Backport selected parts of three upstream commits to fix
CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read.
Upstream-Status: Backport
[ several ]
Upstream commits fully backported:
46aead6 [CVE-2017-16808/AoE: Add a missing bounds check]
Upstream commits partially backported:
7068209 [Use nd_ types in 802.x and FDDI headers.]
84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using
pointers (1/n)]
46aead6 fixes the vulnerability and requires two macros defined in
7068209 and 84ef17a, which are committed after the release of 4.9.2.
Only the definition of the macros are taken from the two commits
as they impact a wide range of code and are difficult to integrate.
CVE: CVE-2017-16808
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Do not try to compile ptests for snmp-bc if it is not in PACKGECONFIG.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it is not proper change source in do_configure, it will make
source not updated even local.conf have change the DISTRO_FEATURES
[YOCTO: #13493]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixed do_configure failed:
$ bitbake lib32-netcf
cp: cannot stat '/path/to/lib32-recipe-sysroot/usr/share/gnulib': No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
PKG_CONFIG is hardcoded to /usr/bin/pkg-config which is not cross
compile safe and ends up with build errors especially on hosts where
pkgconf is used it ends up with errors like
/usr/bin/pkg-config: line 11: exec: pkgconf: not found
/usr/bin/pkg-config: line 11: exec: pkgconf: not found
Override it to use own native pkg-config which can deal with sysroot
correctly
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixed:
$ bitbake netcf
WARNING: netcf-0.2.8+gitAUTOINC+2c5d425585-r0 do_package: Manifest /path/sstate-control/manifest-x86_64_x86_64-nativesdk-gnulib.packagedata not found in intel_x86_64 corei7-64 core2-64 x86_64 allarch x86_64_x86_64-nativesdk (variant '')?
This is because gnulib has no related tasks:
do_package[noexec] = "1"
do_packagedata[noexec] = "1"
deltask package_write_ipk
deltask package_write_deb
deltask package_write_rpm
deltask do_deploy_archives
Depends on gnulib:do_populate_sysroot explicitly to fix the problem.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This gives users a proper error message when trying to build
a known non-building package.
netkit-rsh already had COMPATIBLE_HOST_libc-musl = 'null'.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove a generated file with always changing hash from LIC_FILES_CHKSUM.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh patch:
0002-avoid-naming-local-function-as-one-of-printf-family.patch
Add two new file in this patch:
src/expr/synproxy.c
src/obj/ct_expect.c
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It is no longer necessary to introduce a potential security
vulnerability for fixing the musl build.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: QA Issue: /usr/bin/radcrypt contained in package freeradius-utils requires /usr/bin/perl, but no providers found in RDEPENDS_freeradius-utils? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In commit bae481e933 ("wireless-regdb: make wireless-regdb architecture independent")
wireless-regdb has been made allarch, but it depends
(via RSUGGESTS) on a TUNE_PKGARCH recipe (crda).
This causes needless rebuilds of wireless-regdb when crda
changes (due to changing sstate checksum).
Add this dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS so
as to avoid that. Even though wireless-regdb has been
moved to OE-core since, we still add this dependeny here
(and not there), as crda is provided in this layer here.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openvpn only provides options to update a pid file but not to check it
for running processes. Consecutive issued start commands therefore lead
to multiple running processes with the same configurations, which is the
origin of all kinds of problems of which unnecessary resource usage is the least.
Using start-stop-daemon the pid file is inspected for running processes
before start.
Signed-off-by: Fabian Klemp <fabian.klemp@axino-group.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
needs rpcsvc/rstat.h which is no longer in libc but provided
by separate package now
Fixes
up.c:51:10: fatal error: rstat.h: No such file or directory
51 | #include "rstat.h"
| ^~~~~~~~~
compilation terminated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
