| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE_VERSION_SUFFIX in "patch" to treat version string with suffix "pX"
or "patchX" as patched release.
also update testcases to cover this changes and set CVE_VERSION_SUFFIX
for sudo.
(From OE-Core rev: d75f95a09e5e85eb759e748f9e0fee1c5fa1b318)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8076815fc2ffc8f632e73527ce2b7d158a29e9ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
arping in iputils s20190709 has several problems, this backports the
fixes from s20200821.
- -D, duplicate address detection, always returns failure
- -w -f does not behave correctly
- -w option hangs arping
- -U option returns failure
(From OE-Core rev: 77c5792aa5e7cb7760c7042a49c2c0b02109987f)
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
[Yocto #14152]
(From OE-Core rev: 7c88d52eaca62237afcda606a3078ec483992213)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6c3f56020da7a26c2daea73e39c2f324f1f597db)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
(From OE-Core rev: d2e54108558bcf3a44d65505a643ace5cf365d8a)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc6c7af900ae0196a62b7fa1375c55bbcd8e68b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is about TOCTOU (time-of-check time-of-use)
race condition when copying and removing directory trees
which had very low severity problem and marked as closed
and won't fix. Therefore whitelisted CVE-2013-4235.
Master, gatesgarth and dunfell all have shadow version 4.81.
Hence, this is applicable for master, gatesgarth and dunfell.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658
(From OE-Core rev: 8836a56a9f17f238908b7d0e286a6d386f7be290)
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1c6cd87bee6b019619dc5728fd6c36bc87ed696)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
configure inspects the host's /etc/group for these configuration
options, fix this to the correct values by using configure options.
(From OE-Core rev: 66efd3fde270bf24f71a6aab1c4f8cf34a52c3d2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f16f9c727569414cd52862dcba18d8e423f4e961)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream has renamed the "master" branch to "main".
(From OE-Core rev: 519f382fd0dd537377c0cf0b6473d427c10054f3)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 05637733cf89a81fd5d787402f5a917f279a1a0d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure the fallback value if used is written to the SDE file
and hence stored in sstate, reducing any confusion within the
code over '0' values.
Bump the HASHEQUIV_VERSION since we've had a ton of trouble
with ensuring this rolls out correctly on the autobuilder so
others may too, take a clean slate for it.
(From OE-Core rev: 1f218351c2ef702c76b1d1e793a624e1a4f5079b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 53ffffa32b76330835287dfc05d4e4796841af08)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Apply patch from Debian to fix CVE-2021-26937.
(From OE-Core rev: 1927fb88bf484fe90b37367c3c63db2b88185bcc)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6d688cc8672b1830ba10966492ab3f8a12d32e17)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes bison would regenerate source files and sometimes it would not
This is likely related to the patching of generated files by on of the
patches.
Drop those changes and force the files to regenerate in all cases since
we depend on bison-native anyway. This ensures the results are always
consistent.
(From OE-Core rev: 40047178fa31c3503c1f119e5a7e41c4cfb2bcd4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4449fa226e94f7124215c5ead43aadda7967f3af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add some temporary bumps to versions to change the output hash so
the fix applies correctly. Can be dropped next time we update the
recipe and the output changes.
(From OE-Core rev: d99e2a0c4e5d03d7f6958be14cc1e27a7d9ee01c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69205edcdff865048e55a6b7feaf82064ebc10c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The build was injecting the path of the host's sendmail binary. Set
this deterministically to match OE's path for it.
(From OE-Core rev: a272b6e4c0b16017918d95fad04d05b27186317a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 476328b91ea4417160580d28df4fcc1147d85ae2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The makefile injects the current date into the version file. Do this
deterministically with SOURCE_DATE_EPOCH.
(From OE-Core rev: 52658a8df1bf86902a277f4896cf766c8391ad61)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31f2ad739ea776a1e11b5cef5434df188007c7bf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
release notes:
https://www.sudo.ws/legacy.html#1.8.32
updates include fixes for
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156
Also backport patch to fix build error with musl
(From OE-Core rev: 896e7d02e3626b42cd08b19bb303a0c6189e17de)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release 2021a - 2021-01-24 10:54:57 -0800
Changes to future timestamps
South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
(Thanks to Steffen Thorsen.)
