Age | Commit message (Collapse) | Author |
|
CVE Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-3715
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4269cfcd6c29be05964010d0406584b80822d1d1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Xiangyu Chen <xiangyu.chen@eng.windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Changelog:
=============
* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7a399862bb2e1503fbffa18e7ec0767643f76132)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This is to get rid of the intermittent failures in clock_gettime04,
which are likely caused by different clock tick rates on platforms.
Here give two thresholds (in milliseconds) for comparison, one for
COARSE clock and one for the rest.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Backport the fix from upstream to fix this CVE.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 59f69125fb00dc8fd335f32fe6898e7a480141e4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
float128 requires instructions of xsmaddqp and xsmsubqp which are added to
qemu since v7.0 by the following commit.
https://github.com/qemu/qemu/commit/3bb1aed246d7b59ceee625a82628f7369d492a8f
While kirkstone is still at v6.2 and thus experiences SIGILL as follow
root@qemuppc64:~# stress-ng --cpu 2 --timeout 30s
stress-ng: info: [972] setting to a 30 second run per stressor
stress-ng: info: [972] dispatching hogs: 2 cpu
stress-ng: info: [973] stressor terminated with unexpected signal signal 4 'SIGILL'
<snip>
This is specific to kirkstone since qemu on master branch has upgraded to v7.1.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ceac0492e75baa63a46365d8b63275437ad5671f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Backport a patch to fix the pread02 case trigger the glibc overflow
detection.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ecf88d151f265e5efb8e1dde5aba3ee2a8b76d8d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3163134b0f58c58aaabe4e957c30109e63b2d60f)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Changelog:
==========
* [build] meson: fix typo in variable name
* [build] autoconf: report if building with zstd
* [build] meson -Dlua_version=... to specify lua ver
* [core] avoid CCRandomGenerateBytes on MacOS <10.12 (fixes #3140)
* [core] use diff var name w/ CCRandomGenerateBytes (fixes #3141)
* [core] parse conf cmds with SHELL or /bin/sh
* [core] fix HMAC with openssl 3.0
* [mod_webdav] no COPYFILE_CLONE_FORCE on OSX <10.12 (fixes #3142)
* [mod_deflate] fix to return 304 with If-None-Match (fixes #3143)
* [core] Illumos epoll incompatible w/ lighttpd impl
* [core] feature flag to allow Range w/ HTTP/1.0
* [mod_mbedtls] set usekeysize for mbedtls 3.2.0+
* [mod_deflate] collect mmap code
* [mod_deflate] prototype using libdeflate w/ mmap
* [mod_deflate] --with-libdeflate to use libdeflate
* [mod_deflate] mark input bytes const
* [core] sys-setjmp.[ch]
* [mod_magnet] check lighty.result.content b4 setjmp
* [core] include guard consistency in sys-time.h
* [core] network_write_file_chunk_remap separate fn
* [multiple] use new sys_setjmp_eval3() interface
* [multiple] pedantic chunk.c checks for 0-len chunk
* [multiple] shared code for struct chunk and mmap
* [mod_deflate] use pread if available
* [mod_deflate] improve loop compressing file chunk
* [core] prep server_tag at startup for h2 resp hdr
* [mod_magnet] defer req_env init unless needed
* [mod_magnet] reset after error attaching content
* [mod_magnet] lua_tointegerx() avoids raising error
* [mod_mbedtls] use newer mbedtls 3.2.0+ interfaces
* [mod_magnet] adjust hot path for more inlining
* [mod_magnet] collect chk for magnet lua_State init
* [mod_magnet] use type returned from lua_getfield()
* [core] chunk_file_pread() to wrap pread()
* [core] disable keep-alive if forcing HTTP/1.0 resp
* [mod_magnet] use lua_getextraspace() to store r
* [core] fall back to getauxval(AT_RANDOM), if avail
* [mod_magnet] keep message handler on stack
* [doc] update external links
* [mod_magnet] pass lighty table index, defer pops
* [mod_magnet] clear and reuse script-env table
* [mod_magnet] clear stack when reloading script
* [mod_magnet] use lua_isnoneornil() in interfaces
* [mod_magnet] fix lighty.c.cookie_tokens()
* [mod_magnet] fix lighty.c.urldec_query()
* [mod_magnet] remove duplicated NULL checks
* [mod_magnet] adjust magnet_lighty_result_get()
* [mod_magnet] magnet_tmpbuf_acquire(),release()
* [mod_magnet] lighty.c.quotedenc(),dec() funcs
* [mod_magnet] fix header,content legacy table clear
* [mod_cgi] cgi.local-redir request_reset thru fnptr
* [core] isolate plugins_*() funcs to main server
* [mod_wolfssl] wolfssl v5.0.0 defines DH_set0_pqg()
* [mod_auth] save letter-case diff in require config
* [mod_magnet] magnet_push_quoted_string shared code
* [mod_magnet] lighty.c.header_tokens convenience fn
* [core] fill in un.sun_path after accept() (fixes #3147)
* [mod_extforward] adjust trust check for HTTP/2
* [mod_proxy] adjust handling of legacy X-* headers
* [core] permit env w/ blank value (fix regression)
