Age | Commit message (Collapse) | Author |
|
Commit 2e794f33a43d71bb9861 cherry-picked a fix from master, which used
the new override syntax, which was introduced in poky commit
2abf8a699edd513405be (2021-07-25, "bitbake: bitbake: Switch to using new
override syntax"). However, this change was merged after 3.4_M2 and is
not part of hardknott, so bitbake complains about the new syntax:
ERROR: ParseError at
…/meta-openembedded/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb:20:
unparsed line: 'do_install:append() {'
Revert to the old syntax on the hardknott branch for now.
Fixes: 2e794f33a43d71bb9861 (2021-08-09, "ldns: fix QA Issue after LDFLAGS change")
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Commit bca3bbbf203086794e5b cherry-picked a fix from master, which used
the new override syntax, which was introduced in poky commit
2abf8a699edd513405be (2021-07-25, "bitbake: bitbake: Switch to using new
override syntax"). However, this change was merged after 3.4_M2 and is
not part of hardknott, so bitbake complains about the new syntax:
ERROR: ParseError at
…/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb:20:
unparsed line: 'do_install:append() {'
Revert to the old syntax on the hardknott branch for now.
Fixes: bca3bbbf203086794e5b (2021-08-09, "curlpp: fix QA Issue after LDFLAGS change")
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch [1] to fix CVE-2021-3560.
[1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b65c646b25a2652de02ba2adbbef942b5b475e7f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add rdeps as needed
Fixes shebang-size QA warnings
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8cc64128c70c5b6a41b050332abb1d73a10ef4fa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Avoids using installed-vs-shipped
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 566049b4f1ddc049c1f89a5838d1a71bb429faa3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE: CVE-2021-32625
Upstream-Status: Backport [e9a1438ac4c52aa68dfa2a8324b6419356842116]
Fix integer overflow in STRALGO LCS (CVE-2021-32625) (#9011)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Replace a link that's now broken.
The original download link on blender.org still works
(https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_1080p_surround.avi)
but is still extremely slow.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 223243d649b623db398d2f39f067b4c72b54e710)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: ldns.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a4791bf2f37de55dd51971d34ac2252d3cf68f30)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: curlpp.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c40e01b0fce73bc289d9499b204350359afc7884)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2014-10402.
CVE: CVE-2014-10402
Ref:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c80b3757ffc762a1577bcf7d0da41ebf1954b3f1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The previous SRC_URI only stores the latest source tarball and we
will meet do_fetch issue if not upgrade timely.
Update the SRC_URI which stores all versions to fix some warning
like below:
WARNING: mariadb-10.5.9-r0 do_fetch: Failed to fetch URL https://downloads.mariadb.org/interstitial/mariadb-10.5.9/source/mariadb-10.5.9.tar.gz, attempting MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit da798f15ffd93759e1ba3f21bd1ba80c73e962af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The log-error item which defined in my.cnf is "/var/log/mysqld.err"
previouly and it's not consistent with which created in install_db
service file which will call mysql-systemd-start to create the file
"/var/log/mysqld.log".
And it fails when boot with sysvinit as below:
$ service mysqld start
Starting MariaDB.210727 04:05:03 mysqld_safe Logging to '/var/log/mysqld.err'.
210727 04:05:03 mysqld_safe Starting mariadbd daemon with databases from /var/lib/mysql
/usr/bin/mysqld_safe_helper: Can't create/write to file '/var/log/mysqld.err' (Errcode: 13 "Permission denied")
So make the log-error item consistent to fix the above failure
and also remove the related workaround when boot with systemd.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a4144d954692ad68121d16adae09dc990e8ab1f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop patch to fix build failure with kernel 5.13, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66b5131e266a6e4a82b467d58cb657a28a2e4b7e)
[stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A commit in the repo of pm-qa:
"adf9df9 Fix path to library files and change shebang line"
Changed the text that sed was using to replace relative to
absolute paths.
As a result sed was not effectively finding the text
"source ../include" to replace it, as the sed should be now
searching for ". ../include".
Similarly for "../Switches"
Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 06a93a04efe2c2cbae6de93d07962be4dfa35019)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Stray newline character causes errors in functionfs setup scripts
used by android-tools-adbd.service, when using musl libc and/or toybox.
Signed-off-by: Devendra Tewari <devendra.tewari@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit db5f48734404a52ee5323659082f1d6baa225ca7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: netsnmp-agent.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5e042ac2079bffa3ae3d9839a50bf6a3d3f1930a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Lots of bug fixes.
