mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
23,490 Commits 64 Branches 0 Tags
84085f7c4507d238c76150b83dac2d020bba4d78
Commit Graph

23490 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Liyin Zhang 84085f7c45 keyutils: Update SRC_URI 
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:52 -04:00
Liyin Zhang 1ef98ea392 libatasmart: Update SRC_URI to fix fetch issue 
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:48 -04:00
Guocai He ebe1af249a xmlrpc-c: fix do_fetch error 
Fetcher failure:
Unable to find revision 86405c7e1bd4f70287204a28d242a1054daab520
in branch master

Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:45 -04:00
Mingli Yu 7f741f817e rocksdb: Add ptest support 
# ./run-ptest
PASS: arena_test
PASS: cache_test
PASS: db_basic_test
PASS: env_basic_test
PASS: testutil_test

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:42 -04:00
Peter Marko 09d95e03ad cjson: upgrade 1.7.17 -> 1.7.18 
Changelog:
============
* Add NULL check to cJSON_SetValuestring()(CVE-2024-31755)
* Remove non-functional list handling of compiler flags
* Fix heap buffer overflow
* remove misused optimization flag -01
* Set free'd pointers to NULL whenever they are not reassigned immediately after

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(From meta-openembedded rev: 535822eff7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:39 -04:00
Dmitry Baryshkov 98e2f52a5e android-tools: Create flag file /etc/usb-debugging-enabled 
Location of the file that systemd uses to check whether to
start adbd or not has been updated from /var to /etc in
android-tools-adbd.service. This change changes the path
of creation of usb-debugging-enabled flag file in
android-tools recipes from /var/usb-debugging-enabled to
/etc/usb-debugging-enabled

Backport-of: 2a3d4be999 ("android-tools: create flag flag file for adbd at a proper location")
Fixes: a29c6386d5 ("android-toold-adbd: Fix inconsistency between selinux configurations")
Fixes: 8106cfe769 ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Raghuvarya S <quic_raghuvar@quicinc.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:14:58 -04:00
Raghuvarya S a795889d2f android-tools-adbd.service: Update ConditionPathExists to /etc 
To ensure android-tools-adbd.service starts at boot, the path
for ConditionPathExists must be present at build time. /etc is
more suitable for build-time files than /var, which is for
runtime files. Changed ConditionPathExists from
/var/usb-debugging-enabled to /etc/usb-debugging-enabled

Backport-of: 8106cfe769 ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists")
CC: Khem Raj <raj.khem@gmail.com>
CC: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Raghuvarya S <quic_raghuvar@quicinc.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:14:19 -04:00
Vijay Anusuri 86878f61d1 tgt: Security fix for CVE-2024-45751 
Upstream-Status: Backport from https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd

Reference: https://ubuntu.com/security/CVE-2024-45751

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:13:42 -04:00
Divya Chellam 4d0efedaa6 frr: fix CVE-2024-44070 
An issue was discovered in FRRouting (FRR) through 10.1.
bgp_attr_encap in bgpd/bgp_attr.c does not check the actual
remaining stream length before taking the TLV value.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-44070

Upstream patch:
https://github.com/FRRouting/frr/commit/0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:13:14 -04:00
Peter Kjellerstedt 5903ee551f libdevmapper: Inherit nopackages 
This fixes errors from buildhistory changes where packages-split would
be empty.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 90f96e053a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:12:49 -04:00
Niko Mauno dd3d2293ff python3-smbus2: Fix LIC_FILES_CHKSUM 
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:16:22 -04:00
Niko Mauno bcbd17b71e python3-haversine: Fix LIC_FILES_CHKSUM 
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:16:18 -04:00
Niko Mauno e503eedb39 python3-googleapis-common-protos: Fix LIC_FILES_CHKSUM 
Change the reference to the Apache-2.0 license containing LICENSE file
in the downloaded archive.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:16:14 -04:00
Niko Mauno 069f357dc3 python3-pycurl: Fix LICENSE 
Contents of
https://github.com/pycurl/pycurl/blob/REL_7_45_1/COPYING-LGPL
correspond to version 2.1 of the license rather than 2.0.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:16:10 -04:00
Niko Mauno 10533768e2 python3-fann2: Fix LICENSE 
According to
https://github.com/FutureLinkCorporation/fann2/tree/1.1.2?tab=readme-ov-file#license
and https://github.com/FutureLinkCorporation/fann2/blob/1.1.2/LICENSE
this project is subject to LGPL-2.1-only license.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:16:08 -04:00
Niko Mauno a8dceef803 python3-colorama: Fix LICENSE 
https://github.com/tartley/colorama?tab=readme-ov-file#license and
https://github.com/tartley/colorama/blob/0.4.4/LICENSE.txt declare
that this project is subject to BSD-3-Clause license.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:16:05 -04:00
Niko Mauno d6adffde1d python3-pillow: Fix LICENSE and change SUMMARY to DESCRIPTION 
According to https://pypi.org/project/pillow/ and
https://github.com/python-pillow/Pillow/blob/9.4.0/LICENSE the project
is subject to HPND license.

Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:16:01 -04:00
Niko Mauno b3084ab3be python3-parse-type: Fix LICENSE 
According to https://pypi.org/project/parse-type/ and
https://github.com/jenisys/parse_type/blob/v0.5.2/LICENSE the
project is subject to MIT license.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:15:58 -04:00
Niko Mauno 461fe5f5f9 python3-mock: Fix LICENSE 
According to
https://github.com/testing-cabal/mock/blob/4.0.3/LICENSE.txt the
project is subject to BSD-2-Clause license. (Also
https://pypi.org/project/mock/ states 'BSD License'.)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:14:02 -04:00
Niko Mauno d4a1097c01 python3-crc32c: Amend LICENSE declaration 
According to https://github.com/ICRAR/crc32c/blob/v2.2.post0/LICENSE
and https://github.com/ICRAR/crc32c?tab=readme-ov-file#license change
'LGPL-2.0-or-later' in LICENSE value to 'LGPL-2.1-or-later'.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:13:53 -04:00
Niko Mauno 766027e83e python3-cbor2: Fix LICENSE and LIC_FILES_CHKSUM 
Both project pypi page: https://pypi.org/project/cbor2/ as well as
https://github.com/agronholm/cbor2/blob/5.4.2/LICENSE.txt state that it
is subject to MIT rather than Apache-2.0 license. Also update
LIC_FILES_CHKSUM value to reference the LICENSE.txt file from the
downloaded archive.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:13:07 -04:00
Niko Mauno a5ba7d39b4 python3-xlsxwriter: Fix LICENSE 
According to homepage https://xlsxwriter.readthedocs.io/license.html
and pypi page https://pypi.org/project/XlsxWriter/ as well as
https://github.com/jmcnamara/XlsxWriter/blob/RELEASE_3.0.3/LICENSE.txt
the module is licensed under BSD-2-Clause.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:13:03 -04:00
Niko Mauno 60fd91cd76 python3-pybind11: Fix LICENSE 
The repositorys LICENSE file contains BSD-3-Clause license text, so
update the relevant recipe information field to match.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:12:59 -04:00
Niko Mauno 41dba53932 opensc: Fix LICENSE declaration 
According to https://github.com/OpenSC/OpenSC/wiki#license OpenSC is
licensed under LGPL-2.1 or later, which seems to be affirmed also by
the comments in the source code files, as well as the COPYING file.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:12:43 -04:00
Vijay Anusuri 07b6c57f4a squid: Security fix CVE-2023-5824 
References:
https://access.redhat.com/security/cve/cve-2023-5824
https://access.redhat.com/errata/RHSA-2023:7668

The patch is from RHEL8.

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:12:40 -04:00
Peter Marko 31d7500290 libndp: Patch CVE-2024-5564 
Pick https://github.com/jpirko/libndp/commit/05e4ba7b0d126eea4c04387dcf40596059ee24af.patch

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 09:59:21 -04:00
Soumya Sambu 9a24b76798 python3-django: Upgrade 4.2.10 -> 4.2.15 
Includes fixes for - CVE-2024-42005, CVE-2024-41991, CVE-2024-41990, CVE-2024-41989

Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.15/
https://docs.djangoproject.com/en/dev/releases/4.2.14/
https://docs.djangoproject.com/en/dev/releases/4.2.13/
https://docs.djangoproject.com/en/dev/releases/4.2.12/
https://docs.djangoproject.com/en/dev/releases/4.2.11

