| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update was made with the convert-scruri.py script in scripts/contrib
This script handles two emerging issues:
1. There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
2. Github are dropping support for git:// protocol fetching, so remap github
urls as needed. For more details see:
https://github.blog/2021-09-01-improving-git-protocol-security-github/
(From OE-Core rev: 827a805349f9732b2a5fa9184dc7922af36de327)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 6cd21ddc6f998eec4d9be05f080e32072fddd2bd)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 660f932c21fed410ad092ec610749e7090b6a324)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: c062c7c7c29e233bb245b2dc8b68b3903dfc8094)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f171f4f528090fc108624de6049274aa4d4880eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 3df6dc6aa0fe8f00b4051c77a11510e97db3d105)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: f332dd83231102684881785a8610e614a57e97a4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We're seeing pthread being linked sometimes and not others leading to
non-reproducible target binaries. The reason is mixing the native python
config with the target one. We should use the target one.
(From OE-Core rev: 8fc9963d70247d243c8fc5597d68d88a1757f2fd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3fe5101b335384ef83e96ccc58687fd631164075)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently a number of CVEs have been logged against a nodejs project
called "node-tar". These appear as false positives against the GNU tar
being built by Yocto. Some of these have been manually excluded using
CVE_CHECK_WHITELIST.
To avoid this problem, use the vendor name (in addition to package name)
for filtering CVEs. The syntax for this is:
CVE_PRODUCT = "vendor:package"
When not specified, the vendor defaults to "%" which matches anything.
(From OE-Core rev: 4d0ad4962bd3c69800f70770dc9123a694e16c26)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 45d1a0bea0c628f84a00d641a4d323491988106f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set shared library name as libbz2.so.1.0.8, version in configure.ac
already synced via do_configure PV substitution.
(From OE-Core rev: acb560a78ecd5403cf1f79e5a452c52cd58d1cfa)
Signed-off-by: Tom Pollard <tom.pollard@codethink.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07e3abc9d282a54add69a6905ec4248f3104219f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bash keeps a count of the number of times make was invoked on a directory
and changes the output versioning accordingly. We want deterministic output
so disable this behaviour.
(From OE-Core rev: 8ca4fad65d267c178a416546486c8422001115b0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13a039e03195a47c750d5901e96fe81cf523481f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport a fix from iputils 20210202 to make arp table updating
work again.
Fixes: 77c5792aa5e7 ("iputils: fix various arping regressions")
(From OE-Core rev: 9df63cd89939b2f4e0b7ea983db8c047e987ff26)
Signed-off-by: Visa Hankala <visa@hankala.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These three CVEs are specific to the Node package node-tar.
exclude: CVE-2021-37701 CVE-2021-37712 CVE-2021-37713
(From OE-Core rev: 8653ed5bc02c794944372be5c4ba785a7739f6d0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9f9317a02d73c1e5aea026683a037e52c996c7bb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added 0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
to fix large memory usage for large file downloads
from dynamic backends reuse or release large memory chunks.
Also, added patch to set default chunk size 8k earlier it was 4k.
This issue is caused by a bug in the lighttpd 1.4.55 version and
has been fixed in lighttpd 1.4.58. Hence, it is not needed for
master and hardknott branch because lighttpd has 1.4.59 version.
Link: https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/7ba521ffb4959f6f74a609d5d4acafc29a038337
Link: https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/304e46d4f808c46cbb025edfacf2913a30ce8855
(From OE-Core rev: d3ac63230b98251d67a75a67456b769b6a002df0)
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport an upstream patch for the CVE.
(From OE-Core rev: 5042a4116a024bbc320d97ea29b21a589dea9942)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 87191ed0303f6552865ad1edcacd674c57f2010c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: d1b4b4b6104e7b94ba49e61774c772a9181a67f6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4accf77ea5b5810cb2330acc6773690ec1b1c71b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
These two CVEs are specific to the Node package node-tar.
(From OE-Core rev: d1b09f81ad80e5099ae670c965dcf7d39ad09ac1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bc7216e8148d0dee7b56e6851da6615e93647a0a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: e8e06e4175c010a7dc0a4e3598b70b89d43f8475)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
tzcode 2020b changed the default format from "-b fat" to "-b slim".
