This removes false positive CVE-2024-21485 from cve reports.
$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<
Our dash:dash did not reach major version 1 yet.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The pmem_cvap() function currently uses the '.arch armv8.2-a' directive
for the 'dc cvap' instruction. This will cause build errors below when
compiling for ARMv9 systems. Update the '.arch' directive to 'armv9.4-a'
to ensure compatibility with ARMv9 architectures.
{standard input}: Assembler messages:
{standard input}:169: Error: selected processor does not support `retaa'
{standard input}:286: Error: selected processor does not support `retaa'
make[2]: *** [storage/innobase/CMakeFiles/innobase_embedded.dir/build.make:
1644: storage/innobase/CMakeFiles/innobase_embedded.dir/sync/cache.cc.o]
Error 1
Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa667cbe21)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The -Wnon-virtual-dtor flag was unintentionally added to the .pc files,
which causes problems when abseil is used by C code:
cc1: error: command-line option '-Wnon-virtual-dtor' is valid for
C++/ObjC++ but not for C [-Werror]
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add the specific udev rules needed for device mapper notifications to
the libdevmapper package. This is needed to get notifications for
device mapping to work with systemd.
Move the remaining udev rules files to the lvm2 package as there is no
real reason to have them packaged separately.
List all udev files explicitly in the FILES variables so that someone
will have to make an active decision where to package any new udev files
added in the future.
Co-authored-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Fredrik Hugosson <fredrik.hugosson@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c37c867e1a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Drop two patches which haven't been referenced by the nodejs recipe since the
20.11.0 version checkin.
0001-build-fix-build-with-Python-3.12.patch
0001-gyp-resolve-python-3.12-issues.patch
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2698039ac4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* github repo was force pushed and git history re-written since 2018 commit:
69ee98df Release 1.43.07
* $ git branch -a --contains 352aeaa9ae49e90e55187cbda839f2113df06278
$
* $ git diff 352aeaa9ae49e90e55187cbda839f2113df06278 08b052692b70171a6fcb437d4f52a46977eda62e
$
* so at least the 1.59.01 content is the same
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
In testing adding in more kernel-selftests there were a number of issues
that arose that require changes that are more appropriate for the main
recipe and not a bbappend.
1) Stop looping over TEST_LIST ourselves and use the TARGETS="" provided
by the kernel-sefltest Makefiles. This correctly sets up various
variables that the selftest Makefiles all need. Also, do_install
becomes cleaner because the main Makefile already installs the list of
tests and the top level script.
2) Add DEBUG_PREFIX_MAP to the CC setting to avoid some "buildpaths" QA
errors.
3) Add two INSANE_SKIPS for "already-stripped" and "ldflags". Some of
the selftest Makefiles are adding flags to their compiles that basically
break the above checks. Since these compiles are not really meant as
user level tools and instead testing, it should be ok to just always set
INSANE_SKIP for these two.
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc6d6e06aa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Build checks for this during configure but the test is a runtime
test, which does not work when cross-compiling, therefore
prescribe this by caching it for architecture/compiler options
where it will work ok.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 91c7ac099b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit removed the lvm2-udevrules package.
