CVE-2013-7459: Heap-based buffer overflow in the ALGnew function in
block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows
remote attackers to execute arbitrary code as demonstrated by a crafted
iv parameter to cryptmsg.py.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2013-7459
Patch from:
8dbe0dc3ee
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
- logcheck depends on mime-construct which is in meta-perl,
so move it to meta-perl to avoid that meta-oe depends on
meta-perl.
- logcheck should not be run as root, so inherit useradd
and add proper user and group.
- Add missing runtime dependencies according to the file
debian/control and simple test by running "logcheck -ot".
- For syslog, debian directly depends on rsyslog, but logcheck
works with any syslog and we have busybox-syslog, sysklogd,
syslog-ng and rsyslog, so use VIRTUAL-RUNTIME_syslog for the
syslog dependency and set rsyslog as the default, which can be
easily overridden in distro conf file or local.conf.
- Don't install /var/lock when populating rootfs. Do it
through volatile.
- install header.txt for generated mails
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The old URL for HOMEPAGE is obsolete, use the valid one.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Get version number by invoking:
...
$ ${S}/build-aux/git-version-gen --version
git-version-gen 2017-08-20.18
...
The gnulib 2017-08-20.18 fixed CVE-2017-7476.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Upgrade iperf3 from 3.1.3 to 3.2.
* update md5 checksum of license file which update year info and add
same bsd license for src/net.c
* add dependency openssl
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Immediate expansion for PERLVERSION(in perl-version.bbclass)
is too early, it will result in 'None' before perl is built,
then the module file is installed incorrectly:
$ rpm -ql adduser|grep Common
/usr/lib/perl/None/Debian/AdduserCommon.pm
So use get_perl_version directly instead of PERLVERSION.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Customize HOST_CFLAGS, HOST_CXXFLAGS and HOST_LDFLAGS
to fix do_configure error as previously use the common
CFLAGS and CXXFLAGS in both cross-compile env and host env,
and the option -fstack-protector-strong which not
recognized in host env can result in do_configure
error as below.
| checking whether the host c compiler (gcc -O2 -pipe -g -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fstack-protector-strong -Wl,-z,relro,-z,now) works... configure: error: installation or configuration problem: host compiler gcc cannot create executables.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove add-proper-format-string-to-print-a-str.patch since it had been
merged in upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Dhrystone is a synthetic computing benchmark program developed
in 1984 by Reinhold P. Weicker intended to be representative of
system (integer) programming.
https://en.wikipedia.org/wiki/Dhrystone
Signed-off-by: Jose Alarcon <jose.alarcon@ge.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fixed three security vulnerabilities:
CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords
to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs
See release note:
https://www.postgresql.org/docs/9.4/static/release-9-4-13.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fixed:
ERROR: QA Issue: /usr/lib/glibmm-2.4/proc/gmmproc contained in package glibmm-dev requires /path/to/tmp/hosttools/perl, but no providers found in RDEPENDS_glibmm-dev? [file-rdeps]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Fix CVE-2017-10671: Heap-based buffer overflow in the de_dotdot
function in libhttpd.c
* Update SRC_URI because the original site can not access.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
1) Upgrade pcsc-lite from 1.8.13 to 1.8.22.
2) License information has changed in pcsc-lite-1.8.22/COPYING for src/strlcpy.3, src/strlcat.c and src/strlcpy.c have been removed in pcsc-lite-1.8.22, so modify the LIC_FILES_CHKSUM.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fix the following file-rdeps QA issue:
...
|ERROR: xmlrpc-c-1.31.0-r0 do_package_qa: QA Issue:
/usr/bin/xml-rpc-api2txt contained in package xmlrpc-c requires
/usr/bin/perl, but no providers found in RDEPENDS_xmlrpc-c? [file-rdeps]
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fix the following file-rdeps QA issue:
...
|ERROR: python3-pykickstart-2.35-r0 do_package_qa: QA Issue:
/usr/bin/ksvalidator contained in package python3-pykickstart requires
/usr/bin/python, but no providers found in RDEPENDS_python3-pykickstart?
