The tool depends on the six module, add it, otherwise the following
traceback happens when running it on the target:
Traceback (most recent call last):
File "/usr/bin/dstat", line 32, in <module>
import six
ModuleNotFoundError: No module named 'six'
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Source: https://thekelleys.org.uk/dnsmasq.git
MR: 110238
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818
Description:
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Source: Debian.org
MR: 108848
Type: Security Fix
Disposition: Backport from https://sources.debian.org/data/main/x/xterm/344-1%2Bdeb10u1/debian/patches/CVE-2021-27135.diff
ChangeID: 00f53def87b8b95e62908581f8fb56a69118dd32
Description:
xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
This fixes CVE-2021-27135.
Leverage a patch from Debian.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Revert patch to setup-only-make-one-reference-to-env.patch and make
patch for python3 interpreter fix apply to runs of setup.py during
self test as well as installs.
Reported-by: Kenta Nakamura <Nakamura.Kenta@bp.MitsubishiElectric.co.jp>
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
The configure script contains hardcoded lookup paths to /usr and other
paths that might interfere with the host. These are overwritten with the
staging dir locations for Poky compatibility.
Backport from meta-oe master rev. 74b66d1911
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jan-Simon Moeller <dl9pf@gmx.de>
License-Update: License updated (year updated)
Fix some security issues such as CVE-2021-21702 and remove two
cve patches which already included in the new version.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e418ee4657)
[Bug fix only updates plus: CVE-2020-7071 ]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since commit c4ffcaa2[php: split out phpdbg into a separate package],
package php is empty, we might met error:
nothing provides php needed by php-cli-7.4.9-r0.corei7_64
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9be6b4f5a2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since PHP 7.0 the phpdbg debugger is built by default and gets shipped
in the main php package, increasing its size by several MB; split it
out into a php-phpdbg package, following Debian naming.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c4ffcaa2ab)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It is a (non trivial) cherry pick from
(cherry picked from commit b9ede0cb18)
python3-pyyaml was moved from meta-python to meta-oe, so that we could
apply this specific patch which breaks basic YP compatible check
script.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This specific statement in ostree recipe breaks the YP compatible
status (yocto-check-layer):
RDEPENDS_${PN}-ptest += " \
...
${@bb.utils.contains('BBFILE_COLLECTIONS', 'meta-python', 'python3-pyyaml', '', d)} \
...
"
Recently python3-pyyaml was moved to OE-core (0a8600f9cec0), and the
ostree recipe was fixed with:
b9ede0cb18 (python3-pyyaml: Do not check for meta-python)
In dunfell, moving python3-pyyaml to OE-core is not a great idea, but
moving it from meta-python to meta-oe allows us to fix ostree YP
compatible issue. Since meta-python depends on meta-oe, it should not
be a change with any visible effect.
python3-cython and python3-pyparsing are collateral damages since they are
dependency for python3-pyyaml, so needed to be moved too.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It was moved to OE-core/dunfell in
cc0f56a788c3 (python3-jinja2: Import from meta-oe/meta-python)
However it was not removed from meta-oe, as such this recipe is now
duplicated, for no good reason. Worse than that, the version in
meta-oe and oe-core differ. OE-core has 2.11.3 and meta-oe is older
with 2.11.2.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It was moved to OE-core/dunfell in
ec222f6af5f8 (python3-markupsafe: Import from meta-oe/meta-python)
However it was not removed from meta-oe, as such this recipe is now
duplicated, for no good reason. The version in meta-oe and oe-core
match so, it's really a no-op.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
inheriting license class which brings in
AVAILABLE_LICENSES into do_configure task checksums class since it wants to
enable thin-provisioning-tools if distro allows GPL-3 automatically, but this
brings issues when other layers which have additional licenses are
provided which ends up in signature mismatches so leave that setting to end-user and keep it disabled by
default with a comment in recipes stating that if needed then the user should enable it via
config metadata or bbappends.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f592e81f11)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport patches:
using conntrack instead of state eliminating warning
support setup.py build (python 3)
adjust runtime tests to use daytime port (netbase changes)
empty out IPT_MODULES (nf conntrack warning)
check-requirements patch for python 3.8
Update, add patches for python 3 interpreter
Add ufw-test package. Backport fixes for check-requirements script
Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell
For dunfell
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
We need to adjust the vboxguest drivers to build against kernels
5.10+.
These are backports from the virtual box SVN repository and can be
dropped in future uprevs.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 22eaac640f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Marek Vasut
Neetika Singh
Armin Kuster
Yi Zhao
Pierre-Jean Texier
Zang Ruochen
Gianfranco
Changqing Li
Armin Kuster
Joe Slater
Jate Sujjavanich
Anatol Belski
Khem Raj
Michael Opdenacker
Kai Kang
Mingli Yu
Diego Santa Cruz
Nicolas Dechesne
Bruce Ashfield
Hongxu Jia