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-08-25 18:12:52 -04:00
Soumya Sambu 376f3a1aba python3-django: Fix CVE-2024-42005 
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key
as a passed *arg.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-42005

Upstream-patch:
https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-08-25 18:12:26 -04:00
Ashish Sharma b2ad711bcf nginx: Backport fix for CVE-2024-7347 
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/88955b1044ef38315b77ad1a509d63631a790a0f &
https://github.com/nginx/nginx/commit/7362d01658b61184108c21278443910da68f93b4]

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-08-25 18:12:00 -04:00
Vijay Anusuri d4a4e8b281 postgresql: upgrade 14.11 -> 14.13 
Addresses CVEs CVE-2024-4317 & CVE-2024-7348 and other bug fixes.

Release notes are available at:
https://www.postgresql.org/docs/release/14.13/
https://www.postgresql.org/docs/release/14.12/

0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for new version.

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-08-25 18:11:33 -04:00
Hitendra Prajapati f0b3330b9d krb5: fix CVE-2024-26458 and CVE-2024-26461 
Upstream-Status: Backport from https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-08-25 18:11:29 -04:00
Haixiao Yan 52ecd66835 nss: fix failed test of nss. 
The expiration date of the "NameConstraints.*.cert" test certificate in
the nss package is Sep 4 2023 and causing a test failure.

This commit regenerate NameConstraints test certificates and changes the
validity period of test certs generated by `make-nc` from ~10 years to
~20 years.

regenerate_NameConstrain_test_certificates.tar.gz is a snapshot of certs
files based on the commit which update them. It fails to apply binary
commit, so create a tarball as part of SRC_URI rather than a .patch
file.

Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/rev/1d565dc7e17dad6d2851b2d6ff522c5d6345ae26]

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:45:11 -04:00
Wentao Zhang 6e66175949 nss: fix failed test of nss. 
The expiration date of the "PayPalEE.cert" test certificate in the nss package
is Jan 12 2022 and causing a test failure.

Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:45:07 -04:00
Emil Kronborg 69d1121922 php-fpm: fix systemd 
2848cc99a1 ("php-fpm: Add support for systemd") introduced a systemd
service file, where ExecStart and ExecStop uses /etc/init.d/php-fpm,
which does not exist if systemd is enabled. Consequently, the php-fpm
service fails to start even though it is correctly installed. This is
fixed by this commit in which the service file is identical to the one
from the PHP source code except for the use of BitBake variables. Also,
use ${systemd_system_unitdir} instead of ${systemd_unitdir}/system.

Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:43:01 -04:00
Wang Mingyu 0fdc4a6357 php: Fix install conflict when enable multilib. 
Error: Transaction test error:
  file /usr/bin/php-config conflicts between attempted installs of php-dev-8.2.7-r0.core2_64 and lib32-php-dev-8.2.7-r0.i686
  file /usr/bin/phpize conflicts between attempted installs of php-dev-8.2.7-r0.core2_64 and lib32-php-dev-8.2.7-r0.i686
  file /usr/include/php/main/build-defs.h conflicts between attempted installs of php-dev-8.2.7-r0.core2_64 and lib32-php-dev-8.2.7-r0.i686
  file /usr/include/php/main/php_config.h conflicts between attempted installs of php-dev-8.2.7-r0.core2_64 and lib32-php-dev-8.2.7-r0.i686

