gimptool is used in GIMP plugin compilation. It does need a CC
definition, provide it as the current CC with "--sysroot=..." removed.
gimptool also need the gimp .pc file which is in gimp-dev. Split
gimptool in its own package to avoid circular dependencies.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 061f5c7f82)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fixes:
| ../eog-47.0/help/meson.build:45:6: ERROR: Program 'itstool' not found or not executable
|
| A full log can be found at /home/flk/poky/build/tmp/work/corei7-64-poky-linux/eog/47.0/build/meson-logs/meson-log.txt
| ERROR: meson failed
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b523303f78)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fixes:
| Configuring org.gnome.Geary.service using configuration
| Program itstool found: NO
|
| ../git/help/meson.build:21:6: ERROR: Program 'itstool' not found or not executable
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 34962ffbbe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This will remove false-positive CVE-2024-50655 from reports.
There are different emlog components from other vendors around.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d8d45d9093)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 889ccce684)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This CVE is officially disputed by Redhat with official statement in
https://nvd.nist.gov/vuln/detail/CVE-2007-0086
Red Hat does not consider this issue to be a security vulnerability.
The pottential attacker has to send acknowledgement packets periodically
to make server generate traffic. Exactly the same effect could be
achieved by simply downloading the file. The statement that setting the
TCP window size to arbitrarily high value would permit the attacker to
disconnect and stop sending ACKs is false, because Red Hat Enterprise
Linux limits the size of the TCP send buffer to 4MB by default.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit da2b5e8b93)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Our hash does not point to exact tag and CVE patch is already in.
We use: 33a8a275928b186381bb0aea0f9778e330e57ec3
Fix: 60b813a770
git describe --tags --match=v0.2 33a8a275928b186381bb0aea0f9778e330e57ec3 60b813a770e42fdb0e85c1d2da7a55327784b8d6
v0.2-262-g33a8a27
v0.2-85-g60b813a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e5a12d5252)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add exact CPE name (from NVD database) in CVE_PRODUCT in order to ensure
CVE filtering and not be disturb by futur potential false-positive CVEs.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d03002f19c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This removes false positive CVE-2024-21485 from cve reports.
$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<
Our dash:dash did not reach major version 1 yet.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."
Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.
[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The pmem_cvap() function currently uses the '.arch armv8.2-a' directive
for the 'dc cvap' instruction. This will cause build errors below when
compiling for ARMv9 systems. Update the '.arch' directive to 'armv9.4-a'
to ensure compatibility with ARMv9 architectures.
{standard input}: Assembler messages:
{standard input}:169: Error: selected processor does not support `retaa'
{standard input}:286: Error: selected processor does not support `retaa'
make[2]: *** [storage/innobase/CMakeFiles/innobase_embedded.dir/build.make:
1644: storage/innobase/CMakeFiles/innobase_embedded.dir/sync/cache.cc.o]
Error 1
Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa667cbe21)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The -Wnon-virtual-dtor flag was unintentionally added to the .pc files,
which causes problems when abseil is used by C code:
cc1: error: command-line option '-Wnon-virtual-dtor' is valid for
C++/ObjC++ but not for C [-Werror]
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add the specific udev rules needed for device mapper notifications to
the libdevmapper package. This is needed to get notifications for
device mapping to work with systemd.
Move the remaining udev rules files to the lvm2 package as there is no
real reason to have them packaged separately.
List all udev files explicitly in the FILES variables so that someone
will have to make an active decision where to package any new udev files
added in the future.
Co-authored-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Fredrik Hugosson <fredrik.hugosson@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c37c867e1a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
- Render if_exists and if_not_exists parameters in CreateTableOp, CreateIndexOp,
DropTableOp and DropIndexOp in an autogenerate context.
- Enhance version_locations parsing to handle paths containing newlines.
- Added support for Operations.create_table.if_not_exists and
Operations.drop_table.if_exists, adding similar functionality to render
IF [NOT] EXISTS for table operations in a similar way as with indexes.
- The pin for setuptools<69.3 in pyproject.toml has been removed.
MJ:
https://git.openembedded.org/meta-openembedded/commit/?h=styhead&id=4441545a5dc75120bb4e839d71c6f8fc500e917f
was backported into styhead causing:
| ERROR Missing dependencies:
| setuptools<69.3,>=61.0
| WARNING: exit code 1 from a shell command.
this upgrade resolves this issue (see last item in changelog)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Change the SRC_URI to the correct value due to the following error:
WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bc29ed7b10)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Drop two patches which haven't been referenced by the nodejs recipe since the
20.11.0 version checkin.
