| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
See full changelog https://github.com/eggert/tz/blob/master/NEWS#L11
(From OE-Core rev: 9d74b048e3a160d7a9a20e85817e9eb3a558af63)
(From OE-Core rev: 9a75b44244b42cdd341ee38a253b2d935ae05ee1)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpam does not support 'obscure' checks to password,
there are the same checks in pam_cracklib module.
And this fix can remove the below error message while
updating password with 'passwd':
pam_unix(passwd:chauthtok):unrecognized option[obscure]
(From OE-Core rev: f5b90eeed7366432b39c7cd8c6ee8c23e2d4abe8)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ea761dbac90be77797308666fe1586b05e3df824)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 4620180a073b721dbc91d14ab64285187bec4cb7)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 6d79a4d7545bc78ac759e575f6d15d7b23fad638)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Fix CVE-2020-9308
(From OE-Core rev: 878817358eb7c25ffa48d10dde9475299674a96c)
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 09e695246d30ef9b73e743e0130e710e19793d14.
This isn't a Backport as indicated in patch and not all the changes in
this change are relevant to the CVE. Revert and wait for the fix
to be available upstream.
(From OE-Core rev: f39285bb82e68945a81034b84da09ca1078d6719)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sudo uses AC_PATH_PROG to find target paths, which means at best
potential host-contamination (and reproducible issues) and at worst it
thinks sh is at /your/build/path/hosttools/sh.
Solve this by explicitly passing the correct paths to configure.
(From OE-Core rev: 61650dd8498a093f3bfa93202c9cd2e9a7fb7834)
(From OE-Core rev: 6e809474ab686fba6924d8b46fd0b9eab5c66c06)
(From OE-Core rev: 232430bdee74bb266ded6ccf2fb3842caad06181)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The suid/setcap code depends on whether setcap is on the host system or not
with suid as a fallback. Disable this functionality to be deterministic.
(From OE-Core rev: 8b00ec484fb851c301f13145e17707c0167feab1)
(From OE-Core rev: 3997c47dea49d583fd48cb03f83c007f61d2cb35)
(From OE-Core rev: 46f9c48dc11928ace672e9a3dea7c01d29cf3f04)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous tweak for reproducibility didn't handle the duplicate
whitepace left behind, fix this.
[YOCTO #13771]
(From OE-Core rev: 0392fcbdc85180581ce7392212808ebb822cc2e8)
(From OE-Core rev: ca213de432d8d9d715ef09e17cea2aa1e6666e91)
(From OE-Core rev: 77be3238269de636199f9e1e40133711b7440cb4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rsh is insecure and obsolete but tar will enable support if the binary is
on the host system. Some systems point it at ssh. Lets explictly disable it
for now unless someone actually needs/uses this at which point it could
become a packageconfig.
(From OE-Core rev: d14a4b0db92a9a7d1ff72a2e0faca7f1a23a0b68)
(From OE-Core rev: 6bdc5f787af46e9c849947cad06ad40aa401b767)
(From OE-Core rev: af4a284bb6fbfd8b58d10d4a5f0f10297c949912)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The man page date can vary depending upon the host perl, e.g. in Russian
some versions print 'июня', others 'Июнь' or Polish 'czerwca' or 'czerwiec'.
Rather than depend upon perl-native to fix this, just remove the date from
the manpages.
(From OE-Core rev: 5553c20f9fa4f35bf711b6b9d5717dcf4bfefafa)
(From OE-Core rev: 3653fd41fbc28f70259a00bb0098ec8731526449)
(From OE-Core rev: feaf05c39ffecd7a9fd8bd81fc1872ce26b7801e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This value was floating causing differences in generated files.
Set it determinstically.
(From OE-Core rev: 11d7a9e37c1d3fc21396a98fefc9d34c0b9e784b)
(From OE-Core rev: 8f77075425e2ef9c3b5adbf8e5b29e7cfd7b9b7a)
(From OE-Core rev: 60cdd912b565207b9f236116d8832719cfa9ccfd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes some issues with reproducible builds. Adds a patch to allow the
configure arguments to be omitted from the build and also explicitly
setting some autoconf paths that were picking up hosttools.
