aeae0a34cf
apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641
...
CVE-2020-13950:
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be
made to crash (NULL pointer dereference) with specially crafted
requests using both Content-Length and Transfer-Encoding headers,
leading to a Denial of Service
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-13950
Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966738
https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b
CVE-2020-35452:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Digest nonce can cause a stack overflow in
mod_auth_digest. There is no report of this overflow
being exploitable, nor the Apache HTTP Server team could
create one, though some particular compiler and/or
compilation option might make it possible, with limited
consequences anyway due to the size (a single byte) and
the value (zero byte) of the overflow
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-35452
Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2020-35452
https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b
CVE-2021-26690:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Cookie header handled by mod_session can cause
a NULL pointer dereference and crash, leading to a
possible Denial Of Service
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26690
Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2021-26690
https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8
CVE-2021-26691:
In Apache HTTP Server versions 2.4.0 to 2.4.46 a
specially crafted SessionHeader sent by an origin server
could cause a heap overflow
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26691
Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966732
https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
CVE-2021-30641:
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected
matching behavior with 'MergeSlashes OFF'
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30641
Upstream patches:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3
Signed-off-by: Li Wang <li.wang@windriver.com >
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
(cherry picked from commit 70b1aa0a4cakuster808@gmail.com >
2021-07-10 21:15:33 -07:00
d9c8c33db8
nginx: fix CVE-2021-23017
...
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
(cherry picked from commit 8238504903akuster808@gmail.com >
2021-07-10 21:14:18 -07:00
7bd47ef6c9
dovecot: add CVE-2016-4983 to allowlist
...
CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 3613b50a84akuster808@gmail.com >
(cherry picked from commit d1fb027f89akuster808@gmail.com >
2021-07-06 07:50:13 -07:00
50ffe3b559
cyrus-sasl: add CVE-2020-8032 to allowlist
...
This affects only openSUSE, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 711e932b14akuster808@gmail.com >
(cherry picked from commit 2681937544akuster808@gmail.com >
2021-07-05 15:27:25 -07:00
bbd2addbcf
add CVE-2011-2411 to allowlist
...
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bb4a4f0ff8akuster808@gmail.com >
(cherry picked from commit d614d160a1akuster808@gmail.com >
2021-07-05 15:26:43 -07:00
cca0a50ab0
python3-django: upgrade 2.2.23 -> 2.2.24
...
Version 2.2.24 contains a fix for CVE-2021-33571 and is the latest LTS
release.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit fa2d3338fbakuster808@gmail.com >
(cherry picked from commit c51e79dd85akuster808@gmail.com >
2021-07-05 15:25:06 -07:00
91fe0bd098
python3-django: upgrade 2.2.22 -> 2.2.23
...
2.2.23 is a bugfix release:
- Fixed a regression in Django 2.2.21 where saving FileField would raise a
SuspiciousFileOperation even when a custom upload_to returns a valid
file path (#32718 ).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
(cherry picked from commit f07a8c1376akuster808@gmail.com >
(cherry picked from commit b2716ef06aakuster808@gmail.com >
2021-07-05 14:54:58 -07:00
732b073b99
python3-django: upgrade 2.2.20 -> 2.2.22
...
Version 2.2.22 includes a fix for CVE-2021-32052.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
(cherry picked from commit b26099fc15akuster808@gmail.com >
(cherry picked from commit f3758cb444akuster808@gmail.com >
2021-07-05 14:54:49 -07:00
958d8a5286
python3-django: upgrade to 2.2.20
...
2.2.x is LTS, so upgrade to latest release 2.2.20.
This upgrade fixes several CVEs such as CVE-2021-3281.
Also, CVE-2021-28658.patch is dropped as it's already in 2.2.20.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
(cherry picked from commit e705d4932aakuster808@gmail.com >
2021-07-05 14:54:40 -07:00
f01a9056a9
python3-django: fix CVE-2021-28658
...
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658
Upstream patches:
https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
(cherry picked from commit aef354a0c2akuster808@gmail.com >
2021-07-05 14:54:38 -07:00
f1d5b6260f
python3-django: upgrade 2.2.13 -> 2.2.16
...
Summary of release notes from https://docs.djangoproject.com/en/2.2/releases/
2.2.14 release notes:
- Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings
raised by cache key validation (#31654 ).
2.2.15 release notes:
- Allowed setting the SameSite cookie flag in HttpResponse.delete_cookie()
(#31790 ).
- Fixed crash when sending emails to addresses with display names longer than
75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+ (#31784 ).
2.2.16 release notes:
- Fixed CVE-2020-24583: Incorrect permissions on intermediate-level directories
on Python 3.7+
- Fixed CVE-2020-24584: Permission escalation in intermediate-level directories
of the file system cache on Python 3.7+
- Fixed a data loss possibility in the select_for_update(). When using related
fields pointing to a proxy model in the of argument, the corresponding model
was not locked (#31866 ).
