Age | Commit message (Collapse) | Author |
|
Uprev nodejs in order to fix CVE-2020-8277.
This CVE allows an attacker to trigger a DNS request for a host
of their choice, which could trigger a Denial of Service in
nodejs versions < 12.19.1.
See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
CVE: CVE-2020-8277
Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a44015408253d8a4f64055f41fa1f497aeacfc30)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 387f40ce8068ec8848c2e3b76ce2e3267b98c3d6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This perhaps is last release in 12.x LTS
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a10f894a8e7f800d2412fff8d47fb37d363fa322)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch from upstream to take care of build failure e.g.
| ../deps/v8/src/codegen/arm/cpu-arm.cc:38:16: error: write to reserved register 'R7'
| asm volatile("svc 0\n"
| ^
| 1 error generated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 45a2dfdd0f16ed6941926e2dca1ad90f36e120bc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop already upstreamed patches
use builtin uv, it does not build without it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bda3ee6276d76a10d2b5564da5709db4c21b8f13)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove soon-to-be removed getAllFieldPositions
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andrej Valek <andrej.valek@siemens.com>
(cherry picked from commit 7910f2b64575dcd3352effd441accb3b56e3554d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
LIC_FILES_CHKSUM changed to do year updates
This is the last 5.3.x update. This will give us the best
starting point for doing Maintence moving forward.
Its a bug fix only update. See http://www.lua.org/work/diffs-lua-5.3.5-lua-5.3.6.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: openembedded.org
MR: 105165
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded gatesgarth
ChangeID: 747161877824daae061bc4fb458f55ab033f62f4
Description:
Fix CVE-2020-24371
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: openembedded.org
MR: 104897
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded gatesgarth
ChangeID: 6c43941d116bbb9f0d62ca5376da24ae03eb9eab
Description:
Fixes CVE-2020-15945
Backport with modifications to apply successfully.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Security Advisory
References
https://nvd.nist.gov/vuln/detail/CVE-2020-7069
https://bugs.php.net/patch-display.php?bug_id=79601&patch=openssl_aes_ccm_iv_fix&revision=latest
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fa80193468745a11bc12d5845f66412a0d62e0e2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 992e09f09a40e7a8d03c7c4b5adf40f821ed3774)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Security Advisory
References
https://nvd.nist.gov/vuln/detail/CVE-2020-7070
https://bugs.php.net/patch-display.php?bug=79699&patch=fix-urldecode&revision=1600650364
https://github.com/php/php-src/blob/master/main/php_variables.c
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aff8a1fefb9a1a311e5ba14ad69871514270803a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 09f5a2ac5ab8550f5f0bd05417f2f54d27995dac)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Appending ${TMPDIR} to ${D} doesn't make any sense, because both are
absolute paths. And additionally, the code fails:
rmdir: failed to remove '/usr/src/oe/tmp-musl/work/core2-64-oe-linux-musl/php/7.1.9-r0/image//usr': Directory not empty
Signed-off-by: Max Kellermann <max.kellermann@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit f6338892d9c57c51ed48b04f587b468f7718a8ba)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upgrade to release 7.4.9:
- Fixed: Upgrade apache2handler's php_apache_sapi_get_request_time
to return usec
- Fixed: BSTR to PHP string conversion not binary safe
- Fixed: DCOM does not work with Username, Password parameter
- Fixed: serialize() and unserialize() methods can not be called
statically
- Fixed: Segfault in php_str_replace_common
- Fixed: Assertion failure if dumping closure with unresolved
static variable
- Fixed: Assertion failure when assigning property of string
offset by reference
- Fixed: HT iterators not removed if empty array is destroyed
- Fixed: Changing array during undef index RW error segfaults
- Fixed: Use after free if changing array during undef var during
array write fetch
- Fixed: Use after free if string used in undefined index warning
is changed
- Fixed: Public non-static property in child should take priority
over private static
- Fixed: getimagesize function silently truncates after a null
byte
- Fixed: finfo_file crash (FILEINFO_MIME)
- Fixed: ftp_size on large files
- Fixed: mb_strimwidth does not trim string
- Fixed: Use of freed hash key in the phar_parse_zipfile function
- Fixed: ::getStaticProperties() ignores property modifications
- Fixed: ::getStaticPropertyValue() throws on protected props
- Fixed: Use after free when type duplicated into
ReflectionProperty gets resolved
- Fixed: Can't copy() large 'data://' with open_basedir
- Fixed: dns_check_record() always return true on Alpine
- Fixed: array_walk() does not respect property types
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f46931abf073a4c5b02a160a89fe073f1b67632b)
[Bug fix on update. lts version]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Because CVE-2019-14274.patch is included in ice-mcpp.patch, the cve-check-tool fails to correctly judge the CVE of the OSS. CVE-2019-14274.patch is separated from ice-mcpp.patch to fix the problem.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9301b77e3266160ffb7e9bfd69d445f0392076c8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 81874b239287126805aa176907bd52e9a7801655)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport fix from https://github.com/lua/lua.git.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 698748c1538ed03efbcfdd936cf8317b4f138c29)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This reverts commit 2b384c59733c437027f9b14cc32da19251efd97b.
