The json module is used in several cli commands.
The fcntl module is used in terminal input handling.
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cb50c93096)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
============
* Add NULL check to cJSON_SetValuestring()(CVE-2024-31755)
* Remove non-functional list handling of compiler flags
* Fix heap buffer overflow
* remove misused optimization flag -01
* Set free'd pointers to NULL whenever they are not reassigned immediately after
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(From meta-openembedded rev: 535822eff7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Only include the lines from icheck.js that cover the copyright and the
license text.
License-Update: Only include the relevant parts of icheck.js
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Only include the lines from the README that cover the copyright and the
license text.
License-Update: Only include the relevant parts of the README
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
- Remove outdated comment
- Switch to git fetcher. Otherwise the official download location leads to:
WARNING: exiv2-0.28.2-r0 do_recipe_qa: QA Issue: exiv2: SRC_URI uses unstable GitHub/GitLab
archives, convert recipe to use git protocol [src-uri-bad]
- Remove reproducibility hack. Theres no buildpath leakage in exiv2Config.cmake
anymore.
Changes from version 0.28.1 to 0.28.2
-------------------------------------
Release Notes:
* https://github.com/Exiv2/exiv2/issues/2914
* https://github.com/Exiv2/exiv2/milestone/13?closed=1
This release also fixes two low-severity security issues in quicktimevideo.cpp:
* [CVE-2024-24826](https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w):
out-of-bounds read in QuickTimeVideo::NikonTagsDecoder.
* [CVE-2024-25112](https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36):
denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder.
These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0,
so earlier versions of Exiv2 are not affected.
Changes from version 0.28.0 to 0.28.1
-------------------------------------
Release Notes:
https://github.com/Exiv2/exiv2/issues/2813
This release also fixes [CVE-2023-44398](https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r),
an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in
version 0.28.0, so earlier versions of Exiv2 are not affected.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3a9fc5ba68)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Update status for:
CVE-2016-7534, CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538, CVE-2017-5506, CVE-2017-5509, CVE-2017-5510, CVE-2017-5511, CVE-2007-1667
CPE is incorrect, the current version (7.1.1) is not affected.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9f2e9daef1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gcab-src has some meson generated files which embed
absolute paths from build environment. meson seems
ot do this on purpose to fix other issues.
Ignored those issues for now.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit db91757e7b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Test binaries are embeddding build paths and can't easily
figure out why. Thus ignore the errors in these binaries
for now.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e77f9f2feb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Release notes:
https://github.com/HDFGroup/hdf5/blob/hdf5_1.14.4.3/release_docs/RELEASE.txt
License update: link update
from https://raw.githubusercontent.com/hdfgroup/hdf5/develop/COPYING_LBNL_HDF5
to https://raw.githubusercontent.com/hdfgroup/hdf5/hdf5_1_14/COPYING_LBNL_HDF5.
Upstream has only Released tar file extension is .gz so
SRC_URI tar file extension changed from .bz2 to .gz
Fixes
File /usr/lib/libhdf5.settings in package hdf5 contains reference to TMPDIR
File /usr/src/debug/hdf5/1.14.4-3/src/H5build_settings.c in package
hdf5-src contains reference to TMPDIR [buildpaths]
- Running H5make_libsettings is no longer required for cross-compiling
The functionality of H5make_libsettings is now handled via template files,
so H5make_libsettings has been removed.
- Running H5detect is no longer required for cross-compiling
The functionality of H5detect is now exercised at library startup,
so H5detect has been removed
Rework the patch 0001-cmake-remove-build-flags.patch to fix the build path
issue.
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Currently, any non-native recipes that inherits cpan-base ends up
with an image RDEPENDS on perl (via
https://git.yoctoproject.org/poky/tree/meta/classes-recipe/cpan-base.bbclass?h=scarthgap#n14)
If you are building an image and desire to have Postgresql installed
but NOT perl, this creates a problem. This changeset attempts
to fix this shortcoming by not inheriting cpan-base directly.
Note this work is a continuation of attempts to change cpan-base:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15563
The Postgresql build system uses perl, so add it as a DEPENDS. This
happened previously via the "inherit cpan-base" directive.
I've validated this recipe successfully packages with and without
the perl PACKAGECONFIG in Scarthgap.
