An unintentional breakage was made upstream in sip4 which results
in builds reporting: QtCoremod.sip:23: syntax error
This was reported in Debian, but not resolved:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998605
A backport of a fix from the upstream project fixes the parser to
prevent it from complaining about the syntax error.
Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add the destdir option to ensure that sipconfig.py gets installed to the
site-packages directory and included in python3-sip3.
Remove references to the build paths from sipconfig.py as part of the
install stage. One may then prepend STAGING_DIR_NATIVE to sip_bin and
STAGING_DIR_TARGET to *_dir in any recipe that uses sipconfig.py.
Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes:
| WARNING: Unable to execute waf --version, exit code 1. Assuming waf version without bindir/libdir support.
| DEBUG: Python function waf_preconfigure finished
| DEBUG: Executing shell function do_configure
| Traceback (most recent call last):
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/./waf", line 163, in <module>
| from waflib import Scripting
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 6, in <module>
| from waflib import Utils,Configure,Logs,Options,ConfigSet,Context,Errors,Build,Node
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Configure.py", line 6, in <module>
| from waflib import ConfigSet,Utils,Options,Logs,Context,Build,Errors
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Options.py", line 6, in <module>
| from waflib import Logs,Utils,Context,Errors
| File "/OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Context.py", line 5, in <module>
| import os,re,imp,sys
| ModuleNotFoundError: No module named 'imp'
| WARNING: /OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/temp/run.do_configure.1263276:146 exit 1 from 'waf_do_configure'
* this first issue can be fixed easily by backporting:
https://gitlab.com/ita1024/waf/-/commit/d2060dfd8af4edb5824153ff24e207b39ecd67a2
* but then it still fails a bit later, because of SyntaxWarning in waf --version
output:
ERROR: glmark2-2021.12-r0 do_configure: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:waf_preconfigure(d)
0003:
File: '/OE/build/luneos-kirkstone/openembedded-core/meta/classes/waf.bbclass', lineno: 52, function: waf_preconfigure
0048: wafbin = os.path.join(subsrcdir, 'waf')
0049: try:
0050: result = subprocess.check_output([python, wafbin, '--version'], cwd=subsrcdir, stderr=subprocess.STDOUT)
0051: version = result.decode('utf-8').split()[1]
*** 0052: if bb.utils.vercmp_string_op(version, "1.8.7", ">="):
0053: d.setVar("WAF_EXTRA_CONF", "--bindir=${bindir} --libdir=${libdir}")
0054: except subprocess.CalledProcessError as e:
0055: bb.warn("Unable to execute waf --version, exit code %d. Assuming waf version without bindir/libdir support." % e.returncode)
0056: except FileNotFoundError:
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 148, function: vercmp_string_op
0144: Compare two versions and check if the specified comparison operator matches the result of the comparison.
0145: This function is fairly liberal about what operators it will accept since there are a variety of styles
0146: depending on the context.
0147: """
*** 0148: res = vercmp_string(a, b)
0149: if op in ('=', '=='):
0150: return res == 0
0151: elif op == '<=':
0152: return res <= 0
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 138, function: vercmp_string
0134: return r
0135:
0136:def vercmp_string(a, b):
0137: """ Split version strings and compare them """
*** 0138: ta = split_version(a)
0139: tb = split_version(b)
0140: return vercmp(ta, tb)
0141:
0142:def vercmp_string_op(a, b, op):
File: '/OE/build/luneos-kirkstone/bitbake/lib/bb/utils.py', lineno: 89, function: split_version
0085: """Split a version string into its constituent parts (PE, PV, PR)"""
0086: s = s.strip(" <>=")
0087: e = 0
0088: if s.count(':'):
*** 0089: e = int(s.split(":")[0])
0090: s = s.split(":")[1]
0091: r = ""
0092: if s.count('-'):
0093: r = s.rsplit("-", 1)[1]
Exception: ValueError: invalid literal for int() with base 10: 'SyntaxWarning'
ERROR: Logfile of failure stored in: /OE/build/luneos-kirkstone/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/temp/log.do_configure.1264918
so it's safer to just use python3-native everywhere, instead of more patches for waf
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9962d57f7c)
Backport:
* Updated paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is needed to be able to build mosquitto-native.
The dependency on libcap when building for native is needed because
cmake will pick up the existence of libcap from the host, but then the
build fails if it is not available in the sysroot. Unfortunately, there
does not seem to be any way to explicitly tell cmake to not build with
libcap.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c083e0569a)
Backported: Updated paths to follow PV changes.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2022-3968 & CVE-2023-43291 apply to the other "emlog" and can be
safely ignored.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2.5.x is an LTS version per the project.
Drop patch now included.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
helps it compiling on on different openGL implementations which may not
implement fulll openGL specs
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a9212722c1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This release has only security and bug fixes.