[https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=c37c867e1adddd6fa39cf3f3d4c6688ea6dc825a]
Align accordingly to avoid error at do_rootfs
Error:
Problem 1: package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev.so.3()(64bit), but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libbd_utils.so.3()(64bit), but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev >= 3.2.0, but none of the providers can be installed
- package gvfs-1.56.0-r0.corei7_64 from oe-repo requires udisks2, but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12()(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.4)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.7)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires cryptsetup >= 2.7.5, but none of the providers can be installed
- conflicting requests
- nothing provides lvm2-udevrules needed by cryptsetup-2.7.5-r0.corei7_64 from oe-repo
Problem 2: package gvfs-1.56.0-r0.corei7_64 from oe-repo requires udisks2, but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev.so.3()(64bit), but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libbd_utils.so.3()(64bit), but none of the providers can be installed
- package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev >= 3.2.0, but none of the providers can be installed
- package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires libgvfscommon.so()(64bit), but none of the providers can be installed
- package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires libgvfsdaemon.so()(64bit), but none of the providers can be installed
- package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires gvfs >= 1.56.0, but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12()(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.4)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.7)(64bit), but none of the providers can be installed
- package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires cryptsetup >= 2.7.5, but none of the providers can be installed
- conflicting requests
- nothing provides lvm2-udevrules needed by cryptsetup-2.7.5-r0.corei7_64 from oe-repo
(try to add '--skip-broken' to skip uninstallable packages)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1ca8df16af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This macro is documented, so it should be consistent across
different build systems. It's defined in autotools, but not
cmake. Add it for cmake.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a3854f6893)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
wtmpdb installs a PAM plugin in "${base_libdir}/security/pam_wtmpdb.so".
This path is not in default FILES.
Add this path to FILES:${PN} to fix this error:
ERROR: wtmpdb-0.11.0-r0 do_package: QA Issue: wtmpdb: Files/directories were installed but not shipped in any package:
/lib/security/pam_wtmpdb.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
wtmpdb: 1 installed and not shipped files. [installed-vs-shipped]
ERROR: wtmpdb-0.11.0-r0 do_package: Fatal QA errors were found, failing task.
ERROR: Logfile of failure stored in: .../poky/build-master/tmp/work/core2-64-poky-linux/wtmpdb/0.11.0/temp/log.do_package.939726
ERROR: Task (.../poky/meta-openembedded/meta-oe/recipes-extended/wtmpdb/wtmpdb_0.11.0.bb:do_package) failed with exit code '1'
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a090cd3e0e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ld.hugetlbfs is munging certain linker commandline options
and presenting a differently named options to its users, in
summary its expecting linker process to call ld.hugetlbfs
which calls the final linker with additional decorations.
This patch makes space for that by adding -B option to compiler
so it finds this the linker in S and then we creates symlinks
for linker name that clang/gcc are expecting.
Fixes
libhugetlbfs/2.24/recipe-sysroot-native/usr/bin/x86_64-yoe-linux/x86_64-yoe-linux-ld.bfd: unrecognized option '--hugetlbfs-link=B'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc84a9e699)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
cve-check.bbclass reported unpatched vulnerabilities in libtar
[1,2,3,4,5]. The NIST assigned base score for the worst vulnerability
is 9.1 / critical.
The patches were taken from the libtar [6] master branch after the
latest tag v1.2.20 (the changes in libtar master mostly originate from
Fedora and their patches), and from the Fedora 41 libtar source package
[7] and the Debian libtar package 1.2.20-8 [8] where the patches were
not available in the libtar repository itself.
The Fedora patch series was taken in its entirety in order to minimize
differences to Fedora's source tree instead of cherry-picking only CVE
fixes. Minimizing the differences should avoid issues with potential
inter-dependencies between the patches, and hopefully provide better
confidence as even the newest patches have been in use in Fedora for
nearly 2 years (since December 2022; Fedora rpms/libtar.git commit
e25b692fc7ceaa387dafb865b472510754f51bd2). The series includes even the
Fedora patch libtar-1.2.20-no-static-buffer.patch, which contains
changes *) that match the libtar commit
ec613af2e9371d7a3e1f7c7a6822164a4255b4d1 ("decode: avoid using a static
buffer in th_get_pathname()") whose commit message says
Note this can break programs that expect sizeof(TAR) to be fixed.
The patches applied cleanly except for the Fedora srpm patch
libtar-1.2.11-bz729009.patch, which is identical with the pre-existing
meta-oe patch 0002-Do-not-strip-libtar.patch and is thus omitted.
