| Age | Commit message (Collapse) | Author |
|---|
|
Source: wireshark.org
MR: 104620
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 64e3701e4d6bd53972c22c49d655556e6f37e461
Description:
Affects: 3.2.0 to 3.2.4
Includes:
CVE-2020-15466
For more info see: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9019ceb2ccfd32789b7bc680269b3af234ebd397)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixed when rebuild:
DEBUG: Executing shell function autotools_preconfigure
NOTE: make clean
aclocal
autoheader
autoconf
You need to call ./configure with appropriate arguments (again).
make: *** [Makefile:287: config.status] Error 1
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 922e061fdbbc80c44f49866c7b08b2e09e4a3d0a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b0d884a994197a9bc0b181545fe67f19a7630cd7)
[AK: This release fixes vmap support which broke in the previous 0.9.5 release.]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
2.1.3
Changes
* Force cython to use python language version 3
Bugs fixed
* Fix tooltip not updating when bluetooth is disabled
* Fix dbus timeout in DhcClient
* Call the right method when pulseaudio crashes
* Handle os.remove failing
2.1.2
Bugs fixed
* Signal bar updates with multiple adapters
* Pairing with pincode
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d05070c7d8d1f384914b1243298b4759fd9accae)
[AK: Dunfell does not support py2 so upgrade seems resonable]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: net-snmp.org
MR: 104509
Type: Security Fix
Disposition: Backport from https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
ChangeID: 206d822029d48d904864f23fd1b1af69dffc26c8
Description:
Fixes CVE-2019-20892 which affect net-snmp <= 5.8pre1
Had to fix up some file do to later code restructioning.
"int refcnt;" addition was done in include/net-snmp/library/snmpusm.h
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 96a63b1ecf321c9a63880a963ed257086998133b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Currently, testcnx ptest fails due to expired CA certificates:
Test project /usr/lib64/freeDiameter/ptest
...
Start 10: testcnx
10/11 Test #10: testcnx ..........................***Failed 0.12 sec
...
<snip>
Command: "/usr/lib64/freeDiameter/ptest/testcnx"
Directory: /usr/lib64/freeDiameter/ptest
"testcnx" start time: Jun 17 10:52 UTC
Output:
----------------------------------------------------------
10:52:43 ERROR ERROR: Invalid parameter '(conn->cc_rcvthr != (pthread_t)((voidd
*)0))', 22
10:52:43 ERROR TLS: Remote certificate invalid on socket 6 (Remote: 'localhostt
.localdomain')(Connection: '{---T} TCP from [127.0.0.1]:57898 (4<-6)') :
10:52:43 ERROR - The certificate has expired.
10:52:43 ERROR TLS ERROR: in 'ret = gnutls_handshake(conn->cc_tls_para.sessionn
)' : Error in the certificate.
10:52:43 FATAL! testcnx.c:867: CHECK FAILED : fd_cnx_handshake(server_side, GNUU
TLS_SERVER, ALGO_HANDSHAKE_DEFAULT , NULL, NULL) == 16 != 0
10:52:43 FATAL! FAILED: testcnx.c
<end of output>
Test time = 0.02 sec
<snip>
Backport upstream patch [1] to fix this issue.