[file-rdeps]
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fix the following file-rdeps QA issue:
...
|ERROR: multipath-tools-0.7.1-r0 do_package_qa: QA Issue: /sbin/mpathconf
contained in package multipath-tools requires /bin/bash, but no
providers found in RDEPENDS_multipath-tools? [file-rdeps]
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The python2 version was dropped from oe-core.
Also add support for python3.
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The python2 version was dropped from oe-core.
Also add support for python3.
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Remove the following patches which already merged in upstream:
fix-gcc-unused-functions.patch
.gitignore-the-new-test-case.patch
CVE-2016-10166.patch
CVE-2016-10167.patch
CVE-2016-10168.patch
CVE-2016-6906-1.patch
CVE-2016-6906-2.patch
Fix-290-TGA-RLE-decoding-is-broken.patch
* Update LICENSE's MD5 check sum.
The COPYING file has been update with the following commits in
upstream:
commit f863b3c2d300ff5344f6752e5813b0d6985e79c4
Resolve#282: COPYING vs. docs/naturaldocs/license.txt
commit 9ccdaedbd9a2cfd1c8a9a258c09af161e796bd41
Sync COPYING and docs/naturaldocs/license.txt
These two commits updated the copyright statement regarding the
authorship of gd and adjust the format.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Previously we used update-alternatives to manage this configuration file,
creating link under /etc/logrotate.d/ directory.
However, we later dropped the update-alternatives approach and explicitly
setting rsyslog to conflict with other syslog providers.
So we need to install the logrotate configuration file under /etc/logrotate.d
to make things right.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Backport a patch to fix CVE-2017-12588.
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted
description fields as format strings, possibly allowing a format string
attack with unspecified impact.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12588
CVE: CVE-2017-12588
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The tipcutils 2.2 removed the tipc-config tool and recommended to use
the new configuration tool named "tipc" in iproute2 package for
configuring the tipc, which utilizes the new tipc netlink kernel API.
Add iproute2-tipc as a runtime dependency.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The tipcutils 2.2 removed the tipc-config tool and recommended to use
the new configuration tool named "tipc" in iproute2 package for
configuring the tipc, which utilizes the new tipc netlink kernel API.
We supported tipc in iproute2 with PACKAGECONFIG in oe-core commit
944ef0de241de77429ab0e5cb1dd4a7f355cf3fd
Add iproute2 bbappend to enable tipc for tipcutils.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
As openwsman has been upgrdaed to v2.6.3, but the name of recipe file still v2.6.2, so rename it.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
When building openobex on a host without any connection to outside,
the configure fails as it tries to get some url from outside to build
the documentation.
Fix this problem by disabling building documentation.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
If usrmerge is enabled in DISTRO_FEATURES, then ${base_sbindir} and
${sbindir} are set to the same path and the symbolic link from
${base_sbindir}/start-stop-daemon to ${sbindir}/start-stop-daemon can
(and should) not be created.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
vlock is a program to lock one or more
sessions on the Linux console.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
There are many unaddressed CVEs which are fixed in 7.1.7
and later versions. Allow the user to define php_5.6.26
to enable building the recipe.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The latest changes in oe-core switch to using openssl 1.1. The
SSLv3_client_method and RAND_egd functions are removed in the openssl
1.1. This causes mailx to fail to compile.
For now we can use openssl10 in the same manner that openssh is doing.
At the point in time that openssl10 goes away the code for openssl in
mailx will have to be altered.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This is to ensure that if ARCH is set in Makefiles then
its not used. This variable is generated using uname which
is wrong for cross compile. So we dont want to set it accidently
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fixes build with openssl 1.1
Add patch to fix out of tree build
License changes are due to restructing of license files
see https://sourceforge.net/p/gsoap2/code/123/
Add OpenSSL exception to LICENSE field which was
missing thus far.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Update license checksum for copyright year modification to 2017
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
