Age | Commit message (Collapse) | Author |
|
Minor security and bugfix release. Fixes
CVE-2024-0985: PostgreSQL non-owner REFRESH MATERIALIZED VIEW
CONCURRENTLY executes arbitrary SQL
Additional information is available in the release notes:
https://www.postgresql.org/docs/release/12.18/
Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Minor security and bugfix release. Addresses the following CVEs:
CVE-2023-5868: Memory disclosure in aggregate function calls
CVE-2023-5869: Buffer overrun from integer overflow in array modification
CVE-2023-5870: Role pg_signal_backend can signal certain superuser processes
Additional information is available in the release notes:
https://www.postgresql.org/docs/release/12.17/
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
fixes:
WARNING: postgresql-12.16-r0 do_patch: Fuzz detected:
Applying patch 0001-Add-support-for-RISC-V.patch
patching file src/include/storage/s_lock.h
Hunk #2 succeeded at 339 with fuzz 1.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is a minor release to address CVEs and other bug fixes without new
features. Remove patches that are fixed in this release. Release notes are
available at:
https://www.postgresql.org/docs/release/12.10/
https://www.postgresql.org/docs/release/12.11/
https://www.postgresql.org/docs/release/12.12/
https://www.postgresql.org/docs/release/12.13/
https://www.postgresql.org/docs/release/12.14/
https://www.postgresql.org/docs/release/12.15/
https://www.postgresql.org/docs/release/12.16/
License-Update: Copyright year updated
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
fixed Below security CVE:
1)CVE-2023-2454 postgresql: schema_element defeats protective search_path changes.
2)CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining.
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: Mariadb.org
MR: 119595, 119604, 119613, 119622, 119631, 119640, 119649, 119658, 119573
Type: Security Fix
Disposition: Backport from mariadb.org
ChangeID: 2aacce87739247d98ee5b61d1b714930da961a30
Description:
This is a bug fix only update. Includes these CVES:
CVE-2022-32081
CVE-2022-32083
CVE-2022-32084
CVE-2022-32085
CVE-2022-32086
CVE-2022-32087
CVE-2022-32088
CVE-2022-32089
CVE-2022-32091
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
V2]
Missed on CVE reference.
|
|
spider_db_mbase::print_warnings()
The function spider_db_mbase::print_warnings() can potentially result
in a null pointer dereference.
Remove the null pointer dereference by cleaning up the function.
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Kerberos to modified server
Upstream-Status: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3f7342671341a7a137f2d8b06ab3461cdb0e1d88
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upstream-Status: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5579726bd60a6e7afb04a3548bced348cd5ffd89
Description:
CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
restricted operation" sandbox
Source: https://git.postgresql.org/gitweb/?p=postgresql.git;
MR: 121822
Type: Security Fix
Disposition: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ab49ce7c3414ac19e4afb386d7843ce2d2fb8bda && https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=677a494789062ca88e0142a17bedd5415f6ab0aa
ChangeID: 5011e2e09f30f76fc27dc4cb5fa98a504d1aaec9
Description:
CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: mariadb.org
MR: 117530, 117522, 117514, 117506, 117497, 117489, 117481, 117473, 117465, 117457, 117449, 117380, 117364, 117356, 117336, 117212, 117204, 117196, 117180, 117188, 117169, 117161, 117441, 117372
Type: Security Fix
Disposition: Backport from mariagdb.org
ChangeID: 8bf787570ebe8503d2974af92e17b505e70440e5
Description:
LTS version, bug fix only.