(From OE-Core rev: f54d60ee8f15229aa515e168b9c7d248663b48fe)
(From OE-Core rev: 164d72b7a6ab20940f9a124beaf485be9ddc07ba)
(From OE-Core rev: 055766f135b4373264827c5b33c8c385b1ff4748)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without setting this it will vary depending on which directories are present
on the host.
[YOCTO #13775]
(From OE-Core rev: 39fe849b56d70689846262c31ab7c182c8443923)
(From OE-Core rev: 51274c9b195ad00dd6362f352ad9bbf7e9a3e098)
(From OE-Core rev: 89f517c2775338db92874484c28b4224d670ec1f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: c06d69e6dccb849e60847a33593fa20e192feea2)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 175e6cb75ce328d51a9d4ad18c7e09d9fb92c2e1.
This change is already in bzip2 1.0.7. The change fixing a regression
caused by this change is in 1.0.8 which is the current version in zeus.
This isn't resulting in failures because the patch file isn't included
in SRC_URI.
(From OE-Core rev: ac6150563bd8e4cb2fa09a2777879afc993f1c20)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some native tools dependency issues were seen while building with
external GCC tool-set rather than source GCC tool-set. While building
with source tool-set these dependencies were implicitly met which is not
the case with external tool-set. So explicitly state these native tools
dependencies.
(From OE-Core rev: 534b4a63299c6d74662c9d035238a0adb19cd1c7)
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: Sana.Kazi@kpit.com
(From OE-Core rev: aec10c9993f04304466e15ea7a5bc4d85a357c5b)
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
By default, if Bash is run with its effective UID not equal to its real UID,
it will drop privileges by setting its effective UID to its real UID.
However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality,
the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for
runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore
regains privileges. However, binaries running with an effective UID of 0 are unaffected.
Backport the CVE patche from https://github.com/bminor/bash/commit/
951bdaad7a18cc0dc1036bba86b18b90874d39ff to fix CVE-2019-18276
(From OE-Core rev: b348e31c93f08332667df65cd2ecec63631d184e)
Signed-off-by: Chet Ramey <chet.ramey@case.edu>
Signed-off-by: De Huo <De.Huo@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 2bf6fdc460526feb0955b3b789e7be78f6e8ec4a)
(From OE-Core rev: 66c428a676acd4dd2c7c7589ac651faef77c1323)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Change all recipes to https where we get an http 301 permanent redirect.
(From OE-Core rev: e514acda9e12bccde6d3974e0fd1a37b3837191a)
(From OE-Core rev: e62c39670241136df7f17e5784b3de7b64d8f5d0)
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0b9748c655b6f733b504e70288f4b91dca2e4d58.
The headers provided by libtirpc are not drop in replacements for the
RPC header files previously provided by glibc, so do not install them
as if they were. Additionally, they clash with the header files
installed by glibc if an older version of glibc is used.
Any problems related to the lack of the old header files from glibc
should be addressed in the application/library that expects them.
(From OE-Core rev: ec984a5c56277251da847a62d6e64080be070809)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also see:
https://github.com/libarchive/libarchive/issues/1276
(From OE-Core rev: 422bef7a205b9b5d48d5b0e0b2b14ac65484607a)
(From OE-Core rev: f3e7298c32c430dfc955a2023474810ae32926ba)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
https://www.openwall.com/lists/oss-security/2019/08/28/2
(From OE-Core rev: afef29326b4332fc87c53a5d9d43288cddcdd944)
(From OE-Core rev: 85ae609d789763f9a6400dc603b675cb57bd7654)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in all versions of ghostscript 9.x before 9.28,
where the `.charkeys` procedure, where it did not properly secure
its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
An attacker could abuse this flaw by creating a specially crafted
PostScript file that could escalate privileges within the Ghostscript
and access files outside of restricted areas or execute commands.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-14869
Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904
(From OE-Core rev: 0bb88ac63b4e1728373c6425477a32f7a6362b2c)
(From OE-Core rev: 9827b7df6f008f4384bbe22beeb0fe6adfeb36d6)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Less was coming from busybox in these images, add the full version.
[YOCTO #13630]
(From OE-Core rev: 2880164ca74ac1fd7b860c61017efe3d55fb4038)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9fea7c3fae30bb1eecb31ec3bf777db981dc1eed)
(From OE-Core rev: 6431e869998baa1ddfe04d2d1fb7a81f60725ed2)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There have been a number of changes back and forth as to when and how
to use the systemd unit files provided by the package. The correct
condition is actually that both cron and systemd need to be enabled
for them to be installed.
