Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since it is not used in the tcpdump recipe anymore.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 01b55a8a552d460acbe3673268733a78b47c5c03)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This upgrade adds some new features and fixes numerous bugs including
the following CVEs:
CVE: CVE-2017-16808 (AoE)
CVE: CVE-2018-14468 (FrameRelay)
CVE: CVE-2018-14469 (IKEv1)
CVE: CVE-2018-14470 (BABEL)
CVE: CVE-2018-14466 (AFS/RX)
CVE: CVE-2018-14461 (LDP)
CVE: CVE-2018-14462 (ICMP)
CVE: CVE-2018-14465 (RSVP)
CVE: CVE-2018-14881 (BGP)
CVE: CVE-2018-14464 (LMP)
CVE: CVE-2018-14463 (VRRP)
CVE: CVE-2018-14467 (BGP)
CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
CVE: CVE-2018-10105 (SMB - too unreliably reproduced,
SMB printing disabled)
CVE: CVE-2018-14880 (OSPF6)
CVE: CVE-2018-16451 (SMB)
CVE: CVE-2018-14882 (RPL)
CVE: CVE-2018-16227 (802.11)
CVE: CVE-2018-16229 (DCCP)
CVE: CVE-2018-16301 (was fixed in libpcap)
CVE: CVE-2018-16230 (BGP)
CVE: CVE-2018-16452 (SMB)
CVE: CVE-2018-16300 (BGP)
CVE: CVE-2018-16228 (HNCP)
CVE: CVE-2019-15166 (LMP)
CVE: CVE-2019-15167 (VRRP)
CVE: CVE-2018-14879 (tcpdump -V)
Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since the fix is included in the upgrade.
Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch",
"unnecessary-to-check-libpcap.patch", and "add-ptest.path" since
the upgrade renamed configure.in to configure.ac and made changes
to the file.
Added PACKAGECONFIG for smb. It is disabled by default in
the upgraded version in both the package's configure script and this
bitbake recipe since it is insecure.
Modified the parsing of ptest result to align with the new output
format.
With core-image-minimal on qemux86-64/kvm:
Recipe | Passed | Failed | Skipped | Time(s)
Before | 408 | 0 | 2 | 4
After | 431 | 11 | 2 | 10
11 test failed after the upgrade since libpcap is not upgraded
alongside with tcpdump.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 71535e2f0ea76d39d2911e022905ec8ee9843872)
[Upgrade is a resonable path do to the # of patches needed to address
all this issues]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a meta package which collects a bunch of 100dpi font packages
together which all are also under MIT license, Custom is not a known
type moreover MIT is well suited for this recipe for compatibility
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c95c94d689f3b4972db72f511a60bcef52b8080d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The ymorin.is-a-geek.org site has been down since September and there
is no indication of when, if ever, it will be back. Retrieve the
repository from GitLab instead, recommended by the maintainer, Yann E
Morin.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Extend to native builds, this is useful for unit tests.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes build with -Werror=return-type
twofish.c: In function 'init_twofish':
twofish.c:45:1: error: control reaches end of non-void function [-Werror=return-type]
45 | PyMODINIT_FUNC init_twofish(void) { }
| ^~~~~~~~~~~~~~
twofish.c: In function 'PyInit__twofish':
twofish.c:46:1: error: control reaches end of non-void function [-Werror=return-type]
46 | PyMODINIT_FUNC PyInit__twofish(void) { }
| ^~~~~~~~~~~~~~
cc1: some warnings being treated as errors
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* qt4 support is gone -> move to qt5
* while at it remove noop libtool copy
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a086334bce809327a9ca6fe1006ae63861116349)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* An issue in meta-mortsgna was reported. Discussion is found at [1]
* We do similar in meta-gnome's gvfs for same reason [2]
* This is a bugfix which should apply and work for many release-branches
Fixes:
| Error: Transaction check error:
| file /etc/polkit-1/rules.d conflicts between attempted installs of polkit-group-rule-datetime-1.0-r0.cortexa7t2hf_neon_vfpv4 and polkit-0.115-r0.cortexa7t2hf_neon_vfpv4
[1] https://github.com/schnitzeltony/meta-mortsgna/issues/11
[2] fd1a0c9210/meta-gnome/recipes-gnome/gvfs/gvfs_1.41.2.bb (L72)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a47d38561249411449cc62ba878eb7c36916fe55)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
archive.mariadb.org does not go 404 on releases over time
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
We do not pass CFLAGS to build and fortify sources needs some
optimization to be enabled, its better to reset the additional flags and
let the build system add them as it needs
Fixes build failures like
tools/include/tools/libc_compat.h:11:21: error: static declaration of 'reallocarray' follows non-static declaration
| 11 | static inline void *reallocarray(void *ptr, size_t nmemb, size_t size)
| | ^~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d46e1e767f6b91dc25935e0c48d9d362dd50d879)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
clang would emit bcmp built-in for musl bases system
but here we do not link in musl C library, so its best
to disable it
Fixes
git/usr/klibc/memmem.c:38: undefined reference to `bcmp'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andrea Adami <andrea.adami@gmail.com>
(cherry picked from commit 11bc2775af3e47399ac268a2e6fbd63185e478ef)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There are errors of apache2 about files conflicts when multilib enabled:
| Error: Transaction check error:
| file /etc/apache2/extra/httpd-ssl.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /etc/apache2/httpd.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /usr/sbin/envvars conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /usr/sbin/envvars-std conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
It makes libexecdir point to ${libdir}. Reset to ${libexecdir} which could
eliminate file conflicts of the conf files. And remove /usr/sbin/envvars and
/usr/sbin/envvars-std which only used by apachectl. They only add standard
library path ${libdir} to LD_LIBRARY_PATH, so remove them to avoid multilib
file conflicts.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8d4d608b4e937bb3b8e3b260bd75338c3ff7e8fd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Need to link with libatomics for 64bit atomics support
Fixes
i686-yoe-linux/i686-yoe-linux-ld: networking.o: in function `createClient':
| /usr/src/debug/redis/4.0.14-r0/redis-4.0.14/src/networking.c:103: undefined reference to `__atomic_fetch_add_8'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2b49254d61ca817799a206cd022617854aa5bc0b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport selected parts of three upstream commits to fix
CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read.