The meta-openembedded recipe does not include any of the patches in
Kirkstone [9] nor the current master [10].
libtar does not have newer releases, and the libtar master doesn't
contain all of the changes included in the patches. Fedora's
libtar.1.2.11-*.patch are not included in the libtar v1.2.20 release
either but only in the master branch after the tag v1.2.20. The version
number in the filename is supposedly due to the patches being created
originally against v1.2.11 but have been upstreamed or at least
committed to the master only after v1.2.20.
The commit metadata could not be practically completed in most of the
cases due to missing commit messages in the original commits and
patches. The informal note about the author ("Authored by") was added to
the patch commit messages where the commit message was missing the
original author(s)' Signed-off-by.
*) The patch also contains the changes split to the libtar commits
495d0c0eabc5648186e7d58ad54b508d14af38f4 ("Check for NULL before
freeing th_pathname") and 20aa09bd7775094a2beb0f136c2c7d9e9fd6c7e6
("Added stdlib.h for malloc() in lib/decode.c"))
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-33643
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-33644
[3] https://nvd.nist.gov/vuln/detail/CVE-2021-33645
[4] https://nvd.nist.gov/vuln/detail/CVE-2021-33646
[5] https://nvd.nist.gov/vuln/detail/CVE-2013-4420
[6] https://repo.or.cz/libtar.git
[7] https://src.fedoraproject.org/rpms/libtar/tree/f41
[8] https://sources.debian.org/patches/libtar/1.2.20-8/CVE-2013-4420.patch/
[9] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=kirkstone&id=9a24b7679810628b594cc5a9b52f77f53d37004f
[10] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master&id=9356340655b3a4f87f98be88f2d167bb2514a54c
Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3c9b5b36c8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Currently softhsm will try to access deleted obejcts due to the order of
atexit handler implementations. Add a patch which adds a global variable
to track whether objects are deleted and prevents access if this is the
case.
This fixes a failure with the signing.bbclass where when signing
multiple fitimage configurations the second signing operation will lead
to a segfault.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The python3-pyserial dependency was introduced in [1].
It is provided by the meta-python layer and so make it conditionally.
Fixes:
| NOTE: Resolving any missing task queue dependencies
| ERROR: Nothing RPROVIDES 'python3-pyserial' (but ../meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.25.bb RDEPENDS on or otherwise requires it)
| NOTE: Runtime target 'python3-pyserial' is unbuildable, removing...
| Missing or unbuildable dependency chain was: ['python3-pyserial']
| NOTE: Runtime target 'gpsd' is unbuildable, removing...
| Missing or unbuildable dependency chain was: ['gpsd', 'python3-pyserial']
[1] https://git.openembedded.org/meta-openembedded/commit/?id=1266c912afa0abf118eaa5d152a0641c87665fbd
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".
Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit
In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".
Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The python3-pyserial dependency was introduced in [1].
It is provided by the meta-python layer and so make it conditionally.
Fixes:
| NOTE: Resolving any missing task queue dependencies
| ERROR: Nothing RPROVIDES 'python3-pyserial' (but ../meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.25.bb RDEPENDS on or otherwise requires it)
| NOTE: Runtime target 'python3-pyserial' is unbuildable, removing...
| Missing or unbuildable dependency chain was: ['python3-pyserial']
| NOTE: Runtime target 'gpsd' is unbuildable, removing...