[1] http://www.freediameter.net/hg/freeDiameter/rev/eff5bb332b5a
This patch is present in version 1.4.0, so master is not affected.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: ntp.org
MR: 104487
Type: Security Fix
Disposition: Backport from http://archive.ntp.org/ntp4/ntp-4.2/
ChangeID: 65b220646dc29168c45b051a6ea2a651b9e669d1
Description:
Bugfix only update including a security fix: CVE-2020-15025
changelog: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c9384d7fc40acdf8b5ed668ac3f5fa0e2ad4dbd1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
>From [1]
* Increase cache buffers size to accomodate VLAN edits (#594)
* Correct L2 header length to correct IP header offset (#583)
* Fix warnings from gcc version 10 (#580)
* Heap Buffer Overflow in randomize_iparp (#579)
* Use after free in get_ipv6_next (#578)
* Heap Buffer Overflow in git_ipv6_next (#576)
* Call pcap_freecode() on pcap_compile() (#572)
* Increase max snaplen to 262144 (#571)
* Fix divide by zero in fuzzing (#570)
* Unique IP repeats at very high iteration counts (#566)
* Fails to compile on FreeBSD amd64 13.0 (#558)
* Heap Buffer Overflow in do_checksum (#556) (#577)
* Attempt to correct corrupt pcap files, if possible (#557)
* Fix GCC v10 warnings (#555)
* Remove some duplicated SOURCES entries (#551)
* Expand /dev/bpfX hard limit to fix macOS Mojave (#550)
* Implement --loopdelay-ms when using --loop=0 (#546)
* Heap overflow packet2tree and get_l2len (#530)
[1] https://github.com/appneta/tcpreplay/releases
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 822963c6cba8edde6d91fc56e2f0ae9e7a730551)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
https://samba.org seems to be gone, switch to https://www.samba.org
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9a85b925c51308f93475d7cc8e2ddda90dff30fd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
???Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0b0c102d8c6daae12894f47f9523fe27fca5b15f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bf1ac503e8a54387a6b46623235dadff0d14596e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
See https://lwn.net/Articles/822353/
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9e7912b8fd841001a2ffb78dc32edc86fd70b8cd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
As ??= assignment will be overwritten by += in any case,
one can't define a default of PACKAGECONFIG in this recipe.
Using _append instead mitigates chances of accidental overwriting
the default
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4cca3eff387dc6630915ba4238b97712589308b8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5caca0f7bdefd28b9ecc446aea4177e2e297aa20)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8a4039c61296801dc7f9d6f1badd9310acadf2b8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
-0001-chdeck-for-gettid-API-during-configure.patch
Removed since this is included in 2.9.16
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e44e7be3e9d140410d3c7d799a32cf867e494f9c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa615a8e6093759fd580217be79dc037d9c0d79c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Refreshed patches for 5.8 due to the following:
ERROR: net-snmp-5.8-r0 do_patch: Command Error: 'quilt --quiltrc .../net-snmp/5.8-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output:
Applying patch 0001-Add-pkg-config-support-for-building-applications-and.patch
patching file configure
...
Hunk #1 succeeded at 32248 with fuzz 2 (offset 1826 lines).
Hunk #2 FAILED at 31447.
1 out of 2 hunks FAILED -- rejects in file configure
...
Patch 0001-Add-pkg-config-support-for-building-applications-and.patch does not apply (enforce with -f)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9c3b872f846e0a2491fe8bf16ae38db82609938c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a5d7311490e12a296241bcd8adb0090c226842ec)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e8a43da0cb4631d4302ec84a0dd54ea1b74ddc92)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
-dnsmasq/0001-dnsmasq-fix-build-against-5.2-headers.patch
-dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch
Removed since these are included in 2.81
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 36ece5c83f20f4fc923f1606979ea911ecb93da8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove patch applied upstream.
Manual -fcommon is no longer necessary.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3d81f6d013b21a5db8e71328648aa896177e40eb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Ensures it can build with gcc10
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d04f3a1be3a6d7f57b3cc26cb3159b1055a5ee22)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
it needs to link with libsystemd when using systemd as init system
Fixes
Package libsystemd was not found in the pkg-config search path.
Perhaps you should add the directory containing `libsystemd.pc'
to the PKG_CONFIG_PATH environment variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 60e603f11ae1cca38553d18cf411f1a77207a97c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is a security release in order to address the following defects:
CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a41c021cfb11418f1a32e49be0716b00b5234210)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6bc961cbff095498d5092f57f17be82c565d01a9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This fixes building TCPDump without OpenSSL. Current version does not
recognize the option --without-openssl.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5b7ed1a8730a6e2c17d4650ee140b306483a3d9c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
It is unnecessary, and libbsd uses the "BSD-4-Clause" license, which can
be problematic.
To make it deterministic, a patch is introduced to allow libbsd support
to be disabled. It resembles similar patches in, e.g., libldb,
libtalloc, libtdb and libtevent.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Release 4.4.0 of wolfSSL embedded TLS has bug fixes, new features
and fixes for security vulnerabilities.