The differences of php-config are as follows:
@@ -8,16 +8,16 @@
 vernum="80207"
 include_dir="/usr/include/php"
 includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib"
-ldflags=" -L/usr/lib64"
+ldflags=" -L/usr/lib"
 libs="-lcrypt  -lc-client  -lrt -lcrypt -lpam -lbz2 -lrt -lm -ldl  -lxml2 -lssl -lcrypto -lsqlite3 -lz -lxml2 -lssl -lcrypto -lsqlite3 -lxml2 -lxml2 -lxml2 -lxml2 -lz -lssl -lcrypto -lcrypt "
-extension_dir='/usr/lib64/php8/extensions/no-debug-non-zts-20220829'
+extension_dir='/usr/lib/php8/extensions/no-debug-non-zts-20220829'
 man_dir=`eval echo /usr/share/man`
 program_prefix=""
 program_suffix=""
 exe_extension=""
 php_cli_binary=NONE
 php_cgi_binary=NONE
-configure_options=" '--build=x86_64-linux' '--host=x86_64-poky-linux' '--target=x86_64-poky-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib64' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--enable-mbstring' '--enable-fpm' '--with-libdir=lib64' '--with-gettext=/usr/lib64/..' '--with-zlib=/usr/lib64/..' '--with-iconv=/usr/lib64/..' '--with-bz2=/usr' '--with-config-file-path=/etc/php/apache2-php8' 'ac_cv_c_bigendian_php=no' '--enable-sockets' '--enable-pcntl' '--enable-shared' '--disable-rpath' '--with-pic' '--libdir=/usr/lib64/php8' '--disable-static' '--with-imap=' '--with-imap-ssl=' '--disable-ipv6' '--disable-mbregex' '--with-mysqli=mysqlnd' '--with-pdo-mysql=m
 ysqlnd' '--enable-opcache' '--with-openssl' '--without-pgsql' '--disable-soap' '--with-sqlite3=/usr/lib64/..' '--with-pdo-sqlite=/usr/lib64/..' '--with-valgrind=no' '--enable-nls' 'build_alias=x86_64-linux' 'host_alias=x86_64-poky-linux' 'target_alias=x86_64-poky-linux' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig://usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib64/pkgconfig' 'CC=x86_64-poky-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I/usr/include/apache2 -DHAVE_LIBDL ' 'LDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -Wl,-z,relro,-z,now -ldl ' 'CPPFLAGS=' 'CPP=x86_64-poky-linux-gcc -E --sysroot= -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong
  -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security' 'CXX=x86_64-poky-linux-g++ -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CXXFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fvisibility-inlines-hidden'"
+configure_options=" '--build=x86_64-linux' '--host=i686-pokymllib32-linux' '--target=i686-pokymllib32-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--enable-mbstring' '--enable-fpm' '--with-libdir=lib' '--with-gettext=/usr/lib/..' '--with-zlib=/usr/lib/..' '--with-iconv=/usr/lib/..' '--with-bz2=/usr' '--with-config-file-path=/etc/php/apache2-php8' 'ac_cv_c_bigendian_php=no' '--enable-sockets' '--enable-pcntl' '--enable-shared' '--disable-rpath' '--with-pic' '--libdir=/usr/lib/php8' '--disable-static' '--with-imap=' '--with-imap-ssl=' '--disable-ipv6' '--disable-mbregex' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mys
 qlnd' '--enable-opcache' '--with-openssl' '--without-pgsql' '--disable-soap' '--with-sqlite3=/usr/lib/..' '--with-pdo-sqlite=/usr/lib/..' '--with-valgrind=no' '--enable-nls' 'build_alias=x86_64-linux' 'host_alias=i686-pokymllib32-linux' 'target_alias=i686-pokymllib32-linux' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/share/pkgconfig:/ubinux-dev/ubinux001/contribution/build_xh/tmp/work/i686-pokymllib32-linux/lib32-php/8.2.7-r0/recipe-sysroot//usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig' 'CC=i686-pokymllib32-linux-gcc -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I/usr/include/apache2 -DHAVE_LIBDL ' 'LDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -Wl,-z,relro,-z,now -ldl ' 'CPPFLAGS
 =' 'CPP=i686-pokymllib32-linux-gcc -E --sysroot= -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64' 'CXX=i686-pokymllib32-linux-g++ -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CXXFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fvisibility-inlines-hidden'"

The differences of phpize are as follows:
@@ -4,7 +4,7 @@
 prefix='/usr'
 datarootdir='/usr/php'
 exec_prefix="`eval echo /usr`"
-phpdir="`eval echo /usr/lib64/php8`/build"
+phpdir="`eval echo /usr/lib/php8`/build"
 includedir="`eval echo /usr/include`/php"
 builddir="`pwd`"
 SED="sed"

The differences of build-defs.h are as follows:
@@ -14,7 +14,7 @@
    +----------------------------------------------------------------------+
 */

