This is gentoo specific CVE.
NVD tracks this as version-less CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 36a7e409d8)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Current version (1.6.9) is not affected. Issue was addressed in version 1.3.0
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 17bcf478a5)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Backport of the commit 96b97c0c64 from master
This patch enables ptest for imagemagick, improving test coverage for
continuous integration and runtime validation.
No functional changes are introduced to the core package.
The logic used is :
- We check if the required tools are present or not
- We used convert to create an raw RGB file
- The created RGB is then converted to PNG using convert
- We re-gerenate RGB from PNG and compare the original and re-generated RGB
- Enabled the ptest in ptest-packagelists-meta-oe.inc as
suggested by Gyorgy Sarvari and incorporated logging suggestion
- This was done as standard imagemagick test like drawtest requires manual
internetion to verify the file.
Signed-off-by: AshishKumar Mishra <ashishkumar.mishra@bmwtechworks.in>
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The ${STAGING_LIBDIR} used in scarthgap doesn't catch this, because
in kirkstone without usrmerge libcap is installed in base_libdir which
is different from libdir.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* after buildpath warnings fix from:
https://git.openembedded.org/meta-openembedded/commit/?id=eeef1fddd9052bed4b1a91565260518eb042fed2
the LibwebsocketsTargets.cmake ends with:
INTERFACE_LINK_LIBRARIES "ssl;crypto;ssl;crypto;/libcap.so;-lpthread"
instead of:
INTERFACE_LINK_LIBRARIES "ssl;crypto;ssl;crypto;/OE/build/.../libwebsockets/4.3.3/lib32-recipe-sysroot/usr/lib/libcap.so;-lpthread"
which causes e.g. mosquitto to fail in do_compile with:
ninja: error: '/libcap.so', needed by 'src/mosquitto', missing and no known rule to make it
* this happens only when libwebsocket is built with libcap enabled
(by libcap in DEPENDS)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In order to remove absolute paths from the cmake artifacts, paths from
the `$lib` folder should also be stripped off, otherwise internally
linked libraries (e.g. libz) may appear.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This is a backported patch from opensuse, which contains a testcase
for CVE-2015-7747 (which is already patched in ths recipe, but not
tested explicitly).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6c98db2449)
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-3243
The issue is about file permissions: by default rsyslog creates world-readable
files. In case a log message contains some sensitive information, then that's
exposed to every user on the system.
However the rsyslog.conf file that is shipped with the recipe solves it: it
already sets non-world-readable default permissions on all files, so this
vulnerability is fixed in the default OE recipe.
See also this package in OpenSuse[1], where it is solved the same way.
[1]: https://build.opensuse.org/requests/619439/changes (rsyslog.conf.in)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 38ea8a4617)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
CVE-2006-3376 is already patched, but the patch is missing
the required CVE tag, so the cve-checker misses it.
This patch adds the tag.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
CVE-2009-1364 is already patched, but the patch didn't contain
the necessary tag so the cve-checker didn't pick it up.
This change adds the required tag.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The expected error message has changed between versions - update the test
in the patch accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The previous repository was moved to freedesktop's gitlab instance,
and was causing fetching failures.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The commit from the recipe got got detached from the master branch - use nobranch to
avoid fetching failure.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fcd57a086d)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The old repository was moved to a new freedesktop gitlab instance.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0e79b3a907)
Removed "tag" tag from SRC_URI for Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Since this file is downloaded and upstream does not version it on changes
we have to ensure that we store the versions in DL_DIR and also ensure they
do not step on each other
Fixes
stdio: WARNING: unicode-ucd-14.0.0-r0 do_fetch: Checksum mismatch for local file /srv/autobuilder/valkyrie.yocto.io/current_sources/license.txt
stdio: WARNING: unicode-ucd-14.0.0-r0 do_fetch: Renaming /srv/autobuilder/valkyrie.yocto.io/current_sources/license.txt to /srv/autobuilder/valkyrie.yocto.io/current_sources/license.txt_bad-checksum_f7830d126f59d83842565d3dddedc79db4ca978ed52aee0ebcc040ea76a85519
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 830535e5b6)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This is downloaded and does not have version, so we have to
update it whenever upstream update it. The copyright year
is changed this time.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6121f2907a)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Switch to https protocol to avoid fetching failures (anonymous fetching
with git protocol is not available anymore on this server).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original xz-compressed tarball isn't available at the download
location anymore - switch to the gz tarball which is still there.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Peter Marko
Ninette Adhikari
Gyorgy Sarvari
Naman Jain
Zhang Peng
AshishKumar Mishra
Divya Chellam
Martin Jansa
Gerard Salvatella
Khem Raj
Mingli Yu