(From OE-Core rev: 4a219389f166229872c0213a6d31c94cc565269c)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed9114df2086c4ad0544cf99c9c1ff8fb7b830b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and
also Debian considers it not a vulnerability:
https://security-tracker.debian.org/tracker/CVE-2018-13410
http://seclists.org/fulldisclosure/2018/Jul/24
"Negligible security impact, would involve that a untrusted party controls the -TT value."
https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this:
https://security-tracker.debian.org/tracker/CVE-2018-13684
"NOT-FOR-US: smart contract implementation for ZIP"
(From OE-Core rev: 872342a37d6159844fcb8d9f0cbf37f011643195)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 06b72a91b6dcf63fed437fd2105c59e922ba6525)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release 2020f - 2020-12-29 00:17:46 -0800
Change to build procedure
'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug. (Problem reported by Deborah Goldsmith.)
(From OE-Core rev: 4b976db13cfbd27a39e98902bd4699f4e43e5598)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c7efa4d28d632d415ca574140586570ca376caf6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Executing a sequence like:
bitbake man-db
bitbake man-db -c clean
bitbake man-db -c package_write_deb -f
results in the ownership of files in the man-db package changing from "man/man"
to "6/12". This is due to base-passwd not being installed in the recipe
sysroot.
Add the missing dependency so even if a recipe "re-packages", the name
of the user/group is found and the packages are reproducible.
[YOCTO #14172]
(From OE-Core rev: b8c71ab1bd8519dde77b38955473bc3b45976d48)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 769f8be29a192fd4fa0c4752f851fa3728d71179)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Briefly:
Volgograd switches to Moscow time on 2020-12-27 at 02:00.
Changes to future timestamps
Volgograd changes time zone from +04 to +03 on 2020-12-27 at 02:00.
(Thanks to Alexander Krivenyshev and Stepan Golosunov.)
Changes to past timestamps
Correct many pre-1986 transitions, fixing entries originally
derived from Shanks. The fixes include:
- Australia: several 1917 through 1971 transitions
- Bahamas: several 1941 through 1945 transitions
- Bermuda: several 1917 through 1956 transitions
- Belize: several 1942 through 1968 transitions
- Ghana: several 1915 through 1956 transitions
- Israel and Palestine: several 1940 through 1985 transitions
- Kenya and adjacent: several 1908 through 1960 transitions
- Nigeria and adjacent: correcting LMT in Lagos, and several 1905
through 1919 transitions
- Seychelles: the introduction of standard time in 1907, not 1906
- Vanuatu: DST in 1973-1974, and a corrected 1984 transition
(Thanks to P Chan.)
Because of the Australia change, Australia/Currie (King Island) is
no longer needed, as it is identical to Australia/Hobart for all
timestamps since 1970 and was therefore created by mistake.
Australia/Currie has been moved to the 'backward' file and its
corrected data moved to the 'backzone' file.
Changes to past time zone abbreviations and DST flags
To better match legislation in Turks and Caicos, the 2015 shift to
year-round observance of -04 is now modeled as AST throughout before
returning to Eastern Time with US DST in 2018, rather than as
maintaining EDT until 2015-11-01. (Thanks to P Chan.)
Changes to documentation
The zic man page now documents zic's coalescing of transitions
when a zone falls back just before DST springs forward.
(From OE-Core rev: a787dc37d47e1ccab11c7d867721d832ee57d73a)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9d7643339b4db6609b2bad1f76599a54da9d17f2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed when ncurses-terminfo-base is not installed:
$ minicom
No termcap database present!
(From OE-Core rev: ff5c13bb0b8d7e792b0db829d34ee58b332183e5)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 15198ebe8a0fc58c2d1122b956fca092c66a0d41)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
It only applies to MacOS.
(From OE-Core rev: 6ebf7c268fbbf7e7b2411ba0888e141187020017)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cad1162f41c4c060744b98109514f761aa64d34a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The CVE was against a cups plugin which is obsolete and we don't include.
