Brotli can crash nodejs (on ARM), because the memory allocated for
brotli wasn't properly aligned.
https://github.com/google/brotli/issues/1159dc035bbc9b
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
0001-Use-default-cc-from-environment-variable.patch
removed since it's not available in 1.2.0
License-Update: Reorg and rename files; add pyproject.toml
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c
allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As detailed in Pipewire documentation [0], the ALSA plugin requires
config files to be symlinked as follow:
```
The plugin will be picked up by alsa when the following files are in /etc/alsa/conf.d/:
/etc/alsa/conf.d/50-pipewire.conf -> /usr/share/alsa/alsa.conf.d/50-pipewire.conf
/etc/alsa/conf.d/99-pipewire-default.conf
```
The above symlinks are missing, thus the pipewire device is not properly
detected.
Fix this by creating the required symlinks and installing them in the
pipewire-alsa package.
[0] https://github.com/PipeWire/pipewire/blob/master/INSTALL.md#alsa-plugin
Link: https://github.com/openembedded/meta-openembedded/issues/704
Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
After upgrading GCC—for example, from 14.1.0 to 14.2.0—building lmsensors that
was previously compiled with GCC 14.1.0 may fail with an error like:
lmsensors/3.6.0/recipe-sysroot-native/usr/lib/x86_64-wrs-linux/gcc/x86_64-wrs-linux/
14.1.0/include/stddef.h can't find, which is needed by 'prog/sensord/args.rd'.
This occurs because prog/sensord/args.rd still references stale headers from the
older GCC version.
The root cause is that stale *.rd and *.ro files under prog/sensord are not
properly cleaned during do_configure. This patch ensures those files are removed
to prevent broken dependencies when GCC is upgraded.
Also remove the same statement in do_compile.
(master rev: 86b20b84ec278cacf4975b7933d46b894d74796e)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3
Remove mbedtls-framework repository, as the framework is now added
as a flat directory rather than a submodule[1][2].
[1] b41194ce7f
[2] 2c824b4fe5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This fixes emitting buildpaths into binary and also
fixes the issue where these tools wont exist on
the paths they were found on build machine
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
There was an error with the last modification to the buildpaths warning, which could cause segment error.
fix the following warning about buildpath:
WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
pr,openssl,chown,chgrp are guessed during configure and they are
found on host, sometimes under native sysroot and some under HOSTTOOLS
which is not right, therefore point to target locations of these tools
Fixes all errors like below
File /usr/sbin/lprng_certs in package lprng contains reference to TMPDIR
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Make sure that the OE provided CFLAGS are passed to the compiler.
WARNING: hplip-3.22.10-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/cupsext.so in package hplip contains reference to TMPDIR [buildpaths]
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
_mask.c is generated by cython and encodes sourcepaths into
comments which are absolute. Edit them out.
Fixes buildpaths QA errors
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Cython does not provide a direct option to disable or customize
the metadata written in the generated C files. The metadata
includes information like the Cython version and absolute paths to
the original Cython files, which can be problematic for doing
reproducible builds
Therefore edit out these comments from the cython generated C files
they are nicely tucked between two known tags at the top of file.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
MJ: Backported from 'ldns: Upgrade to 1.8.4' commit without the upgrade.
Fix buildpaths QA errors while here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Move on to 4.4.29 and drop a patch that is not applicable anymore.
Signed-off-by: Awais Belal <awais.belal@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
In MIT krb5 release 1.7 and later with incremental propagation
enabled, an authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-24528
Upstream-patch:
78ceba024b
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The upgrade includes many vulnerability fixes, new features and
inhancements, refer to:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add ptest for Wolfssl package.
Set IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-wolfssl to 700M
enough to avoid a "No space left on device".
BEGIN: /usr/lib/wolfssl/ptest
Wolfssl ptest logs are stored in /tmp/wolfss_temp.qvuQ9h/ptest.log
Test script returned: 0
unit_test: Success for all configured tests.
PASS: Wolfssl
DURATION: 7
END: /usr/lib/wolfssl/ptest
Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
License-Update: Update license year to 2025
Includes fix for CVE-2025-1094
Changelog:
https://www.postgresql.org/docs/release/16.8/
Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch for
16.8
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Found by just adding lcov to core-image-minimal, running geninfo and
getting errors like.
Can't locate Module/Load.pm in @INC (you may need to install the Module::Load module)
... at /usr/bin/geninfo line 63.
BEGIN failed--compilation aborted at /usr/bin/geninfo line 63.
Can't locate Module/Metadata.pm in @INC (you may need to install the Module::Metadata module)
... at /usr/lib/perl5/5.38.2/Module/Load/Conditional.pm line 14.
BEGIN failed--compilation aborted at /usr/lib/perl5/5.38.2/Module/Load/Conditional.pm line 14.
Compilation failed in require at /usr/bin/geninfo line 64.
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e7f560b9b8dacf7aadf59d6321c2e869dcd5831e)
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It is easier to get an overview of the perl modules needed for running
lcov if they are sorted alphabetically
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7ec1c9afdf45a3ee47bfff0470d90cf215ba4da5)
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Adding UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX fix
UNKNOWN_BROKEN status from running devtool check-upgrade-status.
The next version of the package can be found from upstream
sources.
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
(cherry picked from commit e71a678f4d769da2f7f465bfcaa1ab614f9d0d1a)
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The moduleconfig.py build script uses the 'imp' module which
is deprecated in favor of 'importlib' in python 3.12. This fixes
the build issue by replacing the affected portion of the code
and the package now builds fine on hosts with python 3.12.
Signed-off-by: Awais Belal <awais.belal@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Pick commit mentioning the bug and two follow-up commits mentioning the
first commit as well as commit to adapt tests for these.
Tested by running the test-suite.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Malicious upstreams responses with very large RRsets can cause Unbound
to spend a considerable time applying name compression to downstream
replies. This can lead to degraded performance and eventually denial of
service in well orchestrated attacks.
Reference: https://nvd.nist.gov/vuln/detail/cve-2024-8508
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2025-23419:
When multiple server blocks are configured to share the same IP address
and port, an attacker can use session resumption to bypass client
certificate authentication requirements on these servers. This
vulnerability arises when TLS Session Tickets
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key
are used and/or the SSL session cache
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
are used in the default server and the default server is performing
client certificate authentication. Note: Software versions which have
reached End of Technical Support (EoTS) are not evaluated.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2025-23419
This partially cherry picked from commit
13935cf9fdc3c8d8278c70716417d3b71c36140e, the original patch had 2
parts. One fixed problem in `http/ngx_http_request` module and the
second fixed problem in `stream/ngx_stream_ssl_module` module. The fix
for `stream/ngx_stream_ssl_module can't be aplied because, the 'stream
virtual servers' funcionality was added later in this commit:
d21675228a.
Therefore only `http/ngx_http_request` part was backported.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Set GRPC_PYTHON_BUILD_EXT_COMPILER_JOBS to limit spawned compiler
processes. Without this it uses all available CPUs (via
multiprocessing.cpu_count()) and can exhaust build host since there are
lot of files to compile (e.g. with 128 cores it manages to spawn 128 gcc
processes)
Note that this is a general problem for all setuptools based builds with
build_ext compilation which can either compile with 1 thread or
cpu_count threads. grpcio hot-patches setuptools and allows to set
specific build concurrency value.
(From master rev: fe582374d3ba474164005942799eb2bddc52a080)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a backport of a fix to iperf3. The author saw a 40% improvement in
their network throughput, we've seen around a 55% improvement in our tests.
Link: ac6b9f7fd3
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