Signed-off-by: Barry Grussling <mr.scada@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f311f1f01c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ${libdir}/systemd doesn't work on multilib builds, where libdir might be something
else than ${nonarch_base_libdir}
fixes:
ERROR: QA Issue: lib32-bolt: Files/directories were installed but not shipped in any package:
/usr/lib/systemd
/usr/lib/systemd/system
/usr/lib/systemd/system/bolt.service
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit addresses the shebang size issue encountered in the
do_populate_sysroot task of the rrdtool-native recipe. The issue
was caused by the shebang line in the cgi-demo.cgi file exceeding
the maximum allowed length of 128 characters.
The following error was observed:
ERROR: rrdtool-native-1.8.0-r0 do_populate_sysroot: QA Issue: : /work/x86_64-linux/rrdtool-native/1.8.0/sysroot-destdir/work/x86_64-linux/rrdtool-native/1.8.0/recipe-sysroot-native/usr/share/rrdtool/examples/cgi-demo.cgi maximum shebang size exceeded, the maximum size is 128. [shebang-size]
ERROR: rrdtool-native-1.8.0-r0 do_populate_sysroot: do_populate_sysroot for this recipe installed files with QA issues
The solution implemented involves modifying the shebang line in the
cgi-demo.cgi file to use '/usr/bin/env rrdcgi', ensuring it adheres
to the length limit.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 05c17b63fe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a header only package. It may be useful to the native machine
but it is definitely useful for the nativesdk machine.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The assert_lib from perl package will execute the generated binary.
This is not suitable for cross compilation environment such as OE.
In OE, if the libs are not available, the following do_compile task
will just fail.
So we should avoid invoking assert_lib at do_configure stage to avoid
error message like below in log.do_configure:
/usr/lib64/ld-linux-aarch64.so.1: No such file or directory
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Flatbuffers contains a library and a schema compiler. The package
contains cmake files to discover the libraries and the compiler tool.
Currently, all of these cmake files are installed into the target
sysroot. However, the compiler utility isn't installed into the sysroot
(as it is not runnable on the build machine).
When an application that depends on flatbuffers gets built, it uses
flatbuffers' exported cmake targets to configure the project. One of the
exported targets is FlatcTarget.cmake which expects to see flatc binary
in /usr/bin of the sysroot. Since binaries for target don't end up in
target sysroot, cmake configuration fails.
This patch addresses this problem of flatbuffers' build infrastructure
in cross-compiling environments. By removing FlatcTarget.cmake for
target builds from the sysroot we essentially skip this step of
flatbuffers' configuration.
Signed-off-by: Ivan Stepic <Ivan.Stepic@bmw.de>
Signed-off-by: Bhabu Bindu <bindudaniel1996@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit b97dbaac66)
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove the CXX flag "-O2" for GCC 13 and 14. There's a bug with ARM GCC
that breaks the iteration of "types" in the createMeshShaderMiscTestsEXT
function. This issue is not present for clang or x86_64 GCC 14.
It seems that the array is not initialized before the first iteration.
In testing this can result in a random value being used. This can
manifest in LINES type being processed twice, resulting in the following
error:
FATAL ERROR: Failed to initialize dEQP: Test case with non-unique name
'no_lines' added to group 'misc'.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Following warning occurs when building with ptests enabled:
WARNING: cjson-1.7.17-r0 do_package_qa: QA Issue: File /usr/lib/cjson/ptest/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR
File /usr/lib/cjson/ptest/tests/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR
File /usr/lib/cjson/ptest/fuzzing/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR [buildpaths]
The cmake files also contain full paths to original CMakeLists.txt file
in _BACKTRACE_TRIPLES property;
These are not needed for successful ptests as we don't install the
CMakeLists.txt files anyway.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Martin Jansa
Marc Ferland
Ashish Sharma
Changqing Li
akash hadke
Soumya Sambu
Yogita Urade
Esben Haabendal
Peter Marko
Wang Mingyu
Peter Kjellerstedt
alperak
Markus Volk
Ninette Adhikari
Khem Raj
Mikko Rapeli
Barry Grussling
Benjamin Szőke
Etienne Cordonnier
Zhang Peng
Jiaying Song
Randolph Sapp
Alexandre Videgrain
Yoann Congal
Neel Gandhi
Chen Qi
BINDU
Vijay Anusuri
Libo Chen
Wentao Zhang