Include these CVES:
CVE-2022-27458
CVE-2022-27457
CVE-2022-27456
CVE-2022-27455
CVE-2022-27452
CVE-2022-27451
CVE-2022-27449
CVE-2022-27448
CVE-2022-27447
CVE-2022-27446
CVE-2022-27445
CVE-2022-27444
CVE-2022-27387
CVE-2022-27386
CVE-2022-27385
CVE-2022-27384
CVE-2022-27383
CVE-2022-27382
CVE-2022-27381
CVE-2022-27380
CVE-2022-27379
CVE-2022-27378
CVE-2022-27377
CVE-2022-27376
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Remove duplicate code
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa22894fa352986a62c4530ad8facd8868b2e535)
[Fixup for Dunfell context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: Mariadb.org
MR: 115460, 115507, 1115549, 115549, 115488
Type: Security Fix
Disposition: Backport from mariadb.org
ChangeID: 722782cefa6805e907ee377a340f1b8bec174079
Description:
Bug fix only update, includes these CVES:
CVE-2021-46665
CVE-2021-46664
CVE-2021-46661
CVE-2021-46668
CVE-2021-46663
For more information see: https://mariadb.com/kb/en/mariadb-10424-release-notes/
drop mariadb/c11_atomics.patch as its include in the update.
drop mariadb/clang_version_header_conflict.patch different fix applied
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Bug and security fixes. Fix patch fuzz as well to remove bitbake
warning. Release notes available at:
https://www.postgresql.org/docs/release/12.8/
https://www.postgresql.org/docs/release/12.9/
12.8 fixes:
CVE-2021-3677
12.9 fixes:
CVE-2021-23214
CVE-2021-23222
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: mariadb.org
MR: 109670, 110757, 110768
Type: Security Fix
Disposition: Backport from mariadb
ChangeID: 82a82ba3623ff39ca17443d0117d36bcee73e612
Description:
LTS version
https://mariadb.com/kb/en/mariadb-10420-release-notes/
CVE-2021-2166: MariaDB 10.4.19
CVE-2021-2154: MariaDB 10.4.19
CVE-2021-27928: MariaDB 10.4.18
Signed-off-by: Armin kuster <akuster@mvista.com>
|
|
Source: MontaVista Software, LLC
MR: 111582, 111965, 111974, 110084
Type: Security Fix
Disposition: Backport from postgres.org
ChangeID: f1e8c58bedd5dd60404e3a0eb120888ad83fdc42
Description:
Bug fix only update.
https://www.postgresql.org/docs/12/release-12-7.html
LIC_FILES_CHKSUM changed do to yr update
Includes these CVEs:
CVE-2021-32027
CVE-2021-32028
CVE-2021-32029
12.6:
CVE-2021-3393
Signed-off-by: Armin kuster <akuster@mvista.com>
|
|
it now ends up searching native python shared libraries and tries to
link with it and fails on non-host architectures
recipe-sysroot-native/usr/lib/libpython3.9.so: file not recognized: file format not recognized
collect2: error: ld returned 1 exit status
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c499aaeef80b5af8d20521658449c4148f3d0806)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 572d4148267c6ff1b43dd3498020349cb0aa77c7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix the installation of the pam.so for 64bit builds.
This is an indirect backport of commit
8fa0a3ace6b8835ba623fac118e0bdb4ea0f1f24 ("mariadb: upgrade to 10.5.4")
from the master branch.
Signed-off-by: Dan Murphy <dmurphy@ti.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes the following CVEs:
CVE-2020-25694
CVE-2020-25695
CVE-2020-25696
Full release notes at:
https://www.postgresql.org/docs/12/release-12-5.html
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 6ff4bd4f345b4e8030b9197d13097308df521576)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: mariadb.org
MR: 107836, 107837, 107838, 107839, 107840, 107852, 106414, 106414, 107864, 107876, 107888
Type: Security Fix
Disposition: Backport from mariadb.org
ChangeID: 75fb83ced15990b94659af6e107c063d288cb037
Description:
refresh several patches
Drop 0001-Fix-build-breakage-from-lock_guard-error-6161.patch as fix included in update
Bugfix only update including these cves:
10.4.13
CVE-2020-2752
CVE-2020-2812
CVE-2020-2814
CVE-2020-2760
CVE-2020-13249
10.4.15
CVE-2020-15180
10.4.16
CVE-2020-14812
CVE-2020-14765
CVE-2020-14776
CVE-2020-14789
CVE-2020-28912 (MDEV-24040)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
createlang, droplang, and the tsearch2 module were all removed in the
10.0 release. More details are in the release notes:
https://www.postgresql.org/docs/10/release-10.html
The update from 12.3 to 12.4 is a minor release with bug and security
fixes:
https://www.postgresql.org/docs/current/release-12-4.html
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
0001-Use-pkg-config-for-libxml2-detection.patch
removed since it is not available in 12.3
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 04dc1ffc16eaa2eca6299341b2a86e56b9e98367)
[Bug fix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes
librocksdb.so.6.6.4: undefined reference to `__atomic_compare_exchange_1'
collect2: error: ld returned 1 exit status
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