Allow external control for the binary format.
(From OE-Core rev: 1e9393cae53b4de260ec951e7855d74f206730d0)
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c9e8b716eb71d4526517825eacefb91ab2c1781c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This CVE relates to bad ownership of /var/log/cups, which we don't have.
(From OE-Core rev: 68ee8fd1ec0f09c6477578de40e1adfc7ba35027)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0792312f3637ec160d2ef90781a8cb1f75b84940)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure help2man output is reproducible. Fixes:
| .\"·DO·NOT·MODIFY·THIS·FILE!··It·was·generated·by·help2man·1.022. .\"·DO·NOT·MODIFY·THIS·FILE!··It·was·generated·by·help2man·1.022.
| .TH·FSG·"1"·"April·2021"·"FSG·lsb_release·v1.4"·FSG .TH·FSG·"1"·"May·2021"·"FSG·lsb_release·v1.4"·FSG
| .SH·NAME 3 .SH·NAME
(From OE-Core rev: a5f34c7a95d227610ed9b6047ed53f43f84cbba9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 49371207a7f1fe3d3feb7b8b9aabb62b43ae34d1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The CVE is in the jpeg sources included with ghostscript. We use our own
external jpeg library so this doesn't affect us.
(From OE-Core rev: 829296767ecfbd443d738367b7146a91506e25f2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8556d6a6722f21af5e6f97589bec3cbd31da206c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Issue applies to use of cpio in SUSE/OBS, doesn't apply to us.
(From OE-Core rev: 0f759992b7713e9664a4276a068a65f5e638fe33)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 915b38c54a7932744a9f56713d1c6bd00a789331)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The patch mentioned as the fix for the CVE is applied to the 6.0 source
code. Zip versioning makes CPE entry changes hard.
(From OE-Core rev: 4ff9d2c57d9cade1faa3916f171e5ad96ee32487)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8917e5ae2bb44d017fc0155f16632c5decadb0bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
These CVEs apply to the way logrotate was installed on Gentoo, Debian
and SUSE, exclude from cve-check as they don't apply to OE.
(From OE-Core rev: 99cb9534902717e637f1460c1d1c10d290bbebf2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 23643016f3b8794db772e333ff0b8f598571b628)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: c8f48471bea67cbf0f12a35639b764f90acae854)
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
grap2graph which converts a GRAP diagram into a cropped image fails
to run as below:
$ grap2graph
/usr/bin/grap2graph: line 89: convert: command not found
/usr/bin/grap2graph: warning: falling back to old '-crop 0x0' trim method
/usr/bin/grap2graph: line 104: convert: command not found
/usr/bin/grap2graph: line 103: grap: command not found
Considering we don't often need to convert a GRAP diagram into
a cropped image and the recipe ImageMagick which provides convert
command is in meta-oe layer, so don't ship the related files to
avoid the confusion about the above run time error.
(From OE-Core rev: 5619bc0e98c02cf80601eb399bb205f33f8e4098)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 251be7279a475ee18c0c53fe9795bb37bffc2b45)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE_VERSION_SUFFIX in "patch" to treat version string with suffix "pX"
or "patchX" as patched release.
also update testcases to cover this changes and set CVE_VERSION_SUFFIX
for sudo.
(From OE-Core rev: d75f95a09e5e85eb759e748f9e0fee1c5fa1b318)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8076815fc2ffc8f632e73527ce2b7d158a29e9ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
arping in iputils s20190709 has several problems, this backports the
fixes from s20200821.
- -D, duplicate address detection, always returns failure
- -w -f does not behave correctly
- -w option hangs arping
- -U option returns failure
(From OE-Core rev: 77c5792aa5e7cb7760c7042a49c2c0b02109987f)
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
[Yocto #14152]
(From OE-Core rev: 7c88d52eaca62237afcda606a3078ec483992213)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6c3f56020da7a26c2daea73e39c2f324f1f597db)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
(From OE-Core rev: d2e54108558bcf3a44d65505a643ace5cf365d8a)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc6c7af900ae0196a62b7fa1375c55bbcd8e68b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is about TOCTOU (time-of-check time-of-use)
race condition when copying and removing directory trees
which had very low severity problem and marked as closed
and won't fix. Therefore whitelisted CVE-2013-4235.
