mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity
23,509 Commits 64 Branches 0 Tags
feb37930707107748a31300acb5f30189b7232a3
Commit Graph

10728 Commits

Author SHA1 Message Date
Peter Marko cc8b266290 nss: patch CVE-2024-6609 
Pick the same patch as Debian took for bullseye.

There is no direct backport to version prior 3.102 because
commit NSS_3_101_BETA2-12-g8d94c529b [1] rewrote this code.

Applied patch was proposed for old versions in [2] and already
applied in Debian bullseye.

I could not find suitable upstream status, inappropriate is the best
I could pick from offered possibilities.

[1] https://github.com/nss-dev/nss/commit/8d94c529b333194d080c4885ddd3a40e6c296ae9<
[2] https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/t9JmsYkujWM/m/HjKuk-ngBAAJ

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-12-08 14:39:17 -05:00
Peter Marko daf05cbbe1 nss: patch CVE-2024-6602 
Pick the same patch as Debian took for bullseye.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-12-08 14:39:17 -05:00
Martin Jansa 013a32fec9 poco: use main instead of master branch 
Branches used in langdale, mickledore, nanbield were re-written in upstream :(, fixes were sent to meta-oe:
langdale: https://lists.openembedded.org/g/openembedded-devel/message/107533
mickledore: https://lists.openembedded.org/g/openembedded-devel/message/107531
merged in:
https://git.openembedded.org/meta-openembedded/commit/?h=mickledore&id=b0d67900ae9e8911f734c25c0674fe55df8cd188
nanbield: https://lists.openembedded.org/g/openembedded-devel/message/107532
merged in:
https://git.openembedded.org/meta-openembedded/commit/?h=nanbield&id=2da6e1b0e43a8993fd422fee3f83940100b59f4c

fix for langdale wasn't ever fixed because it was sent after langdale
was already EOL, but looks like the version used in kirkstone got
broken recently as well, because master branch was removed:

poco/1.11.2-r0/git $ git branch -a --contains 9d1c428c861f2e5ccf09149bbe8d2149720c5896
* master
...
  remotes/origin/dev-task-test-diag
  remotes/origin/devel
  remotes/origin/feat/acceptor-service-handler-args
  remotes/origin/fix/posix-sleep
  remotes/origin/issue-templates
  remotes/origin/master
  remotes/origin/poco-1.12.0
  remotes/origin/poco-1.12.1
  remotes/origin/poco-1.12.2
  remotes/origin/poco-1.12.3
  remotes/origin/poco-1.12.4
  remotes/origin/poco-1.12.5
  remotes/origin/poco-1.12.6
  remotes/origin/poco-1.9.5-not-released
  remotes/origin/poll-closed-server-test
  remotes/origin/upgrade-ci-actions-to-v3

poco/1.11.2-r0/git $ git remote prune origin
Pruning origin
URL: https://github.com/pocoproject/poco.git
...
 * [pruned] origin/android-ndk-action
 * [pruned] origin/develop
 * [pruned] origin/feat/wepoll
 * [pruned] origin/fix/PollSet-race
 * [pruned] origin/fix/swap-noexcept
 * [pruned] origin/master
 * [pruned] origin/poco-1.10.2
 * [pruned] origin/poco-1.9.5
 refs/remotes/origin/HEAD has become dangling!

poco/1.11.2-r0/git $ git branch -a --contains 9d1c428c861f2e5ccf09149bbe8d2149720c5896
* master
...
  remotes/origin/dev-task-test-diag
  remotes/origin/devel
  remotes/origin/discourage-using-configure-and-make
  remotes/origin/feat/acceptor-service-handler-args
  remotes/origin/feat/json-logging
  remotes/origin/fix/posix-sleep
  remotes/origin/issue-templates
  remotes/origin/main
  remotes/origin/master-pre-1.13.0
  remotes/origin/master-unused
  remotes/origin/openssl_fix
  remotes/origin/poco-1.12.0
  remotes/origin/poco-1.12.1
  remotes/origin/poco-1.12.2
  remotes/origin/poco-1.12.3
  remotes/origin/poco-1.12.4
  remotes/origin/poco-1.12.5
  remotes/origin/poco-1.12.6
  remotes/origin/poco-1.13.0
  remotes/origin/poco-1.13.1
  remotes/origin/poco-1.13.2
  remotes/origin/poco-1.13.3
  remotes/origin/poco-1.13.4
  remotes/origin/poco-1.9.5-not-released
  remotes/origin/poll-closed-server-test
  remotes/origin/release-1.14-changelog-authors
  remotes/origin/search-support
  remotes/origin/upgrade-ci-actions-to-v3

switch to main branch which is the most common and the least surprising.

