When cleaning the package during rebuild in base_do_configure()
'make clean' deletes docs/dool.1. This files comes from source repository
but can't be recreated using 'make docs'.
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Drop Openssl legacy provider patch and install both binaries patch
which are already available in 16.x
* Refresh native binaries patch against 16.x base
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Compile redis with full systemd support when the chosen init system is
systemd.
Enabling systemd supervision allows redis to communicate the actual
server status (i.e. "Loading dataset", "Waiting for master<->replica
sync") to systemd, instead of declaring readiness right after
initializing the server process.
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cec-client doesn't link with libcec, but uses LibCecInitialise to
dlopen libcec, so do_package cannot add the runtime dependency
automatically
* fixes:
root@rpi4:# cec-client -l
libcec.so.6: cannot open shared object file: No such file or directory
root@rpi4:# cecc-client -l
libcec.so.6: cannot open shared object file: No such file or directory
libcec.so.6: cannot open shared object file: No such file or directory
libcec/6.0.2-r0 $ objdump -p ./build/src/cec-client/cec-client-6.0.2 | grep NEEDED
NEEDED libncurses.so.5
NEEDED libtinfo.so.5
NEEDED libstdc++.so.6
NEEDED libgcc_s.so.1
NEEDED libc.so.6
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This tweak is needed for building audit but not the interfaces it may
expose via the headers, therefore undo the tweak before packaging things
up
Reported-By: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4ff83dfb5a)
The patch for removing 'QA issues' with pg_config was incomplete, it did not
change the number of items supposed to be in the configdata stucture. This leads to
get_configdata function asserting, and pg_config command does not work
Signed-off-by: Steffen Olsen <steffen.olsen@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 730c85613e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This implements an 'npm cache add' like functionality but allows to
specify the key of the data and sets metadata which are required to
find the data.
It is used to cache information as done during 'npm install'.
Keyformat and metadata are nodejs version specific.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Setting soname in LDFLAGS means that the extra mdb tools also
incorrectly get soname set. This then triggers package.bbclass to add a
duplicate shlib_provider in /usr/bin for liblmdb.so.0.9.29. Then any
other recipe depending on liblmdb is going to get a 'Multiple shlib
provider' error.
shlibs2/lmdb.list before:
liblmdb.so.0.9.29:/usr/bin:0.9.29
liblmdb.so.0.9.29:/usr/lib:0.9.29
shlibs2/lmdb.list after:
liblmdb.so.0.9.29:/usr/lib:0.9.29
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
audit errors out due to swig munging it does with kernel headers
| audit_wrap.c: In function '_wrap_audit_rule_data_buf_set':
| audit_wrap.c:4701:17: error: cast specifies array type
| 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
| | ^
| audit_wrap.c:4701:15: error: invalid use of flexible array member
| 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
| | ^
| audit_wrap.c:4703:15: error: invalid use of flexible array member
| 4703 | arg1->buf = 0;
| | ^
These errors are due to VLAIS from kernel headers, so we copy
linux/audit.h and make the needed change in local audit.h and make
needed arrangements in build to use it when building audit package
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
(cherry picked from commit ee3c680c30)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cryptsetup SSH tokens is the only feature that has a dependency on
libssh. Add a packageconfig to control this dependency.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ax_create_stdint_h.m4 includes $CC as a comment in the generated header
which leads to buildpaths warning:
| WARNING: yasm-1.3.0+gitAUTOINC+ba463d3c26-r0 do_package_qa: QA Issue: File /usr/include/libyasm-stdint.h in package yasm-dev contains reference to TMPDIR [buildpaths]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a7346d2bb1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Update the patch to make netgroup support optional to fit the commit
merged upstream [1], update the other patch depending on one of the
changes.
Without this update, a compilation using duktape with musl fails with:
| ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c: In function 'js_polkit_user_is_in_netgroup':
| ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c:1039:7: warning: implicit declaration of function 'innetgr' [-Wimplicit-function-declaration]
| 1039 | if (innetgr (netgroup,
| | ^~~~~~~
The main patch has been split in two, to apply the duktape part only when duktape is
applied.
