Location of the file that systemd uses to check whether to
start adbd or not has been updated from /var to /etc in
android-tools-adbd.service. This change changes the path
of creation of usb-debugging-enabled flag file in
android-tools recipes from /var/usb-debugging-enabled to
/etc/usb-debugging-enabled
Backport-of: 2a3d4be999 ("android-tools: create flag flag file for adbd at a proper location")
Fixes: a29c6386d5 ("android-toold-adbd: Fix inconsistency between selinux configurations")
Fixes: 8106cfe769 ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Raghuvarya S <quic_raghuvar@quicinc.com>
Acked-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ConditionPathExists is set to /etc/usb-debugging-enabled as part of
meta-oe/recipes-devtools/android-tools/android-tools/android-tools-
-adbd.service file. However, in meta-oe/dynamic-layers/selinux/
recipes-devtool/android-tools/android-tools/android-tools-adbd.service
file ConditionPathExists is set to /var/usb-debugging-enabled
This causes an internal inconsistency between selinux-enabled and
selinux-disabled configurations.
Backport-of: a29c6386d5 ("android-toold-adbd: Fix inconsistency between selinux configurations")
Reported-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Raghuvarya S <quic_raghuvar@quicinc.com>
Acked-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
To ensure android-tools-adbd.service starts at boot, the path
for ConditionPathExists must be present at build time. /etc is
more suitable for build-time files than /var, which is for
runtime files. Changed ConditionPathExists from
/var/usb-debugging-enabled to /etc/usb-debugging-enabled
Backport-of: 8106cfe769 ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists")
CC: Khem Raj <raj.khem@gmail.com>
CC: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Raghuvarya S <quic_raghuvar@quicinc.com>
Acked-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fixes following stringop-overflow warning with gcc-13:
In file included from /usr/include/c++/13/atomic:41,
from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/../../include/oneapi/tbb/detail/_utils.h:22,
from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/task_dispatcher.h:20,
from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/arena.cpp:17:
In member function ‘void std::__atomic_base<_IntTp>::store(__int_type, std::memory_order) [with _ITp = bool]’,
inlined from ‘void std::atomic<bool>::store(bool, std::memory_order)’ at /usr/include/c++/13/atomic:104:20,
inlined from ‘void tbb::detail::r1::concurrent_monitor_base<Context>::notify_one_relaxed() [with Context = long unsigned int]’ at /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/concurrent_monitor.h:293:53:
/usr/include/c++/13/bits/atomic_base.h:481:25: error: ‘void __atomic_store_1(volatile void*, unsigned char, int)’ writing 1 byte into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
481 | __atomic_store_n(&_M_i, __i, int(__m));
| ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
compilation terminated due to -Wfatal-errors.
cc1plus: all warnings being treated as errors
(cherry picked from commit e131071769ee3df51b56b053ba6bfa06ae9eff25)
Signed-off-by: Yogesh Tyagi <yogesh.tyagi@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The json module is used in several cli commands.
The fcntl module is used in terminal input handling.
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cb50c93096)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
============
* Add NULL check to cJSON_SetValuestring()(CVE-2024-31755)
* Remove non-functional list handling of compiler flags
* Fix heap buffer overflow
* remove misused optimization flag -01
* Set free'd pointers to NULL whenever they are not reassigned immediately after
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(From meta-openembedded rev: 535822eff7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Only include the lines from icheck.js that cover the copyright and the
license text.
License-Update: Only include the relevant parts of icheck.js
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Only include the lines from the README that cover the copyright and the
license text.
License-Update: Only include the relevant parts of the README
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
- Remove outdated comment
- Switch to git fetcher. Otherwise the official download location leads to:
WARNING: exiv2-0.28.2-r0 do_recipe_qa: QA Issue: exiv2: SRC_URI uses unstable GitHub/GitLab
archives, convert recipe to use git protocol [src-uri-bad]
- Remove reproducibility hack. Theres no buildpath leakage in exiv2Config.cmake
anymore.
Changes from version 0.28.1 to 0.28.2
-------------------------------------
Release Notes:
* https://github.com/Exiv2/exiv2/issues/2914
* https://github.com/Exiv2/exiv2/milestone/13?closed=1
This release also fixes two low-severity security issues in quicktimevideo.cpp:
* [CVE-2024-24826](https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w):
out-of-bounds read in QuickTimeVideo::NikonTagsDecoder.
* [CVE-2024-25112](https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36):
denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder.
These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0,
so earlier versions of Exiv2 are not affected.