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-12-08 14:38:16 -05:00
Martin Jansa ccff82ad8b libjs-jquery-cookie: update branch from master to main 
* it was updated in nanbield with upgrade to 3.0.5 in:
  fc0a506bde libjs-jquery-cookie: upgrade 3.0.1 -> 3.0.5

* drop duplicated protocol param as in mickledore:
  2e0a581bee recipes: Remove double protocol= from SRC_URIs

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-12-08 14:38:16 -05:00
Khem Raj a8a325756a gitpkgv: Fix python deprecation warning 
Fixes
DeprecationWarning: 'pipes' is deprecated and slated for removal in Python 3.13

pipes is an alias for shlex therefore switch to using shlex

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-12-08 14:38:16 -05:00
Martin Jansa 7114e2fba1 flatbuffers: fix native build with gcc-14 on host 
In C++ we cannot have both assignment operator and const member. Since
span::operator= is defined, span::count_ constness must be removed.

Fixes:

FAILED: CMakeFiles/flatc.dir/src/util.cpp.o
ccache flatbuffers/2.0.0/recipe-sysroot-native/usr/bin/aarch64-webos-linux/aarch64-webos-linux-g++ --sysroot=flatbuffers/2.0.0/recipe-sysroot -DFLATBUFFERS_LOCALE_INDEPENDENT=1 -Iflatbuffers/2.0.0/git/include -Iflatbuffers/2.0.0/git/grpc -mbranch-protection=standard -fstack-protector-strong  -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Werror=return-type -funwind-tables  --sysroot=flatbuffers/2.0.0/recipe-sysroot  -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map  -fmacro-prefix-map=flatbuffers/2.0.0/git=/usr/src/debug/flatbuffers/2.0.0  -fdebug-prefix-map=flatbuffers/2.0.0/git=/usr/src/debug/flatbuffers/2.0.0  -fmacro-prefix-map=flatbuffers/2.0.0/build=/usr/src/debug/flatbuffers/2.0.0  -fdebug-prefix-map=flatbuffers/2.0.0/build=/usr/src/debug/flatbuffers/2.0.0  -fdebug-prefix-map=flatbuffers/2.0.0/recipe-sysroot=  -fmacro-prefix-map=flatbuffers/2.0.0/recipe-sysroot=  -fdebug-prefix-map=flatbuffers/2.0.0/recipe-sysroot-native=  -fvisibility-inlines-hidden  -fPIC -DNDEBUG -MD -MT CMakeFiles/flatc.dir/src/util.cpp.o -MF CMakeFiles/flatc.dir/src/util.cpp.o.d -o CMakeFiles/flatc.dir/src/util.cpp.o -c flatbuffers/2.0.0/git/src/util.cpp
In file included from ../git/include/flatbuffers/util.h:23,
                 from ../git/src/util.cpp:44:
../git/include/flatbuffers/stl_emulation.h: In member function 'constexpr flatbuffers::span<T, Extent>& flatbuffers::span<T, Extent>::operator=(const flatbuffers::span<T, Extent>&)':
../git/include/flatbuffers/stl_emulation.h:549:12: error: assignment of read-only member 'flatbuffers::span<T, Extent>::count_'
  549 |     count_ = other.count_;
      |     ~~~~~~~^~~~~~~~~~~~~~

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-12-08 14:38:16 -05:00
Ramax Lo 873d801a71 vk-gl-cts: Fix branch names 
The branch names of several upstream repos have been changed, thus we
update the recipe to avoid fetching failure.

Signed-off-by: Ramax Lo <ramaxlo@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-12-08 14:38:16 -05:00
Liyin Zhang 4ad41baed6 sound-theme-freedesktop: Update SRC_URI 
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:56 -04:00
Liyin Zhang 84085f7c45 keyutils: Update SRC_URI 
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:52 -04:00
Liyin Zhang 1ef98ea392 libatasmart: Update SRC_URI to fix fetch issue 
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:48 -04:00
Guocai He ebe1af249a xmlrpc-c: fix do_fetch error 
Fetcher failure:
Unable to find revision 86405c7e1bd4f70287204a28d242a1054daab520
in branch master

Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:45 -04:00
Mingli Yu 7f741f817e rocksdb: Add ptest support 
# ./run-ptest
PASS: arena_test
PASS: cache_test
PASS: db_basic_test
PASS: env_basic_test
PASS: testutil_test

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:42 -04:00
Peter Marko 09d95e03ad cjson: upgrade 1.7.17 -> 1.7.18 
Changelog:
============
* Add NULL check to cJSON_SetValuestring()(CVE-2024-31755)
* Remove non-functional list handling of compiler flags
* Fix heap buffer overflow
* remove misused optimization flag -01
* Set free'd pointers to NULL whenever they are not reassigned immediately after