-#define CONFIGURE_COMMAND " '../php-8.2.7/configure'  '--build=x86_64-linux' '--host=x86_64-poky-linux' '--target=x86_64-poky-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib64' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--enable-mbstring' '--enable-fpm' '--with-libdir=lib64' '--with-gettext=/usr/lib64/..' '--with-zlib=/usr/lib64/..' '--with-iconv=/usr/lib64/..' '--with-bz2=/usr' '--with-config-file-path=/etc/php/apache2-php8' 'ac_cv_c_bigendian_php=no' '--enable-sockets' '--enable-pcntl' '--enable-shared' '--disable-rpath' '--with-pic' '--libdir=/usr/lib64/php8' '--disable-static' '--with-imap=' '--with-imap-ssl=' '--disable-ipv6' '--disable-mbregex' '--with-m
 ysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--enable-opcache' '--with-openssl' '--without-pgsql' '--disable-soap' '--with-sqlite3=/usr/lib64/..' '--with-pdo-sqlite=/usr/lib64/..' '--with-valgrind=no' '--enable-nls' 'build_alias=x86_64-linux' 'host_alias=x86_64-poky-linux' 'target_alias=x86_64-poky-linux' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig://usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib64/pkgconfig' 'CC=x86_64-poky-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I/usr/include/apache2 -DHAVE_LIBDL ' 'LDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -Wl,-z,relro,-z,now -ldl ' 'CPPFLAGS=' 'CPP=x86_64-poky-linux-gcc -E --sysroot= -m64 -march=core2 -mtune=core2 -msse3 -mf
 pmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security' 'CXX=x86_64-poky-linux-g++ -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CXXFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fvisibility-inlines-hidden'"
+#define CONFIGURE_COMMAND " '../php-8.2.7/configure'  '--build=x86_64-linux' '--host=i686-pokymllib32-linux' '--target=i686-pokymllib32-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--enable-mbstring' '--enable-fpm' '--with-libdir=lib' '--with-gettext=/usr/lib/..' '--with-zlib=/usr/lib/..' '--with-iconv=/usr/lib/..' '--with-bz2=/usr' '--with-config-file-path=/etc/php/apache2-php8' 'ac_cv_c_bigendian_php=no' '--enable-sockets' '--enable-pcntl' '--enable-shared' '--disable-rpath' '--with-pic' '--libdir=/usr/lib/php8' '--disable-static' '--with-imap=' '--with-imap-ssl=' '--disable-ipv6' '--disable-mbregex' '--with-mys
 qli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--enable-opcache' '--with-openssl' '--without-pgsql' '--disable-soap' '--with-sqlite3=/usr/lib/..' '--with-pdo-sqlite=/usr/lib/..' '--with-valgrind=no' '--enable-nls' 'build_alias=x86_64-linux' 'host_alias=i686-pokymllib32-linux' 'target_alias=i686-pokymllib32-linux' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/share/pkgconfig:/ubinux-dev/ubinux001/contribution/build_xh/tmp/work/i686-pokymllib32-linux/lib32-php/8.2.7-r0/recipe-sysroot//usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig' 'CC=i686-pokymllib32-linux-gcc -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I/usr/include/apache2 -DHAVE_LIBDL ' 'LDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -W
 l,-z,relro,-z,now -ldl ' 'CPPFLAGS=' 'CPP=i686-pokymllib32-linux-gcc -E --sysroot= -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64' 'CXX=i686-pokymllib32-linux-g++ -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CXXFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fvisibility-inlines-hidden'"
 #define PHP_ODBC_CFLAGS        ""
 #define PHP_ODBC_LFLAGS                ""
 #define PHP_ODBC_LIBS          ""
@@ -24,12 +24,12 @@
 #define PHP_PROG_SENDMAIL      "/usr/sbin/sendmail"
 #define PEAR_INSTALLDIR         ""
 #define PHP_INCLUDE_PATH       ".:"
-#define PHP_EXTENSION_DIR       "/usr/lib64/php8/extensions/no-debug-non-zts-20220829"
+#define PHP_EXTENSION_DIR       "/usr/lib/php8/extensions/no-debug-non-zts-20220829"
 #define PHP_PREFIX              "/usr"
 #define PHP_BINDIR              "/usr/bin"
 #define PHP_SBINDIR             "/usr/sbin"
 #define PHP_MANDIR              "/usr/share/man"
-#define PHP_LIBDIR              "/usr/lib64/php8"
+#define PHP_LIBDIR              "/usr/lib/php8"
 #define PHP_DATADIR             "/usr/share"
 #define PHP_SYSCONFDIR          "/etc"
 #define PHP_LOCALSTATEDIR       "/var"