Upstream-Status: Backport
[ several ]
Upstream commits fully backported:
46aead6 [CVE-2017-16808/AoE: Add a missing bounds check]
Upstream commits partially backported:
7068209 [Use nd_ types in 802.x and FDDI headers.]
84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using
pointers (1/n)]
46aead6 fixes the vulnerability and requires two macros defined in
7068209 and 84ef17a, which are committed after the release of 4.9.2.
Only the definition of the macros are taken from the two commits
as they impact a wide range of code and are difficult to integrate.
CVE: CVE-2017-16808
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62fc26075afc2d56a73777aad753a643fbdafbfa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* now with virtual/kernel dependency dropped we don't want to depend on kernel signature just for
this RRECOMMENDS
* fixes:
=== Comparing signatures for task do_package_write_ipk.sigdata between hammerhead and mako ===
ERROR: oprofile different signature for task do_package_write_ipk.sigdata between hammerhead and mako
NOTE: Starting bitbake server...
runtaskdeps changed:
['binutils/binutils_2.32.bb.do_packagedata', -linux/linux-lg-hammerhead_git.bb.do_packagedata, +linux/linux-lg-mako_git.bb.do_packagedata, 'opkg-utils/opkg-utils_0.4.1.bb.do_populate_sysroot:virtual:native oprofile/oprofile_1.3.0.bb.do_package oprofile/oprofile_1.3.0.bb.do_packagedata pseudo/pseudo_git.bb.do_populate_sysroot:virtual:native xz/xz_5.2.4.bb.do_populate_sysroot:virtual:native']
linux/linux-lg-hammerhead_git.bb.do_packagedata with hash 0c5215deb4737611ad413f57cf5fbdef8a9b2cc6d04035f754a4e93fb38f61d1
changed to
linux/linux-lg-mako_git.bb.do_packagedata with hash 0f3b34773ca3e590739754c25959feb7cdcd67cf7904ac7fe6cc535e8d6519a8
Dependency on task linux/linux-lg-mako_git.bb.do_packagedata was added with hash 0f3b34773ca3e590739754c25959feb7cdcd67cf7904ac7fe6cc535e8d6519a8
Dependency on task linux/linux-lg-hammerhead_git.bb.do_packagedata was removed with hash 0c5215deb4737611ad413f57cf5fbdef8a9b2cc6d04035f754a4e93fb38f61d1
ERROR: 1 errors found in /home/jenkins/workspace/luneos-unstable/webos-ports/tmp-glibc/sstate-diff/1563368432/signatures.mako.do_package_write_ipk.sigdata.log
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ae65eb496b5597e8b14137418c2fa42d1a7088b9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Commit c6e963f9e ("lvm2: Add RDEPEND on lvm2 to lvm2-udevrules") added
a package dependency due to lvm2-udevrules needs dmsetup, however
dmsetup was moved to libdevmapper in commit 269d009a81d4 ("lvm2:
libdevicemapper package needs udev rules and dmsetup"), so this
dependency should be only for libdevmapper instead of the full package.
With the current implementation, a package that has a dependency with
lvm2-udev rules will include also many unnecessary packages like lvm2,
lvm2-scripts, etc. and their dependencies.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a security release on the 0.27 branch.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This includes the fix for CVE-2019-13132.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace source zip ball with tarball for net-snmp to avoid zip bomb issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
openvpn only provides options to update a pid file but not to check it
for running processes. Consecutive issued start commands therefore lead
to multiple running processes with the same configurations, which is the
origin of all kinds of problems of which unnecessary resource usage is the least.
Using start-stop-daemon the pid file is inspected for running processes
before start.
Signed-off-by: Fabian Klemp <fabian.klemp@axino-group.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
exfat-utils has been moved long ago to github. Update HOMEPAGE.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fuse-exfat has been moved long ago to github. Update URLs.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
License-Update:
The address of Free Software Foundation updated
Bug fixes:
MDEV-19490: show tables fails when selecting the information_schema database
MDEV-19541: InnoDB crashes when trying to recover a corrupted page
More details check:
https://jira.mariadb.org/browse/MDEV-19490https://jira.mariadb.org/browse/MDEV-19541
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[Note: This is a maintenance release from the 2.9 branch of libfuse.]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This includes deletion of a frequency where transmission
is no longer legal in Japan.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* phoronix-test-suite is allarch, but util-linux and lsb aren't
=== Comparing signatures for task do_package_write_ipk.sigdata between qemux86 and qemux86copy ===
ERROR: phoronix-test-suite different signature for task do_package_write_ipk.sigdata between qemux86 and qemux86copy
Hash for dependent task lsb/lsb_5.0.bb.do_packagedata changed from 7baca400e354b600fe967ea615032052 to 67888a6c7511339a873b547745287ef2
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