When usrmerge is enabled in DISTRO_FEATURES, there
comes below error:
ERROR: mariadb-10.4.12-r0 do_package_qa: QA Issue: mariadb-leftovers package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge]
ERROR: mariadb-10.4.12-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
It is because empty /lib dir exists in mariadb-leftovers
as below:
$ rpm -qpl mariadb-leftovers-10.4.12-r0.core2_64.rpm |grep ^/lib
/lib
Considering the empty /lib dir is introduced when pam
is enabled in DISTRO_FEATURES, so remove the empty /lib
dir when pam is enabled to fix the above error.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* Fixes for the following security vulnerabilities:
CVE-2020-2574
CVE-2020-7221
* Rework fix-arm-atomic.patch to remove fuzz warnings
* Fix the warning when pam is enabled in DISTRO_FEATURES:
WARNING: mariadb-10.4.12-r0 do_package_qa: QA Issue: mariadb-dbg: found library in wrong location: /lib/security/.debug/pam_user_map.so
mariadb-leftovers: found library in wrong location: /lib/security/pam_user_map.so [libdir]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
0001-Fix-build-breakage-from-lock_guard-error-6161.patch
removed since it is included in 6.6.4
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
-License-Update: Copyright year updated to 2020.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
some recipes under meta-oe have dependency on meta-python,
and test_world of yocto-check-layer will failed with error
like:
ERROR: test_world (common.CommonCheckLayer)
ERROR: Nothing PROVIDES 'python3-pytoml-native' (but
/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_60.9.0.bb
DEPENDS on or otherwise requires it). Close matches:
python3-numpy-native
python3-pycairo-native
python3-rpm-native
ERROR: Required build target 'meta-world-pkgdata' has no buildable
providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
'mozjs', 'python3-pytoml-native']
fix by make these recipes only active when identified layers are
present
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
When pam is enabled, the pam plugin in pulled into the
server package but not the auth tool which results in
following error on boot:
Starting to install database for mariadb
chown: cannot access '/usr/lib/plugin/auth_pam_tool_dir': No such file
or directory
Cannot change ownership of the '/usr/lib/plugin/auth_pam_tool_dir'
directory
to the 'mysql' user. Check that you have the necessary permissions and
try again.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
BBPATH check actually does not work
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
helps parsing without meta-py2 in mix
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This change makes the parsing go though, we still might have build
issues, which will be reported in world builds seprately
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
While cross-compiling mariadb package it tries to link lz4 library
present in the target sysroot and if not found it tries to link host
lz4 library which is incorrect leading to linker errors. So fix that
via restricting lz4 library lookup to target sysroot only.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Using newer compilers e.g. gcc10/clang10 it spews new warnings so its
better to disable warning as errors for now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixed do_compile error when DEBUG_BUILD = "1":
db/write_thread.cc:183:14: error: 'state' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Backport a rocksdb patch to fix clang error
Refresh existing patches as needed
Switch SRC_URI to downloads.mariadb.org since archive.mariadb.org is too
slow if no mirrors are used
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Backport an upstream patch to fix build
Delete patches which are either upstreamed or not required
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Upstream has moved to cmake, so drop the build patches which are no
longer relevant. Add run-ptest and PACKAGECONFIG support.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Because readline changed its license to GPLv3 from version 6.0, if
build mariadb for distribution, it skips readline and turns to libedit.
If no libedit available, it uses bundled readline in the source code
finally. There is readline 8.0 in oe-core, so remove dependency readline
and use libedit instead.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Update 0001-Use-pkg-config-for-libxml2-detection.patch for new version.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The License of postgresql is BSD-0-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
when libpcre is built with clang and mongodb with gcc then they dont
link well, in such cases its better to use in-tree pcre, this paves a
way to achieve that if needed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|