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(From meta-openembedded rev: 535822eff7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:19:39 -04:00
Dmitry Baryshkov 98e2f52a5e android-tools: Create flag file /etc/usb-debugging-enabled 
Location of the file that systemd uses to check whether to
start adbd or not has been updated from /var to /etc in
android-tools-adbd.service. This change changes the path
of creation of usb-debugging-enabled flag file in
android-tools recipes from /var/usb-debugging-enabled to
/etc/usb-debugging-enabled

Backport-of: 2a3d4be999 ("android-tools: create flag flag file for adbd at a proper location")
Fixes: a29c6386d5 ("android-toold-adbd: Fix inconsistency between selinux configurations")
Fixes: 8106cfe769 ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Raghuvarya S <quic_raghuvar@quicinc.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:14:58 -04:00
Raghuvarya S a795889d2f android-tools-adbd.service: Update ConditionPathExists to /etc 
To ensure android-tools-adbd.service starts at boot, the path
for ConditionPathExists must be present at build time. /etc is
more suitable for build-time files than /var, which is for
runtime files. Changed ConditionPathExists from
/var/usb-debugging-enabled to /etc/usb-debugging-enabled

Backport-of: 8106cfe769 ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists")
CC: Khem Raj <raj.khem@gmail.com>
CC: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Raghuvarya S <quic_raghuvar@quicinc.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:14:19 -04:00
Peter Kjellerstedt 5903ee551f libdevmapper: Inherit nopackages 
This fixes errors from buildhistory changes where packages-split would
be empty.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 90f96e053a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-10-13 11:12:49 -04:00
Niko Mauno 41dba53932 opensc: Fix LICENSE declaration 
According to https://github.com/OpenSC/OpenSC/wiki#license OpenSC is
licensed under LGPL-2.1 or later, which seems to be affirmed also by
the comments in the source code files, as well as the COPYING file.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 10:12:43 -04:00
Peter Marko 31d7500290 libndp: Patch CVE-2024-5564 
Pick https://github.com/jpirko/libndp/commit/05e4ba7b0d126eea4c04387dcf40596059ee24af.patch

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-09-22 09:59:21 -04:00
Vijay Anusuri d4a4e8b281 postgresql: upgrade 14.11 -> 14.13 
Addresses CVEs CVE-2024-4317 & CVE-2024-7348 and other bug fixes.

Release notes are available at:
https://www.postgresql.org/docs/release/14.13/
https://www.postgresql.org/docs/release/14.12/

0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for new version.

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-08-25 18:11:33 -04:00
Hitendra Prajapati f0b3330b9d krb5: fix CVE-2024-26458 and CVE-2024-26461 
Upstream-Status: Backport from https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-08-25 18:11:29 -04:00
Haixiao Yan 52ecd66835 nss: fix failed test of nss. 
The expiration date of the "NameConstraints.*.cert" test certificate in
the nss package is Sep 4 2023 and causing a test failure.

This commit regenerate NameConstraints test certificates and changes the
validity period of test certs generated by `make-nc` from ~10 years to
~20 years.

regenerate_NameConstrain_test_certificates.tar.gz is a snapshot of certs
files based on the commit which update them. It fails to apply binary
commit, so create a tarball as part of SRC_URI rather than a .patch
file.

Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/rev/1d565dc7e17dad6d2851b2d6ff522c5d6345ae26]

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:45:11 -04:00
Wentao Zhang 6e66175949 nss: fix failed test of nss. 
The expiration date of the "PayPalEE.cert" test certificate in the nss package
is Jan 12 2022 and causing a test failure.

Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:45:07 -04:00
Emil Kronborg 69d1121922 php-fpm: fix systemd 
2848cc99a1 ("php-fpm: Add support for systemd") introduced a systemd
service file, where ExecStart and ExecStop uses /etc/init.d/php-fpm,
which does not exist if systemd is enabled. Consequently, the php-fpm
service fails to start even though it is correctly installed. This is
fixed by this commit in which the service file is identical to the one
from the PHP source code except for the use of BitBake variables. Also,
use ${systemd_system_unitdir} instead of ${systemd_unitdir}/system.

Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:43:01 -04:00
Wang Mingyu 0fdc4a6357 php: Fix install conflict when enable multilib. 
Error: Transaction test error:
  file /usr/bin/php-config conflicts between attempted installs of php-dev-8.2.7-r0.core2_64 and lib32-php-dev-8.2.7-r0.i686
  file /usr/bin/phpize conflicts between attempted installs of php-dev-8.2.7-r0.core2_64 and lib32-php-dev-8.2.7-r0.i686
  file /usr/include/php/main/build-defs.h conflicts between attempted installs of php-dev-8.2.7-r0.core2_64 and lib32-php-dev-8.2.7-r0.i686
  file /usr/include/php/main/php_config.h conflicts between attempted installs of php-dev-8.2.7-r0.core2_64 and lib32-php-dev-8.2.7-r0.i686