It appears that there was a change in soname not noted in the changelog.
https://github.com/open-source-parsers/jsoncpp/commit/8b7ea09b8055df01866a5ce4142b12ed8f9f13eb
ABI change appears to have occured.
https://abi-laboratory.pro/index.php?view=timeline&l=jsoncpp
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Unfortunately 489d3b4b932ee8016d792341f8ea5836a9522cd4 did not completely
fix the problem - if you try cleaning and rebuilding protobuf-c-native it
doesn't take long to reproduce the issue on a 32-core machine. I spent
some time trying to debug this but failed, there is still a race between
generating t.test-full.pb.h and compiling cxx_generate_packed_data.c
despite BUILT_SOURCES and explicit dependencies. I even tried converting
the multiple target rules to use grouped targets (&:), that didn't fix it
either. Disabling parallelism as a workaround only costs ~20s and it
turns out that upstream is switching to Meson soon anyway:
https://github.com/protobuf-c/protobuf-c/pull/340
Signed-off-by: Paul Eggleton <paul.eggleton@linux.microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3251fe210a91d13ab2a6c5b7ecb283aa8e019020)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
See full changelog https://github.com/open-source-parsers/jsoncpp/releases/tag/1.9.3
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 65e124eef373680726ac045677cbec7d9080a289)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The following issue and PR describe an issue with nlohmann-json and
GCC10.
https://github.com/nlohmann/json/issues/1920
https://github.com/nlohmann/json/pull/2034
Confirmed that this fixed the issue seen in OpenBMC when pulling in the
latest upstream meta-openembedded.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 12b707c52de60f1cb4a0b4af8c379d4a11dfba35)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The source of the issue is the update for PHP 7.4 support in
0001-opcache-config.m4-enable-opcache.patch (commit 7cc7a9ec). Instead
of working around the issue in the recipe file, update the patch to
restore the call to PHP_ADD_LIBRARY().
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3cfd16be4e1b62efe8ac640cecc080709cf2b9f9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Explicitly specifying -lrt is required for opcache to be linked against
the proper dependencies. Additionally, PHP disables libdl when it
detects a cross-compilation environment for some reason. In order to
load any type of extension, re-enabling libdl is required.
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0145cb4645b720efc36e4a034bb9e1077c191e5e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
PHP 7.4 enables libxml by default and removed it as a configurable
option.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7aeef522ff3522ccf76a6750846e235e7c80427a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
--enable-zip and --with-libzip were removed in PHP 7.x.
These are replaced by --with-zip --with-zlib-dir.
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6690afa59e5bb698e752c3346b8470e40f9d9daa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Since uftrace-0.9.4 was released, there has been some important bug
fixes. It would be better to include such bug fix commits so this patch
updates the commit hash to more stable one.