Master, gatesgarth and dunfell all have shadow version 4.81.
Hence, this is applicable for master, gatesgarth and dunfell.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658
(From OE-Core rev: 8836a56a9f17f238908b7d0e286a6d386f7be290)
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1c6cd87bee6b019619dc5728fd6c36bc87ed696)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
configure inspects the host's /etc/group for these configuration
options, fix this to the correct values by using configure options.
(From OE-Core rev: 66efd3fde270bf24f71a6aab1c4f8cf34a52c3d2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f16f9c727569414cd52862dcba18d8e423f4e961)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream has renamed the "master" branch to "main".
(From OE-Core rev: 519f382fd0dd537377c0cf0b6473d427c10054f3)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 05637733cf89a81fd5d787402f5a917f279a1a0d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure the fallback value if used is written to the SDE file
and hence stored in sstate, reducing any confusion within the
code over '0' values.
Bump the HASHEQUIV_VERSION since we've had a ton of trouble
with ensuring this rolls out correctly on the autobuilder so
others may too, take a clean slate for it.
(From OE-Core rev: 1f218351c2ef702c76b1d1e793a624e1a4f5079b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 53ffffa32b76330835287dfc05d4e4796841af08)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Apply patch from Debian to fix CVE-2021-26937.
(From OE-Core rev: 1927fb88bf484fe90b37367c3c63db2b88185bcc)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6d688cc8672b1830ba10966492ab3f8a12d32e17)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes bison would regenerate source files and sometimes it would not
This is likely related to the patching of generated files by on of the
patches.
Drop those changes and force the files to regenerate in all cases since
we depend on bison-native anyway. This ensures the results are always
consistent.
(From OE-Core rev: 40047178fa31c3503c1f119e5a7e41c4cfb2bcd4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4449fa226e94f7124215c5ead43aadda7967f3af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add some temporary bumps to versions to change the output hash so
the fix applies correctly. Can be dropped next time we update the
recipe and the output changes.
(From OE-Core rev: d99e2a0c4e5d03d7f6958be14cc1e27a7d9ee01c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69205edcdff865048e55a6b7feaf82064ebc10c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The build was injecting the path of the host's sendmail binary. Set
this deterministically to match OE's path for it.
(From OE-Core rev: a272b6e4c0b16017918d95fad04d05b27186317a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 476328b91ea4417160580d28df4fcc1147d85ae2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The makefile injects the current date into the version file. Do this
deterministically with SOURCE_DATE_EPOCH.
(From OE-Core rev: 52658a8df1bf86902a277f4896cf766c8391ad61)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31f2ad739ea776a1e11b5cef5434df188007c7bf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
release notes:
https://www.sudo.ws/legacy.html#1.8.32
updates include fixes for
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156
Also backport patch to fix build error with musl
(From OE-Core rev: 896e7d02e3626b42cd08b19bb303a0c6189e17de)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release 2021a - 2021-01-24 10:54:57 -0800
Changes to future timestamps
South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
(Thanks to Steffen Thorsen.)
(From OE-Core rev: 4a219389f166229872c0213a6d31c94cc565269c)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed9114df2086c4ad0544cf99c9c1ff8fb7b830b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and
also Debian considers it not a vulnerability:
https://security-tracker.debian.org/tracker/CVE-2018-13410
http://seclists.org/fulldisclosure/2018/Jul/24
"Negligible security impact, would involve that a untrusted party controls the -TT value."
https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this:
https://security-tracker.debian.org/tracker/CVE-2018-13684
"NOT-FOR-US: smart contract implementation for ZIP"
(From OE-Core rev: 872342a37d6159844fcb8d9f0cbf37f011643195)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 06b72a91b6dcf63fed437fd2105c59e922ba6525)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release 2020f - 2020-12-29 00:17:46 -0800
Change to build procedure
'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug. (Problem reported by Deborah Goldsmith.)