The differences of php-config are as follows:
@@ -8,16 +8,16 @@
 vernum="80207"
 include_dir="/usr/include/php"
 includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib"
-ldflags=" -L/usr/lib64"
+ldflags=" -L/usr/lib"
 libs="-lcrypt  -lc-client  -lrt -lcrypt -lpam -lbz2 -lrt -lm -ldl  -lxml2 -lssl -lcrypto -lsqlite3 -lz -lxml2 -lssl -lcrypto -lsqlite3 -lxml2 -lxml2 -lxml2 -lxml2 -lz -lssl -lcrypto -lcrypt "
-extension_dir='/usr/lib64/php8/extensions/no-debug-non-zts-20220829'
+extension_dir='/usr/lib/php8/extensions/no-debug-non-zts-20220829'
 man_dir=`eval echo /usr/share/man`
 program_prefix=""
 program_suffix=""
 exe_extension=""
 php_cli_binary=NONE
 php_cgi_binary=NONE
-configure_options=" '--build=x86_64-linux' '--host=x86_64-poky-linux' '--target=x86_64-poky-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib64' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--enable-mbstring' '--enable-fpm' '--with-libdir=lib64' '--with-gettext=/usr/lib64/..' '--with-zlib=/usr/lib64/..' '--with-iconv=/usr/lib64/..' '--with-bz2=/usr' '--with-config-file-path=/etc/php/apache2-php8' 'ac_cv_c_bigendian_php=no' '--enable-sockets' '--enable-pcntl' '--enable-shared' '--disable-rpath' '--with-pic' '--libdir=/usr/lib64/php8' '--disable-static' '--with-imap=' '--with-imap-ssl=' '--disable-ipv6' '--disable-mbregex' '--with-mysqli=mysqlnd' '--with-pdo-mysql=m
 ysqlnd' '--enable-opcache' '--with-openssl' '--without-pgsql' '--disable-soap' '--with-sqlite3=/usr/lib64/..' '--with-pdo-sqlite=/usr/lib64/..' '--with-valgrind=no' '--enable-nls' 'build_alias=x86_64-linux' 'host_alias=x86_64-poky-linux' 'target_alias=x86_64-poky-linux' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig://usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib64/pkgconfig' 'CC=x86_64-poky-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I/usr/include/apache2 -DHAVE_LIBDL ' 'LDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -Wl,-z,relro,-z,now -ldl ' 'CPPFLAGS=' 'CPP=x86_64-poky-linux-gcc -E --sysroot= -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong
  -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security' 'CXX=x86_64-poky-linux-g++ -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CXXFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fvisibility-inlines-hidden'"
+configure_options=" '--build=x86_64-linux' '--host=i686-pokymllib32-linux' '--target=i686-pokymllib32-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--enable-mbstring' '--enable-fpm' '--with-libdir=lib' '--with-gettext=/usr/lib/..' '--with-zlib=/usr/lib/..' '--with-iconv=/usr/lib/..' '--with-bz2=/usr' '--with-config-file-path=/etc/php/apache2-php8' 'ac_cv_c_bigendian_php=no' '--enable-sockets' '--enable-pcntl' '--enable-shared' '--disable-rpath' '--with-pic' '--libdir=/usr/lib/php8' '--disable-static' '--with-imap=' '--with-imap-ssl=' '--disable-ipv6' '--disable-mbregex' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mys
 qlnd' '--enable-opcache' '--with-openssl' '--without-pgsql' '--disable-soap' '--with-sqlite3=/usr/lib/..' '--with-pdo-sqlite=/usr/lib/..' '--with-valgrind=no' '--enable-nls' 'build_alias=x86_64-linux' 'host_alias=i686-pokymllib32-linux' 'target_alias=i686-pokymllib32-linux' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/share/pkgconfig:/ubinux-dev/ubinux001/contribution/build_xh/tmp/work/i686-pokymllib32-linux/lib32-php/8.2.7-r0/recipe-sysroot//usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig' 'CC=i686-pokymllib32-linux-gcc -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I/usr/include/apache2 -DHAVE_LIBDL ' 'LDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -Wl,-z,relro,-z,now -ldl ' 'CPPFLAGS
 =' 'CPP=i686-pokymllib32-linux-gcc -E --sysroot= -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64' 'CXX=i686-pokymllib32-linux-g++ -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CXXFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fvisibility-inlines-hidden'"

The differences of phpize are as follows:
@@ -4,7 +4,7 @@
 prefix='/usr'
 datarootdir='/usr/php'
 exec_prefix="`eval echo /usr`"
-phpdir="`eval echo /usr/lib64/php8`/build"
+phpdir="`eval echo /usr/lib/php8`/build"
 includedir="`eval echo /usr/include`/php"
 builddir="`pwd`"
 SED="sed"

