Update the patch to make netgroup support optional to fit the commit
merged upstream [1], update the other patch depending on one of the
changes.
Without this update, a compilation using duktape with musl fails with:
| ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c: In function 'js_polkit_user_is_in_netgroup':
| ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c:1039:7: warning: implicit declaration of function 'innetgr' [-Wimplicit-function-declaration]
| 1039 | if (innetgr (netgroup,
| | ^~~~~~~
The main patch has been split in two, to apply the duktape part only when duktape is
applied.
[1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 271282b1a5)
{Fixup for kirkstone content; exlude Ducktape chages]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
polkitd user has default access to /bin/sh, add --shell /bin/nologin
to remove default access to /bin/sh and avoid login through it.
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7ca63e5454)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
----------------
(CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d9f8d015a45188c3cf2d6841ea05319032930dbc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This CVE is patched in our version of openjpeg. The NVD database doesn't
include a version range this is why it's still reported.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
CVE-2007-2728, CVE-2007-3205 and CVE-2007-4596 are patched in our
version of php but they don't have a vulnerable version range in the
NVD database, that's why they need to be ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1642bfcb07)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2014-8180, CVE-2017-18381 and CVE-2017-2665 are not affecting our
configuration so they can be safely ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ed904e6541)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Some old CVEs don't have a vulnerable version range in the NVD database,
this causes come mismatch with cve-check. Ignore many CVEs that are
picked up by the class but are patched in our products.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit efa12676dd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2017-5834, CVE-2017-5835 and CVE-2017-5836 are patched in our
version of libplist but they don't have a vulnerable version range in
the NVD database, that's why they need to be ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 261465eb6e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Without CVE_PRODUCT set to apache:thrift cve-check was catching
CVEs form facebook:thrift that are not related with this product.
Now the report is correct.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* A new connection status dispatcher setup is provided, where users can
provide custom scripts that will be called on bearer connect/disconnect
events. This dispatcher will make the netifd integration in openwrt work
much better, as we'll be able to report network-initiated disconnections
cleanly to netifd.
There are no default connection status dispatcher scripts installed, but
it's suggested distributions make sure the following directories exist:
- ${sysconfdir}/ModemManager/connection.d/
- ${libdir}/ModemManager/connection.d/
* API:
** Add missing Simple interface definitions in ModemManager-names.h.
* Build:
** meson: fix daemon enums dependencies.
** meson: fix port enums includes.
** meson: fix 'export_packages' in GIR setup.
** meson: fix simtech plugin module name.
** systemd: don't run ModemManager in containers.
* Core:
** serial: ensure the port object is valid after BUFFER_FULL handling.
** netlink: use unaligned netlink attribute length.
** netlink: only change IFF_UP flag.
** bearer: match unknown auth to chap in loose comparisons.
** charsets: return error if UTF-8 validation fails.
** fcc-unlock: make scripts POSIX shell compatible.
** modem-helpers: consider minimum ID when choosing best profile.
** modem-helpers: fix reading <Act> given in COPS=? responses.
** sms: prevent crash if date is out of range.
** profile-manager: fix copy-paste error on tags for quarks.
* QMI:
** Ignore slot status indications until initial status is known.
** Return error when loading capabilities if none is found.
* MBIM:
** Default initial EPS bearer's auth to chap when unknown.
** Update default error when network error is out of range.
* mmcli:
** Fix key length when printing list of items.
* Plugins:
** linktop: new port type hints.
** cinterion: add support for PLSx3w modems
** huawei: disable +CPOL based features in Huawei E226
* Several other minor improvements and fixes.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The upstream commit fcb676a79d introduced new option
WITH_DLT_ADAPTOR_UDP to select dlt-adaptor-udp.service instread of
WITH_DLT_ADAPTOR, so update the PACKAGECONFIG.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This product is not present in the NVD database but another
one with exactly the same name is in fact present. For that
reason cve-check is outputting CVEs that are unrelated so they
can be ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The service warned on startup about running in compatibility mode since the configuration version was "3.31" instead of "3.36".
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e80ce510e1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This reverts and reworks commit e75cc87c4f
These tools are needed by test-suites, not the package itself.
I do not want bash (gpl3) or python (big/lot of dependencies)
in my release image when I have ptest enabled in my distro for
sdk/testing image.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Set CVE_PRODUCT as 'iperf_project:iperf' for iperf2 and iperf3
recipes, cve-check class is setting default CVE_PRODUCT to
'iperf2' and 'iperf3' respectively which ignores the iperf
CVEs from NVD Database.
Reference:
CVE-2016-4303
Link: https://nvd.nist.gov/vuln/detail/CVE-2016-4303
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
To cleanup metadata and improve source code management, github repo was
created here with all patches integrated:
https://github.com/denix0/devmem2
Update recipe accordingly, bump the version while at it to distinguish
from the original.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 356b488fb0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There will be tofos in output pictures without any font, so make
graphviz rrecommends on liberation-fonts.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0e036cb1bc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The 1.6.1 incorporates the
0001-Fix-status-in-teardown-overriding-exit-code.patch backport patch.
Changelog:
==========
Fixed:
------
prevent teardown, teardown_file, and teardown_suite from overriding bats'
exit code by setting $status (e.g. via calling run) (#581, #575)
CRITICAL: this can return exit code 0 despite failed tests, thus preventing
your CI from reporting test failures! The regression happened in version 1.6.0.
Documentation:
--------------
corrected invalid documentation of run -N (had =N instead) (#579)
CRITICAL: using the incorrect form can lead to silent errors. See issue #578
for more details and how to find out if your tests are affected.
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 72fbb8379f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
BATS v1.6.0 has a regression which can result in test case failures being
ignored when teardown code executes successfully. This patch applies the
accepted bug-fix until the next BATS release.
Also, fix a comment that wasn't updated during the BATS upgrade, to match the
correct release (v1.6.0) associated with the SRCREV.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The upstream repo location has changed, it's now
https://git.enlightenment.org/old/legacy-imlib2
It's not clear when or why it happened, but the the commit hash we use
in SRCREV exists in the 'new' location, so let's at least update the
SRC_URI for now, and fix this warning:
WARNING: imlib2-1.7.1-r0 do_fetch: Failed to fetch URL git://git.enlightenment.org/legacy/imlib2.git;protocol=https;branch=master, attempting MIRRORS if available
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62becef109)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Mingli Yu
Marta Rybczynska
Akash Hadke
Yi Zhao
Vyacheslav Yurkov
Martin Jansa
wangmy
Davide Gardenal
Aryaman Gupta
Changqing Li
Wentao Zhang
Adrian Freihofer
Yue Tao
Aurélien Bertron
Peter Marko
Denys Dmytriyenko
Khem Raj
Kai Kang
Armin Kuster
Gianfranco
Joerg Vehlow
Diego Sueiro
Richard Neill
Nicolas Dechesne