* [TLS] consistent debug.log-ssl-noise config type
* [mod_magnet] allow removal of req_env elt via nil
* [core] compiler workarounds for very old gcc,glibc
* [mod_mbedtls] use newer mbedtls 3.2.0+ interfaces
* [mod_ssi] check http_chunk_transfer_cqlen for err
* [core] chunkqueue_steal() handle unexpected 0 len
* [core] discard DATA from REFUSED_STREAM at h2 init
* [multiple] WebSockets over HTTP/2 (fixes #3151)
* [multiple] immed connect to backend for streaming
* [core] ensure socket ready before checking connect
* [core] reduce trace on Upgrade backend connection
* [core] adjust when TCP_CORK used on TLS connection
* [mod_cgi] disable input optim if might Upgrade
* [mod_cgi] immed start CGI if Upgrade
* [mod_wolfssl] wolfssl v5.0.0 adds ASN1_TIME_diff()
* [mod_openssl] libressl v3.5.0 adds ASN1_TIME_diff
* [TLS] warn if leaf cert read is inactive/expired
* [core] stricter conformance w/ upcoming HTTP/2 rev
* [build] -D_DEFAULT_SOURCE consistency in builds
* [mod_extforward] support addtl IPv6 syntax w/ "[]"
* [core] build fix for cygwin and lmingw
* [core] short-circuit earlier parsing h2 trailers
* [core] reformat h2.h for cleaner enum additions
* [core] consolidate trace for log-state-handling
* [core] request_config bitmasks for smaller struct
* [core] prefix (=^), suffix (=$) config conditions (fixes #3153)
* [core] tighten config parsing loop
* [core] convert simple config cond regex to pre/sfx
* [tests] able to run tests when built w/o pcre
* [core] allow redirect,rewrite ext subst w/o pcre
* [mod_sockproxy] reset http vers, avoid rare crash (fixes #3152)
* [core] HTTP/2 PRIORITY_UPDATE frame (experimental)
* [core] send HTTP/2 SETTINGS_NO_RFC7540_PRIORITIES
* [core] stricter check of HTTP/2 GOAWAY frame size
* [mod_mbedtls] use newer mbedtls 3.2.0+ interfaces
* [mod_webdav] opt for partial PUT via copy/rename
* [core] quiet compiler warning
* [multiple] recognize HTTP QUERY method
* [multiple] limit scope of socket config options
* [core] fix config typo reading large int from str
* [core] h2 prio sort urgency, incr, then stream id
* [core] send Priority resp hdr w/ .css, .js re-prio
* [multiple] reset http vers, avoid rare crash (fixes #3152)
* [core] delay response to http auth invalid creds
* [core] connection_state_machine_h2 only if con->h2
* [core] default server.max-keep-alive-requests 1000
* [mod_magnet] set script env in func first upvalue
* [mod_magnet] rewrite lighty.r as table of userdata
* [mod_status] con->h2 instead of r->http_version
* [mod_setenv] cleanup user-provided hdr sloppiness
* [core] remove func decls duplicated in plugin.h
* [mod_status] fix counting of HTTP/2 bytes written
* [mod_magnet] no local server port on unix domain
* [mod_extforward] unix domain socket pedantic chks
* [core] sketch support for abstract sockets
* [mod_magnet] magnet_plugin_stats_table() fn
* [mod_magnet] magnet_script_setup_global_state() fn
* [mod_magnet] lighty.server.* table w/ new function
* [mod_accesslog] do not double-count hdr len in %I
* [mod_magnet] reduce magnet_env_get_id() scanning
* [mod_magnet] tighten magnet_env_get_buffer_by_id()
* [mod_status] reusable code for r->state strings
* [core] reusable code for r->state strings
* [mod_magnet] expose r->state to lua scripts
* [mod_magnet] tighten magnet_env_set()
* [mod_magnet] lighty.r.req_item[] accessors
* [mod_magnet] expose r->keep_alive to lua scripts
* [mod_magnet] lighty.c.hrtime high-resolution time
* [mod_magnet] lighty.r.resp_body.get
* [mod_magnet] deprecate r.req_attr["response.*]
* [mod_magnet] separate funcs for uri_path_raw
* [mod_magnet] lighty.c.stat high precision time
* [mod_magnet] format multiline err traceback
* [mod_magnet] adjust p->conf.stage checks
* [mod_magnet] further isolate legacy API result tbl
* [core] buffer_append_char() convenience func
* [mod_accesslog] accesslog.escaping = "json"
* [multiple] use buffer_append_char()
* [mod_accesslog] remove begin/end tags from %{}t
* [core] fix configparser_simplify_regex() comment
* [multiple] simplify bytes_in/bytes_out accounting
* [mod_accesslog] reorder fields in switch()
* [core] remove unused srv->con_* counters
* [mod_magnet] read-only access to r->server_name
* [core] buffer_append_bs_escaped()
* [core] buffer_append_string_c_escaped ASCII optim
* [mod_magnet] backspace-escape encode/decode
* [mod_status] display HTTP/2 control stream w/ reqs
* [multiple] use preferred syntax for Content-Type
* [doc] regenerate doc/config/conf.d/mime.conf
* [multiple] rename status_counter -> plugin_stats
* [core] feature-flag server.metrics-high-precision
* [mod_magnet] quiet coverity false positive
* [mod_wolfssl] compile fix for OpenWRT
* [mod_webdav] If-None-Match: * on non-existent
* [mod_magnet] r.req_body .collect .get .set .add
* [mod_cgi] fix detection of failing error handler (fixes #3157)
* [core] "url-invalid-utf8-reject" normalization opt
* [mod_magnet] skip req body collect warn if modsec3
* [build] update descriptions to remove old lua ver
* [core] use current dir if context->basedir blank