The differences of build-defs.h are as follows:
@@ -14,7 +14,7 @@
    +----------------------------------------------------------------------+
 */

-#define CONFIGURE_COMMAND " '../php-8.2.7/configure'  '--build=x86_64-linux' '--host=x86_64-poky-linux' '--target=x86_64-poky-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib64' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--enable-mbstring' '--enable-fpm' '--with-libdir=lib64' '--with-gettext=/usr/lib64/..' '--with-zlib=/usr/lib64/..' '--with-iconv=/usr/lib64/..' '--with-bz2=/usr' '--with-config-file-path=/etc/php/apache2-php8' 'ac_cv_c_bigendian_php=no' '--enable-sockets' '--enable-pcntl' '--enable-shared' '--disable-rpath' '--with-pic' '--libdir=/usr/lib64/php8' '--disable-static' '--with-imap=' '--with-imap-ssl=' '--disable-ipv6' '--disable-mbregex' '--with-m
 ysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--enable-opcache' '--with-openssl' '--without-pgsql' '--disable-soap' '--with-sqlite3=/usr/lib64/..' '--with-pdo-sqlite=/usr/lib64/..' '--with-valgrind=no' '--enable-nls' 'build_alias=x86_64-linux' 'host_alias=x86_64-poky-linux' 'target_alias=x86_64-poky-linux' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig://usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib64/pkgconfig' 'CC=x86_64-poky-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I/usr/include/apache2 -DHAVE_LIBDL ' 'LDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -Wl,-z,relro,-z,now -ldl ' 'CPPFLAGS=' 'CPP=x86_64-poky-linux-gcc -E --sysroot= -m64 -march=core2 -mtune=core2 -msse3 -mf
 pmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security' 'CXX=x86_64-poky-linux-g++ -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CXXFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fvisibility-inlines-hidden'"
+#define CONFIGURE_COMMAND " '../php-8.2.7/configure'  '--build=x86_64-linux' '--host=i686-pokymllib32-linux' '--target=i686-pokymllib32-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--enable-mbstring' '--enable-fpm' '--with-libdir=lib' '--with-gettext=/usr/lib/..' '--with-zlib=/usr/lib/..' '--with-iconv=/usr/lib/..' '--with-bz2=/usr' '--with-config-file-path=/etc/php/apache2-php8' 'ac_cv_c_bigendian_php=no' '--enable-sockets' '--enable-pcntl' '--enable-shared' '--disable-rpath' '--with-pic' '--libdir=/usr/lib/php8' '--disable-static' '--with-imap=' '--with-imap-ssl=' '--disable-ipv6' '--disable-mbregex' '--with-mys
 qli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--enable-opcache' '--with-openssl' '--without-pgsql' '--disable-soap' '--with-sqlite3=/usr/lib/..' '--with-pdo-sqlite=/usr/lib/..' '--with-valgrind=no' '--enable-nls' 'build_alias=x86_64-linux' 'host_alias=i686-pokymllib32-linux' 'target_alias=i686-pokymllib32-linux' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/share/pkgconfig:/ubinux-dev/ubinux001/contribution/build_xh/tmp/work/i686-pokymllib32-linux/lib32-php/8.2.7-r0/recipe-sysroot//usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig' 'CC=i686-pokymllib32-linux-gcc -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I/usr/include/apache2 -DHAVE_LIBDL ' 'LDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -W
 l,-z,relro,-z,now -ldl ' 'CPPFLAGS=' 'CPP=i686-pokymllib32-linux-gcc -E --sysroot= -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64' 'CXX=i686-pokymllib32-linux-g++ -m32 -march=i686 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CXXFLAGS= -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fvisibility-inlines-hidden'"
 #define PHP_ODBC_CFLAGS        ""
 #define PHP_ODBC_LFLAGS                ""
 #define PHP_ODBC_LIBS          ""
@@ -24,12 +24,12 @@
 #define PHP_PROG_SENDMAIL      "/usr/sbin/sendmail"
 #define PEAR_INSTALLDIR         ""
 #define PHP_INCLUDE_PATH       ".:"
-#define PHP_EXTENSION_DIR       "/usr/lib64/php8/extensions/no-debug-non-zts-20220829"
+#define PHP_EXTENSION_DIR       "/usr/lib/php8/extensions/no-debug-non-zts-20220829"
 #define PHP_PREFIX              "/usr"
 #define PHP_BINDIR              "/usr/bin"
 #define PHP_SBINDIR             "/usr/sbin"
 #define PHP_MANDIR              "/usr/share/man"
-#define PHP_LIBDIR              "/usr/lib64/php8"
+#define PHP_LIBDIR              "/usr/lib/php8"
 #define PHP_DATADIR             "/usr/share"
 #define PHP_SYSCONFDIR          "/etc"
 #define PHP_LOCALSTATEDIR       "/var"