Changes from version 0.28.0 to 0.28.1
-------------------------------------
Release Notes:
https://github.com/Exiv2/exiv2/issues/2813
This release also fixes [CVE-2023-44398](https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r),
an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in
version 0.28.0, so earlier versions of Exiv2 are not affected.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3a9fc5ba68)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Update status for:
CVE-2016-7534, CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538, CVE-2017-5506, CVE-2017-5509, CVE-2017-5510, CVE-2017-5511, CVE-2007-1667
CPE is incorrect, the current version (7.1.1) is not affected.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9f2e9daef1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gcab-src has some meson generated files which embed
absolute paths from build environment. meson seems
ot do this on purpose to fix other issues.
Ignored those issues for now.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit db91757e7b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Test binaries are embeddding build paths and can't easily
figure out why. Thus ignore the errors in these binaries
for now.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e77f9f2feb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Release notes:
https://github.com/HDFGroup/hdf5/blob/hdf5_1.14.4.3/release_docs/RELEASE.txt
License update: link update
from https://raw.githubusercontent.com/hdfgroup/hdf5/develop/COPYING_LBNL_HDF5
to https://raw.githubusercontent.com/hdfgroup/hdf5/hdf5_1_14/COPYING_LBNL_HDF5.
Upstream has only Released tar file extension is .gz so
SRC_URI tar file extension changed from .bz2 to .gz
Fixes
File /usr/lib/libhdf5.settings in package hdf5 contains reference to TMPDIR
File /usr/src/debug/hdf5/1.14.4-3/src/H5build_settings.c in package
hdf5-src contains reference to TMPDIR [buildpaths]
- Running H5make_libsettings is no longer required for cross-compiling
The functionality of H5make_libsettings is now handled via template files,
so H5make_libsettings has been removed.
- Running H5detect is no longer required for cross-compiling
The functionality of H5detect is now exercised at library startup,
so H5detect has been removed
Rework the patch 0001-cmake-remove-build-flags.patch to fix the build path
issue.
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Currently, any non-native recipes that inherits cpan-base ends up
with an image RDEPENDS on perl (via
https://git.yoctoproject.org/poky/tree/meta/classes-recipe/cpan-base.bbclass?h=scarthgap#n14)
If you are building an image and desire to have Postgresql installed
but NOT perl, this creates a problem. This changeset attempts
to fix this shortcoming by not inheriting cpan-base directly.
Note this work is a continuation of attempts to change cpan-base:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15563
The Postgresql build system uses perl, so add it as a DEPENDS. This
happened previously via the "inherit cpan-base" directive.
I've validated this recipe successfully packages with and without
the perl PACKAGECONFIG in Scarthgap.
Signed-off-by: Barry Grussling <mr.scada@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f311f1f01c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ${libdir}/systemd doesn't work on multilib builds, where libdir might be something
else than ${nonarch_base_libdir}
fixes:
ERROR: QA Issue: lib32-bolt: Files/directories were installed but not shipped in any package:
/usr/lib/systemd
/usr/lib/systemd/system
/usr/lib/systemd/system/bolt.service
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit addresses the shebang size issue encountered in the
do_populate_sysroot task of the rrdtool-native recipe. The issue
was caused by the shebang line in the cgi-demo.cgi file exceeding
the maximum allowed length of 128 characters.
The following error was observed:
ERROR: rrdtool-native-1.8.0-r0 do_populate_sysroot: QA Issue: : /work/x86_64-linux/rrdtool-native/1.8.0/sysroot-destdir/work/x86_64-linux/rrdtool-native/1.8.0/recipe-sysroot-native/usr/share/rrdtool/examples/cgi-demo.cgi maximum shebang size exceeded, the maximum size is 128. [shebang-size]
ERROR: rrdtool-native-1.8.0-r0 do_populate_sysroot: do_populate_sysroot for this recipe installed files with QA issues
The solution implemented involves modifying the shebang line in the
cgi-demo.cgi file to use '/usr/bin/env rrdcgi', ensuring it adheres
to the length limit.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 05c17b63fe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a header only package. It may be useful to the native machine
but it is definitely useful for the nativesdk machine.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Peter Marko
Khem Raj
Armin Kuster
Dmitry Baryshkov
Raghuvarya S
Yogesh Tyagi
Peter Kjellerstedt
Harish Sadineni
Wang Mingyu
Martin Jansa
Marc Ferland
Ashish Sharma
Changqing Li
akash hadke
Soumya Sambu
Yogita Urade
Esben Haabendal
Peter Kjellerstedt
alperak
Markus Volk
Ninette Adhikari
Mikko Rapeli
Barry Grussling
Benjamin Szőke
Etienne Cordonnier
Zhang Peng
Jiaying Song
Randolph Sapp