(From OE-Core rev: d6c975160197f67937dfbe91b08100b0f597c589)
(From OE-Core rev: 18e1c8c967eb4512f226919cd2b6b1fb4795ccb1)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit 8862f21e (sysstat: 12.1.3 -> 12.1.6), sa_lib_dir was changed
from "${libdir}/sa" to "${libexecdir}/sa" to avoid problems with
multilib. However, the systemd unit file was not changed accordingly,
which lead to the following error when trying to start the service:
systemd[4698]: sysstat.service: Failed at step EXEC spawning
/usr/lib/sa/sa1: No such file or directory
(From OE-Core rev: 0fd691b9801b5313ff2e2c2cd5ca13fd50063235)
(From OE-Core rev: e5c5ffb048e9ebce333d855254ef88eda2f3bf6b)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the Sun RPC is deprecated in glibc, the rpc header files
are not provided any more, but it allows alternative RPC
implementations, such as TIRPC or rpcsvc-proto, to be used.
So we create the symbol link for rpc header files for tirpc to
be more compatible with the glibc version and the application usage.
(From OE-Core rev: 0b9748c655b6f733b504e70288f4b91dca2e4d58)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch from upstream to fix the following runtime failure.
mem.c:814: INFO: set overcommit_memory to 0
overcommit_memory.c:213: FAIL: alloc passed, expected to fail
(From OE-Core rev: 869f46863e218c2d18ae7b4c0b28775fa07ba8b8)
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reproduce steps:
1. add DISTRO_FEATURE_append = 'usrmerge' in local.conf
2. bitbake mdadm --success
3. remove DISTRO_FEATURE_append = 'usrmerge' from local.conf
4. bitbake mdadm -- failed when do_package
it is not proper to change source Makefile during do_install by sed,
fix by pass correct config to EXTRA_OEMAKE
[YOCTO #13493]
(From OE-Core rev: d0f285bd7d066e752b93e57b7f5468819016586f)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It looks like https://www.sudo.ws/download.html changed certificate
and directory structure. This breaks fetching sources.
(From OE-Core rev: f02e9f46ce54fed3c7ddfad7d1003a2fb7ba3a67)
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: d764ed9515d10db636ef63e0d05ac66f2a454ad4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
(From OE-Core rev: 16b98e759a33d9f20e5b40aa1cff5b1c27dbee9d)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.
(From OE-Core rev: b7b6d39565f8fad61f2347a3fe31c9ee77a4da15)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is another part of CVE-2019-16167, please see
https://github.com/sysstat/sysstat/issues/232.
(From OE-Core rev: 5c11937348debf57e3a87c7c6a6c0429fd756eca)
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 586c045eb81b79200b46bf743f5d3fdb5f68c12d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OE does not provide libpaper recipe, and the configure check looks for
libpaper if not disabled, this causes problems especially when shared
state is built on a machine which has libpaper installed on host but the
consumer machine although running same OS, but does not have libpaper
installed, the artifact from sstate are re-used but then native binary
./obj/aux/packps fails to execute
./obj/aux/packps: error while loading shared libraries: libpaper.so.1: cannot open shared object file: No such file or directory
So either we need to provide libpaper in OE or we disable it, disabling
is best for now
(From OE-Core rev: 11e85220d97299be5f65d5208ec21d4ad215317a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd throws a warning about the value of PIDFile:
systemd[1]: /usr/lib/systemd/system/watchdog.service:11: PIDFile=
references a path below legacy directory /var/run/, updating
/var/run/watchdog.pid → /run/watchdog.pid; please update the
unit file accordingly.
This is actually due to patch file 0001-watchdog-remove-interdependencies-of-watchdog-and-wd.patch
setting PIDFile=/var/run/watchdog.pid. Modify PIDFile in the patch
to be correctly set to /run/watchdog.pid.
(From OE-Core rev: c279c9d7f0c948856052015cad59310a55274b92)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
The default URI returns a gzip-compressed index page
which browsers can auto-detect, but we can't.
(From OE-Core rev: 73eb644db1121ccbc205b8fe3e60fa918fa5bbed)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch to the fix possible hang caused by the case of CVE-2017-17052.