- Fixed a data loss possibility, following a regression in Django 2.0, when
copying model instances with a cached fields value (#31863 ).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit eb69aad33fakuster808@gmail.com >
2021-07-05 14:53:48 -07:00
7ee3eeffed
python3-django: upgrade 2.2.7 -> 2.2.13
...
Upgrade from 2.2.7 for:
- Bugfixes, including CVE-2020-13254, CVE-2020-13596, many
others;
- Official support for Python 3.8 (as of Django 2.2.8)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8c4e201c62akuster808@gmail.com >
2021-07-05 14:53:33 -07:00
54207c3575
nss: Fix build on Centos 7
...
Centos 7 has glibc 2.18 and nss-native build fails due to implicit
declaration of function putenv during build. This is because of the
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
putenv(): _XOPEN_SOURCE
|| /* Glibc since 2.19: */ _DEFAULT_SOURCE
|| /* Glibc versions <= 2.19: */ _SVID_SOURCE
and because nss coreconf/Linux.mk only defines
-D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE
So on such system with glibc 2.18, neither macro makes putenv()
available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18
native build case.
Signed-off-by: Marek Vasut <marex@denx.de >
Cc: Armin Kuster <akuster808@gmail.com >
Cc: Armin Kuster <akuster@mvista.com >
Cc: Khem Raj <raj.khem@gmail.com >
Cc: Richard Purdie <richard.purdie@linuxfoundation.org >
Cc: Ross Burton <ross.burton@arm.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-06-06 20:42:32 -07:00
c38d2a74f7
dnsmasq: Add fixes for CVEs reported for dnsmasq
...
Applied single patch for below listed CVEs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
as they are fixed by single commit
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
Link: https://www.openwall.com/lists/oss-security/2021/01/19/1
Also, applied patch for below listed CVEs:
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
all CVEs applicable to v2.81
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com >
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com >
[Refreshed patches]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-29 11:41:45 -07:00
587fe58949
ebtables: use bitbake optimization levels
...
Don't overwrite with O3 optimization. Reduces ebtables
binary package size from 416241 to 412145 bytes, and
enables further optimizations with e.g. -Os flags
via bitbake distro wide settings.
Only ebtables versions up to 2.0.10-4 and dunfell are affected.
The version 2.0.11 from hardknott and master branch use system
wide flags already.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-29 11:02:09 -07:00
943f5560aa
opencv: Add fix for CVE-2019-5063 and CVE-2019-5064
...
Added fix for below CVE's
CVE-2019-5063
CVE-2019-5064
Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch
Signed-off-by: akash hadke <akash.hadke@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-25 04:50:10 -07:00
f56fb13a2c
hostapd: fix building with CONFIG_TLS=internal
...
The patch recently added for CVE-2021-30004 broke compilation with
CONFIG_TLS=internal. This adds the necessary function to let it
compile again.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit d6ef417074akuster808@gmail.com >
2021-05-22 16:18:11 -07:00
9d50b9f995
libsdl: Fix CVE-2019-13616
...
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read
in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/97fefd050976bbbfca9608499f6a7d9fb86e70db ]
CVE: CVE-2019-13616
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-22 16:14:30 -07:00
a3a0e02319
exiv2: Fix CVE-2021-29473
...
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b ]
CVE: CVE-2021-29473
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a9aecd2c32akuster808@gmail.com >
2021-05-22 16:13:38 -07:00
8ac1650275
exiv2: Fix CVE-2021-29470
...
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1581/commits/6628a69c036df2aa036290e6cd71767c159c79ed ]
CVE: CVE-2021-29470
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bb1400efdaakuster808@gmail.com >
2021-05-22 16:13:38 -07:00
29953069d9
exiv2: Fix CVE-2021-29464
...
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54 ]
CVE: CVE-2021-29464
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8c9470bdfaakuster808@gmail.com >
2021-05-22 16:13:38 -07:00
be0cc5e79b
exiv2: Fix CVE-2021-3482
...
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482
Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp
can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da ]
CVE: CVE-2021-3482
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 9e7c2c9713akuster808@gmail.com >
2021-05-22 16:13:38 -07:00
f38ed30c08
exiv2: Fix CVE-2021-29463
...
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b ]
CVE: CVE-2021-29463
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8e63ac6c86akuster808@gmail.com >
2021-05-22 16:13:38 -07:00
6990c93dbd
exiv2: Fix CVE-2021-29458
...
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1536/commits/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d ]
CVE: CVE-2021-29458
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f0d83c14d9akuster808@gmail.com >
2021-05-22 16:13:38 -07:00
eee3b137a0
exiv2: Fix CVE-2021-29457
...
