lmsensors will build isadump and isaset only on x86 architecture.
Depending on this package breaks lmsensors on all non-x86 machines. Fix
this by enabling ${PN}-isatools dependency only on x86.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT
Signed-off-by: Andreas Weger <weger@hs-mittweida.de>
Change-Id: Ib24fce16b3986a465f1c5854166b8f28446b5186
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT
Signed-off-by: Andreas Weger <weger@hs-mittweida.de>
Change-Id: I062eb971a83594315cc674ccb6eba67a14d5656f
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cherry-pick the following patch from upstream/master branch,
as this fixes the following error(s) seen while running the
'pm-qa' scripts on the targets:
cpufreq_01.sh: line 28: ../include/functions.sh: No such file or directory
-----------------------------------------------
A commit in the repo of pm-qa:
"adf9df9 Fix path to library files and change shebang line"
Changed the text that sed was using to replace relative to
absolute paths.
As a result sed was not effectively finding the text
"source ../include" to replace it, as the sed should be now
searching for ". ../include".
Similarly for "../Switches"
Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 06a93a04ef)
Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Bug fix only updates. see: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Including these cves:
5.0.14
Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
overflow [reported by Meir Shpilraien].
5.0.11
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
5.0.10
This release fixes a potential heap overflow when using a heap allocator other
than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The tool depends on the six module, add it, otherwise the following
traceback happens when running it on the target:
Traceback (most recent call last):
File "/usr/bin/dstat", line 32, in <module>
import six
ModuleNotFoundError: No module named 'six'
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Source: Debian.org
MR: 108848
Type: Security Fix
Disposition: Backport from https://sources.debian.org/data/main/x/xterm/344-1%2Bdeb10u1/debian/patches/CVE-2021-27135.diff
ChangeID: 00f53def87b8b95e62908581f8fb56a69118dd32
Description:
xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
This fixes CVE-2021-27135.
Leverage a patch from Debian.
Signed-off-by: Armin Kuster <akuster@mvista.com>
The configure script contains hardcoded lookup paths to /usr and other
paths that might interfere with the host. These are overwritten with the
staging dir locations for Poky compatibility.
Backport from meta-oe master rev. 74b66d1911
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jan-Simon Moeller <dl9pf@gmx.de>
License-Update: License updated (year updated)
Fix some security issues such as CVE-2021-21702 and remove two
cve patches which already included in the new version.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e418ee4657)
[Bug fix only updates plus: CVE-2020-7071 ]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since commit c4ffcaa2[php: split out phpdbg into a separate package],
package php is empty, we might met error:
nothing provides php needed by php-cli-7.4.9-r0.corei7_64
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9be6b4f5a2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since PHP 7.0 the phpdbg debugger is built by default and gets shipped
in the main php package, increasing its size by several MB; split it
out into a php-phpdbg package, following Debian naming.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c4ffcaa2ab)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It is a (non trivial) cherry pick from
(cherry picked from commit b9ede0cb18)
python3-pyyaml was moved from meta-python to meta-oe, so that we could
apply this specific patch which breaks basic YP compatible check
script.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This specific statement in ostree recipe breaks the YP compatible
status (yocto-check-layer):
RDEPENDS_${PN}-ptest += " \
...
${@bb.utils.contains('BBFILE_COLLECTIONS', 'meta-python', 'python3-pyyaml', '', d)} \
...
"
Recently python3-pyyaml was moved to OE-core (0a8600f9cec0), and the
ostree recipe was fixed with:
b9ede0cb18 (python3-pyyaml: Do not check for meta-python)
In dunfell, moving python3-pyyaml to OE-core is not a great idea, but
moving it from meta-python to meta-oe allows us to fix ostree YP
compatible issue. Since meta-python depends on meta-oe, it should not
be a change with any visible effect.
python3-cython and python3-pyparsing are collateral damages since they are
dependency for python3-pyyaml, so needed to be moved too.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
inheriting license class which brings in
AVAILABLE_LICENSES into do_configure task checksums class since it wants to
enable thin-provisioning-tools if distro allows GPL-3 automatically, but this
brings issues when other layers which have additional licenses are
provided which ends up in signature mismatches so leave that setting to end-user and keep it disabled by
default with a comment in recipes stating that if needed then the user should enable it via
config metadata or bbappends.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f592e81f11)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
We need to adjust the vboxguest drivers to build against kernels
5.10+.
These are backports from the virtual box SVN repository and can be
dropped in future uprevs.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 22eaac640f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Centos 7 has glibc 2.18 and nss-native build fails due to implicit
declaration of function putenv during build. This is because of the
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
putenv(): _XOPEN_SOURCE
|| /* Glibc since 2.19: */ _DEFAULT_SOURCE
|| /* Glibc versions <= 2.19: */ _SVID_SOURCE
and because nss coreconf/Linux.mk only defines
-D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE
So on such system with glibc 2.18, neither macro makes putenv()
available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18
native build case.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Armin Kuster <akuster808@gmail.com>
Cc: Armin Kuster <akuster@mvista.com>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
lumag
Ranjitsinh Rathod
Armin Kuster
Alexander Thoma
Andreas Weger
Khem Raj
Anastasios Kavoukis
Richard Purdie
Konrad Weihmann
Marek Vasut
Neetika Singh
Yi Zhao
Armin Kuster
Zang Ruochen
Gianfranco
Anatol Belski
Joe Slater
Kai Kang
Mingli Yu
Changqing Li
Diego Santa Cruz
Nicolas Dechesne
Bruce Ashfield
Hongxu Jia
Masaki Ambai