lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2
and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote
authenticated user can trigger a kadmind crash. This occurs because
_xdr_kadm5_principal_ent_rec does not validate the relationship
between n_key_data and the key_data array count.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36054
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Drop unneeded autotools-brokensep class inherit, this package has
traditional makefile build.
This change also fixes the below buildpaths issue altogether.
WARNING: mcelog-191-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/mcelog in package mcelog-dbg contains reference to TMPDIR [buildpaths]
(cherry picked from commit 29e6c4928c)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Khronos-cts.inc is used for building vulkan-cts or opengl-es-cts. Even
though vulkan-cts depends on vulkan-loader, which automatically
requires vulkan distro feature, it is more explicitly stated if written
here next to opengl.
Some systems do not support a windowing service (like wayland) but still
might use standard khronos GPU libraries. For these cases, wayland
dependancy is invalid.
Patch replaces the invalid wayland distro feature dependancy with
vulkan for clarity.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The current use of RDEPENDS to add a dependency on bats results
in the QA warning/error
lib32-libgpiod package lib32-libgpiod-ptest-dev - suspicious values
'bats-dev' in RRECOMMENDS [multilib]
when building lib32-libgpiod with ptest not enabled. We add the
dependency only if ptest is enabled.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9904bd6a24)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
https://c-ares.org/changelog.html
c-ares version 1.19.1 - May 22 2023
Security:
CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS
query IDs
CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during
cross compilation
Bug fixes:
Fix uninitialized memory warning in test
Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses
ares_getaddrinfo() should allow a port of 0
Fix memory leak in ares_send() on error
Fix comment style in ares_data.h
Remove unneeded ifdef for Windows
Fix typo in ares_init_options.3
Re-add support for Watcom compiler
Sync ax_pthread.m4 with upstream
Windows: Invalid stack variable used out of scope for HOSTS path
Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A vulnerability classified as problematic was found in OpenCV
wechat_qrcode Module up to 4.7.0. Affected by this vulnerability
is the function DecodedBitStreamParser::decodeByteSegment of the
file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation
leads to null pointer dereference. The attack can be launched
remotely. The exploit has been disclosed to the public and may
be used. It is recommended to apply a patch to fix this issue.
The associated identifier of this vulnerability is VDB-228547.
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This reverts commit 0abf5af3ff
libopencv-ts package is not empty and libopencv_ts libraries are
not all installed in the -dev package, these libraries are needed
for sdk development listed in opencv4.pc file.
Signed-off-by: Sandeep Gundlupet Raju <sandeep.gundlupet-raju@amd.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
If you try to build libblockdev with an empty PACKAGECONFIG then the
configure fails.
Add autoconf-archive, glib-2.0, and udev; these were implicitly pulled
in via other dependencies. Move kmod to DEPENDS as it's a hard
requirement.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f14663746b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Recipes are not expected to set FILESPATH directly, they are
expected to use FILESEXTRAPATH.
I can see the seting of FILESPATH in this recipe only wants to
find redis-7 specific patches and files. This could be easily achieved by
using redis-7.0.11/ directory to hold all those files.
Using FILESPATH in this way removes the possibility of overriding
some files (e.g., the redis service file) from other layers via
FILESEXTRAPATH:prepend, which is kind of a common practice and is
actually working for basically all other recipes.
This is because we have:
meta/classes-global/base.bbclass:FILESPATH = "${@base_set_filespath(["${FILE_DIRNAME}/${BP}", "${FILE_DIRNAME}/${BPN}", "${FILE_DIRNAME}/files"], d)}"
And FILESEXTRAPATH is handled in base_set_filespath.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
pahole need to line up with kernel's architectures bitsize,
so add it to NON_MULTILIB_RECIPES.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
using libbpf-native provided headers for pahole-native or other application.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As per gnulib_2018-03-07 recipe information,
SRCREV = "0d6e3307bbdb8df4d56043d5f373eeeffe4cbef3"
This revision was committed on "2018-12-18".
There is a discrepancy between SRCREV and the recipe version.
Which reports "CVE-2018-17942" as unpatched.
To report "CVE-2018-17942" as patched,
We need to align a recipe name with SRCREV commit date.
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9edbe7033c)
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Use sed to change scripts to reference ${baselib}. The
former set of scripts modified was incomplete.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1cc72c41af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Configure emits HAVE_CC variable to be used in sourcecode and its built
from CC env var, CC in OE contains buildpaths in --sysroot option,
therefore edit this option out in configure.ac itself and remove all
other workarounds to fix this issue in recipe
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c0a344ab71)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bison/flex emits line directives which can be safely removed from
generated files.
agent_version.h is generated by cmake which has build information like
compiler and cflags etc. which contains buildpaths too, therefore
replace real workdir with <WORKDIR>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0d2df1e4c4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It points to sh provided by HOSTTOOLS in the build systems path
Fixes
WARNING: lirc-0.10.2-r0 do_package_qa: QA Issue: File /usr/include/lirc/config.h in package lirc-dev contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d112323521)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Sometimes an end user might want to change some values in
/sys/kernel/config/usb_gadget/ at runtime, for instance, a product id
or serial number must be read from /proc/device-tree, and so on.
Support that by letting gadget-start run all scripts in /etc/usbgx.d
after importing the schemas.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Martin Jansa
Soumya Sambu
Polampalli, Archana
Wang Mingyu
Mingli Yu
Linus Jacobson
Changqing Li
Beniamin Sandu
Jasper Orschulko
Joe Slater
Chee Yang Lee
Sandeep Gundlupet Raju 837
Ross Burton
Chen Qi
Urade, Yogita t.mo
Xiangyu Chen
Khem Raj
schitrod=cisco.com@lists.openembedded.org
Ming Liu