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/0230620e6ea5e2da0911318e07ce6e66d1ebdf22 ]
CVE: CVE-2021-29457
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5be7269309akuster808@gmail.com >
2021-05-22 16:13:27 -07:00
11eae11452
linuxptp: Fix cross build
...
Adjust incdefs.sh to use cross tools to poke for system functionality
Re-enable using incdefs.sh
export KBUILD_OUTPUT to point to recipe sysroot
(From meta-oe rev: b6022761d6raj.khem@gmail.com >
Signed-off-by: Denys Dmytriyenko <denis@denix.org >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-14 10:03:51 -07:00
f81318a4f8
fuse: Whitelisted CVE-2019-14860
...
CVE-2019-14860 is a REDHAT specific issue and
was addressed for REDHAT Fuse products on
Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
REDHAT has also released the fix and updated their
security advisories after significant releases.
Hence, whitelisted the CVE-2019-14860.
Link: https://access.redhat.com/security/cve/cve-2019-14860
Link: https://access.redhat.com/errata/RHSA-2019:3244
Link: https://access.redhat.com/errata/RHSA-2019:3892
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-14 10:03:51 -07:00
d460525cd5
nodejs: 12.20.2 -> 12.21.0
...
Fixes :
- CVE-2021-22883
- CVE-2021-22884
- CVE-2021-23840
Signed-off-by: Clément Péron <peron.clem@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 02feb1d932akuster808@gmail.com >
2021-05-14 10:03:51 -07:00
1ea5c51d98
nodejs: 12.20.1 -> 12.20.2
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6322c63987akuster808@gmail.com >
2021-05-14 10:03:51 -07:00
0026462c0c
packagegroup-meta-webserver: remove nostromo from pkg grp
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-14 10:03:51 -07:00
bbf344afaf
nostromo: Blacklist and exclude from world builds
...
Host site is dead.
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-14 10:03:51 -07:00
2915810edb
ostree: switch from default master branch to main to fix do_fetch failure
...
* branch was renamed in upstream repo
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-05-13 21:52:34 -07:00
c1a5068322
libupnp: Fix CVE-2020-13848
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-13848
Upstream-Status: Accepted [https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 ]
CVE: CVE-2020-13848
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-23 19:13:09 -07:00
d126440422
hostapd: fix CVE-2021-30004
...
In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30004
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit e2bd6a52bfakuster808@gmail.com >
(cherry picked from commit 98c5cddf67akuster808@gmail.com >
(cherry picked from commit 730de4763aakuster808@gmail.com >
2021-04-23 18:45:08 -07:00
d2b027d8d8
hostapd: fix CVE-2021-0326 and CVE-2021-27803
...
Backport 2 patches to fix two CVEs.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5a085c588aakuster808@gmail.com >
(cherry picked from commit 845bd5a5f1akuster808@gmail.com >
2021-04-23 18:45:08 -07:00
a0f00c2e11
hostapd: fix CVE-2019-5061
...
Backport a patch to fix CVE-2019-5061.
Reference: https://security-tracker.debian.org/tracker/CVE-2019-5061
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
(cherry picked from commit 04ba527e94akuster808@gmail.com >
2021-04-23 18:45:08 -07:00
da39b1e087
libyui: switch to libyui-old repo which still has this SRCREV
...
* 8459235919f592b1bc099ecf9a947cb6344b6fa5 doesn't exist in current repo:
libyui$ git branch -a --contains 8459235919f592b1bc099ecf9a947cb6344b6fa5
error: no such commit 8459235919f592b1bc099ecf9a947cb6344b6fa5
* there are no common commits in the new libyui repo, but luckily old
repo is kept as
https://github.com/libyui/libyui-old
similarly libyui-ncurses now contains only README about being obsolete in:
https://github.com/libyui/libyui-ncurses
but at least it wasn't rewritten to have the new content
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-23 18:45:08 -07:00
f8ce4b1030
telepathy-glib: respect GI_DATA_ENABLED when enabling vala-bindings
...
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-23 18:45:08 -07:00
16de5f93d5
uml-utilities: fix installed-vs-shipped with usrmerge
...
* fixes:
ERROR: uml-utilities-20040406-r1 do_package: QA Issue: uml-utilities: Files/directories were installed but not shipped in any package:
/usr/lib/uml/port-helper
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
uml-utilities: 1 installed and not shipped files. [installed-vs-shipped]
* pass LIB_DIR instead of using default value from Makefile:
$ grep LIB_DIR.*= tools/port-helper/Makefile
LIB_DIR ?= /usr/lib/uml
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-23 18:45:08 -07:00
430ef96fe6
wireguard: fix build issue with updated 5.4 kernel
...
error: static declaration of 'icmp_ndo_send' follows non-static declaration
| 959 | static inline void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
| | ^~~~~~~~~~~~~
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
76174f4654
packagegroup-meta-oe: add guider
...