The differences of php_config.h are as follows:
@@ -2064,7 +2064,7 @@
 /* #undef SIZEOF_INTMAX_T */

 /* The size of `long', as computed by sizeof. */
-#define SIZEOF_LONG 8
+#define SIZEOF_LONG 4

 /* The size of `long long', as computed by sizeof. */
 #define SIZEOF_LONG_LONG 8
@@ -2079,7 +2079,7 @@
 #define SIZEOF_SHORT 2

 /* The size of `size_t', as computed by sizeof. */
-#define SIZEOF_SIZE_T 8
+#define SIZEOF_SIZE_T 4

 /* Size of ssize_t */
 #define SIZEOF_SSIZE_T 8

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-30 09:42:55 -04:00
Martin Jansa 0d361748b8 giflib: fix build with gold and avoid imagemagick-native dependency 
* avoid imagemagick-native like upstream did in:
  https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-17 20:07:57 -04:00
Vijay Anusuri e532396d47 krb5: Fix for CVE-2024-37370 and CVE-2024-37371 
Upstream-Status: Backport
[https://github.com/krb5/krb5/commit/548da160b52b25a106e9f6077d6a42c2c049586c
&
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-17 20:06:58 -04:00
Soumya Sambu 6ff0748a47 php: Upgrade to 8.1.29 
Includes fix for CVE-2024-5458, CVE-2024-2408 and other bugs

Changelog:
https://www.php.net/ChangeLog-8.php#8.1.29

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:32:38 -04:00
Jiaqing Zhao bede1a8fcb rdfind: fix build with gcc-13 
<cstdint> need to be included explicitly when compiling with gcc-13.

Upstream-Status: Backport [1.6.0 https://github.com/pauldreik/rdfind/commit/f6c3f698dd680931b5c2f05688319290bdf0d930]
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:32:10 -04:00
nikhil 383cc5f413 giflib: upgrade to version 5.2.2 
Upgrade to latest version giflib v5.2.2.

This version fixes bugs listed in link below:
Link: https://sourceforge.net/p/giflib/code/ci/5.2.2/tree/NEWS

Fixes for CVE-2023-48161, CVE-2022-28506, CVE-2023-39742
Link: https://clients.neighbourhood.ie/yocto/1-40.html#:~:text=CVE%2D2023%2D39742%3A%20giflib%3Agiflib%2Dnative

Added dependency on ImageMagick which includes "convert" utility,
to ensure availability of required tool during compilation process.

Add patch to rename binary used in Makefile from
"convert" to "convert.im7" as installed by imagemagick package.

Drop CVE-2022-28506.patch as it is fixed in this version.

Signed-off-by: Bhabu Bindu <bhabubindu@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:25:28 -04:00
Siddharth Doshi 6e72002046 nano: Security fix for CVE-2024-5742 
Upstream-Status: Backport from [https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2]

CVE's Fixed:
CVE-2024-5742 nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:25:07 -04:00
Vijay Anusuri bbbe4d5320 yajl: backport Debian patch for CVE-2022-24795 
import patch from ubuntu to fix
 CVE-2022-24795

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/yajl/tree/debian/patches/?h=ubuntu%2Ffocal-security
Upstream commit
https://github.com/ppisar/yajl/commit/23cea2d7677e396efed78bbf1bf153961fab6bad]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:23:55 -04:00
Rob Woolley 9fd5ae9132 sip3: Fix segmentation fault 
The first version of this patch introduced a problem with python3-pyqt5.
Python emitted the following error message when one attempted to import
PyQt5.Qt:

  ImportError: dynamic module does not define module export function (PyInit_Qt)

This came about due to segfault in sip when executed in do_configure of
python3-pyqt5.  This resulted in a zero-length sipQtcmodule.c file being
produced.  This compiled successfully which meant no build failure was
observed.

The segfault was caused by a mistake in backporting the patch from SIP 6.
The generateCompositeCpp() function uses the generate_include_sip_h()
helper function in later versions which doesn't exist in SIP 4.

We must replace the first parameter passed to isPY_SSIZE_T_CLEAN() from
mod to pt->module to account for this. The change is not necessary for
generateInternalAPIHeader()

To simplify the patch we can remove the generated lexer and parser files
and run flex and bison in do_configure instead.

Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Tested-by: Toby Flynn <campingandskiing@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-27 11:21:40 -04:00
Archana Polampalli 3eb9002ce7 nodejs: fix CVE-2023-46809 
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-02 15:10:59 -04:00
Archana Polampalli 17db7e96c4 nodejs: fix CVE-2024-22025 
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-02 15:09:02 -04:00
Archana Polampalli 7b468c6f83 nodejs: fix CVE-2024-22019 
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-06-02 15:08:41 -04:00
Priyal Doshi 0560b84899 ITS#10094 libldap/OpenSSL: fix setting ciphersuites 
Backport-from: https://git.openldap.org/openldap/openldap/-/merge_requests/654/diffs?commit_id=8c482cec9a68e74b3609b1e44738bee352f6577a

Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-28 06:17:26 -04:00
Vivek Kumbhar 3a08bebf43 nss: Backport fix CVE-2023-0767 
Upstream-Status: Backport from [https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad]

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-26 15:22:08 -04:00
Peter Marko b93ba321e4 uriparser: upgrade 0.9.6 -> 0.9.8 
Handle CVEs:
* https://nvd.nist.gov/vuln/detail/CVE-2024-34402
* https://nvd.nist.gov/vuln/detail/CVE-2024-34403

Cherry-pick from master was not possible due to usage of
github-releases class which is not in kirkstone yet.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-26 15:22:08 -04:00
Soumya Sambu 5085c443d0 php: upgrade 8.1.22 -> 8.1.28 
Upgrade php to 8.1.28

Security fixes:
    CVE-2024-3096
    CVE-2024-2756

https://www.php.net/ChangeLog-8.php#8.1.28

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-26 15:22:08 -04:00
nikhil 31d0f02673 libssh: Fix CVE CVE-2023-6004 
A flaw was found in libssh. By utilizing the
ProxyCommand or ProxyJump feature, users can exploit
unchecked hostname syntax on the client. This issue
may allow an attacker to inject malicious code into
the command of the features mentioned through the
hostname parameter

Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-26 15:22:08 -04:00
Peter Marko 9c9224811b nss: patch CVE-2024-0743 
https://nvd.nist.gov/vuln/detail/CVE-2024-0743
mentions bug 1867408 as tracking fix for this issue.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-26 15:22:08 -04:00
Peter Marko 8c7363cd3c nss: patch CVE-2023-5388 
https://nvd.nist.gov/vuln/detail/CVE-2023-5388
mentions bug 1780432 as tracking fix for this issue.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-26 15:22:08 -04:00
akash hadke 6952dfc09e libeigen: Update GPL-3.0-only to GPL-2.0-only 
libeigen source contains GPL-3.0-only code but it is
not being packaged hence update LICENSE with GPL-2.0-only

Below are the GPL-3.0-only files from libeigen source

bench/btl/actions/action_aat_product.hh
bench/btl/actions/action_ata_product.hh
bench/btl/actions/action_atv_product.hh
bench/btl/actions/action_axpby.hh
bench/btl/actions/action_axpy.hh
bench/btl/actions/action_cholesky.hh
bench/btl/actions/action_ger.hh
bench/btl/actions/action_hessenberg.hh
bench/btl/actions/action_lu_decomp.hh
bench/btl/actions/action_lu_solve.hh
bench/btl/actions/action_matrix_matrix_product_bis.hh
bench/btl/actions/action_matrix_matrix_product.hh
bench/btl/actions/action_matrix_vector_product.hh
bench/btl/actions/action_partial_lu.hh
bench/btl/actions/action_rot.hh
bench/btl/actions/action_symv.hh
bench/btl/actions/action_syr2.hh
bench/btl/actions/action_trisolve.hh
bench/btl/actions/action_trisolve_matrix.hh
bench/btl/actions/action_trmm.hh
bench/btl/COPYING
bench/btl/data/mean.cxx
bench/btl/data/regularize.cxx
bench/btl/data/smooth.cxx
bench/btl/generic_bench/bench.hh
bench/btl/generic_bench/bench_parameter.hh
bench/btl/generic_bench/btl.hh
bench/btl/generic_bench/init/init_function.hh
bench/btl/generic_bench/init/init_matrix.hh
bench/btl/generic_bench/init/init_vector.hh
bench/btl/generic_bench/static/bench_static.hh
bench/btl/generic_bench/static/intel_bench_fixed_size.hh
bench/btl/generic_bench/static/static_size_generator.hh
bench/btl/generic_bench/timers/mixed_perf_analyzer.hh
bench/btl/generic_bench/timers/portable_perf_analyzer.hh
bench/btl/generic_bench/timers/portable_perf_analyzer_old.hh
bench/btl/generic_bench/timers/portable_timer.hh
bench/btl/generic_bench/timers/STL_perf_analyzer.hh
bench/btl/generic_bench/timers/STL_timer.hh
bench/btl/generic_bench/utils/size_lin_log.hh
bench/btl/generic_bench/utils/size_log.hh
bench/btl/generic_bench/utils/xy_file.hh
bench/btl/libs/BLAS/blas_interface.hh
bench/btl/libs/BLAS/main.cpp
bench/btl/libs/blaze/blaze_interface.hh
bench/btl/libs/blaze/main.cpp
bench/btl/libs/blitz/blitz_interface.hh
bench/btl/libs/blitz/blitz_LU_solve_interface.hh
bench/btl/libs/blitz/btl_blitz.cpp
bench/btl/libs/blitz/btl_tiny_blitz.cpp
bench/btl/libs/blitz/tiny_blitz_interface.hh
bench/btl/libs/eigen2/btl_tiny_eigen2.cpp
bench/btl/libs/eigen2/eigen2_interface.hh
bench/btl/libs/eigen2/main_adv.cpp
bench/btl/libs/eigen2/main_linear.cpp
bench/btl/libs/eigen2/main_matmat.cpp
bench/btl/libs/eigen2/main_vecmat.cpp
bench/btl/libs/eigen3/btl_tiny_eigen3.cpp
bench/btl/libs/eigen3/eigen3_interface.hh
bench/btl/libs/eigen3/main_adv.cpp
bench/btl/libs/eigen3/main_linear.cpp
bench/btl/libs/eigen3/main_matmat.cpp
bench/btl/libs/eigen3/main_vecmat.cpp
bench/btl/libs/gmm/gmm_interface.hh
bench/btl/libs/gmm/gmm_LU_solve_interface.hh
bench/btl/libs/gmm/main.cpp
bench/btl/libs/mtl4/main.cpp
bench/btl/libs/mtl4/mtl4_interface.hh
bench/btl/libs/mtl4/mtl4_LU_solve_interface.hh
bench/btl/libs/STL/main.cpp
bench/btl/libs/STL/STL_interface.hh
bench/btl/libs/tvmet/main.cpp
bench/btl/libs/tvmet/tvmet_interface.hh
bench/btl/libs/ublas/main.cpp
bench/btl/libs/ublas/ublas_interface.hh