The bug fix patches are as follows:
[1] https://github.com/namhyung/uftrace/commit/a0fbee404b2d23aab6b544075628eb38e837d738
[2] https://github.com/namhyung/uftrace/commit/251ba74a7283664b330649c239dfea20dd8f9dae
[3] https://github.com/namhyung/uftrace/commit/19e6f0d4b382821e3b779012137c38fcc271e7e2
[4] https://github.com/namhyung/uftrace/commit/d648bbffedef529220896283fb59e35531c13804
Signed-off-by: Honggyu Kim <honggyu.kp@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Not ported to rv32 yet
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
License-Update: License updated (year updated)
note: for 7.4, pear is disabled by default,
and it will be deprecated in future.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
cJSON aims to be the dumbest possible parser that you can get your
job done with. It's a single file of C, and a single header file.
Homepage: https://github.com/DaveGamble/cJSON
Signed-off-by: Ting Liu <ting.liu@nxp.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Does not have riscv port yet
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Unsupported arch as of now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Risc-V ADB implementation is based on ARM64 implemtentation.
The core change is leverage fence command to implement memroy barrier
featrue.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Haseeb Ashraf <Haseeb_Ashraf@mentor.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
LUA_CPATH_DEFAULT for *.so files should include
LUA_ROOT/lib64/lua/LUA_VDIR not LUA_ROOT/lib/lua/LUA_VDIR
Signed-off-by: Haseeb Ashraf <Haseeb_Ashraf@mentor.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* upgrade to 7.3.16
* remove unuseful patches
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* fixes:
ERROR: lapack-3.9.0-r0 do_package_qa: QA Issue: lapack: SRC_URI uses unstable GitHub archives [src-uri-bad]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes:
$: devtool check-upgrade-status nlohmann-fifo
<...>
INFO: nlohmann-fifo 1.0.0 UNKNOWN_BROKEN None
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
WARNING: octave-4.4.1-r0 do_package_qa: QA Issue: package contains desktop file with key 'MimeType' but does not inhert mime-xdg [mime-xdg]
WARNING: octave-4.4.1-r0 do_package_qa: QA Issue: octave: SRC_URI uses PN not BPN [src-uri-bad]
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
dtrace and etw are hardly used for embedded usecase
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
CVE-2019-11050.patch
Security Advisory
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
It fails to compile doxygen-native when /usr/bin/python is a link to
python3 on build host:
| Failed to import the site module
| Traceback (most recent call last):
| File "/usr/lib64/python3.6/site.py", line 564, in <module>
| main()
| File "/usr/lib64/python3.6/site.py", line 550, in main
| known_paths = addusersitepackages(known_paths)
| File "/usr/lib64/python3.6/site.py", line 282, in addusersitepackages
| user_site = getusersitepackages()
| File "/usr/lib64/python3.6/site.py", line 258, in getusersitepackages
| user_base = getuserbase() # this will also set USER_BASE
| File "/usr/lib64/python3.6/site.py", line 248, in getuserbase
| USER_BASE = get_config_var('userbase')
| File "/usr/lib64/python3.6/sysconfig.py", line 604, in get_config_var
| return get_config_vars().get(name)
| File "/usr/lib64/python3.6/sysconfig.py", line 553, in get_config_vars
| _init_posix(_CONFIG_VARS)
| File "/usr/lib64/python3.6/sysconfig.py", line 424, in _init_posix
| _temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
| ModuleNotFoundError: No module named '_sysconfigdata'
Replace find_package PythonInterp with Python3 to fix this issue that
it uses python3 from python3-native. And it also replaces the result
variable PYTHON_EXECUTABLE with Python3_EXECUTABLE.
This patch is only needded by doxygen-native.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
0001-Add-detection-of-strtoull_l-function.patch
removed since it is included in 1.12.0
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes install errors when icu packageconfig is disabled
Signed-off-by: Jaga <jagadheesan_duraisamy@comcast.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Needed for execinfo to work
Fixes
absl/debugging/internal/stacktrace_generic-inl.inc:14:10: fatal error: 'execinfo.h' file not found
^~~~~~~~~~~~
1 error generated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes:
INFO: Skip package abseil-cpp (status = UNKNOWN_BROKEN, current version = git, next version = 20200225.1)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|