Minor security and bugfix release. Fixes
CVE-2024-0985: PostgreSQL non-owner REFRESH MATERIALIZED VIEW
CONCURRENTLY executes arbitrary SQL
Additional information is available in the release notes:
https://www.postgresql.org/docs/release/12.18/
Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
with make 4.4, linuxptp do_compile will failed with error:
In file included from clock.c:35:
missing.h:61:9: error: redeclaration of enumerator 'HWTSTAMP_TX_ONESTEP_P2P'
61 | HWTSTAMP_TX_ONESTEP_P2P = 3,
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from clock.c:21:
/buildarea2/WRLCD_Regression/Rerun/build_dir/11201532-build_scp_world_Feature_Test/qemux86-64-standard-std-OE/build/tmp-glibc/work/core2-64-wrs-linux/linuxptp/3.1.1-r0/recipe-sysroot/usr/include/linux/net_tstamp.h:128:9: note: previous definition of 'HWTSTAMP_TX_ONESTEP_P2P' with type 'enum hwtstamp_tx_types'
128 | HWTSTAMP_TX_ONESTEP_P2P,
|
Following change of make 4.4 changes behavior of shell function:
* WARNING: Backward-incompatibility!
Previously makefile variables marked as export were not exported to commands
started by the $(shell ...) function. Now, all exported variables are
exported to $(shell ...).
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport of commit 05c1003c4 ("linuxptp: fix do_compile error").
This is present in dunfell/kirkstone as well. If net_tstamp.h of the
build host disagrees with net_tstamp.h of the OE kernel or I remove
the build host's net_tstamp.h do_compile fails.
Changed Upstream Status to Backport with the git sha as the commit is
now applied upstream.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
it depends on accountservice package which already needs this
DISTRO_FEATURE
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Backported from Honister
(cherry-picked from commit e7251cf6ba5a61e09a02e4c7f5774498ef6c0916)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
RPCoRDMA: Frame end cleanup for global write offsets
Upstream-Status: Backport from [3c8be14c82]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Minor security and bugfix release. Addresses the following CVEs:
CVE-2023-5868: Memory disclosure in aggregate function calls
CVE-2023-5869: Buffer overrun from integer overflow in array modification
CVE-2023-5870: Role pg_signal_backend can signal certain superuser processes
Additional information is available in the release notes:
https://www.postgresql.org/docs/release/12.17/
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Reduces the impact of HTTP/2 Stream Reset flooding in the nginx product
(CVE-2023-44487).
See: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
This patch only reduces the impact and does not completely mitigate the CVE
in question, the latter being due to a design flaw in the HTTP/2 protocol
itself. For transparancy reasons I therefore opted to not mark the
CVE as resolved, so that integrators can decide for themselves, wheither to
enable HTTP/2 support or allow HTTP/1.1 connections only.
Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The master branch has been removed in all of the repos used
in SRC_URI. Switch to the main branch instead.
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This upgrade incorporates the CVE-2023-46316 fix and other bug fixes.
Changelog:
----------
- Interpret ipv4-mapped ipv6 addresses (::ffff:A.B.C.D) as true ipv4.
- Return back more robast poll(2) loop handling.
- Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1 (Eric Dumazet, SF bug #14)
- Fix command line parsing in wrappers.
References:
https://security-tracker.debian.org/tracker/CVE-2023-46316https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d4aa17dc436beb96a804860bc6d18cf72283709e)
Backport:
* Adapted paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add the missing run-time dependency on python3-json. As a result we no
longer need to pull python3 native and can drop other *DEPENDS.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 40b4cf5a83098a5f1be873be5c29f26380bc7993)
Backported: adapted to old override syntax
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 79e0a9d237343ad0af0a40128494155ccaa131ec)
Backported:
* Adapted paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9962d57f7c235873de0a0bb192b5f56747762fc7)
Backport:
* Updated paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
* NB: cups-filter needs poppler-native but its not available. To fix
this, 5fa0188b8c could be backported.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
(cherry picked from commit c1e7b0b993c294d52737e8e631badb5aaaefd2e3)
Backported: Changed CVE_CHECK_IGNORE to CVE_CHECK_WHITELIST
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0 that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 279fce2c87c990c942bcb2b72ea83a67e0d74170)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is 1.0.10 release with few more commits on top.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The CVEs:
* CVE-2019-16868
* CVE-2019-17073
* CVE-2021-44584
* CVE-2022-1526
* CVE-2022-3968
* CVE-2023-43291
... apply to the other "emlog" and can be safely ignored.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is 0.70 release with few more commits on top.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 08edc0b6ace0d04688a5617cf05546a7b8ba6cca)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-oe master already made this change along with others. Update the branchname
to match upstream repository changes to allow fetching to continue to work.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upstream has switched to using main for tip of trunk, therefore follow
it here in SRC_URI as well.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Suggested-by: Fabio Estevam <festevam@gmail.com>
Reported-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
