mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
19,752 Commits 64 Branches 0 Tags
7628af5739ee981c33dc04b6d5b02c07d73aeb94
Commit Graph

394 Commits

Author SHA1 Message Date
Li Wang 70b1aa0a4c apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 
CVE-2020-13950:
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be
made to crash (NULL pointer dereference) with specially crafted
requests using both Content-Length and Transfer-Encoding headers,
leading to a Denial of Service

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-13950

Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966738
https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b

CVE-2020-35452:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Digest nonce can cause a stack overflow in
mod_auth_digest. There is no report of this overflow
being exploitable, nor the Apache HTTP Server team could
create one, though some particular compiler and/or
compilation option might make it possible, with limited
consequences anyway due to the size (a single byte) and
the value (zero byte) of the overflow

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-35452

Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2020-35452
https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b

CVE-2021-26690:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Cookie header handled by mod_session can cause
a NULL pointer dereference and crash, leading to a
possible Denial Of Service

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26690

Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2021-26690
https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8

CVE-2021-26691:
In Apache HTTP Server versions 2.4.0 to 2.4.46 a
specially crafted SessionHeader sent by an origin server
could cause a heap overflow

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26691

Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966732
https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b

CVE-2021-30641:
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected
matching behavior with 'MergeSlashes OFF'

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30641

Upstream patches:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-10 11:20:05 -07:00
Changqing Li 8238504903 nginx: fix CVE-2021-23017 
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-10 11:20:01 -07:00
Armin Kuster c3a36263f9 packagegroup-meta-webserver: remove nostromo from pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-29 18:57:25 -07:00
Armin Kuster c4a4070a46 nostromo: Blacklist and exclude from world builds 
Host site is dead.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-29 18:39:03 -07:00
akuster 4ff36ed798 README: updated Maintainers list for Hardknott 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-03-31 07:05:07 -07:00
Khem Raj 5daae70617 layers: Drop gatesgarth from LAYERSERIES_COMPAT 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-03-19 11:58:17 -07:00
zhengruoqin 9f70bac38a phpmyadmin: upgrade 5.0.4 -> 5.1.0 
The following changes have taken place in copyright:
-Copyright 2013 jQuery Foundation and other contributors
-http://jquery.com/
+Copyright JS Foundation and other contributors, https://js.foundation/

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-03-08 17:24:13 -08:00
Yi Zhao 04bb5ad26e phpmyadmin: 5.0.2 -> 5.0.4 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-01-05 09:16:26 -08:00
changqing.li@windriver.com 5af79fb5f1 nginx: upgrade 1.17.8 -> 1.19.6 
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-12-30 22:26:30 -08:00
changqing.li@windriver.com b647b9566a nginx: upgrade 1.16.1 -> 1.18.0 
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-12-30 22:26:30 -08:00
Senthil Selvaganesan 3a71d93ee5 fcgiwrap: add recipe 
fcgiwrap is a simple server for running CGI applications over FastCGI.
It hopes to provide clean CGI support to Nginx and other web servers
that may need it. Homepage: https://github.com/gnosek/fcgiwrap.

Signed-off-by: Senthil Selvaganesan <SenthilKumaran.Selvaganesan@garmin.com>
Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-12-03 14:49:27 -08:00
Khem Raj 8fbaa7e41c layer.conf: Add hardknott to LAYERSERIES_COMPAT 
Thats codename for 3.3

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-11-04 12:43:55 -08:00
Khem Raj cd9eaf4318 meta-openembedded: Add gatesgarth to LAYERSERIES_COMPAT 
Remove older releases from COMPAT

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-10-15 11:42:15 -07:00
Khem Raj d387720a4e monkey: Correct the install path in init services 
Its not in bindir but in sbindir

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-08-31 23:47:52 -07:00
Khem Raj 7363206d5b monkey: Remove /var/run 
This is empty and its a runtime directory which is created by base-files
already

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-08-31 23:47:52 -07:00
Khem Raj 9d70779e80 packagegroup-meta-webserver: Update to include new recipes 
Re-organise to have one entry per line

