This is a header only package. It may be useful to the native machine
but it is definitely useful for the nativesdk machine.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The following vulnerabilities have been fixed:
wnpa-sec-2024-07 MONGO and ZigBee TLV dissector infinite loops. Issue 19726. CVE-2024-4854.
wnpa-sec-2024-08 The editcap command line utility could crash when chopping bytes from the beginning of a packet. Issue 19724. CVE-2024-4853.
wnpa-sec-2024-09 The editcap command line utility could crash when injecting secrets while writing multiple files. Issue 19782. CVE-2024-4855.
Release Notes: https://www.wireshark.org/docs/relnotes/wireshark-4.2.5.html
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The assert_lib from perl package will execute the generated binary.
This is not suitable for cross compilation environment such as OE.
In OE, if the libs are not available, the following do_compile task
will just fail.
So we should avoid invoking assert_lib at do_configure stage to avoid
error message like below in log.do_configure:
/usr/lib64/ld-linux-aarch64.so.1: No such file or directory
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Flatbuffers contains a library and a schema compiler. The package
contains cmake files to discover the libraries and the compiler tool.
Currently, all of these cmake files are installed into the target
sysroot. However, the compiler utility isn't installed into the sysroot
(as it is not runnable on the build machine).
When an application that depends on flatbuffers gets built, it uses
flatbuffers' exported cmake targets to configure the project. One of the
exported targets is FlatcTarget.cmake which expects to see flatc binary
in /usr/bin of the sysroot. Since binaries for target don't end up in
target sysroot, cmake configuration fails.
This patch addresses this problem of flatbuffers' build infrastructure
in cross-compiling environments. By removing FlatcTarget.cmake for
target builds from the sysroot we essentially skip this step of
flatbuffers' configuration.
Signed-off-by: Ivan Stepic <Ivan.Stepic@bmw.de>
Signed-off-by: Bhabu Bindu <bindudaniel1996@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit b97dbaac66)
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE's Fixed by upgrade:
CVE-2024-36387 apache2/httpd: DoS by null pointer in websocket over HTTP/2
CVE-2024-38472 apache2/httpd: UNC SSRF on WIndows
CVE-2024-38473 apache2/httpd: Encoding problem in mod_proxy
CVE-2024-38474 apache2/httpd: Substitution encoding issue in mod_rewrite
CVE-2024-38475 apache2/httpd: Improper escaping of output in mod_rewrite
CVE-2024-38476 apache2/httpd: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
CVE-2024-38477 apache2/httpd: null pointer dereference in mod_proxy
CVE-2024-39573 apache2/httpd: Potential SSRF in mod_rewrite
Other Changes between 2.4.59 -> 2.4.60
======================================
https://github.com/apache/httpd/blob/2.4.60/CHANGES
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove the CXX flag "-O2" for GCC 13 and 14. There's a bug with ARM GCC
that breaks the iteration of "types" in the createMeshShaderMiscTestsEXT
function. This issue is not present for clang or x86_64 GCC 14.
It seems that the array is not initialized before the first iteration.
In testing this can result in a random value being used. This can
manifest in LINES type being processed twice, resulting in the following
error:
FATAL ERROR: Failed to initialize dEQP: Test case with non-unique name
'no_lines' added to group 'misc'.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Following warning occurs when building with ptests enabled:
WARNING: cjson-1.7.17-r0 do_package_qa: QA Issue: File /usr/lib/cjson/ptest/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR
File /usr/lib/cjson/ptest/tests/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR
File /usr/lib/cjson/ptest/fuzzing/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR [buildpaths]
The cmake files also contain full paths to original CMakeLists.txt file
in _BACKTRACE_TRIPLES property;
These are not needed for successful ptests as we don't install the
CMakeLists.txt files anyway.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix incompatible pointer type error for daq:
| ../../daq-2.0.7/os-daq-modules/daq_nfq.c: In function 'SetPktHdr':
| ../../daq-2.0.7/os-daq-modules/daq_nfq.c:394:37: error: passing argument 2
of 'nfq_get_payload' from incompatible pointer type [-Wincompatible-pointer-types]
| 394 | int len = nfq_get_payload(nfad, (char**)pkt);
| | ^~~~~~~~~~~
| | |
| | char **
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This change consolidates the output format of the ptest command
into a single common format.
The format selected is the automake "simple test" format:
"result: testname"
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is cleaner way how to package unversioned libraries
which was suggested during review of the last commit.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It's a bad idea to add dev dependencies to main package.
It's pulling build dependencies including toolchain items.
The dependencies "were needed" because main package contains
packageconfig file.