* now when it's not depending on meta-python2 we can add it without conditional
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
87b3cd4528
packagegroup-meta-oe: move the packages depending on meta-python2 to separate packages
...
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
50fde57732
packagegroup-meta-oe: include nodejs without meta-python2 conditional
...
* it doesn't depend on meta-python2 since:
commit eaf9cfb018martin.jansa@gmail.com >
Date: Thu Jan 23 17:44:06 2020 +0100
nodejs: use python3native
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
ff5ae4c168
ceres-solver: prevent fetching git hook during do_configure
...
* today I've found 2 jenkins jobs stuck way too long sitting in this do_configure
Bitbake still alive (5000s)
Bitbake still alive (10000s)
Bitbake still alive (15000s)
Bitbake still alive (20000s)
Bitbake still alive (25000s)
Bitbake still alive (30000s)
... manually killed, the CMake ...
ERROR: ceres-solver-1.14.0-r0 do_configure: Execution of 'ceres-solver/1.14.0-r0/temp/run.do_configure.39438' failed with exit code 143:
...
| -- Detected Ceres being used as a git submodule, adding commit hook for Gerrit to: ceres-solver/1.14.0-r0/git/.git
| ceres-solver/1.14.0-r0/temp/run.do_configure.39438: line 213: 39485 Terminated cmake -G 'Ninja' -DCMAKE_MAKE_PROGRAM=ninja ...
I've seen it with dunfell and gatesgarth, but master has the same
ADD_GERRIT_COMMIT_HOOK function (just in newer ceres-solver release),
so probably needs the same.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
997c27d55e
Update commit for version 3.9.7
...
commit hash for version 3.9.7 is invalid
because previous commit hashes
chagned by git filter-branch command are restored
Signed-off-by: Peace Lee <iipeace5@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit fdbfb6ce99akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
1fe81b38af
guider: Upgrade to 3.9.7
...
Signed-off-by: Peace Lee <iipeace5@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 93c9a20bf3akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
637967e804
opencv: refresh patches with devtool to apply cleanly
...
* fixes:
WARNING: opencv-4.1.0-r0 do_patch: Fuzz detected:
Applying patch CVE-2019-14491.patch
patching file modules/objdetect/src/cascadedetect.cpp
Hunk #1 succeeded at 46 with fuzz 1 (offset -1 lines).
Hunk #2 succeeded at 540 (offset -1 lines).
Hunk #3 succeeded at 552 (offset -1 lines).
Hunk #4 succeeded at 613 (offset -1 lines).
Hunk #5 succeeded at 774 (offset -1 lines).
Hunk #6 succeeded at 825 (offset -1 lines).
Hunk #7 succeeded at 1470 (offset -36 lines).
patching file modules/objdetect/src/cascadedetect.hpp
The context lines in the patches can be updated with devtool:
devtool modify opencv
devtool finish --force-patch-refresh opencv <layer_path>
Don't forget to review changes done by devtool!
WARNING: opencv-4.1.0-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
7796f4ce08
neon: Add ptest
...
Reused below test suites from neon source package:
BASIC_TESTS:
auth
basic
request
session
socket
string-tests
stubs
uri-tests
util-tests
DAV_TESTS:
acl3744
lock
oldacl
props
xml
xmlreq
Overall execution time of above test suite is approximately 15sec.
Signed-off-by: Neetika.Singh <Neetika.Singh@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-04-07 08:55:15 -07:00
d97185f365
freerdp: Add missing libxkbcommon WL dependency
...
The WL build depends on libxkbcommon, so add the dependency.
Signed-off-by: Marek Vasut <marex@denx.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8834838970akuster808@gmail.com >
2021-04-07 08:55:06 -07:00
389757a749
opencv: Security fixes
...
Added patches to fix below CVE's:
1. CVE-2019-14491, CVE-2019-14492
Link: https://github.com/opencv/opencv/commit/ac425f67e4c1d0da9afb9203f0918d8d57c067ed
2. CVE-2019-14493
Link: https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023
3. CVE-2019-15939
Link: https://github.com/opencv/opencv/commit/5a497077f109d543ab86dfdf8add1c76c0e47d29
4. CVE-2019-19624
Link: https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418
Signed-off-by: Neetika.Singh <Neetika.Singh@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2021-03-16 08:40:07 -07:00
Li Wang
Changqing Li
Armin Kuster
ito-yuichi@fujitsu.com
Sekine Shigeki
Trevor Gamblin
Chen Qi
Stefan Ghinea
Marek Vasut
Sana Kazi
Mikko Rapeli
akash.hadke
Alexander Vickberg
wangmy
Khem Raj
Saloni Jain
Clément Péron
Sean Nyekjaer
Martin Jansa
Andrej Kozemcak
Mingli Yu
Peace Lee
Aditya.Tayade
Neetika Singh