Fix the following error when using buildtools-extended:
va_server.c:20:10: fatal error: zlib.h: No such file or directory
20 | #include <zlib.h>
| ^~~~~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bd745115de)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
There are multiple vendors for yasm:
$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm
Both products refer to the same application
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93f85e4fd2)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
There is a rare compile failure
| In file included from sqlhist-parse.h:25,
| from tracefs-sqlhist.c:17:
| sqlhist.tab.h:120:8: error: unterminated comment
| 120 | #endif /* !YY_TRACEFS_SQLHIST_TAB_H_INCLUDED */
| | ^
Backport patch to avoid run bison that not re-gerate sqlhist.tab.h.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
There are some unrelated software called "links", which cases
false-positive CVEs to be reported by the CVE checker.
Set the vendor/product pairs that were historically used with
CVEs for this software.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62a5309732)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The zfs package content varies depending the host distro.
To fix this, force target distribution ("vendor") to Debian to match
default values for things like: NFS server service name, bash completion
path, configuration files, ...
The Debian values do match the OpenEmbedded ones.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4990a36eb4)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
CVE-2024-55553:
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size
of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes.
An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing
more than this number of updates during an update interval (usually 30 minutes).
Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this
to trigger route validation continuously. Given that routers with large full tables may need
more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers
of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally.
Additionally, the re-validation will cause heightened BMP traffic to ingestors.
Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-55553]
Upstream patches:
[https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
grl-type-builtins.* are generated by glib-mkenums which leave full paths
in comment and #include directives. Rewrite those before *-src packaging.
Previous fix did not correct the .c file and did not work in the
"devtool modify" case.
Fix these errors:
ERROR: grilo-0.3.16-r0 do_package_qa: QA Issue: File /usr/src/debug/grilo/0.3.16/src/grl-type-builtins.c in package grilo-src contains reference to TMPDIR [buildpaths]
ERROR: grilo-0.3.16-r0 do_package_qa: QA Issue: File /usr/src/debug/grilo/0.3.16/src/grl-type-builtins.h in package grilo-src contains reference to TMPDIR [buildpaths]
ERROR: grilo-0.3.16-r0 do_package_qa: Fatal QA errors were found, failing task.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa88276c26)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Debug packages of klibc-based recipe contains reference to TMPDIR and
fail to build since "buildpaths" is a ERROR_QA: For example, from [0]:
stdio: ERROR: kexec-tools-klibc-2.0.18+git-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/kexec in package kexec-tools-klibc-dbg contains reference to TMPDIR
stdio: ERROR: kexecboot-klibc-0.6+git-r0 do_package_qa: QA Issue: File /usr/bin/.debug/kexecboot in package kexecboot-klibc-dbg contains reference to TMPDIR [buildpaths]
stdio: ERROR: ubi-utils-klibc-2.0.2-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/ubirename in package ubi-utils-klibc-dbg contains reference to TMPDIR
Fix this by adding DEBUG_PREFIX_MAP to the klibc build CFLAGS to rewrite
these paths in a reproducible way.
[0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/40
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 643bc59b0c)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
CVE-2006-3376 is already patched, but the patch is missing
the required CVE tag, so the cve-checker misses it.
This patch adds the tag.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
CVE-2009-1364 is already patched, but the patch didn't contain
the necessary tag so the cve-checker didn't pick it up.
This change adds the required tag.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.
The affected module is not part of the meta-oe universe currently,
so ignore the CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 11fc309ae9)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Gyorgy Sarvari
Anuj Mittal
yuyu
Yi Zhao
Kai Kang
Pavel Zhukov
Peter Marko
Yoann Congal
Khem Raj
Hugo SIMELIERE
Zhang Peng
J. S.
Ankur Tyagi