ChangeLog:
https://github.com/redis/redis/releases/tag/7.0.13
Security Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-41053
$ git log --oneline 7.0.12..7.0.13
49dbedb1d (tag: 7.0.13, origin/7.0) Redis 7.0.13
0f14d3279 Fix sort_ro get-keys function return wrong key number (#12522)
4d67bb6af do not call handleClientsBlockedOnKeys inside yielding command (#12459)
37599fe75 Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451)
ea1bc6f62 Process loss of slot ownership in cluster bus (#12344)
646069a90 Skip test for sdsRemoveFreeSpace when mem_allocator is not jemalloc (#11878)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through
0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g.,
for amqp-publish or amqp-consume) and are thus visible to local attackers by
listing a process and its arguments.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-35789
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1 for these components.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2
and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote
authenticated user can trigger a kadmind crash. This occurs because
_xdr_kadm5_principal_ent_rec does not validate the relationship
between n_key_data and the key_data array count.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36054
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The delta between 2.0.6 and 2.0.8 contains the CVE-2023-39976 fix
and other bugfixes. git log --oneline shows:
002171b (HEAD, tag: v2.0.8, origin/main, origin/HEAD, main) Update library version for 2.0.8
1bbaa92 log: fix potential overflow with long log messages (#490)
92ddd7c test - fix test dependancies (#489)
06c8641 (tag: v2.0.7) Update -version info for 2.0.7
0665086 spec: Migrate to SPDX license (#487)
5862acb blackbox: fix potential overlow/memory corruption (#486)
a3aedbc tests: allow -j to work (#485)
335dbb6 test: Remove gnu/lib-names.h from libstat_wrapper.c (#482)
4dcdfe9 strlcpy: avoid compiler warning from strncpy (#473)
1a32a60 Add --disable-tests option (#475)
10b0623 m4/ax_pthread.m4: update to latest upstream version (serial 31) (#472)
e038f59 tests: Close race condition in check_loop (#480)
fde729e timer: Move state check to before time check (#479)
5594d37 ipc: Retry receiving credentials if the the message is short (#476)
e8129a3 add simplified chinese readme (#474)
eaa95ec lib: Fix some small bugs spotted by newest covscan (#471)
14507d5 configure: Modernize configure.ac a bit (#470)
8325d84 tests: Fix tests on FreeBSD-devel (#469)
e407874 doxygen2man: Fix function parameter alignment (#468)
0eb0991 tests: cleanup the last of the empty directories (#467)
44a4cb2 tests: Make ipc test more portable (#466)
758044b (tag: v2.0.6) test: Include ipc_sock.test in the libqb-tests rpm (#463)
Release Notes: https://github.com/ClusterLabs/libqb/releases
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This release has only security and bug fixes.
ChangeLog:
https://github.com/redis/redis/releases/tag/7.0.12
Security Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-36824https://nvd.nist.gov/vuln/detail/CVE-2022-24834
$ git log --oneline 7.0.11..7.0.12
8e73f9d34 (tag: 7.0.12, origin/7.0) Redis 7.0.12
f90ecfb1f Fix compile errors when building with gcc-12 or clang (partial #12035)
bd1dac0c6 Fix possible crash in command getkeys (#12380)
25f610fc2 Use Reservoir Sampling for random sampling of dict, and fix hang during fork (#12276)
eb64a97d3 Add missing return on -UNKILLABLE sent by master case (#12277)
2ba8de9d5 Fix WAIT for clients being blocked in a module command (#12220)
1d2839a83 Fix memory leak when RM_Call's RUN_AS_USER fails (#12158)
c340fd5a3 Prevent repetitive backlog trimming (#12155)
88682ca30 Free backlog only if rsi is invalid when master reboot (#12088)
f6a7c9f9e Lua cjson and cmsgpack integer overflow issues (CVE-2022-24834)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
JavaScript pre-processing can be used by the attacker to gain
access to the file system (read-only access on behalf of user
"zabbix") on the Zabbix Server or Zabbix Proxy, potentially
leading to unauthorized access to sensitive data.
Reference:
https://support.zabbix.com/browse/ZBX-22588
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
JavaScript preprocessing, webhooks and global scripts can cause
uncontrolled CPU, memory, and disk I/O utilization.
Preprocessing/webhook/global script configuration and testing
are only available to Administrative roles (Admin and Superadmin).
Administrative privileges should be typically granted to users
who need to perform tasks that require more control over the system.
The security risk is limited because not all users have this level
of access.
References:
https://support.zabbix.com/browse/ZBX-22589
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun
vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply
a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package
function scans the ASN1 buffer for 2 tags, where remaining length is wrongly
caculated due to moved starting pointer. This leads to possible heap-based buffer
oob read. In cases where ASAN is enabled while compiling this causes a crash.
Further info leak or more damage is possible.
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A vulnerability, which was classified as problematic, has been found
in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is
the function DecodedBitStreamParser::decodeHanziSegment of the file
qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads
to memory leak. The attack may be launched remotely. The name of the
patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended
to apply a patch to fix this issue. The identifier of this vulnerability
is VDB-228548.
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
[Refactored to apply to kirkstone]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Rob Woolley
Martin Jansa
Wentao Zhang
Soumya
Yogita Urade
Poonam Jadhav
Richard Purdie
Peter Kjellerstedt
Yoann Congal
Mingli Yu
Khem Raj
Shinu Chandran
Armin Kuster
Polampalli, Archana
Jose Quaresma
Sourav Kumar Pramanik
Polampalli, Archana
Sourav Pramanik
Robert Joslyn
Narpat Mali
Beniamin Sandu
Jasper Orschulko
Hitendra Prajapati
Peter Marko
vkumbhar