(From OE-Core rev: 7a5123aa30fe4f19bf6daa7278e29283be05dab1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5f7cb9f6ec4b14f992d265b8c67a9f5589f9b842)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This an Ububtu specific issue:
The CUPS AppArmor profile incorrectly confined the dnssd backend
due to use of hard links. A local attacker could possibly use this
issue to escape confinement. This flaw affects versions prior to
2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1
in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS,
and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS
(From OE-Core rev: e30fd2421da579b7d1e799c7d267395026a780dc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 22e89983a8f83a369d83bc67e4f3492bc50db648)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Because the name of CVE patch is wrong, cve-check-tool cannot get the correct CVE result. Rename the patch name.
(From OE-Core rev: 33beb4fc5f23206ccb2f8d81e0135bbc575e238d)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 422f9af7d0f7de7a2e933154853e7a281f98ab93)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add some temporary bumps to versions to change the output hash so we
really can take advantage of the groff-native reproducibility fix.
(From OE-Core rev: 4e41a22f704e22bef0d207c9c511168bca92cc82)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af9bd5a03ecf45e92868bc49b1de5c27d94eff6f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
groff chooses a default papersize depending on the value from /etc/papersize
and failing that, the search domain in /etc/resolv.conf based on the comment
in configure:
"""
If the top-level domain is two letters and it's not 'us' or 'ca'
then they probably use A4 paper.
"""
Oddly, my system sets to "a4" in /etc/papersize which means it defaults to
"letter" since its != "A4".
These defaults ripple through to cause the output of man-db to change depending
on which default value was selected.
To resolve this, set a default of "A4" since that covers the larger population
of the two default values.
(From OE-Core rev: 5bbd7b1f6e1dccffc7bf3f0b37fbc74b6e755e81)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6cb511bfbd18258c782ee18f054a2590e4daaddc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nativesdk support
In order to make wic tool work in sdk which is out of an
existed Yocto build, it needs to port wic tool as a nativesdk
recipe.
First, make these runtime depends recipes to support nativesdk
(From OE-Core rev: caf6dac96888d983ead4e75896b78f96777c40d6)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cb4f7f078e1d3b1afbf93ca4dc5e690f60c59412)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
remove some extra whitespaces
(From OE-Core rev: 3ac10faff7ef00f68031400e86a6882ce0d5090a)
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 32ce3716761165b9df12306249418645724122cc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: e40068578ec403df84527cd4ac7acd336cce6a08)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 365787658cffc3b2dedb88db311a33012be9d70d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For more info see: https://github.com/eggert/tz/blob/master/NEWS
(From OE-Core rev: 2cf640f9a634fe8ecc061f55252ce015b15a6880)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b19bc7ae71a59673bd725e1de3251667c2026ed5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When testing pseudo changes I realised these recipes have packaging tasks
but don't generate packages. Drop the packages tasks for cleanliness.
(From OE-Core rev: 275d504b2f979901278141a4ba217d02a099f980)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ef9c11797b5d626bdb40b4509d8b2b0d461ff9ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to the latest upstream version. This fixes at least one build
error, in which build fails due to undefined FS_IOC_GETFLAGS. See commit
d7b4301d ("stress-efivar: only exercise FS_IOC_*FLAGS if they are defined")
in stress-ng for details.
(From OE-Core rev: f99dc4e49d4ad4383c826dd8f8410c32f408e9bd)
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Alexander Kanavin <alex.kanavin@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in disable_priv_mode in shell.c in GNU Bash
through 5.0 patch 11. By default, if Bash is run with its effective UID
not equal to its real UID, it will drop privileges by setting its
effective UID to its real UID. However, it does so incorrectly. On Linux
and other systems that support "saved UID" functionality, the saved UID
is not dropped. An attacker with command execution in the shell can use
"enable -f" for runtime loading of a new builtin, which can be a shared
object that calls setuid() and therefore regains privileges. However,
binaries running with an effective UID of 0 are unaffected.
Get the patch from [1] to fix the issue.