This can be fixed by correct packaging.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* after buildpath warnings fix from:
https://git.openembedded.org/meta-openembedded/commit/?id=eeef1fddd9052bed4b1a91565260518eb042fed2
the LibwebsocketsTargets.cmake ends with:
INTERFACE_LINK_LIBRARIES "ssl;crypto;ssl;crypto;/libcap.so;-lpthread"
instead of:
INTERFACE_LINK_LIBRARIES "ssl;crypto;ssl;crypto;/OE/build/.../libwebsockets/4.3.3/lib32-recipe-sysroot/usr/lib/libcap.so;-lpthread"
which causes e.g. mosquitto to fail in do_compile with:
ninja: error: '/libcap.so', needed by 'src/mosquitto', missing and no known rule to make it
* this happens only when libwebsocket is built with libcap enabled
(by libcap in DEPENDS)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
In order to remove absolute paths from the cmake artifacts, paths from
the `$lib` folder should also be stripped off, otherwise internally
linked libraries (e.g. libz) may appear.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
===========
* Protect against integer overflow in ComposeQueryEngine
* Protect against integer overflow in ComposeQueryMallocExMm
* Require CMake >=3.5.0
* CMake option URIPARSER_SHARED_LIBS=(ON|OFF) to control, whether to produce a
shared or static library for uriparser and that alone, falls back to standard
BUILD_SHARED_LIBS if available, else defaults to "ON"
* Document that scheme-based normalization a la section 6.2.3 of RFC 3986 is a
responsibility of the application using uriparser
* Document supported code points for functions uriEscape(Ex)W
* Update Clang from 15 to 18
* Adapt to breaking changes in Clang packaging
* Get sanitizer CFLAGS and LDFLAGS back in sync
* Pin GitHub Actions to specific commits for security
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a small bugfix release that fixes a build issue with slibtool
(not relevant to meta-oe ATM), makes the licensing of C++ bindings less
restrictive and preemptively fixes an issue that will be triggered with
linux v6.9 when running gpio-tools ptest suite.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libfido2 depends on udev and libcbor which do not exist for native and
nativesdk targets.
Remove native & nativesdk from BBCLASSEXTEND to avoid hitting these in
world/universe builds.
Fixes these warnings (as seen on AB[0]):
WARNING: Nothing PROVIDES 'nativesdk-udev' (but virtual:nativesdk:[...]/libfido2_1.14.0.bb DEPENDS on or otherwise requires it). Close matches:
WARNING: Nothing PROVIDES 'nativesdk-libcbor' (but virtual:nativesdk:[...]/libfido2_1.14.0.bb DEPENDS on or otherwise requires it). Close matches:
WARNING: Nothing PROVIDES 'libcbor-native' (but virtual:native:[...]/libfido2_1.14.0.bb DEPENDS on or otherwise requires it). Close matches:
WARNING: Nothing PROVIDES 'udev-native' (but virtual:native:[...]/libfido2_1.14.0.bb DEPENDS on or otherwise requires it). Close matches:
WARNING: Nothing RPROVIDES 'nativesdk-libfido2-dev' (but virtual:nativesdk:[...]/libfido2_1.14.0.bb RDEPENDS on or otherwise requires it)
WARNING: Nothing RPROVIDES 'nativesdk-libfido2' (but virtual:nativesdk:[...]/libfido2_1.14.0.bb RDEPENDS on or otherwise requires it)
[0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/156/builds/367/steps/12/logs/warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Cc: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a3d194eb3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
An out-of-bounds stack write flaw was found in unixODBC on 64-bit
architectures where the caller has 4 bytes and callee writes 8 bytes.
This issue may go unnoticed on little-endian architectures, while
big-endian architectures can be broken.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-1013
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The flow module was removed in Twisted 9.0.0 a long time
and currently does not install anything. Let's remove it
to cleanup the recipe.
This commit also removes python3-twisted-news package because
the source files were removed in Twisted 21.2.0. All other
files which no longer exist in the source are also removed from FILES.
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes an issue where split packages were no populated since all the files
were picked up by FILES:${PN}
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
----
v2]
Scarthgap has the same error as master: initialize timespec variable.
pcapplusplus/23.09/git/Packet++/src/RawPacket.cpp:23:18: error: 'nsec_time.timespec::<anonymous>' is used uninitialized [-Werror=uninitialized]
| 23 | timespec nsec_time;
| | ^~~~~~~~~
| cc1plus: all warnings being treated as errors
- remove included patches
- set path for fusermount3 to avoid requirement for fuse3-native. This is needed since:
https://github.com/flatpak/flatpak/commit/2cb17b4eb82ecedaa98b5b7f954cf3e52fa95682
Changes in 1.15.8
~~~~~~~~~~~~~~~~~
Security fixes:
* Don't allow an executable name to be misinterpreted as a command-line
option for bwrap(1). This prevents a sandbox escape where a malicious
or compromised app could ask xdg-desktop-portal to generate a .desktop
file with access to files outside the sandbox. (CVE-2024-32462)
Other bug fixes:
* Pass the -export-dynamic linker option as -Wl,-export-dynamic,
fixing build failures with clang 18 and lld 18 (#5760)
* Fix a double-free when installation is cancelled (#5763)
* Fix installed-tests failure with "FUSERMOUNT: unbound variable"
(#5751)
* Translation updates: pt_BR (#5762), tr (#5761)
Changes in 1.15.7
~~~~~~~~~~~~~~~~~
Released: 2024-03-27
Dependencies:
* The Meson build system is now required.