0001-build-fix-build-with-Python-3.12.patch
0001-gyp-resolve-python-3.12-issues.patch
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2698039ac4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* github repo was force pushed and git history re-written since 2018 commit:
69ee98df Release 1.43.07
* $ git branch -a --contains 352aeaa9ae49e90e55187cbda839f2113df06278
$
* $ git diff 352aeaa9ae49e90e55187cbda839f2113df06278 08b052692b70171a6fcb437d4f52a46977eda62e
$
* so at least the 1.59.01 content is the same
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
In testing adding in more kernel-selftests there were a number of issues
that arose that require changes that are more appropriate for the main
recipe and not a bbappend.
1) Stop looping over TEST_LIST ourselves and use the TARGETS="" provided
by the kernel-sefltest Makefiles. This correctly sets up various
variables that the selftest Makefiles all need. Also, do_install
becomes cleaner because the main Makefile already installs the list of
tests and the top level script.
2) Add DEBUG_PREFIX_MAP to the CC setting to avoid some "buildpaths" QA
errors.
3) Add two INSANE_SKIPS for "already-stripped" and "ldflags". Some of
the selftest Makefiles are adding flags to their compiles that basically
break the above checks. Since these compiles are not really meant as
user level tools and instead testing, it should be ok to just always set
INSANE_SKIP for these two.
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc6d6e06aa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Minidlna configuration puts os name & version in the binary which lead
to non-reproducibility. Fix this by forcing those variables to constant
values.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 51a400b736)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Build checks for this during configure but the test is a runtime
test, which does not work when cross-compiling, therefore
prescribe this by caching it for architecture/compiler options
where it will work ok.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 91c7ac099b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit removed the lvm2-udevrules package.
[https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=c37c867e1adddd6fa39cf3f3d4c6688ea6dc825a]
Align accordingly to avoid error at do_rootfs
Error:
Problem 1: package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev.so.3()(64bit), but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libbd_utils.so.3()(64bit), but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev >= 3.2.0, but none of the providers can be installed
- package gvfs-1.56.0-r0.corei7_64 from oe-repo requires udisks2, but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12()(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.4)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.7)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires cryptsetup >= 2.7.5, but none of the providers can be installed
- conflicting requests
- nothing provides lvm2-udevrules needed by cryptsetup-2.7.5-r0.corei7_64 from oe-repo
Problem 2: package gvfs-1.56.0-r0.corei7_64 from oe-repo requires udisks2, but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev.so.3()(64bit), but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libbd_utils.so.3()(64bit), but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev >= 3.2.0, but none of the providers can be installed
- package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires libgvfscommon.so()(64bit), but none of the providers can be installed
- package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires libgvfsdaemon.so()(64bit), but none of the providers can be installed
- package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires gvfs >= 1.56.0, but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12()(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.4)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.7)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires cryptsetup >= 2.7.5, but none of the providers can be installed
- conflicting requests
- nothing provides lvm2-udevrules needed by cryptsetup-2.7.5-r0.corei7_64 from oe-repo
(try to add '--skip-broken' to skip uninstallable packages)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1ca8df16af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
includes the CFLAGS used to build the package in
the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the
absolute build path via (eg.) the -ffile-prefix-map flag.
Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 70c663b7ae)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This macro is documented, so it should be consistent across
different build systems. It's defined in autotools, but not
cmake. Add it for cmake.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a3854f6893)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
wtmpdb installs a PAM plugin in "${base_libdir}/security/pam_wtmpdb.so".
This path is not in default FILES.
Add this path to FILES:${PN} to fix this error:
ERROR: wtmpdb-0.11.0-r0 do_package: QA Issue: wtmpdb: Files/directories were installed but not shipped in any package:
/lib/security/pam_wtmpdb.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
wtmpdb: 1 installed and not shipped files. [installed-vs-shipped]
ERROR: wtmpdb-0.11.0-r0 do_package: Fatal QA errors were found, failing task.
ERROR: Logfile of failure stored in: .../poky/build-master/tmp/work/core2-64-poky-linux/wtmpdb/0.11.0/temp/log.do_package.939726
ERROR: Task (.../poky/meta-openembedded/meta-oe/recipes-extended/wtmpdb/wtmpdb_0.11.0.bb:do_package) failed with exit code '1'
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a090cd3e0e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit modifies the PACKAGECONFIG entry for zlib to ensure that the
mod_deflate module is enabled with the appropriate zlib configuration.
By adding the --with-zlib=${STAGING_LIBDIR}/../ option, we direct the
configure script to use the zlib library from the staging directory
instead of relying on the host system's zlib installation.
Without that configure will search the host for zlib headers and lib.
This change resolves build failures related to zlib dependency when
mod_deflate is enabled and ensures a consistent build environment across
different host configurations.
Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ac5855c74d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