[1] https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaa
(From OE-Core rev: aee0f56a9b3b510649672d0b4427a0e94a001ec4)
Signed-off-by: De Huo <De.Huo@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6f01acae9c279e0a580f46d1ba4c015caa3f8c2c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 4dbae5c7c28a2cd6ebb601f984a54ca33d19afaf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 630ce8130598e2bca7231ac28a7cc18b5b942544)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: bf8f33c62f6fe98777248fb05ce3105e9f63d03a)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
rpcinfo is also provided vy netkit in meta-networking
(From OE-Core rev: 177a82f0e9f9c7fa12dd39cbbdd2ac64d920699d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 28183dfd7446de9113773ab89edd0afb4ab82f7e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While enabling systemd, there is QA issue:
...
|ERROR: sysstat-12.4.0-r0 do_package: QA Issue: sysstat: Files/directories
were installed but not shipped in any package:
| /lib/systemd/system-sleep
| /lib/systemd/system-sleep/sysstat.sleep
...
https://www.freedesktop.org/software/systemd/man/systemd-sleep.html
says the files should be dropped into /usr/lib/systemd/system-sleep
(that would be /lib/systemd/system-sleep in our configuration). By
moving the files to another directory they'll be packaged but not
loaded by systemd.
Suggested-by Ross Burton <ross@burtonini.com>
(From OE-Core rev: 89cb403fce24c853be49e4190d2020c6911b6a31)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3bdd40ea09e50067f11c12290ab465a9ef229fc4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is maintenance release consolidating the changes introduced
in 9.50. see :
https://www.ghostscript.com/doc/9.52/News.htm
Drop all custom objarch.h files; ghostscript nowadays generates
that with autoconf.
Freetype can no longer be disabled.
Building out of source tree is broken.
Upgrade include several CVE fixes:
CVE-2020-16287
CVE-2020-16288
CVE-2020-16289
CVE-2020-16290
CVE-2020-16291
CVE-2020-16292
CVE-2020-16293
CVE-2020-16294
CVE-2020-16295
CVE-2020-16296
CVE-2020-16297
CVE-2020-16298
CVE-2020-16299
CVE-2020-16300
CVE-2020-16301
CVE-2020-16302
CVE-2020-16303
CVE-2020-16304
CVE-2020-16305
CVE-2020-16308
CVE-2020-16309
CVE-2020-17538
(From OE-Core rev: 1cee5540ca74c38cc483b28f720e345644d6ca9b)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: a58aa3017925617da1eec732a0e68bfda83410a1)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
debian/ubuntu
* this is needed for python3-ifcfg to parse it correctly
https://github.com/ftao/python-ifcfg/issues/43
* backport this single patch, so it can be backported to dunfell
then for master we should upgrade to new snapshot from debian
which includes other fixes and improvements as well
* this is already part of net-tools_1.60-26.diff from debian we're using
but it's first added there and then removed
$ grep 'sprintf(flags' net-tools_1.60-26.diff
++ sprintf(flags, "flags=%d<", ptr->flags);
+- sprintf(flags, "flags=%d<", ptr->flags);
* before:
root@qemux86-64:~# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:02
inet addr:192.168.7.2 Bcast:192.168.7.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe12:3402/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:496 (496.0 B) TX bytes:42832 (41.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:846 errors:0 dropped:0 overruns:0 frame:0
TX packets:846 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:53364 (52.1 KiB) TX bytes:53364 (52.1 KiB)
* after:
root@qemux86-64:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 192.168.7.2 netmask 255.255.255.0 broadcast 192.168.7.255
inet6 fe80::5054:ff:fe12:3402 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:12:34:02 txqueuelen 1000 (Ethernet)
RX packets 6 bytes 496 (496.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 2140 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 metric 1
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 80 bytes 6080 (5.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 80 bytes 6080 (5.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
* for comparison ubuntu-20.04 in docker:
root@dafcbbf25ff2:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 39299 bytes 89614740 (89.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33767 bytes 3807354 (3.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 5658 bytes 1294220 (1.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5658 bytes 1294220 (1.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
* python3-ifcfg now parses flags correctly:
root@qemux86-64:~# python3 -m ifcfg.cli | python3 -m json.tool
{
"eth0": {
"inet": "192.168.7.2",
"inet4": [
"192.168.7.2"
],
"ether": "52:54:00:12:34:02",
"inet6": [
"fe80::5054:ff:fe12:3402"
],
"netmask": "255.255.255.0",
"device": "eth0",
"flags": "4163<UP,BROADCAST,RUNNING,MULTICAST> ",
"mtu": "1500",
"broadcast": "192.168.7.255"
},
"lo": {
"inet": "127.0.0.1",
"inet4": [
"127.0.0.1"
],
"ether": null,
"inet6": [
"::1"
],
"netmask": "255.0.0.0",
"device": "lo",
"flags": "73<UP,LOOPBACK,RUNNING> ",
"mtu": "65536"
},
"sit0": {
"inet": null,
"inet4": [],
"ether": null,
"inet6": [],
"netmask": null,
"device": "sit0",
"flags": "128<NOARP> ",
"mtu": "1480"
}
}
(From OE-Core rev: 71c8667fca681a5977ed2b825b14306930707f2d)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dacfd695061b186240a85f8ffc43e6636c56e1fb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpam does not support 'obscure' checks to password,
there are the same checks in pam_cracklib module.