Compiling with Autotools is no longer possible.
* In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
executable, version 0.9.0 is recommended. Several of the bug fixes listed
below will not be active if an older version is used.
* In distributions that compile Flatpak to use a separate xdg-dbus-proxy
executable, version 0.1.5 is recommended.
* If libmalcontent (parental controls) is enabled, it must be version 0.5.0
or later.
New features:
* Automatically remove obsolete driver versions and other autopruned refs
(#5632)
* `--socket=inherit-wayland-socket` (#5614)
* Automatically reload D-Bus session bus configuration after installing
or upgrading apps, to pick up any exported D-Bus services (#3342)
Bug fixes:
* Update included copy of bubblewrap to version 0.9.0:
* `--symlink` is now idempotent, meaning it succeeds if the
symlink already exists and already has the desired target
(#2387, #3477, #5255)
* Report a better error message if `mount(2)` fails with `ENOSPC`
* Fix a double-close on error reading from `--args`, `--seccomp` or
`--add-seccomp-fd` argument
* Improve memory allocation behaviour
* Silence various compiler warnings
* Update included copy of bubblewrap to version 0.1.5:
* Fix handling of long object paths
* Don't parse `<developer><name/></developer>` as the application name
(#5700)
* Don't refuse to start apps when there is no D-Bus system bus available
(#5076)
* Don't try to repeat migration of apps whose data was migrated to a new
name and then deleted (#5668)
* Improve handling of mixed locales on systems with systemd-localed (#5497)
* Improve display of ellipsized columns in wide terminals (#5722)
* Make `flatpak info -e` look for extensions in all installations (#5670)
* Fix warnings from newer GLib versions (#5660, #5737)
* Always set the `container` environment variable (#5610)
* Always let the app inherit redirected file descriptors (#5626)
* In `flatpak ps`, add xdg-desktop-portal-gnome to the list of backends
we'll use to learn which apps are running in the background (#5729)
* Don't use `WAYLAND_SOCKET` unless given `--socket=inherit-wayland-socket`
(#5614)
* Use `fusermount3` if compiled with FUSE 3, overridable with
`-Dsystem_fusermount` compile-time option (#5104)
* Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into
the shell environment (#5574)
* Improve async-signal safety (#5687)
* Fix various memory leaks (#5683, #5690, #5691)
* Avoid undefined behaviour of signed left-shift when storing object IDs
in a hash table (#5738)
* Detect the correct gtk-doc when cross-compiling (#5650)
* Detect the correct wayland-scanner when cross-compiling (#5596)
* Documentation improvements (#5659, #5677, #5682, #5664, #5719)
* Skip more tests when FUSE isn't available (#5611)
* Translation updates (#5602, #5707)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
plugin_uefi_capsule_splash does not provide "enabled" or "disabled"
options but only basic bool "true" and "false". Fixes do_configure()
failure with
PACKAGECONFIG:append = " plugin_tpm plugin_uefi_pk plugin_uefi_capsule ":
| ../fwupd-1.9.18/meson.build:1:0: ERROR: Value disabled is not boolean (true or false).
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
For systemd, there is not a fuse.service since systemd provides
sys-fs-fuse-connections.mount to mount the fuse control filesystem, so
instead, only fuse3.conf is added to modules-load.d to load the required
fuse kernel module.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Apparently, npm has changed its request accept header, so that cache
lookup misses. This causes an ENOTCACHED error when doing the offline
install in do_compile() from npm.bbclass.
Fix it by updating the fake cache entry to match the newest behaviour
from npm.
Note that npm doesn't agree with itself, as it still uses the previous
header value when doing `npm cache add <pkg>`, but the new value when
doing `npm install <pkg>`.
Bug submitted upstream:
https://github.com/npm/cli/issues/7465
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Randolph Sapp
Alexandre Videgrain
Yoann Congal
Vijay Anusuri
Neel Gandhi
Chen Qi
BINDU
Randy MacLeod
Libo Chen
Siddharth Doshi
Wentao Zhang
Soumya Sambu
Peter Marko
Hitendra Prajapati
Kai Kang
Zhang Peng
Martin Jansa
Gerard Salvatella
Wang Mingyu
Bartosz Golaszewski
nikhil
Scott Murray
gr embeter
Guðni Már Gilbert
Changqing Li
Khem Raj
Markus Volk
Yi Zhao
Mikko Rapeli
Martin Hundebøll
Ross Burton