Current version 3.22 is not affected by the issue.
Affected versions: Up to (excl.) 3.2.1
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 30e6d975e8)
Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Per convert-srcuri.py script, github repos should be accessed
via https.
Change it accordingly.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4cef1e68ea)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
cve-check.bbclass reported unpatched vulnerabilities in libtar
[1,2,3,4,5]. The NIST assigned base score for the worst vulnerability
is 9.1 / critical.
The patches were taken from the libtar [6] master branch after the
latest tag v1.2.20 (the changes in libtar master mostly originate from
Fedora and their patches), and from the Fedora 41 libtar source package
[7] and the Debian libtar package 1.2.20-8 [8] where the patches were
not available in the libtar repository itself.
The Fedora patch series was taken in its entirety in order to minimize
differences to Fedora's source tree instead of cherry-picking only CVE
fixes. Minimizing the differences should avoid issues with potential
inter-dependencies between the patches, and hopefully provide better
confidence as even the newest patches have been in use in Fedora for
nearly 2 years (since December 2022; Fedora rpms/libtar.git commit
e25b692fc7ceaa387dafb865b472510754f51bd2). The series includes even the
Fedora patch libtar-1.2.20-no-static-buffer.patch, which contains
changes *) that match the libtar commit
ec613af2e9371d7a3e1f7c7a6822164a4255b4d1 ("decode: avoid using a static
buffer in th_get_pathname()") whose commit message says
Note this can break programs that expect sizeof(TAR) to be fixed.
The patches applied cleanly except for the Fedora srpm patch
libtar-1.2.11-bz729009.patch, which is identical with the pre-existing
meta-oe patch 0002-Do-not-strip-libtar.patch and is thus omitted.
The meta-openembedded recipe does not include any of the patches in
Kirkstone [9] nor the current master [10].
libtar does not have newer releases, and the libtar master doesn't
contain all of the changes included in the patches. Fedora's
libtar.1.2.11-*.patch are not included in the libtar v1.2.20 release
either but only in the master branch after the tag v1.2.20. The version
number in the filename is supposedly due to the patches being created
originally against v1.2.11 but have been upstreamed or at least
committed to the master only after v1.2.20.
The commit metadata could not be practically completed in most of the
cases due to missing commit messages in the original commits and
patches. The informal note about the author ("Authored by") was added to
the patch commit messages where the commit message was missing the
original author(s)' Signed-off-by.
*) The patch also contains the changes split to the libtar commits
495d0c0eabc5648186e7d58ad54b508d14af38f4 ("Check for NULL before
freeing th_pathname") and 20aa09bd7775094a2beb0f136c2c7d9e9fd6c7e6
("Added stdlib.h for malloc() in lib/decode.c"))
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-33643
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-33644
[3] https://nvd.nist.gov/vuln/detail/CVE-2021-33645
[4] https://nvd.nist.gov/vuln/detail/CVE-2021-33646
[5] https://nvd.nist.gov/vuln/detail/CVE-2013-4420
[6] https://repo.or.cz/libtar.git
[7] https://src.fedoraproject.org/rpms/libtar/tree/f41
[8] https://sources.debian.org/patches/libtar/1.2.20-8/CVE-2013-4420.patch/
[9] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=kirkstone&id=9a24b7679810628b594cc5a9b52f77f53d37004f
[10] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master&id=9356340655b3a4f87f98be88f2d167bb2514a54c
Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3c9b5b36c8)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Only include the lines from icheck.js that cover the copyright and the
license text.
License-Update: Only include the relevant parts of icheck.js
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1bced7399)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
According to its copyright file, dash is only BSD-3-Clause. It has
a build time tool from bash that's under the GPL, but only the
tool's output is used, not the tool itself. So all compiled artefacts
in dash appear to share the same licence.
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8eba35f8b0)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Building with ndiff PACKAGECONFIG failed with the following error:
| File "/yocto/sandbox/build/tmp/work/cortexa53-poky-linux/nmap/7.95/nmap-7.95/ndiff/setup.py", line 11, in <module>
| import setuptools.command.install
| ModuleNotFoundError: No module named 'setuptools'
Fix it by adding the missing dependency.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3564ec12de)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Switch to the sourceforge SRC_URI since the mars.org site only supports ftp.
Also switch the HOMEPAGE and BUGTRACKER links over to https.
and drop the obsolete SRC_URI[md5sum].
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f61cc52609)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Add the execute attribute for sysvinit service file to fix the
below error:
$ service minicoredumper status
minicoredumper: unrecognized service
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d477cbb526)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original tarball URL no longer provides version 1.7.3 or any other
historical releases.To ensure reproducible builds, the source has been
switched to the official GitHub repository.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c5de36f588)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
I noticed that xft was not getting enabled as expected because the
recipe was using pkg-config from the host.
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 95c14a9254)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Replace the about.html and notice.html files in LIC_FILES_CHKSUM with
the license information from one of the source files. Including HTML
files in LIC_FILES_CHKSUM complicates things when the license files that
OE collects are, e.g., later processed and presented to a user where the
expectation is that they are plain text files.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 71e75357af)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
With the exception of paho-mqtt-cpp, the double protocol= attributes
were added to the SRC_URIs when protocol=https was added to all SRC_URIs
fetching from github.com in commit b402a3076f (recipes: Update SRC_URI
branch and protocols).
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2e0a581bee)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Replace the about.html and notice.html files in LIC_FILES_CHKSUM with
the LICENSE file. Including HTML files in LIC_FILES_CHKSUM complicates
things when the license files that OE collects are, e.g., later
processed and presented to a user where the expectation is that they are
plain text files.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4decf7d0a7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
0001-typecast-enum-conversions-explicitly.patc
removed since it's included in 1.2.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d8e50a9507)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
===========
Several bugs that could allow the iperf3 server to hang waiting
for input on the control connection has been fixed.
A bug that caused garbled output with UDP tests on 32-bit hosts
has been fixed (PR #1554, PR #1556). This bug was introduced in
iperf-3.14.
A bug in counting UDP messages has been fixed (PR #1367, PR
#1380).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8765f02ffb)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
===========
-A memory leak fix in the prior version wasn't applied correctly, resulting
in an invalid memory access causing a crash.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5d050f078a)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
=========
-Fixed bug that caused crash when a CLIENT_KEY arrived out of order
-Fixed option handling on Windows when an argument is missing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93a5628ae6)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
==========
-On very low speed transfers (<10Kbps) sessions would time out due to a very
large interpacket transmission interval. Fixed by putting a lower limit
on the advertised GRTT of of the interpacket transmission interval.
-Sending of ABORT messages on early shutdown would sometimes fail due to
OpenSSL cleanup functions running before application cleanup. Changed the
ordering of atexit() handlers to ensure OpenSSL cleanup happens last.
-Fixed missing timestamp update when clients read CONG_CTRL messages
-Fix to GRTT handling on server to ensure it doesn't fall below minumim.
-Fixed bypassed checking of existing files on client for backup
-Various logging fixes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0a58426ed0)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Peter Marko
Ninette Adhikari
Julian Haller
Martin Jansa
Fabio Estevam
Katariina Lounento
Gyorgy Sarvari
Peter Kjellerstedt
Dan McGregor
Jiaying Song
Bartosz Golaszewski
Randy MacLeod
Mingli Yu
Lee Chee Yang
Alexandre Videgrain
Soumya Sambu
Markus Volk
Khem Raj
Justin Bronder
Etienne Cordonnier
Matthias Klein
Wang Mingyu
Yi Zhao