Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=hardknott-next 2021-08-01T16:26:19+00:00 2021-08-01T16:26:19+00:00 Joe Slater joe.slater@windriver.com 2021-07-26T21:40:16+00:00 urn:sha1:69dcf5bac8adfd55f1a40cff1e989ed8806607cb Lots of bug fixes. CVE: CVE-2021-21704 CVE-2021-21705 Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309) Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-04-24T02:09:51+00:00 Mingli Yu mingli.yu@windriver.com 2021-04-23T05:48:03+00:00 urn:sha1:6289ad43f882b6df78add4528858f1560e6e5baf License-Update: License updated (year updated) Fix some security issues such as CVE-2021-21702 and remove two cve patches which already included in the new version. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-03-11T08:12:55+00:00 Changqing Li changqing.li@windriver.com 2021-03-11T00:56:27+00:00 urn:sha1:9be6b4f5a2ec857475626c74457a94b8d9236fd5 Since commit c4ffcaa2[php: split out phpdbg into a separate package], package php is empty, we might met error: nothing provides php needed by php-cli-7.4.9-r0.corei7_64 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2021-02-26T03:44:48+00:00 Diego Santa Cruz Diego.SantaCruz@spinetix.com 2021-02-25T21:20:21+00:00 urn:sha1:c4ffcaa2ab3fbdef1ce58c253b32d82a57a3e2a8 Since PHP 7.0 the phpdbg debugger is built by default and gets shipped in the main php package, increasing its size by several MB; split it out into a php-phpdbg package, following Debian naming. Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-12-15T08:52:55+00:00 Zheng Ruoqin zhengrq.fnst@cn.fujitsu.com 2020-12-15T07:22:48+00:00 urn:sha1:fa80193468745a11bc12d5845f66412a0d62e0e2 Security Advisory References https://nvd.nist.gov/vuln/detail/CVE-2020-7069 https://bugs.php.net/patch-display.php?bug_id=79601&patch=openssl_aes_ccm_iv_fix&revision=latest Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-12-15T08:52:55+00:00 Zheng Ruoqin zhengrq.fnst@cn.fujitsu.com 2020-12-15T07:22:57+00:00 urn:sha1:aff8a1fefb9a1a311e5ba14ad69871514270803a Security Advisory References https://nvd.nist.gov/vuln/detail/CVE-2020-7070 https://bugs.php.net/patch-display.php?bug=79699&patch=fix-urldecode&revision=1600650364 https://github.com/php/php-src/blob/master/main/php_variables.c Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-11-24T04:44:40+00:00 Max Kellermann max.kellermann@gmail.com 2018-02-07T10:15:45+00:00 urn:sha1:5cd29d53b349b566e2f05c46c5da56b382b95465 Appending ${TMPDIR} to ${D} doesn't make any sense, because both are absolute paths. And additionally, the code fails: rmdir: failed to remove '/usr/src/oe/tmp-musl/work/core2-64-oe-linux-musl/php/7.1.9-r0/image//usr': Directory not empty Signed-off-by: Max Kellermann <max.kellermann@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-10-16T16:21:54+00:00 Qi.Chen@windriver.com Qi.Chen@windriver.com 2020-10-16T06:17:47+00:00 urn:sha1:75d7f48c66c1c6816b31baccadb81fca978835a1 /var/run has been deprecated by systemd, so use /run instead, as suggested by systemd. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-08-31T20:04:43+00:00 Leon Anavi leon.anavi@konsulko.com 2020-08-31T18:29:49+00:00 urn:sha1:f46931abf073a4c5b02a160a89fe073f1b67632b Upgrade to release 7.4.9: - Fixed: Upgrade apache2handler's php_apache_sapi_get_request_time to return usec - Fixed: BSTR to PHP string conversion not binary safe - Fixed: DCOM does not work with Username, Password parameter - Fixed: serialize() and unserialize() methods can not be called statically - Fixed: Segfault in php_str_replace_common - Fixed: Assertion failure if dumping closure with unresolved static variable - Fixed: Assertion failure when assigning property of string offset by reference - Fixed: HT iterators not removed if empty array is destroyed - Fixed: Changing array during undef index RW error segfaults - Fixed: Use after free if changing array during undef var during array write fetch - Fixed: Use after free if string used in undefined index warning is changed - Fixed: Public non-static property in child should take priority over private static - Fixed: getimagesize function silently truncates after a null byte - Fixed: finfo_file crash (FILEINFO_MIME) - Fixed: ftp_size on large files - Fixed: mb_strimwidth does not trim string - Fixed: Use of freed hash key in the phar_parse_zipfile function - Fixed: ::getStaticProperties() ignores property modifications - Fixed: ::getStaticPropertyValue() throws on protected props - Fixed: Use after free when type duplicated into ReflectionProperty gets resolved - Fixed: Can't copy() large 'data://' with open_basedir - Fixed: dns_check_record() always return true on Alpine - Fixed: array_walk() does not respect property types Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-05-09T02:56:06+00:00 Claude Bing cbing@cybernetics.com 2020-05-08T19:52:46+00:00 urn:sha1:3cfd16be4e1b62efe8ac640cecc080709cf2b9f9 The source of the issue is the update for PHP 7.4 support in 0001-opcache-config.m4-enable-opcache.patch (commit 7cc7a9ec). Instead of working around the issue in the recipe file, update the patch to restore the call to PHP_ADD_LIBRARY(). Signed-off-by: Claude Bing <cbing@cybernetics.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>