Upgrade to release 3.2.4:
- CVE-2021-33203: Potential directory traversal via admindocs
- CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses
- Fixed a bug in Django 3.2 where a final catch-all view in the
admin didn't respect the server-provided value of SCRIPT_NAME
when redirecting unauthenticated users to the login page.
- Fixed a bug in Django 3.2 where a system check would crash on an
abstract model
- Prevented unnecessary initialization of unused caches following
a regression in Django 3.2
- Fixed a crash in Django 3.2 that could occur when running
mod_wsgi with the recommended settings while the Windows
colorama library was installed
- Fixed a bug in Django 3.2 that would trigger the auto-reloader
for template changes when directory paths were specified with
strings
- Fixed a regression in Django 3.2 that caused a crash of
auto-reloader with AttributeError, e.g. inside a Conda
environment
- Fixed a regression in Django 3.2 that caused a loss of precision
for operations with DecimalField on MySQL
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 624e3e1898)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
3.2.3 is a bugfix release:
- Prepared for mysqlclient > 2.0.3 support (#32732).
- Fixed a regression in Django 3.2 that caused the incorrect
filtering of querysets combined with the | operator (#32717).
- Fixed a regression in Django 3.2.1 where saving FileField
would raise a SuspiciousFileOperation even when a custom
upload_to returns a valid file path (#32718).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit bdf1be7c55)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2.2.23 is a bugfix release:
- Fixed a regression in Django 2.2.21 where saving FileField would raise a
SuspiciousFileOperation even when a custom upload_to returns a valid
file path (#32718).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit f07a8c1376)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes cif-utils recipe build when DISTRO_FEATURES includes 'usrmerge'
Add do_configure_prepend() to override ROOTSSBINDIR environment variable
so that the utilities are installed in /usr/sbin rather than /sbin.
Setting --exec-prefix or --prefix in EXTRA_OECONF does not work.
Update do_install_append() to NOT remove /usr/bin /usr/sbin if usrmerge
is set in DISTRO_FEATURES
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3c1e72d62c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Rebuilding minifi-cpp in old build dir sometimes result
in do_compile failure. So set CLEANBROKEN to "1" to workaround
this problem. If further investigation is done and the underlying
problem is addressed, this setting could be removed.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a9e1724387)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3613b50a84)
[mkcert.sh does mask 077 first]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Due to the sed commands in do_install_append() that removed
${STAGING_DIR_HOST} and it being empty when building for native, it was
impossible to add support for building this as native using a bbappend.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 74d58bc6e8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Remove the explicit dependency on libnl as the libnl PACKAGECONFIG
depends on it as necessary.
* Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF
directly.
* Sort the PACKAGECONFIGs.
* Some whitespace clean up.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 411c981ef0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This was introduced with commit:
2e0fd78
rapidjson: fix cmake artifacts installation for non-default BASELIB case
and should have been removed with commit:
5aa127a
rapidjson: Remove unwanted patches
NOTE: such multilib fixes are not needed after this commit in oe-core:
24f630c cmake.bbclass: Define LIB_SUFFIX
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0ceacaa68e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As done for initramfs-kexecboot-image we need to use python to get the
desired value for IMAGE_FSTYPES.
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93e139c998)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
test case: zaurus.inc
IMAGE_FSTYPES ?= "tar.gz jffs2 jffs2.sum ubi ubifs"
IMAGE_FSTYPES_collie ?= "tar.gz jffs2 jffs2.sum"
INITRAMFS_FSTYPES ?= "cpio.gz cpio.xz"
The last assignment IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" did in fact
reset the value to IMAGE_FSTYPES_collie, thus not producing cpio.gz / cpio.xz.
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cdce92b4e9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Set an appropriate python processor directory in configure file to fix
the minifi startup warning:
[org::apache::nifi::minifi::python::PythonCreator] [error] Could not access /etc/minifi/minifi-python/
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a86b772e31)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
From COPYING.README:
"""
Eigen is primarily MPL2 licensed. See COPYING.MPL2 and these links:
http://www.mozilla.org/MPL/2.0/http://www.mozilla.org/MPL/2.0/FAQ.html
Some files contain third-party code under BSD or LGPL licenses, whence the other
COPYING.* files here.