| Missing or unbuildable dependency chain was: ['gpsd', 'python3-pyserial']
[1] https://git.openembedded.org/meta-openembedded/commit/?id=1266c912afa0abf118eaa5d152a0641c87665fbd
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
===========
- Drop TypeDef specifications as string from public modules, as they cannot be
composed by users as typing objects previously could
- Release Python 3.13 binary packages.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
===========
* Update and clean up the game controller mapping database
* ManetteDevice
- add manette_device_get_mapping() and manette_device_get_guid()
- Handle keycodes before BTN_MISC as well
* ManetteMapping
- Allow to map paddle1-4, misc1-6 and touchpad buttons
- Improve error handling
* ManetteMappingManager
- Check if user mapping file exists
* Tests
- Test default mappings
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Chaneglog:
=========
* Allow GC_size() argument to be null
* Disable backtrace saving at garbage collections if DONT_SAVE_TO_LAST_STACK
* Eliminate 'cast signed to bigger unsigned' CSA warnings in GC_find_limit
* Eliminate 'x might be clobbered by longjmp' gcc warning in setjmp_t.c
* Fix 'un-mprotect vdb failed' abort with out-of-memory reason on Linux
* Fix ADD_CALL_CHAIN() placement to follow GC_store_debug_info_inner call
* Fix GC_debug_realloc to support custom kind
* Fix GC_is_visible for case of arg pointing exactly to object upper bound
* Fix GC_print_trace_inner to print the last element of the circular buffer
* Fix cordtst2.tmp file deletion in cordtest on Windows
* Fix double lock in GC_malloc called from backtrace()
* Fix handling of page-unaligned boundaries in soft_set_grungy_pages
* Fix heap blocks size computation by GC_get_memory_use
* Fix indent of a closing curly braces in GC_apply_to_all_blocks
* Fix infinite resend lost signals if a thread is restarted by SIGQUIT
* Fix null pointer dereference in GC_is_visible if type_descr is null
* Fix per_object_helper() after changing hb_sz units
* Fix pointer relational comparison in GC_do_enumerate_reachable_objects
* Fix poor thread-local allocation performance because of double EXTRA_BYTES
* Fix potential GC_add_roots_inner call with an overflowed pointer (Win32)
* Fix potential address overflow in GC_add_to_heap
* Fix potential buffer overrun during read in GC_text_mapping
* Fix various typos in comments
* Prevent GC_noop_sink from scanning by the collector
* Prevent redirected malloc call from a garbage collection routine
* Redirect malloc_usable_size() in leak_detector.h
* Remove redundant dirty/reachable_here calls in GC_malloc_explicitly_typed
* Update and fix diagrams describing the tree structure for pointer lookups
* Use atomic store to set GC_first_nonempty in GC_do_parallel_mark
* Use atomic store to set entry id and update cache_ptr in slow_getspecific
* Workaround '.obj file not found' error reported by watcom wlib
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
iwd and ell need to be updated in sync. This is regularly neglected.
Also the fact that they reside in different layers compicates the update process.
Beside iwd, there are not a lot of consumers for ell.
Building with internal ell makes iwd updates easier
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ver 2.20:
Fix issue with PKEX timeout and number of frequencies used.
Fix issue with handling logic for handshake failures.
Fix issue with handling ConnectedAccessPoint signal.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Make colord work out of the box
- We already create a colord user -> make use of it by passing the username
to the 'daemon_user' meson option. The conf files and systemd service file
will then be created accordingly.
- Add a backport patch to fix 'only root can write into /var' issue.
This prevents colord from starting
[https://github.com/hughsie/colord/issues/166]
- Set the runtime path for hwdata pnp.ids and
add hwdata to RDEPENDS:${PN} for non systemd images
- inherit gtk-doc to make api-documentation available
- Dont create a home-dir for colord user. It shouldn't need one.
NOTE:
colord will fail on first run with missing databases.
After second boot it should run as expected.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
They endup in undefined intrinsics demanded by compiler
error: use of undeclared identifier '__riscv_vsetvlmax_e8mf8'
Perhaps an upgrade of vendored highway module ( when it happens)
will fix it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Peter Marko
Ruiqiang Hao
Khem Raj
Peter Kjellerstedt
Fredrik Hugosson
Jiaying Song
Wang Mingyu
J. S.
Martin Jansa
Ryan Eatmon
Liyin Zhang
Markus Volk
Chen Qi
Yoann Congal
alperak
Yi Zhao
Katariina Lounento
Armin Kuster
Rouven Czerwinski
Jose Quaresma
s-tokumoto
Etienne Cordonnier
Shinji Matsunaga
ptak