14)
- Fix command line parsing in wrappers.
References:
https://security-tracker.debian.org/tracker/CVE-2023-46316https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d4aa17dc43)
Backport:
* Adapted paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add the missing run-time dependency on python3-json. As a result we no
longer need to pull python3 native and can drop other *DEPENDS.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 40b4cf5a83)
Backported: adapted to old override syntax
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 79e0a9d237)
Backported:
* Adapted paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9962d57f7c)
Backport:
* Updated paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
* NB: cups-filter needs poppler-native but its not available. To fix
this, 5fa0188b8c could be backported.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
(cherry picked from commit c1e7b0b993)
Backported: Changed CVE_CHECK_IGNORE to CVE_CHECK_WHITELIST
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0 that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 279fce2c87)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is 1.0.10 release with few more commits on top.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The CVEs:
* CVE-2019-16868
* CVE-2019-17073
* CVE-2021-44584
* CVE-2022-1526
* CVE-2022-3968
* CVE-2023-43291
... apply to the other "emlog" and can be safely ignored.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is 0.70 release with few more commits on top.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 08edc0b6ac)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-oe master already made this change along with others. Update the branchname
to match upstream repository changes to allow fetching to continue to work.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upstream has switched to using main for tip of trunk, therefore follow
it here in SRC_URI as well.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Suggested-by: Fabio Estevam <festevam@gmail.com>
Reported-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
iperf3 before 3.14 allows peers to cause an integer overflow and heap
corruption via a crafted length field.
NVD link: https://nvd.nist.gov/vuln/detail/CVE-2023-38403
Upstream-Status: Backported from 0ef151550d
Signed-off-by: Bhargav Das <bhargav.das@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1 for these components.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes nodejs-native build with gcc-13 on host:
http://errors.yoctoproject.org/Errors/Details/728221/
nodejs-12 doesn't need it yet and nodejs-16 doesn't need it as well
'-DV8_TYPED_ARRAY_MAX_SIZE_IN_HEAP=64' '-D__STDC_FORMAT_MACROS' '-DOPENSSL_NO_PINSHARED' '-DOPENSSL_THREADS' '-DV8_TARGET_ARCH_X64' '-DV8_EMBEDDER_STRING="-node.84"' '-DENABLE_DISASSEMBLER' '-DV8_PROMISE_INTERNAL_FIELD_COUNT=1' '-DENABLE_MINOR_MC' '-DOBJECT_PRINT' '-DV8_INTL_SUPPORT' '-DV8_CONCURRENT_MARKING' '-DV8_ARRAY_BUFFER_EXTENSION' '-DV8_ENABLE_LAZY_SOURCE_POSITIONS' '-DV8_USE_SIPHASH' '-DDISABLE_UNTRUSTED_CODE_MITIGATIONS' '-DV8_WIN64_UNWINDING_INFO' '-DV8_ENABLE_REGEXP_INTERPRETER_THREADED_DISPATCH' '-DV8_SNAPSHOT_COMPRESSION' -ITOPDIR/tmp-glibc/work/x86_64-linux/nodejs-native/14.18.1-r0/recipe-sysroot-native/usr/include -I../deps/v8 -I../deps/v8/include -I.//Release/obj/gen/torque-output-root -I.//Release/obj/gen/generate-bytecode-output-root -pthread -Wno-unused-parameter -m64 -Wno-return-type -fno-strict-aliasing -m64 -O3 -fno-omit-frame-pointer -fdata-sections -ffunction-sections -O3 -fno-rtti -fno-exceptions -std=gnu++1y -MMD -MF .//Release/.deps/Release/obj.host/v8_initializers/gen/torque-output-root/torque-generated/../../deps/v8/src/builtins/array-find-tq-csa.o.d.raw -isystemTOPDIR/tmp-glibc/work/x86_64-linux/nodejs-native/14.18.1-r0/recipe-sysroot-native/usr/include -isystemTOPDIR/tmp-glibc/work/x86_64-linux/nodejs-native/14.18.1-r0/recipe-sysroot-native/usr/include -O2 -pipe -c
