summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* dovecot: add CVE-2016-4983 to allowlistkraj/dunfellArmin Kuster2021-07-061-0/+3
| | | | | | | | | | | | CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist. Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3613b50a84559ce771866cd1eef1141fa3e6d238) [mkcert.sh does mask 077 first] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit d1fb027f894921ea02c984eb581ee1500c613470) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cyrus-sasl: add CVE-2020-8032 to allowlistito-yuichi@fujitsu.com2021-07-051-0/+3
| | | | | | | | | | | This affects only openSUSE, so add it to allowlist. Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 711e932b14de57a5f341124470b2f3f131615a25) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 26819375448077265cd4c9dbb88b6be08b899e3f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* add CVE-2011-2411 to allowlistSekine Shigeki2021-07-051-0/+4
| | | | | | | | | | | This affects only on HP NonStop Server, so add it to allowlist. Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bb4a4f0ff8d9926137cb152fd3f2808bd9f961ce) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit d614d160a10b3c5ac36702fbd433f98925a9aa8e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.23 -> 2.2.24Trevor Gamblin2021-07-052-9/+9
| | | | | | | | | | | | Version 2.2.24 contains a fix for CVE-2021-33571 and is the latest LTS release. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fa2d3338fb87a38a66d11735b876ce2320045b0d) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit c51e79dd854460c6f6949a187970d05362152e84) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.22 -> 2.2.23Trevor Gamblin2021-07-052-9/+9
| | | | | | | | | | | | | | | | 2.2.23 is a bugfix release: - Fixed a regression in Django 2.2.21 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path (#32718). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit f07a8c1376fe9f5eb4fc0ddff8ca1a1b3c3f173b) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit b2716ef06a76854497de80c642bf7f63b07f7a6c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.20 -> 2.2.22Trevor Gamblin2021-07-052-9/+9
| | | | | | | | | | | | Version 2.2.22 includes a fix for CVE-2021-32052. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit b26099fc156961ba252c3b6281f09799e91347ba) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit f3758cb44486ce87c96b803efb2b5417a8e90708) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade to 2.2.20Chen Qi2021-07-053-300/+9
| | | | | | | | | | | | | | 2.2.x is LTS, so upgrade to latest release 2.2.20. This upgrade fixes several CVEs such as CVE-2021-3281. Also, CVE-2021-28658.patch is dropped as it's already in 2.2.20. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit e705d4932a57d0dc3a961fed73ae5ad2e0313429) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: fix CVE-2021-28658Stefan Ghinea2021-07-052-0/+291
| | | | | | | | | | | | | | | | | | | | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. References: https://nvd.nist.gov/vuln/detail/CVE-2021-28658 Upstream patches: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit aef354a0c29a4c6aad4ace53190b5573c78d881b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.13 -> 2.2.16Trevor Gamblin2021-07-052-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary of release notes from https://docs.djangoproject.com/en/2.2/releases/ 2.2.14 release notes: - Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings raised by cache key validation (#31654). 2.2.15 release notes: - Allowed setting the SameSite cookie flag in HttpResponse.delete_cookie() (#31790). - Fixed crash when sending emails to addresses with display names longer than 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+ (#31784). 2.2.16 release notes: - Fixed CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ - Fixed CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+ - Fixed a data loss possibility in the select_for_update(). When using related fields pointing to a proxy model in the of argument, the corresponding model was not locked (#31866). - Fixed a data loss possibility, following a regression in Django 2.0, when copying model instances with a cached fields value (#31863). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit eb69aad33fc06f06544589ec483f9b76464f6c5f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-django: upgrade 2.2.7 -> 2.2.13Trevor Gamblin2021-07-052-9/+9
| | | | | | | | | | | | | Upgrade from 2.2.7 for: - Bugfixes, including CVE-2020-13254, CVE-2020-13596, many others; - Official support for Python 3.8 (as of Django 2.2.8) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8c4e201c6288e5fee7eef8f6eba576d4c426109c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix build on Centos 7Marek Vasut2021-06-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Centos 7 has glibc 2.18 and nss-native build fails due to implicit declaration of function putenv during build. This is because of the Feature Test Macro Requirements for glibc (see feature_test_macros(7)): putenv(): _XOPEN_SOURCE || /* Glibc since 2.19: */ _DEFAULT_SOURCE || /* Glibc versions <= 2.19: */ _SVID_SOURCE and because nss coreconf/Linux.mk only defines -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE So on such system with glibc 2.18, neither macro makes putenv() available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18 native build case. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Armin Kuster <akuster808@gmail.com> Cc: Armin Kuster <akuster@mvista.com> Cc: Khem Raj <raj.khem@gmail.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Ross Burton <ross.burton@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: Add fixes for CVEs reported for dnsmasqSana Kazi2021-05-297-1/+1631