The differences of php_config.h are as follows:
@@ -2064,7 +2064,7 @@
 /* #undef SIZEOF_INTMAX_T */

 /* The size of `long', as computed by sizeof. */
-#define SIZEOF_LONG 8
+#define SIZEOF_LONG 4

 /* The size of `long long', as computed by sizeof. */
 #define SIZEOF_LONG_LONG 8
@@ -2079,7 +2079,7 @@
 #define SIZEOF_SHORT 2

 /* The size of `size_t', as computed by sizeof. */
-#define SIZEOF_SIZE_T 8
+#define SIZEOF_SIZE_T 4

 /* Size of ssize_t */
 #define SIZEOF_SSIZE_T 8

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:42:55 -04:00
Poonam Jadhav e488bc8305 tcpreplay: Fix CVE-2023-4256 
Add patch to fix tcpreplay CVE-2023-4256
dlt_jnpr_ether_cleanup: check config before cleanup
Links:
https://github.com/appneta/tcpreplay/pull/851
https://github.com/appneta/tcpreplay/issues/813#issuecomment-2245557093

Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:42:51 -04:00
Kai Kang 4052c97dc8 xfce4-panel-profiles:fix tar error 
Backport patch to fix tar errors:

  tar: value 1762430260 out of uid_t range 0..2097151

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-17 20:10:27 -04:00
Jasper Orschulko f5f4a465f7 nginx-1.20.1: Drop reference to removed patch 
Follow-up to commits 38a07ce and 8e297cd.

Also remove remaining reference to removed patch in nginx 1.20.1.

Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-17 20:09:11 -04:00
Martin Jansa 0d361748b8 giflib: fix build with gold and avoid imagemagick-native dependency 
* avoid imagemagick-native like upstream did in:
  https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-17 20:07:57 -04:00
Vijay Anusuri e532396d47 krb5: Fix for CVE-2024-37370 and CVE-2024-37371 
Upstream-Status: Backport
[https://github.com/krb5/krb5/commit/548da160b52b25a106e9f6077d6a42c2c049586c
&
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-17 20:06:58 -04:00
Siddharth Doshi 04d41e058a apache2: Upgrade 2.4.59 -> 2.4.60 
CVE's Fixed by upgrade:
CVE-2024-36387 apache2/httpd: DoS by null pointer in websocket over HTTP/2
CVE-2024-38472 apache2/httpd: UNC SSRF on WIndows
CVE-2024-38473 apache2/httpd: Encoding problem in mod_proxy
CVE-2024-38474 apache2/httpd: Substitution encoding issue in mod_rewrite
CVE-2024-38475 apache2/httpd: Improper escaping of output in mod_rewrite
CVE-2024-38476 apache2/httpd: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
CVE-2024-38477 apache2/httpd: null pointer dereference in mod_proxy
CVE-2024-39573 apache2/httpd: Potential SSRF in mod_rewrite

Other Changes between 2.4.59 -> 2.4.60
======================================
https://github.com/apache/httpd/blob/2.4.60/CHANGES

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-17 20:06:36 -04:00
Soumya Sambu 6ff0748a47 php: Upgrade to 8.1.29 
Includes fix for CVE-2024-5458, CVE-2024-2408 and other bugs

Changelog:
https://www.php.net/ChangeLog-8.php#8.1.29

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:32:38 -04:00
Jiaqing Zhao bede1a8fcb rdfind: fix build with gcc-13 
<cstdint> need to be included explicitly when compiling with gcc-13.

Upstream-Status: Backport [1.6.0 https://github.com/pauldreik/rdfind/commit/f6c3f698dd680931b5c2f05688319290bdf0d930]
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:32:10 -04:00
nikhil 383cc5f413 giflib: upgrade to version 5.2.2 
Upgrade to latest version giflib v5.2.2.

