| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
2.4.16 includes fixes for CVE-2015-3185, CVE-2015-0253 and CVE-2015-3183
remove a backport patch 0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
| |
after cmake is upgrade to 3.2.2, the /var/run dir is not created, so
not need to remove it.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
| |
WARNING: QA Issue: /usr/bin/apxs_apache2-dev contained in package apache2-dev requires /usr/bin/perl, but no providers found in its RDEPENDS [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
| |
upgrade to include CVE fixes:
CVE-2015-3903
CVE-2015-3902
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
| |
1. Upgrade to fix the CVE:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1377
2. update the patch remove-startup-option.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
| |
Adds support for systemd, creates a service for nginx and installs it if required
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Remove apache-CVE-2014-0117.patch which apache2 2.4.12 has it
Update the apache-ssl-ltmain-rpath.patch
Backport the patch to fix CVE-2015-0228
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add the new Monkey HTTP Server v1.5.6.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.6
=== Build Tests ==
This version have been tested on Yocto/Dizzy based on RPM.
monkey-yocto/5aee7684cd66f78fb51f78138603a4dde4ef2484
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
| |
Fixed:
cherokee/rule_geoip.h:34:19: fatal error: GeoIP.h: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
| |
fix a typos to remove a warning:
systemd[1]: [/lib/systemd/system/apache2.service:2] Unknown lvalue
'Decription' in section 'Unit'
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
| |
Drop patches merged upstream.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
| |
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
|
|
| |
Now we use a single php recipe there is no conflict.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
| |
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
|
|
| |
This is now built out of the standard php recipe.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
|
|
|
| |
Don't install local patch files to target.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
| |
* this makes it easier to unblacklist it from local.conf which
is parsed before the recipes
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Add PACKAGECONFIG for 'selinux', otherwise there would be warnings like
below:
WARN: apache2: apache2 rdepends on libselinux, but it isn't a build dependency?
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
The configure.initd.gentoo script is used for gentoo, it is invalid for oe. So
remove it to solve the following warning:
webmin-1.700: webmin-module-ajaxterm requires /sbin/runscript, but no providers
in its RDEPENDS [file-rdeps]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before
4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote
authenticated users to inject arbitrary web script or HTML via a crafted ENUM
value that is improperly handled during rendering of the (1) table search or (2)
table structure page, related to
libraries/TableSearch.class.php and libraries/Util.class.php.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7217
Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274
Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
remote authenticated users to inject arbitrary web script or HTML via the
(1) browse table page, related to js/sql.js; (2) ENUM editor page, related
to js/functions.js; (3) monitor page, related to js/server_status_monitor.js;
(4) query charts page, related to js/tbl_chart.js; or (5) table relations
page, related to libraries/tbl_relation.lib.php.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273
Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch comes from upstream:
http://svn.apache.org/viewvc?view=revision&revision=1610674
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy
configuration, a remote attacker could send a carefully crafted request which
could crash a server process, resulting in denial of service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting
this issue.
Submitted by: Edward Lu, breser, covener
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple buffer overflows in the php_parserr function in
ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
remote DNS servers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted DNS record, related to the
dns_get_record function and the dn_expand function. NOTE: this issue
exists because of an incomplete fix for CVE-2014-4049.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3597
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer overflow in the cdf_read_property_info function in cdf.c in file
through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and
5.5.x before 5.5.16, allows remote attackers to cause a denial of
service (application crash) via a crafted CDF file. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2012-1571.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3587
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before
5.5.16 does not ensure that pathnames lack %00 sequences, which might
allow remote attackers to overwrite arbitrary files via crafted input to
an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif,
(4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add the new Monkey HTTP Server v1.5.4.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.4
=== Build Tests ==
This version have been tested on Yocto/Daisy based on RPM.
monkey-yocto/a617991e40bd5c3779ad7b3689f78857d3e45248
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
| |
Use "/usr/bin/env python" to fix it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
Split apache2-scripts subpkg to put the perl script dbmmanage, so that
apache2 doesn't have to RDEPEND on perl.
Add another perl script apxs to apache2-dev pkg as Olof Johansson
suggested.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bashism:
possible bashism in plugins/transformations/generator_plugin.sh line 16 (echo -e):
echo -e "Usage: ./generator_plugin.sh MIMEType MIMESubtype TransformationName [Description]\n"
possible bashism in plugins/transformations/generator_plugin.sh line 28 (${parm,[,][pat]} or ${parm^[^][pat]}):
MT="${MT^}"
possible bashism in plugins/transformations/generator_plugin.sh line 29 (${parm,[,][pat]} or ${parm^[^][pat]}):
MS="${MS^}"
possible bashism in plugins/transformations/generator_plugin.sh line 30 (${parm,[,][pat]} or ${parm^[^][pat]}):
TN="${TN^}"
possible bashism in plugins/transformations/generator_plugin.sh line 51 (should be 'b = a'):
if [ "$4" == "--generate_only_main_class" ]; then
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
|
|
|
|
|
| |
Add systemd unit file for apache2.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add the new Monkey HTTP Server v1.5.3.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.3
=== Build Tests ==
This version have been tested on Yocto/Daisy being packaged and
deployed on images based on RPM successfully.
monkey-yocto/672eadb254e754b91efe691a6594985ee6d9a22e
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Changed:
- Adjust or remake the following patches based on 1.700:
init-exclude.patch
exports-lib.pl.patch
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: YangHaibo <b40869@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* perl-module-time-local is already in RDEPENDS (I guess it's the
same thing as perl-module-timelocal without the last dash)
* list some packages explicitly so that bitbake finds their
RDEPENDS correctly
* fixes following warnings:
webmin-1.620: webmin-module-raid rdepends on mdadm, but it isn't a build dependency? [build-deps]
webmin-1.620: webmin-module-proc rdepends on procps, but it isn't a build dependency? [build-deps]
webmin-1.620: webmin rdepends on perl-module-timelocal, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: YangHaibo <b40869@freescale.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
|
|
| |
Note that this now requires MariaDB/MySQL 5.5+.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
|
|
| |
LIC_FILES_CHKSUM changed since the copyright year changed.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
| |
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
|
|
|
| |
We already patch configure.ac and we're not bypassing autoreconf,
so we don't need to patch configure as well.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add the new Monkey HTTP Server v1.5.2. The new Bitbake file
contains the modifications suggested over the patch set for v1.5.1. It
specify each configuration file for CONFFILES_${PN}.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.2
=== Build Tests ==
This version and new Bitbake file have been tested on Yocto/Daisy being
packaged and deployed on images based on rpm and ipk successfully.
monkey-yocto/70d57bfd19c01ec055db57e35385ffc4185ae186
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
| |
This patch add the minor release fix of Monkey HTTP Server v1.5.1. It fixes
some problems when switching user when started as root.
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
| |
when move a file, test if this file exist or not
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
| |
* runtime dependencies are TUNE_PKGARCH causing do_package_write_*
task to have different signature for MACHINEs with different
TUNE_PKGARCH
Signed-off-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed SRC_URI:
* ${PN} -> ${BPN}, use ${BP} if it was ${PN}-${PV}
* ${P} -> ${BP}
Otherwise we would meet do_fetch errors when we do the multilib, native
or nativesdk build.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
| |
These recipes were all missing pkgconfig dependencies.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|