| | | | | | | | | | | | | | | | | | | | | | | | Applied single patch for below listed CVEs: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25687 as they are fixed by single commit http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a Link: https://www.openwall.com/lists/oss-security/2021/01/19/1 Also, applied patch for below listed CVEs: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 all CVEs applicable to v2.81 Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com> [Refreshed patches] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ebtables: use bitbake optimization levelsMikko Rapeli2021-05-292-0/+20
| | | | | | | | | | | | | | Don't overwrite with O3 optimization. Reduces ebtables binary package size from 416241 to 412145 bytes, and enables further optimizations with e.g. -Os flags via bitbake distro wide settings. Only ebtables versions up to 2.0.10-4 and dunfell are affected. The version 2.0.11 from hardknott and master branch use system wide flags already. Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opencv: Add fix for CVE-2019-5063 and CVE-2019-5064akash.hadke2021-05-252-0/+79
| | | | | | | | | | | Added fix for below CVE's CVE-2019-5063 CVE-2019-5064 Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch Signed-off-by: akash hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: fix building with CONFIG_TLS=internalAlexander Vickberg2021-05-222-0/+46
| | | | | | | | | | | The patch recently added for CVE-2021-30004 broke compilation with CONFIG_TLS=internal. This adds the necessary function to let it compile again. Signed-off-by: Alexander Vickberg <wickbergster@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d6ef4170747d6668fa940328334055eef3e1e1d6) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libsdl: Fix CVE-2019-13616wangmy2021-05-222-0/+28
| | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/97fefd050976bbbfca9608499f6a7d9fb86e70db] CVE: CVE-2019-13616 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29473wangmy2021-05-222-0/+22
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b] CVE: CVE-2021-29473 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a9aecd2c32fc8f238f62ef70813e032b6b52c2f2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29470wangmy2021-05-222-0/+33
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1581/commits/6628a69c036df2aa036290e6cd71767c159c79ed] CVE: CVE-2021-29470 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bb1400efda77a7289ca20782172bfbe1f457f161) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29464wangmy2021-05-222-0/+73
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464 The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54] CVE: CVE-2021-29464 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8c9470bdfaa1d33347ffaf25b3e18d2163667e18) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-3482wangmy2021-05-222-1/+56
| | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482 Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da] CVE: CVE-2021-3482 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9e7c2c9713dc2824af2a33b0a3feb4f29e7f0269) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29463wangmy2021-05-222-1/+122
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b] CVE: CVE-2021-29463 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8e63ac6c86852a12408c2415be073c71420758ff) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29458wangmy2021-05-222-1/+39
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1536/commits/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d] CVE: CVE-2021-29458 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f0d83c14d9064ce1ee19b92d95c8daf790fe7488) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* exiv2: Fix CVE-2021-29457wangmy2021-05-222-1/+28
| | | | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457 The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/0230620e6ea5e2da0911318e07ce6e66d1ebdf22] CVE: CVE-2021-29457 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5be72693096cef671bf54bf1dd6ee8125614d064) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linuxptp: Fix cross buildKhem Raj2021-05-143-32/+30
| | | | | | | | | | | | Adjust incdefs.sh to use cross tools to poke for system functionality Re-enable using incdefs.sh export KBUILD_OUTPUT to point to recipe sysroot (From meta-oe rev: b6022761d6880382c5e6ffa4b3dc6f1ec2ae1e73) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Denys Dmytriyenko <denis@denix.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fuse: Whitelisted CVE-2019-14860Saloni Jain2021-05-141-0/+5
| | | | | | | | | | | | | | CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. REDHAT has also released the fix and updated their security advisories after significant releases. Hence, whitelisted the CVE-2019-14860. Link: https://access.redhat.com/security/cve/cve-2019-14860 Link: https://access.redhat.com/errata/RHSA-2019:3244 Link: https://access.redhat.com/errata/RHSA-2019:3892 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: 12.20.2 -> 12.21.0Clément Péron2021-05-141-1/+1
| | | | | | | | | | | | | Fixes : - CVE-2021-22883 - CVE-2021-22884 - CVE-2021-23840 Signed-off-by: Clément Péron <peron.clem@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 02feb1d9324fba08c5d3055fa34bb6200ee91520) [12.x LTS version] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: 12.20.1 -> 12.20.2Sean Nyekjaer2021-05-141-1/+1
| | | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6322c63987b1422d5a8c5e30077780b38011c89d) [12.x is LTS version] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-meta-webserver: remove nostromo from pkg grpArmin Kuster2021-05-141-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nostromo: Blacklist and exclude from world buildsArmin Kuster2021-05-141-0/+3
| | | | | | Host site is dead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ostree: switch from default master branch to main to fix do_fetch failureMartin Jansa2021-05-131-1/+1
| | | | | | | * branch was renamed in upstream repo Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libupnp: Fix CVE-2020-13848Andrej Kozemcak2021-04-232-1/+77
| | | | | | | | | | | Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13848 Upstream-Status: Accepted [https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0] CVE: CVE-2020-13848 Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: fix CVE-2021-30004Stefan Ghinea2021-04-232-0/+124
| | | | | | | | | | | | | | | | | | | | | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. References: https://nvd.nist.gov/vuln/detail/CVE-2021-30004 Upstream patches: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e2bd6a52bf689b77b237eaee3067d2b0b6eee3d5) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 98c5cddf677addcb9aa296a7437b92100a478566) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 730de4763a508234d09c755c838cdc4c8dd49493) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: fix CVE-2021-0326 and CVE-2021-27803Mingli Yu2021-04-233-0/+99
| | | | | | | | | | | Backport 2 patches to fix two CVEs. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5a085c588adaf79bb2bca7921c82d893877b28a1) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 845bd5a5f15bd80cecbf5c0716af3eaca5669632) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: fix CVE-2019-5061Mingli Yu2021-04-232-0/+855
| | | | | | | | | | | | Backport a patch to fix CVE-2019-5061. Reference: https://security-tracker.debian.org/tracker/CVE-2019-5061 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 04ba527e94c8ecd7a95a9ed16cc27c2f5833f849) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libyui: switch to libyui-old repo which still has this SRCREVMartin Jansa2021-04-231-1/+1
| | | | | | | | | | | | | | | | * 8459235919f592b1bc099ecf9a947cb6344b6fa5 doesn't exist in current repo: libyui$ git branch -a --contains 8459235919f592b1bc099ecf9a947cb6344b6fa5 error: no such commit 8459235919f592b1bc099ecf9a947cb6344b6fa5 * there are no common commits in the new libyui repo, but luckily old repo is kept as https://github.com/libyui/libyui-old similarly libyui-ncurses now contains only README about being obsolete in: https://github.com/libyui/libyui-ncurses but at least it wasn't rewritten to have the new content Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* telepathy-glib: respect GI_DATA_ENABLED when enabling vala-bindingsMartin Jansa2021-04-231-1/+3
| | | | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* uml-utilities: fix installed-vs-shipped with usrmergeMartin Jansa2021-04-231-3/+2
| | | | | | | | | | | | | | | * fixes: ERROR: uml-utilities-20040406-r1 do_package: QA Issue: uml-utilities: Files/directories were installed but not shipped in any package: /usr/lib/uml/port-helper Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. uml-utilities: 1 installed and not shipped files. [installed-vs-shipped] * pass LIB_DIR instead of using default value from Makefile: $ grep LIB_DIR.*= tools/port-helper/Makefile LIB_DIR ?= /usr/lib/uml Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireguard: fix build issue with updated 5.4 kernelArmin Kuster2021-04-072-1/+34
| | | | | | | | error: static declaration of 'icmp_ndo_send' follows non-static declaration | 959 | static inline void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info) | | ^~~~~~~~~~~~~ Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-meta-oe: add guiderMartin Jansa2021-04-071-1/+1
| | | | | | | * now when it's not depending on meta-python2 we can add it without conditional Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-meta-oe: move the packages depending on meta-python2 to ↵Martin Jansa2021-04-071-5/+25
| | | | | | | separate packages Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-meta-oe: include nodejs without meta-python2 conditionalMartin Jansa2021-04-071-3/+2