CVE: CVE-2021-21704 CVE-2021-21705
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Without it there are no terminal configurations on the target
and htop refuses to run.
(cherry picked from commit b5d74f8a6bd33e8468dd04d990f08d89d1e6928a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
~ lldpad -d
~ 8021q: 802.1Q VLAN Support v1.8
~ 8021q: adding VLAN 0 to HW filter on device eth0
~ lldpad[xxx]: segfault at 0 ip xxx sp xxx error 4 in lldpad[xxx+xxx]
~ Code: xxx
the issue is introduced by:
0002-lldp_head-rename-and-make-extern.patch
Upstream patches:
https://github.com/intel/openlldp/commit/ed6a8e5a75f56b7034a46294a0bf2a9a7fd14fbc
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 145f59ba75c992c4ce1f808308c041c1f7519244)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
License-Update:
add note:
** NOTE! The following LGPL license applies to the talloc
** library. This does NOT imply that all of Samba is released
** under the LGPL
"GNU General Public License" changed to "GNU Lesser General Public License"
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 173cf5fd6b3fa2b0ee74ccb5fc11a96319943821)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
v1.44.0 changelog:
lib: Port new ngtcp2 map implementation
doc: Replace master with main
build: Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS
build: Add more --with-* configure flags
build: Add LIBTOOL_LDFLAGS configure variable
third-party: Bump llhttp to 6.0.2
src: Replace black-list with block-list
nghttpx: Fix max distance in weight group/address cycle comparison
nghttpx: Set connect_blocker and live_check after shuffling addresses
nghttpx: Replace master with main
nghttpx: Remove trailing white space after $method log variable
(https://github.com/nghttp2/nghttp2/pull/1553)
h2load: Add --rps option
(https://github.com/nghttp2/nghttp2/pull/1559)
h2load: Allow unit in -D option
asio: fix some typos (Patch from Jan Kundrát)
(https://github.com/nghttp2/nghttp2/pull/1550)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b767b37e3aabc3c9e95adb7eb469bd6d32979fb8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Stable branch bug fix update. Includes:
CVE-2021-22235
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b68fe48192f0e029a1ca60a8f72199fbbccd3c1e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upgrade to release 1.26.5:
- Fixed deprecation warnings emitted in Python 3.10.
- Updated vendored six library to 1.16.0.
- Improved performance of URL parser when splitting the authority
component.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Fixes CVE 2021-33503.
(cherry picked from commit bb39c29a46e44fcc082aed0ce8772f4267a41d2d)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Pull fix from version 8.3.1 back to 8.2.0.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
|
|
files moved under a new dir structure.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Its already upstream and also used in Debian and Ubuntu
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d0f2d7c954b9f3befd9470d97de581fe5b1fb2a8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 319490178b999a74a82d092320de5d9d2e5c67bd)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop all patches, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It fails to start install_db.service when install mariadb-setupdb from a
package repo via dnf:
root@qemux86-64:~# systemctl status install_db
x install_db.service - Install MySQL Community Server Database
Loaded: loaded (/lib/systemd/system/install_db.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2021-07-09 02:55:12 UTC; 5s ago
Process: 504 ExecStart=/usr/bin/mysql-systemd-start pre (code=exited, status=203/EXEC)
Main PID: 504 (code=exited, status=203/EXEC)
Jul 09 02:55:12 qemux86-64 systemd[1]: Starting Install MySQL Community Server Database...
Jul 09 02:55:12 qemux86-64 systemd[504]: install_db.service: Failed to locate executable /usr/bin/mysql-systemd-start: No such file or directo>
Jul 09 02:55:12 qemux86-64 systemd[504]: install_db.service: Failed at step EXEC spawning /usr/bin/mysql-systemd-start: No such file or direct>
Jul 09 02:55:12 qemux86-64 systemd[1]: install_db.service: Main process exited, code=exited, status=203/EXEC
Jul 09 02:55:12 qemux86-64 systemd[1]: install_db.service: Failed with result 'exit-code'.
Jul 09 02:55:12 qemux86-64 systemd[1]: Failed to start Install MySQL Community Server Database.
The scripts required by install_db.service are packaged in
mariadb-server which depends on mariadb-setupdb already. So move the
scripts to mariadb-setupdb to make sure start install_db.service
successfully. And move creating user 'mysql' in mariadb-setupdb as well.