[1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 271282b1a5)
{Fixup for kirkstone content; exlude Ducktape chages]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
polkitd user has default access to /bin/sh, add --shell /bin/nologin
to remove default access to /bin/sh and avoid login through it.
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7ca63e5454)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
----------------
(CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d9f8d015a45188c3cf2d6841ea05319032930dbc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This CVE is patched in our version of openjpeg. The NVD database doesn't
include a version range this is why it's still reported.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
CVE-2007-2728, CVE-2007-3205 and CVE-2007-4596 are patched in our
version of php but they don't have a vulnerable version range in the
NVD database, that's why they need to be ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1642bfcb07)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2014-8180, CVE-2017-18381 and CVE-2017-2665 are not affecting our
configuration so they can be safely ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ed904e6541)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Some old CVEs don't have a vulnerable version range in the NVD database,
this causes come mismatch with cve-check. Ignore many CVEs that are
picked up by the class but are patched in our products.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit efa12676dd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2017-5834, CVE-2017-5835 and CVE-2017-5836 are patched in our
version of libplist but they don't have a vulnerable version range in
the NVD database, that's why they need to be ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 261465eb6e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Without CVE_PRODUCT set to apache:thrift cve-check was catching
CVEs form facebook:thrift that are not related with this product.
Now the report is correct.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* A new connection status dispatcher setup is provided, where users can
provide custom scripts that will be called on bearer connect/disconnect
events. This dispatcher will make the netifd integration in openwrt work
much better, as we'll be able to report network-initiated disconnections
cleanly to netifd.
There are no default connection status dispatcher scripts installed, but
it's suggested distributions make sure the following directories exist:
- ${sysconfdir}/ModemManager/connection.d/
- ${libdir}/ModemManager/connection.d/
* API:
** Add missing Simple interface definitions in ModemManager-names.h.
* Build:
** meson: fix daemon enums dependencies.
** meson: fix port enums includes.
** meson: fix 'export_packages' in GIR setup.
** meson: fix simtech plugin module name.
** systemd: don't run ModemManager in containers.
* Core:
** serial: ensure the port object is valid after BUFFER_FULL handling.
** netlink: use unaligned netlink attribute length.
** netlink: only change IFF_UP flag.
** bearer: match unknown auth to chap in loose comparisons.
** charsets: return error if UTF-8 validation fails.
** fcc-unlock: make scripts POSIX shell compatible.
** modem-helpers: consider minimum ID when choosing best profile.
** modem-helpers: fix reading <Act> given in COPS=? responses.
** sms: prevent crash if date is out of range.
** profile-manager: fix copy-paste error on tags for quarks.
* QMI:
** Ignore slot status indications until initial status is known.
** Return error when loading capabilities if none is found.
* MBIM:
** Default initial EPS bearer's auth to chap when unknown.
** Update default error when network error is out of range.
* mmcli:
** Fix key length when printing list of items.
* Plugins:
** linktop: new port type hints.
** cinterion: add support for PLSx3w modems
** huawei: disable +CPOL based features in Huawei E226
* Several other minor improvements and fixes.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Alexander Stein
He Zhe
Archana Polampalli
Zheng Qiu
Martin Jansa
Chase Qi
Alexander Thoma
Carsten Bäcker
Philippe Coval
Chen Qi
Hitomi Hasegawa
Sakib Sajal
Richard Purdie
Khem Raj
Steffen Olsen
Wang Mingyu
Mingli Yu
Enrico Scholz
Justin Bronder
Lei Maohui
Peter Kjellerstedt
Anuj Mittal
Marta Rybczynska
Akash Hadke
Yi Zhao
Vyacheslav Yurkov
Davide Gardenal
Aryaman Gupta
Changqing Li
Wentao Zhang
Adrian Freihofer