Upgrade from 2.2.7 for:
- Bugfixes, including CVE-2020-13254, CVE-2020-13596, many
others;
- Official support for Python 3.8 (as of Django 2.2.8)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8c4e201c62)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Centos 7 has glibc 2.18 and nss-native build fails due to implicit
declaration of function putenv during build. This is because of the
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
putenv(): _XOPEN_SOURCE
|| /* Glibc since 2.19: */ _DEFAULT_SOURCE
|| /* Glibc versions <= 2.19: */ _SVID_SOURCE
and because nss coreconf/Linux.mk only defines
-D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE
So on such system with glibc 2.18, neither macro makes putenv()
available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18
native build case.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Armin Kuster <akuster808@gmail.com>
Cc: Armin Kuster <akuster@mvista.com>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Don't overwrite with O3 optimization. Reduces ebtables
binary package size from 416241 to 412145 bytes, and
enables further optimizations with e.g. -Os flags
via bitbake distro wide settings.
Only ebtables versions up to 2.0.10-4 and dunfell are affected.
The version 2.0.11 from hardknott and master branch use system
wide flags already.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The patch recently added for CVE-2021-30004 broke compilation with
CONFIG_TLS=internal. This adds the necessary function to let it
compile again.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d6ef417074)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read
in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Upstream-Status: Backport [97fefd0509]
CVE: CVE-2019-13616
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [e6a0982f7c]
CVE: CVE-2021-29473
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a9aecd2c32)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [6628a69c03]
CVE: CVE-2021-29470
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb1400efda)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [f930883919]
CVE: CVE-2021-29464
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8c9470bdfa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482
Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp
can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Upstream-Status: Accepted [22ea582c6b]
CVE: CVE-2021-3482
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9e7c2c9713)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [783b3a6ff1]
CVE: CVE-2021-29463
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8e63ac6c86)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [06d2db6e5f]
CVE: CVE-2021-29458
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f0d83c14d9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [0230620e6e]
CVE: CVE-2021-29457
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5be7269309)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Adjust incdefs.sh to use cross tools to poke for system functionality
Re-enable using incdefs.sh
export KBUILD_OUTPUT to point to recipe sysroot
(From meta-oe rev: b6022761d6)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* 8459235919f592b1bc099ecf9a947cb6344b6fa5 doesn't exist in current repo:
libyui$ git branch -a --contains 8459235919f592b1bc099ecf9a947cb6344b6fa5
error: no such commit 8459235919f592b1bc099ecf9a947cb6344b6fa5
* there are no common commits in the new libyui repo, but luckily old
repo is kept as
https://github.com/libyui/libyui-old
similarly libyui-ncurses now contains only README about being obsolete in:
https://github.com/libyui/libyui-ncurses
but at least it wasn't rewritten to have the new content
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes:
ERROR: uml-utilities-20040406-r1 do_package: QA Issue: uml-utilities: Files/directories were installed but not shipped in any package:
/usr/lib/uml/port-helper
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
uml-utilities: 1 installed and not shipped files. [installed-vs-shipped]
* pass LIB_DIR instead of using default value from Makefile:
$ grep LIB_DIR.*= tools/port-helper/Makefile
LIB_DIR ?= /usr/lib/uml
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* now when it's not depending on meta-python2 we can add it without conditional
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* today I've found 2 jenkins jobs stuck way too long sitting in this do_configure
Bitbake still alive (5000s)
Bitbake still alive (10000s)
Bitbake still alive (15000s)
Bitbake still alive (20000s)
Bitbake still alive (25000s)
Bitbake still alive (30000s)
... manually killed, the CMake ...
ERROR: ceres-solver-1.14.0-r0 do_configure: Execution of 'ceres-solver/1.14.0-r0/temp/run.do_configure.39438' failed with exit code 143:
...
| -- Detected Ceres being used as a git submodule, adding commit hook for Gerrit to: ceres-solver/1.14.0-r0/git/.git
| ceres-solver/1.14.0-r0/temp/run.do_configure.39438: line 213: 39485 Terminated cmake -G 'Ninja' -DCMAKE_MAKE_PROGRAM=ninja ...
I've seen it with dunfell and gatesgarth, but master has the same
ADD_GERRIT_COMMIT_HOOK function (just in newer ceres-solver release),
so probably needs the same.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
commit hash for version 3.9.7 is invalid
because previous commit hashes
chagned by git filter-branch command are restored
Signed-off-by: Peace Lee <iipeace5@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fdbfb6ce99)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Reused below test suites from neon source package:
BASIC_TESTS:
auth
basic
request
session
socket
string-tests
stubs
uri-tests
util-tests
DAV_TESTS:
acl3744
lock
oldacl
props
xml
xmlreq
Overall execution time of above test suite is approximately 15sec.
Signed-off-by: Neetika.Singh <Neetika.Singh@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The WL build depends on libxkbcommon, so add the dependency.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8834838970)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
getcwd() conforms to POSIX.1-2001 which leaves the behaviour when the
buf argument is NULL, undefined. This makes gcc 10+ throw the following
warning:
argument 1 is null but the corresponding size argument 2 value is 4096
Initially, this was fixed by disabling NSS_ENABLE_WERROR. This patch
re-enables NSS_ENABLE_WERROR (by leaving it to its default value) and
takes advantage of the existing functionality in nss that wraps the
getcwd call into a function making sure that the buf argument is always
properly allocated.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
its been shoved out of setuptools3 in oe-core now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 50bbf80abf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit fbe2e79ab0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
it now ends up searching native python shared libraries and tries to
link with it and fails on non-host architectures
recipe-sysroot-native/usr/lib/libpython3.9.so: file not recognized: file format not recognized
collect2: error: ld returned 1 exit status
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c499aaeef8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 572d414826)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes
configure: error:
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
via the LIBS environment variable.
Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit be7d2286bf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit a0c26ca2b4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes
configure: error:
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
via the LIBS environment variable.
Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 59f817bbe3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 59d3d64e90)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
aiohttp implicitly RDEPENDs on html, json, and socketserver modules,
which are part of python3 recipe. They can't be properly imported if
they are missing from RDEPENDS
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry-picked from commit 8e7c57bd8f)
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes:
graphviz-2.40.1-r0 do_package_qa: QA Issue: graphviz: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol [src-uri-bad]
* it's already fixed in gatesgarth and newer with new version from:
commit 985be3901e
Author: Khem Raj <raj.khem@gmail.com>
Date: Mon Nov 2 18:33:34 2020 -0800
graphviz: Upgrade to 2.44.1 release
- Refresh patches to apply on new sources
- Switch away from gitlab archives
- Bypass pdf documentation generation
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