Packageconfig 'setupdb' has been useless from last upgrade, so remove it
at same time.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b7554ae2855483edc0a7d4c533d7d818bbc9e4f8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Forward port musl patches
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 287ffdf1d03731fadd6a90b224d08cf9a3b50de5)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This way, mariadb does not depend on mariadb-native anymore.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6f05b2463a20f99d43c5a7db190dfe3490929247)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit abbca30bd61c0ff856785900aac899ab33ead08b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
musl finds this problem in sources where its missing to include
needed system header for ssize_t
Fixes
wsrep-lib/include/wsrep/gtid.hpp:80:5: error: unknown type name 'ssize_t'; did you mean 'size_t'?
ssize_t scan_from_c_str(const char* buf, size_t buf_len,
^~~~~~~
size_t
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0298521fcd9eefdd9cd415b58740b972d65cf93c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop fix-a-building-failure.patch because upstream has made is narrower
to apply to emulator builds and not just any cross compiling builds
Add missing dependency on boost
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2183f0894110a6913c44bee9a1f4b1cea7639bdc)
[Bug fix only update:
CVE-2021-2166
CVE-2021-2154 ]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Assume recent CMake upgrade made this pop up.
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ca18e276d63e9fc6fece6a32e88959cbcf84c91b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This patch backports the fix for CVE-2021-29478
CVE: CVE-2021-29478
Upstream-Status: Backport
[https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592]
An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
potentially result with remote code execution.
The vulnerability involves changing the default set-max-intset-entries
configuration value, creating a large set key that consists of integer values
and using the COPY command to duplicate it.
The integer overflow bug exists in all versions of Redis starting with 2.6,
where it could result with a corrupted RDB or DUMP payload, but not exploited
through COPY (which did not exist before 6.2).
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This patch backports the fix for CVE-2021-29477.
CVE: CVE-2021-29477
Upstream-Status: Backport
[https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9]
An integer overflow bug in Redis version 6.0 or newer could be exploited using
the STRALGO LCS command to corrupt the heap and potentially result with remote
code execution.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
3.2.5 fixes CVE-2021-35042: Potential SQL injection via unsanitized
QuerySet.order_by() input.
Additional release notes:
- Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values_list(…, named=True) after prefetch_related() (#32812).
- Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+
when altering BinaryField, JSONField, or TextField to non-nullable
(#32503).
- Fixed a regression in Django 3.2 that caused a migration crash on MySQL
8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a
default value (#32832).
- Fixed a bug in Django 3.2 where a system check would crash on a model
with an invalid app_label (#32863).
There is no corresponding uprev for the 2.x LTS branch since it is
already at the latest version (2.2.24).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit fe50bd100548500842667210df9757d84ec11b16)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In sysbench version 0.4, the tmp variable used by the memory test to
execute requests is optimized by the compiler. Caching mechanism reduces
the direct accesses to the memory increasing the transfer speed. This
leads to false timing estimations that considerably affect read and
also random write operations.
In sysbench version 1, this issue is fixed adding the volatile modifier
to the tmp variable. This prevents compiler optimizations forcing a direct
access to the memory.
The final result is a realistic transfer speed measurement.
Signed-off-by: massimo toscanelli <massimo.toscanelli@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 59cce5ad1603c2975684ae15b639e0e3cd688c40)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This patch fixes the following error when libiio is installed when
python3 bindings are enabled:
ERROR: Execution of '.../libiio/0.21+gitAUTOINC+565bf68ecc-r0/temp/run.do_install.2349473' failed with exit code 1:
running build
running build_py
running install
Traceback (most recent call last):
File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/build/bindings/python/setup.py", line 77, in _check_libiio_installed
raise OSError
OSError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/build/bindings/python/setup.py", line 106, in <module>
setup(**config)
File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/recipe-sysroot-native/usr/lib/python3.9/site-packages/setuptools/__init__.py", line 153, in setup
return distutils.core.setup(**attrs)
File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/recipe-sysroot-native/usr/lib/python3.9/distutils/core.py", line 148, in setup
dist.run_commands()
File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/recipe-sysroot-native/usr/lib/python3.9/distutils/dist.py", line 966, in run_commands
self.run_command(cmd)
File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/recipe-sysroot-native/usr/lib/python3.9/distutils/dist.py", line 985, in run_command
cmd_obj.run()
File ".../libiio/0.21+gitAUTOINC+565bf68ecc-r0/build/bindings/python/setup.py", line 52, in run
self._check_libiio_installed()
File "/libiio/0.21+gitAUTOINC+565bf68ecc-r0/build/bindings/python/setup.py", line 83, in _check_libiio_installed
raise Exception(msg)
Exception: The libiio library could not be found.
libiio needs to be installed first before the python bindings.