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-08-31 23:47:52 -07:00
Sakib Sajal fc995b3cfe apache2: upgrade v2.4.43 -> v2.4.46 
Minor upgrade inluding bug and CVE fixes, namely:
  - CVE-2020-9490
  - CVE-2020-11984
  - CVE-2020-11993

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-08-26 14:27:09 -07:00
Khem Raj 45b327ba16 monkey: Upgrade to 1.6.9 
Switch to using cmake
Use CMake option to select musl support

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-08-13 22:32:07 -07:00
Zang Ruochen c07cfc20b2 nostromo: upgrade 1.9.7 -> 1.9.9 
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-07-28 12:23:16 -07:00
Zang Ruochen 10cbc8e3c5 hiawatha: upgrade 10.10 -> 10.11 
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-07-28 12:23:16 -07:00
Zang Ruochen ef17d6f30b apache-websocket: upgrade 0.1.1 -> 0.1.2 
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-07-28 12:23:15 -07:00
Andreas Müller 09e925dd7b netdata: upgrade 1.17.0 -> 1.22.1 
* 0001-Correct-timeout-issue.patch: timeout is build by coreutils
* 0002-Makefiles-does-not-build-contrib-dir.patch: Upstream added identical

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-06-19 10:17:50 -07:00
Konrad Weihmann ec26ab4394 spawn-fcgi: fix typo in SUMMARY 
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-31 22:42:25 -07:00
Michael Haener 870dda4a91 cockpit: 219 -> 220 
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-30 11:27:49 -07:00
Yi Zhao 6f4d0dbfbc apache2: create log/run directory via pkg_postinst 
The commit e789c3837c tries to create
log/run directory in initscript/systemd unit file. This is not a correct
method. We should create them in pkg_postinst.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-21 20:16:40 -07:00
Michael Haener 310d99d978 cockpit: rt-deps for storaged 
No general depdependency on udisks2 (polkit)

Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-21 15:07:44 -07:00
Michael Haener ba6fbd90c7 cockpit: upgrade 218 -> 219 
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-14 12:51:26 -07:00
Changqing Li e789c3837c apache2: fix service start fail 
reproduce steps:
1. boot up target
2. scp apache2-2.4.41-r0.1.aarch64.rpm on target
3. rpm -i apache2-2.4.41-r0.1.aarch64.rpm
4. systemctl status apache2

Error:
httpd[7767]: (2)No such file or directory: AH02291: Cannot access directory '/var/log/apache2/' for main error log

with the old way, /var/log/apache2/ is created by service
systemd-tmpfiles-setup during boot, so only works when apache2
already installed before boot, in above scenario,
/var/log/apache2/ will not created. fix by creating it in the
service file. similar fix for sysV system

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-14 10:43:48 -07:00
Jorge Solla 353b4d2f98 Cockpit: Added missing dependency on udisks2 for package cockpit-storaged 
Cockpit uses udisks2 in order to manage storage on the host, without it
cockpit will just display an error when the storage tab is selected.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-11 11:39:33 -07:00
Yi Zhao 6e9f393605 nginx: remove /var/log/nginx when do_install 
Remove directory /var/log/nginx when do_install because it is created by
volatiles file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-06 12:51:39 -07:00
Emmanuel Roullit eaf4a9d8a7 cockpit: fix metainfo.xml file ownership 
The 'tar -cf - | tar -xf' combo applies an invalid ownership.
This is corrected by patching the install target to use
the --no-same-owner tar parameter.

Signed-off-by: Emmanuel Roullit <emmanuel.roullit@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-04 14:03:55 -07:00
Michael Haener 410e938f67 cockpit: Add recipe version 218 
Cockpit is a server manager that makes it easy to
administer your GNU/Linux servers via a web browser.

Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-05-04 12:15:50 -07:00
Changqing Li 30f1da6f26 xdebug: upgrade 2.7.2 -> 2.9.5 
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-04-27 07:48:46 -07:00
Trevor Gamblin b1aa5f7850 apache2: add patch ensuring destdir is empty string 
apache2 added cross-compilation support after 2.4.41, but
this conflicts with our own cross-compilation setup and causes
related recipes like apache-websocket to fail to find config
files (due to incorrect file paths) during build:

| cannot open
/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk:
No such file or directory at
/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs
line 213.

Add this patch to ensure that the $destdir
variable used in apache2's cross-compilation scheme is always
the empty string so that apache-websocket can find the right
files.

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-04-17 19:05:58 -07:00
Trevor Gamblin e9252506c3 apache2: upgrade 2.4.41 -> 2.4.43 
LICENSE file was updated due to a typo fix.

Note that this upgrade fixes two CVES affecting versions
2.4.41 and earlier:

CVE: CVE-2020-1927
CVE: CVE-2020-1934

See:
https://nvd.nist.gov/vuln/detail/CVE-2020-1927
https://nvd.nist.gov/vuln/detail/CVE-2020-1934

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-04-17 19:05:58 -07:00
Wang Mingyu 7bbfd99551 phpmyadmin: upgrade 4.9.2 -> 5.0.2 
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-04-01 23:32:54 -07:00
Wang Mingyu 553dfcde3d nostromo: upgrade 1.9.6 -> 1.9.7 
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-04-01 23:32:54 -07:00
Khem Raj 46ae08202a layers: update LAYERSERIES_COMPAT to dunfell 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-03-20 07:44:29 -07:00
Changqing Li fc8f28c611 nginx: fix error during service startup 
fix below error:
nginx.service: failed to parse pid from file /run/nginx/nginx.pid:
invalid argument

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-02-26 07:17:58 -08:00
Derek Straka 4cc894ad99 nginx: update to the latest development version (1.17.8) 
See Changelog: https://nginx.org/en/CHANGES

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-02-09 22:31:31 -08:00
Derek Straka 7e37a79e24 nginx: update to the latest stable version (1.16.1) 
See changlog here: https://nginx.org/en/CHANGES-1.16
  * Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-02-09 22:31:31 -08:00
Pierre-Jean Texier 9cc9bd0bd6 hiawatha: upgrade 10.7 -> 10.10 
See full changelog https://www.hiawatha-webserver.org/changelog

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-02-03 12:54:21 -08:00
Khem Raj ae4adf2849 netdata: Add libatomic to link step 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-01-28 13:55:35 -08:00
Khem Raj 1da85ce7d1 cherokee: Replace using BBPATH with BBFILE_COLLECTIONS for meta-python2 check 
BBPATH check actually does not work

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-01-22 19:21:39 -08:00
Khem Raj 613a05bfc7 recipes: Turn inherit classes from meta-py2 to conditional constructs 
helps parsing without meta-py2 in mix

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-01-22 14:20:35 -08:00
Khem Raj 7df11a27a0 cherokee: Only build with meta-py2 is in layermix 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-01-22 09:56:35 -08:00
Khem Raj 698c36f584 cherokee: Use python3 native during build 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-01-22 09:56:34 -08:00
Yi Zhao ba5fbb239e phpmyadmin: upgrade 4.9.1 -> 4.9.2 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2019-12-13 18:29:14 -08:00
Gaylord Charles 35dddf62f5 nginx: fix install paths 
This patch fixes Nginx install paths. I tried to build the native variant
for testing purpose and had errors.

- Use path variable instead of /usr
- Replace the absolute path symlink with a relative one

Signed-off-by: Gaylord CHARLES <gaylord.charles@veo-labs.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2019-11-17 12:34:21 -08:00
Khem Raj bbba23ad28 layer.conf: Add phpmyadmin->php dep to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS 
phpmyadmin rdeps on php-cli but we can ignore signatures for the deps

ERROR: phpmyadmin different signature for task do_package_write_ipk.sigdata
Hash for dependent task php/php_7.3.11.bb:do_packagedata changed

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2019-11-13 12:01:51 -08:00