All the LGPL code is either LGPL 2.1-only, or LGPL 2.1-or-later.
For this reason, the COPYING.LGPL file contains the LGPL 2.1 text.
"""
The upstream repository contains multiple COPYING files (various 3rd party
code is under different licenses), so update the LICENSE information
accordingly. Also, add MINPACK to meta-oe/licenses.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9efdb6799e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libpfm4 is only enabled for powerpc arch as of now.
This enables the lib on Arm 64bit platform as well.
Signed-off-by: Olivier Georget <olivier.georget@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d02bd48673)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
4.4.6 has been released from same SHA which was used for rc0
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e17fc085c0)
[Bug fix only updates:
Issues fixed:
SERVER-53604: Include original aws iam arn in authenticate audit logs
SERVER-52564: Deadlock between step down and MongoDOperationContextSession
WT-7442: RTS to open dhandle only when the dhandle has unstable updates
WT-7426: Set write generation number when the page image gets created
WT-7373: Improve slow random cursor operations on oplog]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Drop upstreamed patch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 44664a2d66)
[Bug fix only update:
Issues fixed:
SERVER-55298: Reproduce and Investigate BSONObjectTooLarge error
SERVER-53566: Investigate and reproduce "opCtx != nullptr && _opCtx == nullptr" invariant
SERVER-51281: mongod live locked
SERVER-46686: Explain does not respect maxTimeMS
SERVER-45836: Provide more LDAP details (like server IP) at default log level
All JIRA issues closed in 4.4.5
4.4.5 Changelog]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Centos 7 has glibc 2.18 and nss-native build fails due to implicit
declaration of function putenv during build. This is because of the
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
putenv(): _XOPEN_SOURCE
|| /* Glibc since 2.19: */ _DEFAULT_SOURCE
|| /* Glibc versions <= 2.19: */ _SVID_SOURCE
and because nss coreconf/Linux.mk only defines
-D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE
So on such system with glibc 2.18, neither macro makes putenv()
available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18
native build case.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Armin Kuster <akuster808@gmail.com>
Cc: Armin Kuster <akuster@mvista.com>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 30148b33b5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
On some distros, such as fedora32, cross compile failed with following
error since host library is used. undefined reference to
`stat64@GLIBC_2.33'
According doc of ld, set searchdir begins with "=", but not hardcoded
locations.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a6d1ddf7a9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
getcontext|setcontext functionality is provided via libucontext for musl
but this library is not yet ported to RISCV
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a116630318)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
perf(oe-core) also uses the doc included in plugins/, so package it in own subdirs of trace-cmd.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d8402fdd6f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The patch recently added for CVE-2021-30004 broke compilation with
CONFIG_TLS=internal. This adds the necessary function to let it
compile again.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d6ef417074)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [e6a0982f7c]
CVE: CVE-2021-29473
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a9aecd2c32)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [6628a69c03]
CVE: CVE-2021-29470
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb1400efda)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [f930883919]
CVE: CVE-2021-29464
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8c9470bdfa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [783b3a6ff1]
CVE: CVE-2021-29463
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8e63ac6c86)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [06d2db6e5f]
CVE: CVE-2021-29458
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f0d83c14d9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [0230620e6e]
CVE: CVE-2021-29457
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5be7269309)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 3.11.4:
- Bug fix where a MongoClient would mistakenly attempt to create
minPoolSize connections to arbiter nodes
- Bug fix that prevented PyMongo from retrying writes after a
writeConcernError on MongoDB 4.4+
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit dcb9ecc1e5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 4.0.2:
- Using Union containing generics as type hint causes an error
- Libdoc does not anymore work with resource files in PYTHONPATH
- Rebot removes sourcename attribute from <kw> in output.xml
- Run Keyword If Test Failed does not work correctly if it is not
first keyword in teardown and test is skipped
- Argument conversion problems when type hint is ABC
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 73d63dd3fe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.3.4:
- Reverts the unsatisfying fix for KeyError during import when
running with python optimisation level of 2
- instead a RuntimeError is thrown when Python is running with
optimization level 2
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 87e6a45374)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since tbb has a COMPATIBLE_MACHINE entry to prevent it from building
for powerpcc, let's also remove it from the meta-oe-support package
group.
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 564f721954)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