And this fix can remove the below error message while
updating password with 'passwd':
pam_unix(passwd:chauthtok):unrecognized option[obscure]
(From OE-Core rev: 76a63a5e1d572703c7e5e1360e24c05b87186e8b)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ea761dbac90be77797308666fe1586b05e3df824)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove service template mdmon@.service from SYSTEMD_SERVICE which should
be not started by systemctl directly. It is hanlded by udev rules.
Replace tab with spaces in SRC_URI as well.
(From OE-Core rev: f54c3c049eacce423d9c75c823f8ab15ba185167)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a55b2b29bb86d98700836de5b7d68965c7cd5ee5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the tests are run we see messages like:
/opt/ltp/testcases/bin/run_cpuctl_stress_test.sh: line 242: nice: command not found
/opt/ltp/testcases/bin/run_cpuctl_test_fj.sh: line 66: tac: command not found
vma05 1 TCONF: 'gdb' not found
memcg_failcnt 1 TCONF: 'bc' not found
Owner=nobody; perms=-rw-------; sudo: lsattr: command not found
so add missing dependencies to avoid these.
(From OE-Core rev: c84c3caff4ef16c72390a7b941b71919417c9f51)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit faa01e1ae7a92d60699cd8865d1106a13549b096)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Advance to version 20200430 to avoid multiple definition errors for uninitialized variables.
In this case, it is not enough to add -fcommon to CFLAGS.
(From OE-Core rev: 71391aab99033f5488d44c097a25323bdf06ffc2)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7e1df28fb0534587d4f9305eb163f497852df4ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 10 introduced "-fno-common" as default. Therefore backport the
according cpio patch to fix this issue.
(From OE-Core rev: 21e5677cf239ff50142a31b034ce3316b1daa4bb)
Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ca6e5511b59b585de793ff6424c7c6ccfcd8e61e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit daed7eedba ("Avoid multiple-definiton with gcc -fno-common") of
libtirpc fixed the -fno-common issues. Therefore it should be save to
remove the extra "-fcommon" in CFLAGS.
(From OE-Core rev: 4745fcf05736c3e26601769c4fdcd1a5ec25efb3)
Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9e4546701775fe98532f011f5ad146cfb1b33715)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
0001-xdr_float-do-not-include-bits-endian.h.patch
removed since it is included in 1.2.6
(From OE-Core rev: 1497ec4e8e0a2244154486feea8292b0b37d5249)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c940792e1492923036cae97010f9945e7ad43a32)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The comment applies to an old version and the WORKDIR setting matches
the default so drop it.
(From OE-Core rev: 3f8f1385428a2057610dca71e9f122c922df5202)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7cc4c0e7665111616c7e8a1dc512b8d9022ca664)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test runs for 900s, we often see tests killed after 300s without
output which makes the test results unreliable and inconsistent. The
easiest solution for now is to skip this long running test, patching
it out wth sed.
(From OE-Core rev: 074adb507928310af5b38f82ba3f20d9f55f4433)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0739a8901140c05d037517ffd89382f151ba627c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify DEBUG_PREFIX_MAP as used by sed to handle
whitespace correctly.
This modifies an existing patch.
(From OE-Core rev: fcd6c105bee1c689f06b46659779bddfad07d9c9)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
