Fixes
objcopy: Unable to recognise the format of the input file `build/opt/mongo/mongos'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Vincent Prince <vincent.prince.fr@gmail.com.com>
(cherry picked from commit e91940073a)
[Fix up for Dunfell context:
also fixes Please add a conforming MONGO_VERSION=x.y.z[-extra] as an argument to SCons]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Source: Mariadb.org
MR: 115460, 115507, 1115549, 115549, 115488
Type: Security Fix
Disposition: Backport from mariadb.org
ChangeID: 722782cefa6805e907ee377a340f1b8bec174079
Description:
Bug fix only update, includes these CVES:
CVE-2021-46665
CVE-2021-46664
CVE-2021-46661
CVE-2021-46668
CVE-2021-46663
For more information see: https://mariadb.com/kb/en/mariadb-10424-release-notes/
drop mariadb/c11_atomics.patch as its include in the update.
drop mariadb/clang_version_header_conflict.patch different fix applied
Signed-off-by: Armin Kuster <akuster@mvista.com>
The git repo for multipath-tools was changed, so update the
SRC_URI accordingly with the new link.
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The commit 4fe018038f87 is in the main branch, so the do_fetch task failed.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b8bb7dc157)
[Fix up for Dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
a) use option 7z to build the lib7z.so library
This is needed for android-tools for building fastboot
from android-tools
b) Packaged the lib7z.so and codec libraries as a part of this recipe
Fastboot RDepends on it lib7z.so
c) Fixed a C++17 forbidden error when lib7z.so is built
fixes the below error
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)':
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17
| 308 | numMethods++;
| | ^~~~~~~~~~
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17
| 318 | numMethods++;
Signed-off-by: Nisha Parrakat <Nisha.Parrakat@kpit.com>
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Akash Hadke <Akash.Hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
(cherry picked from commit 3c36a8efe2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Without the udevrules cryptsetup luksOpen will be hanging with "Udev
cookie 0xd4de0f6 (semid 5) waiting for zero".
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 60b33e376b2331cd20950f0745336397790d2201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 32f1d758a1)
[Minor fixup for Dunfell]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The `dot` tool requires to be run once after installation in order to
create its configuration file.
The do_prepare_recipe_sysroot task uses do_populate_sysroot in order to
prepare the recipe-sysroot-native. Package postinstall scripts are not
executed for -native packages, but files under ${BINDIR}/postinst-* are.
This is quite the same as graphviz-setup.sh does for nativesdk. The
general idea has been taken from
OECORE/meta/classes/pixbufcache.bbclass.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Port patch to fix CVE-2020-8927 for brotli from Debian Buster
CVE: CVE-2020-8927
Signed-off-by: Jan Kraemer <jan@spectrejan.de>
[Fixup to apply with URL changes]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* with PTEST_ENABLED it enables with-tests PACKAGECONFIG which
instead of using system googletest gmock, tries to fetch googletest
from github and fails because branch was recently renamed from master to main
| -- Found PkgConfig: /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/pkg-config (found version "0.29.2")
| -- Checking for module 'libsystemd>=236'
| -- Found libsystemd, version 249
| -- Building with tests
| Fetching googletest...
| [1/9] Creating directories for 'googletest-populate'
| [1/9] Performing download step (git clone) for 'googletest-populate'
| Cloning into 'googletest-src'...
| fatal: invalid reference: master
| CMake Error at googletest-subbuild/googletest-populate-prefix/tmp/googletest-populate-gitclone.cmake:40 (message):
| Failed to checkout tag: 'master'
|
|
| FAILED: googletest-populate-prefix/src/googletest-populate-stamp/googletest-populate-download
| cd /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps && /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/cmake -P /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps/googletest-subbuild/googletest-populate-prefix/tmp/googletest-populate-gitclone.cmake && /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/cmake -E touch /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps/googletest-subbuild/googletest-populate-prefix/src/googletest-populate-stamp/googletest-populate-download
| ninja: build stopped: subcommand failed.
|
| CMake Error at /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:989 (message):
| Build step for googletest failed: 1
| Call Stack (most recent call first):
| /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:1118:EVAL:2 (__FetchContent_directPopulate)
| /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:1118 (cmake_language)
| tests/CMakeLists.txt:17 (FetchContent_Populate)
|
|
| -- Configuring incomplete, errors occurred!
* unfortunately this backported patch fixes the fetching failure, because
it uses release-${GOOGLETEST_VERSION} tag instead of now non-existent
master branch, but is not enough to prevent fetching from github during
do_configure:
-- Building with tests
-- Could NOT find GTest (missing: GTest_DIR)
-- Checking for module 'gmock>=1.10.0'
-- No package 'gmock' found
Fetching googletest...
we also need to add googletest dependency to with-tests PACKAGECONFIG was fixed in meta-oe/master with the upgrade to 1.0.0:
https://github.com/openembedded/meta-openembedded/commit/b26b66e5da92718b4e99a57fbfaaef9e751c3cfe#diff-48a847e7323703994fd2ce0fcb731ff860fa955a77cdfe39d71a9cc84a042c06L15
then it's ok and not fetching:
-- Building with tests
-- Looking for pthread.h
-- Looking for pthread.h - found
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
lmsensors will build isadump and isaset only on x86 architecture.
Depending on this package breaks lmsensors on all non-x86 machines. Fix
this by enabling ${PN}-isatools dependency only on x86.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT
Signed-off-by: Andreas Weger <weger@hs-mittweida.de>
Change-Id: Ib24fce16b3986a465f1c5854166b8f28446b5186
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT
Signed-off-by: Andreas Weger <weger@hs-mittweida.de>
Change-Id: I062eb971a83594315cc674ccb6eba67a14d5656f
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cherry-pick the following patch from upstream/master branch,
as this fixes the following error(s) seen while running the
'pm-qa' scripts on the targets:
cpufreq_01.sh: line 28: ../include/functions.sh: No such file or directory
-----------------------------------------------
A commit in the repo of pm-qa:
"adf9df9 Fix path to library files and change shebang line"
Changed the text that sed was using to replace relative to
absolute paths.
As a result sed was not effectively finding the text
"source ../include" to replace it, as the sed should be now
searching for ". ../include".
Similarly for "../Switches"
Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 06a93a04ef)
Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Bug fix only updates. see: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Including these cves:
5.0.14
Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
overflow [reported by Meir Shpilraien].
5.0.11
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
5.0.10
This release fixes a potential heap overflow when using a heap allocator other
than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Sana Kazi
Martin Jansa
Steve Sakoman
Khem Raj
Armin Kuster
Ralph Siemsen
Minjae Kim
Nisha Parrakat
Armin Kuster
Thomas Perrot
Christian Ege
Daniel Stadelmann
Sana Kazi
Virendra Thakur
Mingli Yu
Armin Kuster
Peter Kjellerstedt
Ross Burton
Ranjitsinh Rathod
Kristian Klausen
Christian Eggers
Robert Joslyn
Virendra Thakur
Leif Middelschulte
Jeremy Puhlman
Ernst Sjöstrand
Spectrejan
Marta Rybczynska
lumag
Alexander Thoma
Andreas Weger
Anastasios Kavoukis
Richard Purdie