This version fixes bugs listed in link below:
Link: https://sourceforge.net/p/giflib/code/ci/5.2.2/tree/NEWS

Fixes for CVE-2023-48161, CVE-2022-28506, CVE-2023-39742
Link: https://clients.neighbourhood.ie/yocto/1-40.html#:~:text=CVE%2D2023%2D39742%3A%20giflib%3Agiflib%2Dnative

Added dependency on ImageMagick which includes "convert" utility,
to ensure availability of required tool during compilation process.

Add patch to rename binary used in Makefile from
"convert" to "convert.im7" as installed by imagemagick package.

Drop CVE-2022-28506.patch as it is fixed in this version.

Signed-off-by: Bhabu Bindu <bhabubindu@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:25:28 -04:00
Siddharth Doshi 6e72002046 nano: Security fix for CVE-2024-5742 
Upstream-Status: Backport from [https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2]

CVE's Fixed:
CVE-2024-5742 nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:25:07 -04:00
Peter Marko 23398704b5 gnome-shell: correct regression with glib-2.0 fix for CVE-2024-34397 
Backport fix to work with new glib-2.0.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:24:46 -04:00
Vijay Anusuri bbbe4d5320 yajl: backport Debian patch for CVE-2022-24795 
import patch from ubuntu to fix
 CVE-2022-24795

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/yajl/tree/debian/patches/?h=ubuntu%2Ffocal-security
Upstream commit
https://github.com/ppisar/yajl/commit/23cea2d7677e396efed78bbf1bf153961fab6bad]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:23:55 -04:00
Rob Woolley 9fd5ae9132 sip3: Fix segmentation fault 
The first version of this patch introduced a problem with python3-pyqt5.
Python emitted the following error message when one attempted to import
PyQt5.Qt:

  ImportError: dynamic module does not define module export function (PyInit_Qt)

This came about due to segfault in sip when executed in do_configure of
python3-pyqt5.  This resulted in a zero-length sipQtcmodule.c file being
produced.  This compiled successfully which meant no build failure was
observed.

The segfault was caused by a mistake in backporting the patch from SIP 6.
The generateCompositeCpp() function uses the generate_include_sip_h()
helper function in later versions which doesn't exist in SIP 4.

We must replace the first parameter passed to isPY_SSIZE_T_CLEAN() from
mod to pt->module to account for this. The change is not necessary for
generateInternalAPIHeader()

To simplify the patch we can remove the generated lexer and parser files
and run flex and bison in do_configure instead.

Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Tested-by: Toby Flynn <campingandskiing@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:21:40 -04:00
Meenali Gupta cfcc9f9945 openvpn: fix multiple CVEs 
CVE-2024-24974:
Previously, the VPN tool’s Windows implementation allowed remote access to
its service pipe, posing a security risk. Using compromised credentials, a
threat actor could communicate with OpenVPN to orchestrate attacks.

CVE-2024-27903:
OpenVPN has mitigated the risk by restricting plugin load. Plugins can
now only be loaded from the software’s install directory, the Windows
system directory, and the plugin_dir directory under the software’s installation.

CVE-2024-27459:
This vulnerability affects the interactive service component, potentially leading
to local privilege escalation when triggered by an oversized message.To mitigate
this risk, the VPN solution now terminates connections upon detecting excessively
large messages, preventing stack overflow exploits.

References:
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
https://socradar.io/openvpn-fixed-multiple-vulnerabilities-on-windows/
https://community.openvpn.net/openvpn/wiki/CVE-2024-27903
https://community.openvpn.net/openvpn/wiki/CVE-2024-27459
https://community.openvpn.net/openvpn/wiki/CVE-2024-24974

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:21:22 -04:00
Niko Mauno 38a07ce40e nginx-1.21.1: Drop reference to removed patch 
Align to commit 8e297cdc84
("nginx: Remove obsolete patch") by removing reference to
removed patch file. By doing so we mitigate the following
BitBake complaint:

  WARNING: .../meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb: Unable to get checksum for nginx SRC_URI entry 0001-HTTP-2-per-iteration-stream-handling-limit.patch: file could not be found

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:20:56 -04:00