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/bits/move.h:37,
from /usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/bits/stl_function.h:60,
from /usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/functional:49,
from ../deps/v8/src/codegen/code-stub-assembler.h:8,
from ../deps/v8/src/builtins/builtins-promise-gen.h:8,
from ../deps/v8/src/builtins/builtins-async-gen.h:8,
from ../deps/v8/src/builtins/builtins-async-function-gen.cc:5:
/usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/type_traits: In instantiation of ‘struct std::is_convertible<v8::internal::Cell, v8::internal::Object>’:
../deps/v8/src/codegen/tnode.h:262:72: required from ‘const bool v8::internal::is_subtype<v8::internal::Cell, v8::internal::Cell>::value’
../deps/v8/src/codegen/tnode.h:346:75: required by substitution of ‘template<class U, typename std::enable_if<v8::internal::is_subtype<U, v8::internal::Cell>::value, int>::type <anonymous> > v8::internal::TNode<v8::internal::Cell>::TNode(const v8::internal::TNode<T>&) [with U = v8::internal::Cell; typename std::enable_if<v8::internal::is_subtype<U, v8::internal::Cell>::value, int>::type <anonymous> = <missing>]’
../deps/v8/src/codegen/code-stub-assembler.h:1868:33: required from here
/usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/type_traits:1417:30: error: invalid use of incomplete type ‘class v8::internal::Cell’ [-fpermissive]
1417 | : public __bool_constant<__is_convertible(_From, _To)>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../deps/v8/src/objects/objects.h:26,
from ../deps/v8/src/objects/fixed-array.h:10,
from ../deps/v8/src/objects/contexts.h:8,
from ../deps/v8/src/execution/thread-local-top.h:10,
from ../deps/v8/src/execution/isolate-data.h:12,
from ../deps/v8/src/execution/isolate.h:24,
from ../deps/v8/src/codegen/interface-descriptors.h:14,
from ../deps/v8/src/codegen/callable.h:8,
from ../deps/v8/src/codegen/code-factory.h:8,
from ../deps/v8/src/compiler/code-assembler.h:17,
from ../deps/v8/src/codegen/code-stub-assembler.h:15:
../deps/v8/src/objects/object-list-macros.h:19:7: note: forward declaration of ‘class v8::internal::Cell’
19 | class Cell;
| ^~~~
In file included from ../deps/v8/src/codegen/interface-descriptors.h:12:
../deps/v8/src/codegen/tnode.h: In instantiation of ‘const bool v8::internal::is_subtype<v8::internal::Cell, v8::internal::Cell>::value’:
../deps/v8/src/codegen/tnode.h:346:75: required by substitution of ‘template<class U, typename std::enable_if<v8::internal::is_subtype<U, v8::internal::Cell>::value, int>::type <anonymous> > v8::internal::TNode<v8::internal::Cell>::TNode(const v8::internal::TNode<T>&) [with U = v8::internal::Cell; typename std::enable_if<v8::internal::is_subtype<U, v8::internal::Cell>::value, int>::type <anonymous> = <missing>]’
../deps/v8/src/codegen/code-stub-assembler.h:1868:33: required from here
../deps/v8/src/codegen/tnode.h:262:72: error: ‘value’ is not a member of ‘std::is_convertible<v8::internal::Cell, v8::internal::Object>’
262 | std::is_convertible<T, Object>::value);
| ^~~~~
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* MJ: remove AUTHORS modification from the original patch from
nodejs-16, so that the same patch does apply for both 14 and 12
versions used in dunfell
* MJ: gcc-13 isn't used for target builds in dunfell, but can be used
on host, so this is useful backport for nodejs-native
* MJ: this fixes default nodejs-native-12, nodejs-native-14 with negative
D_P might need additional fix on top
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