CVE: CVE-2017-17052
(From OE-Core rev: 3bde502f612f17b6ed928b04cf5c4ba9ad54d598)
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous commit <shadow: use relaxed usernames> works only for
target. When test with configuration:
INHERIT += 'extrausers'
EXTRA_USERS_PARAMS += "useradd -p '' aBcD; "
and run "bitbake core-image-minimal", error occurs:
NOTE: core-image-minimal: Performing useradd with [
-R .../build/tmp-glibc/work/qemux86_64-wrs-linux/core-image-minimal/1.0-r0/rootfs -p '' aBcD]
useradd: invalid user name 'aBcD'
Here move the patch for using relaxed usernames from class_target to
the source code for all.
(From OE-Core rev: 8adf98e63fefeaf2c841a038a4497f9845bc7b04)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: a9db9617349a766ffe0df724fff9266eb1667cdd)
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lighttpd builds fail if "fam" (and therefore gamin) is enabled.
In conf/local.conf:
CORE_IMAGE_EXTRA_INSTALL += "lighttpd"
PACKAGECONFIG_append_pn-lighttpd = " fam"
bitbake error:
ERROR: Nothing PROVIDES 'gamin' (but /yow-lpggp31/tgamblin/oe-core.git/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb DEPENDS on or otherwise requires it)
NOTE: Runtime target 'lighttpd' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['lighttpd', 'gamin']
ERROR: Required build target 'core-image-minimal' has no buildable providers.
Missing or unbuildable dependency chain was: ['core-image-minimal', 'lighttpd', 'gamin']
Since gamin hasn't been maintained for several years, this should
be removed from the list of lighttpd PACKAGECONFIG options.
--without-fam is hard-coded in EXTRA_OECONF for good measure.
(From OE-Core rev: ea714fff3869ef19cf1dc94bdffbca2c69658954)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
$ bitbake nativesdk-net-tools
ERROR: nativesdk-net-tools-1.60-26-r0 do_package: QA Issue: nativesdk-net-tools: Files/directories were installed but not shipped in any package:
/usr
/usr/share
/usr/share/man
[snip]
(From OE-Core rev: fd3c46840851651fd737fe50916294cdffb3d718)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During restructuring of the packaging in 2af4d6eb (tzdata: Install
everything by default), these two files remained in the tzdata
package, which is supposed to be empty. Move them to tzdata-core where
they belong.
Also simplify the definition of CONFFILES_tzdata-core. As its value
only takes effect for files that actually exist, there is no need to
complicate its definition by checking if a file is created before
adding it to the list of configuration files.
(From OE-Core rev: 3d2d31fed64169f08c0ecfce4c07b8c7ebd052d2)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 0fdc0ea0c10f9248d6503c91c864a4844d1d74bd)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is currently no way to automatically load iptables rules in OE.
Add a systemd unit file to automatically load rules on network
connection. This is cribbed from the way ArchLinux handles iptables with
some minor modifications for OE.
New rules can be generated directly on the target using:
# iptables-save -f /etc/iptables/iptables.rules
Good documentation for writing rules offline is lacking, but the basics
are explained here:
https://unix.stackexchange.com/q/400163/49405
(From OE-Core rev: 76d3574d17c38d93ba4660bdae5730ac222994d4)
Signed-off-by: Jack Mitchell <jack@embed.me.uk>
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
-tzdata : upgrade from 2019b to 2019c.
-tzcode-native : upgrade from 2019b to 2019c.
-tzdata.bb and tzcode-native.bb require timezone.inc.
(From OE-Core rev: c5a382429d18642d35d40a4df6a58b971c724603)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in, ghostscript versions prior to 9.28,
in the .pdf_hook_DSC_Creator procedure where it did not
properly secure its privileged calls, enabling scripts to
bypass `-dSAFER` restrictions. A specially crafted PostScript
file could disable security protection and then have access
to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.28,
in the .pdfexectoken and other procedures where it did not
properly secure its privileged calls, enabling scripts to
bypass `-dSAFER` restrictions. A specially crafted PostScript
file could disable security protection and then have access
to the file system, or execute arbitrary commands.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-14811
https://nvd.nist.gov/vuln/detail/CVE-2019-14817
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
(From OE-Core rev: 1533b92848ea73d6fe6ba22d87d7b6749b47842c)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