| | | | | | | | | | | | | | | * it doesn't depend on meta-python2 since: commit eaf9cfb01864a7a64c6ba4142283a8cf76cadd9a Author: Martin Jansa <martin.jansa@gmail.com> Date: Thu Jan 23 17:44:06 2020 +0100 nodejs: use python3native Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ceres-solver: prevent fetching git hook during do_configureMartin Jansa2021-04-071-0/+8
| | | | | | | | | | | | | | | | | | | | | | * today I've found 2 jenkins jobs stuck way too long sitting in this do_configure Bitbake still alive (5000s) Bitbake still alive (10000s) Bitbake still alive (15000s) Bitbake still alive (20000s) Bitbake still alive (25000s) Bitbake still alive (30000s) ... manually killed, the CMake ... ERROR: ceres-solver-1.14.0-r0 do_configure: Execution of 'ceres-solver/1.14.0-r0/temp/run.do_configure.39438' failed with exit code 143: ... | -- Detected Ceres being used as a git submodule, adding commit hook for Gerrit to: ceres-solver/1.14.0-r0/git/.git | ceres-solver/1.14.0-r0/temp/run.do_configure.39438: line 213: 39485 Terminated cmake -G 'Ninja' -DCMAKE_MAKE_PROGRAM=ninja ... I've seen it with dunfell and gatesgarth, but master has the same ADD_GERRIT_COMMIT_HOOK function (just in newer ceres-solver release), so probably needs the same. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Update commit for version 3.9.7Peace Lee2021-04-071-1/+1
| | | | | | | | | | | commit hash for version 3.9.7 is invalid because previous commit hashes chagned by git filter-branch command are restored Signed-off-by: Peace Lee <iipeace5@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fdbfb6ce9943a1739220c87c3f8b5ea7bdfabd84) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* guider: Upgrade to 3.9.7Peace Lee2021-04-072-39/+19
| | | | | | | Signed-off-by: Peace Lee <iipeace5@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93c9a20bf358bc10c2d99fc1d3c7247145344c29) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opencv: refresh patches with devtool to apply cleanlyMartin Jansa2021-04-0711-118/+126
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * fixes: WARNING: opencv-4.1.0-r0 do_patch: Fuzz detected: Applying patch CVE-2019-14491.patch patching file modules/objdetect/src/cascadedetect.cpp Hunk #1 succeeded at 46 with fuzz 1 (offset -1 lines). Hunk #2 succeeded at 540 (offset -1 lines). Hunk #3 succeeded at 552 (offset -1 lines). Hunk #4 succeeded at 613 (offset -1 lines). Hunk #5 succeeded at 774 (offset -1 lines). Hunk #6 succeeded at 825 (offset -1 lines). Hunk #7 succeeded at 1470 (offset -36 lines). patching file modules/objdetect/src/cascadedetect.hpp The context lines in the patches can be updated with devtool: devtool modify opencv devtool finish --force-patch-refresh opencv <layer_path> Don't forget to review changes done by devtool! WARNING: opencv-4.1.0-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz] Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* neon: Add ptestAditya.Tayade2021-04-072-1/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | Reused below test suites from neon source package: BASIC_TESTS: auth basic request session socket string-tests stubs uri-tests util-tests DAV_TESTS: acl3744 lock oldacl props xml xmlreq Overall execution time of above test suite is approximately 15sec. Signed-off-by: Neetika.Singh <Neetika.Singh@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* freerdp: Add missing libxkbcommon WL dependencyMarek Vasut2021-04-071-1/+1
| | | | | | | | | The WL build depends on libxkbcommon, so add the dependency. Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 88348389707b488d5fa8e81f91267874b2fb82c4) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opencv: Security fixesNeetika Singh2021-03-165-0/+619
| | | | | | | | | | | | | | | | | | | Added patches to fix below CVE's: 1. CVE-2019-14491, CVE-2019-14492 Link: https://github.com/opencv/opencv/commit/ac425f67e4c1d0da9afb9203f0918d8d57c067ed 2. CVE-2019-14493 Link: https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023 3. CVE-2019-15939 Link: https://github.com/opencv/opencv/commit/5a497077f109d543ab86dfdf8add1c76c0e47d29 4. CVE-2019-19624 Link: https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418 Signed-off-by: Neetika.Singh <Neetika.Singh@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mdns: Whitelisted CVE-2007-0613 for mdnsSana Kazi2021-03-161-0/+13
| | | | | | | | | | | | | | | | | | | | CVE-2007-0613 is not applicable as it only affects Apple products i.e. ichat,mdnsresponder, instant message framework and MacOS. Also, https://www.exploit-db.com/exploits/3230 shows the part of code affected by CVE-2007-0613 which is not preset in upstream source code. Hence, CVE-2007-0613 does not affect other Yocto implementations and is not reported for other distros can be marked whitelisted. Links: https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 https://security-tracker.debian.org/tracker/CVE-2007-0613 https://ubuntu.com/security/CVE-2007-0613 https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f37e5423da984b7dc721d52f04673d3afc0879a1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nghttp2: Add fix for CVE-2020-11080Rahul Taya2021-03-163-0/+341
| | | | | | | | | | | Added below two patches to fix CVE-2020-11080: 1. CVE-2020-11080-1.patch 2. CVE-2020-11080-2.patch Signed-off-by: Rahul Taya <Rahul.Taya@kpit.com> [Refreshed patches to apply] Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-14 10:29:21 +0000