libeigen project dropped all GPL code in their 'master'
branch and moved to 'Apache-2.0'

Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-26 15:21:58 -04:00
nikhil ca4f69e66c giflib: Fix CVE CVE-2022-28506 
There is a heap buffer overflow in DumpScreen2RGB() in gif2rgb.c.  This
occurs when a crafted gif file, where size of color table is < 256 but
image data contains pixels with color code highier than size of color
table. This causes oferflow of ColorMap->Colors array.

Fix the issue by checking if value of each pixel is within bounds of
given color table. If the value is out of color table, print error
message and exit.

Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-04-28 13:10:23 -04:00
Xiangyu Chen bd7b2ebf21 bats: fix bats-format-pretty report error when multilib enabled 
bat-format-pretty hardcoded the lib folder that cause it reports
missing formatter.bash error when multilib is enabled.

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-04-28 13:10:23 -04:00
Rohini Sangam 7a49f1e016 xterm: Security fix for CVE-2023-40359 
CVE fixed:
- CVE-2023-40359 xterm: ReGIS reporting for character-set names containing characters other than alphanumerics or underscore
Upstream-Status: Backport from https://github.com/ThomasDickey/xterm-snapshots/commit/41ba5cf31da5e43477811b28009d64d3f643fd29

Note: The CVE patch is part of minor version-up and is extracted from the snapshot of xterm-379c.
Documentation of the commit shows 2 different overflows being fixed and hence the fix was extracted from the commit.

Signed-off-by: Rohini Sangam <rsangam@mvista.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-04-28 13:10:23 -04:00
Soumya Sambu 0fffd4d422 iniparser: Fix CVE-2023-33461 
iniparser v4.1 is vulnerable to NULL Pointer Dereference
in function iniparser_getlongint which misses check NULL
for function iniparser_getstring's return.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-33461

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-04-28 13:10:23 -04:00
Soumya Sambu bb16c640dd unixodbc: Fix CVE-2024-1013 
An out-of-bounds stack write flaw was found in unixODBC on 64-bit
architectures where the caller has 4 bytes and callee writes 8 bytes.
This issue may go unnoticed on little-endian architectures, while
big-endian architectures can be broken.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-1013

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-03-25 07:11:05 -04:00
Vivek Kumbhar 9a22be4267 openjpeg: Backport fix CVE-2021-3575 
Upstream-Status: Backport from https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-03-25 07:11:05 -04:00
Yogita Urade 1a3b9da20a c-ares: fix CVE-2024-25629 
c-ares is a C library for asynchronous DNS requests.
`ares__read_line()` is used to parse local configuration
files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`,
the `HOSTALIASES` file, and if using a c-ares version
prior to 1.27.0, the `/etc/hosts` file. If any of these
configuration files has an embedded `NULL` character as
the first character in a new line, it can lead to
attempting to read memory prior to the start of the given
buffer which may result in a crash. This issue is fixed
in c-ares 1.27.0. No known workarounds exist.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-25629
https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
https://security-tracker.debian.org/tracker/CVE-2024-25629

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-03-25 07:11:05 -04:00