See full changelog https://github.com/wolfSSL/wolfssl/releases/tag/v4.4.0-stablefixes
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
There are some shell scripts such as kea-admin,
upgrade_4.0_to_5.0.sh, wipe_data.sh and etc contain
build path.
Actually the build path is meanlingless on the target,
so replace abs_top_builddir to abs_top_builddir_placeholder
to avoid expanding abs_top_builddir which introduces
build path.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-10188
Patch from Fedora:
https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The commit 89d86b96f80d8a136d38113baf69d8ccad5a5ff6 which tries to fix
the installation issue for ostree introduces a recursive dependency
issue. When installing the postfix package on target via online
repository, the postinst function for postfix-cfg package needs
newaliases but this command is from postfix package which causes an
error:
Configuring postfix-cfg.
/var/lib/opkg/info/postfix-cfg.postinst: line 9: newaliases: not found
pkg_run_script: package "postfix-cfg" postinst script returned status 127.
Split a new package postfix-bin from postfix and make it as the runtime
dependency for postfix-cfg.
Set USERADD_PACKAGES to ${PN}-bin to avoid image do_rootfs warnings when
installing postfix via IMAGE_INSTALL:
[log_check] warning: group postdrop does not exist - using root
[log_check] warning: user postfix does not exist - using root
Set ALTERNATIVE to ${PN}-bin to make sure the newaliases symbolic link
is installed before installing postfix-cfg.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This gets it in sync with libhugetlbfs which according to the comment,
is supposed to be correct.
Signed-off-by: Drew Moseley <drew.moseley@northern.tech>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Mbed TLS 2.16.6 is a maintenance release of the Mbed TLS 2.16 branch, and
provides security fixes and bug fixes, see:
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This includes:
Version 4.10.2
Fixed security issue where using sha384 or sha512 would set encryption keys
to all bytes 0
When using ECDH key exchange with closed group membership, an incorrect
signature would be applied to the ANNOUCE message, causing the session
to fail. Bug fixes.
Relaxed server side checks on the type of key supplied by a client when not
using public key signatures on all messages. This will assist in the
upgrade process to the upcoming version 5.0.
Fixed various small memory leaks
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Nbdkit uses plugins to add more sources of data for nbd client.
Nbdkit can also spawn nbd-client, uses unix or network socket to
communicate with client, uses different plugins to serve data for nbd
device eg. curl, file, custom plugins in many languages (perl, python)
and some others.
Fix build when printf is a macro instead of function
Use BSD-3-Clause for license
inherit bash-completion so these are packaged correctly
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
License has been changed due to date time, no new stuff added.
delete source patch reproducibility-respect-source-date-epoch.patch
for new version source tree contains it.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Add recipe for NVM-Express target user space configuration utility. It
contains a command line interface to the NVMe over Fabrics nvmet in
the Linux kernel. It allows configuring the nvmet interactively as well
as saving/restoring the configuration to/from a json file.
Signed-off-by: Jonathan Richardson <jonathan.richardson@broadcom.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
As per discussed in a previous email under the subject "Regarding
poppler auto PACKAGECONFIG when qt5-layer exists", adding a layer
but not using it should not change PACKAGECONFIG automatically. It
may result unexpected error.
Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes:
$: devtool check-upgrade-status igmpproxy
<...>
INFO: igmpproxy 0.2.1 UNKNOWN_BROKEN None
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes:
$: devtool check-upgrade-status usrsctp
<...>
INFO: usrsctp git UNKNOWN_BROKEN None f4e14ab5e12187cb2cf1ddbdc0ee5555aead3f72
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
Armin Kuster
Robert Yang
Zang Ruochen
Andreas Müller
Ovidiu Panait
Konrad Weihmann
Wang Mingyu
Pierre-Jean Texier
Patrick Williams
Zheng Ruoqin
Adrian Bunk
Khem Raj
Yi Zhao
Alexander Vickberg
Armin Kuster
Peter Kjellerstedt
Mingli Yu
Drew Moseley
Przemyslaw Czarnowski
zhangxiao
Jonathan Richardson
Mingde (Matthew) Zeng