(From OE-Core rev: 4b976db13cfbd27a39e98902bd4699f4e43e5598)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c7efa4d28d632d415ca574140586570ca376caf6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Executing a sequence like:
bitbake man-db
bitbake man-db -c clean
bitbake man-db -c package_write_deb -f
results in the ownership of files in the man-db package changing from "man/man"
to "6/12". This is due to base-passwd not being installed in the recipe
sysroot.
Add the missing dependency so even if a recipe "re-packages", the name
of the user/group is found and the packages are reproducible.
[YOCTO #14172]
(From OE-Core rev: b8c71ab1bd8519dde77b38955473bc3b45976d48)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 769f8be29a192fd4fa0c4752f851fa3728d71179)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Briefly:
Volgograd switches to Moscow time on 2020-12-27 at 02:00.
Changes to future timestamps
Volgograd changes time zone from +04 to +03 on 2020-12-27 at 02:00.
(Thanks to Alexander Krivenyshev and Stepan Golosunov.)
Changes to past timestamps
Correct many pre-1986 transitions, fixing entries originally
derived from Shanks. The fixes include:
- Australia: several 1917 through 1971 transitions
- Bahamas: several 1941 through 1945 transitions
- Bermuda: several 1917 through 1956 transitions
- Belize: several 1942 through 1968 transitions
- Ghana: several 1915 through 1956 transitions
- Israel and Palestine: several 1940 through 1985 transitions
- Kenya and adjacent: several 1908 through 1960 transitions
- Nigeria and adjacent: correcting LMT in Lagos, and several 1905
through 1919 transitions
- Seychelles: the introduction of standard time in 1907, not 1906
- Vanuatu: DST in 1973-1974, and a corrected 1984 transition
(Thanks to P Chan.)
Because of the Australia change, Australia/Currie (King Island) is
no longer needed, as it is identical to Australia/Hobart for all
timestamps since 1970 and was therefore created by mistake.
Australia/Currie has been moved to the 'backward' file and its
corrected data moved to the 'backzone' file.
Changes to past time zone abbreviations and DST flags
To better match legislation in Turks and Caicos, the 2015 shift to
year-round observance of -04 is now modeled as AST throughout before
returning to Eastern Time with US DST in 2018, rather than as
maintaining EDT until 2015-11-01. (Thanks to P Chan.)
Changes to documentation
The zic man page now documents zic's coalescing of transitions
when a zone falls back just before DST springs forward.
(From OE-Core rev: a787dc37d47e1ccab11c7d867721d832ee57d73a)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9d7643339b4db6609b2bad1f76599a54da9d17f2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed when ncurses-terminfo-base is not installed:
$ minicom
No termcap database present!
(From OE-Core rev: ff5c13bb0b8d7e792b0db829d34ee58b332183e5)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 15198ebe8a0fc58c2d1122b956fca092c66a0d41)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
It only applies to MacOS.
(From OE-Core rev: 6ebf7c268fbbf7e7b2411ba0888e141187020017)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cad1162f41c4c060744b98109514f761aa64d34a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The CVE was against a cups plugin which is obsolete and we don't include.
(From OE-Core rev: 7a5123aa30fe4f19bf6daa7278e29283be05dab1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5f7cb9f6ec4b14f992d265b8c67a9f5589f9b842)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This an Ububtu specific issue:
The CUPS AppArmor profile incorrectly confined the dnssd backend
due to use of hard links. A local attacker could possibly use this
issue to escape confinement. This flaw affects versions prior to
2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1
in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS,
and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS
(From OE-Core rev: e30fd2421da579b7d1e799c7d267395026a780dc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 22e89983a8f83a369d83bc67e4f3492bc50db648)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Because the name of CVE patch is wrong, cve-check-tool cannot get the correct CVE result. Rename the patch name.
(From OE-Core rev: 33beb4fc5f23206ccb2f8d81e0135bbc575e238d)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 422f9af7d0f7de7a2e933154853e7a281f98ab93)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add some temporary bumps to versions to change the output hash so we
really can take advantage of the groff-native reproducibility fix.
(From OE-Core rev: 4e41a22f704e22bef0d207c9c511168bca92cc82)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af9bd5a03ecf45e92868bc49b1de5c27d94eff6f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