The latest release can be found on GitHub:
https://github.com/analogdevicesinc/libiio/releases
Some time ago a fix for this issue was already discussed here [1].
However in the same discussion also a second issue was being handled.
A fix for the second issue was merged in 51f98865da0. The first issue
didn't pop up anymore and so a fix was never applied.
Recently however after switching from build machine, I started seeing
the first issue. I suspect due to build caching the first issue didn't
pop up anymore before up until now. With this patch, fixes are now
available for both issues handled in [1].
[1]: https://github.com/openembedded/meta-openembedded/issues/248
Signed-off-by: Sam Van Den Berge <sam.van.den.berge@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When using systemd, ntpdate-sync script will start in background
triggering the start of ntpd without actually exiting.
This results in an bind error in ntpd startup.
Add wait at the end of ntpdate script to ensure that when the ntpdate.service
is marked as finished the oneshot script ntpdate-sync finished and unbind the
ntp port
Fixes #386
Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 73d5cd5e8d9d8a922b6a8a9d90adf0470a99314e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2006-5201 affects only using an RSA key with exponent 3 on Sun Solaris.
Signed-off-by: Masaki Ambai <ambai.masaki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 44113dcb5feea5522696d43d00909db41e5e6dbc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.
Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d49e96aac4616c439a2d778b95a793037dac884e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2021-30641
CVE-2020-13950:
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be
made to crash (NULL pointer dereference) with specially crafted
requests using both Content-Length and Transfer-Encoding headers,
leading to a Denial of Service
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-13950
Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966738
https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b
CVE-2020-35452:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Digest nonce can cause a stack overflow in
mod_auth_digest. There is no report of this overflow
being exploitable, nor the Apache HTTP Server team could
create one, though some particular compiler and/or
compilation option might make it possible, with limited
consequences anyway due to the size (a single byte) and
the value (zero byte) of the overflow
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-35452
Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2020-35452
https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b
CVE-2021-26690:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Cookie header handled by mod_session can cause
a NULL pointer dereference and crash, leading to a
possible Denial Of Service
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26690
Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2021-26690
https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8
CVE-2021-26691:
In Apache HTTP Server versions 2.4.0 to 2.4.46 a
specially crafted SessionHeader sent by an origin server
could cause a heap overflow
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26691
Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966732
https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
CVE-2021-30641:
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected
matching behavior with 'MergeSlashes OFF'
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30641
Upstream patches:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Version 2.2.24 contains a fix for CVE-2021-33571 and is the latest LTS
release.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fa2d3338fb87a38a66d11735b876ce2320045b0d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upgrade to release 3.2.4:
- CVE-2021-33203: Potential directory traversal via admindocs
- CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses
- Fixed a bug in Django 3.2 where a final catch-all view in the
admin didn't respect the server-provided value of SCRIPT_NAME
when redirecting unauthenticated users to the login page.
- Fixed a bug in Django 3.2 where a system check would crash on an
abstract model
- Prevented unnecessary initialization of unused caches following
a regression in Django 3.2
- Fixed a crash in Django 3.2 that could occur when running
mod_wsgi with the recommended settings while the Windows
colorama library was installed
- Fixed a bug in Django 3.2 that would trigger the auto-reloader
for template changes when directory paths were specified with
strings
- Fixed a regression in Django 3.2 that caused a crash of
auto-reloader with AttributeError, e.g. inside a Conda
environment
- Fixed a regression in Django 3.2 that caused a loss of precision
for operations with DecimalField on MySQL
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 624e3e18982775d2ea88e55e16d179420f0575fc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
3.2.3 is a bugfix release:
- Prepared for mysqlclient > 2.0.3 support (#32732).
- Fixed a regression in Django 3.2 that caused the incorrect
filtering of querysets combined with the | operator (#32717).
- Fixed a regression in Django 3.2.1 where saving FileField
would raise a SuspiciousFileOperation even when a custom
upload_to returns a valid file path (#32718).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit bdf1be7c5511f3d19e4786b9f2bcad88dfb2a9e4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
2.2.23 is a bugfix release:
- Fixed a regression in Django 2.2.21 where saving FileField would raise a
SuspiciousFileOperation even when a custom upload_to returns a valid
file path (#32718).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit f07a8c1376fe9f5eb4fc0ddff8ca1a1b3c3f173b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|