* [multiple] application/javascript text/javascript
* [core] reset internal flags after graceful restart
* [TLS] inherit ssl.engine from global scope
* [core] avoid server.use-ipv6 warning after SIGUSR1
* [mod_webdav] alt handling PROPFIND on collection
* [mod_mbedtls] fix crt chain construction logic
* [core] h2 SETTINGS_INITIAL_WINDOW_SIZE 64k (fixes #3089)
* [core] increase session window size to 256k
* [core] h2: avoid sending small WINDOW_UPDATE frames
* [core] h2: avoid sending tiny DATA frames
* [core] update cached tables with Priority header
* [tests] test stubs for http_header.c and http_kv.c
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 47188fa0dc19f160085554360c81bd9f363837d5)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
v2.9.8 Correct parameter types to Debug() calls
rules: Drop using register keyword
remove needless use of %defattr per fedora project
add exec perms
translation updates
Use what's in the build environment and use a current autoconf
util/Makefile.am: fix link with lintl
Force grep to treat the input as text when formatting word files
0001-rules-Drop-using-register-keyword.patch
0002-rules-Correct-parameter-types-to-Debug-calls.patch
removed since they're included in 2.9.8
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7477178a4c60c02c2d1638746148dd3d2941dc28)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
These headers are needed on musl too.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a53722b962e79e0831c0fba24ef7c1cfda24971a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
We do not get proper function definitions otherwise e.g. fcvt()
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 21dd5bae177b64e314a6423e5ffbd7b28b6b5891)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The libnss configuration file is only installed when glibc is used. The
inexistence of it on a musl-based rootfs, will make shadow complain
about it:
Failed opening /etc/nsswitch.conf
This is because shadow will try to use nsswich when dealing with
subordinate IDs and the message is just a warning as the tool will still
generate them correctly in subuid/subgid files.
We drop this log message for class native to avoid an error when rootfs
logs are checked ('Failed' will match the regex bitbake is using to
check for rootfs generation errors).
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
shadow utils are used when creating users at image creation time. The
useradd/usermod tools will only try to add a default configuration for
subid files if they exist.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
5.2.6 (2022-08-12)
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files. Previously this required
using --force.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
- Visual Studio: Use non-standard _MSVC_LANG to detect C++
standard version in the lzma.h API header. It's used to
detect when "noexcept" can be used.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
* Translations:
- Added new translations: Catalan, Croatian, Esperanto,
Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
and Ukrainian
- Updated the Brazilian Portuguese translation.
- Added French man page translation. This and the existing
German translation aren't complete anymore because the
English man pages got a few updates and the translators
weren't reached so that they could update their work.
* Build systems:
- Windows: Fix building of resource files when config.h isn't
used. CMake + Visual Studio can now build liblzma.dll.
- Various fixes to the CMake support. Building static or shared
liblzma should work fine in most cases. In contrast, building
the command line tools with CMake is still clearly incomplete
and experimental and should be used for testing only.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7e3782f4d66973cb7ab922d4bbc6ef6241756ed2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b301d5203a4da0a0985670848126c5db762ddc86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Update the deprecated path to remove the systemd warning:
/etc/tmpfiles.d/pam.conf:2: Line references path below
legacy directory /var/run/, updating /var/run/console
/run/console; please update the tmpfiles.d/
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7865234fadf01a434d1f7097881b70905c1b8aa2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This is seen with clang-15+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4b882afd6c1a67b48cf4e7ace95d46ca2ff12aa0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Fixes
incompatible integer to pointer conversion passing
These errors are found with newer compilers e.g. clang-15
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 71eb15c474d891855a5b18e6835993848ffa7c51)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Source: http://git.linux-nfs.org/?p=steved/libtirpc.git;
MR: 120225
Type: Security Fix
Disposition: Backport from http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
ChangeID: 29c32ee171a6a47e06c788e5c608fac9bb3a64b2
Description:
CVE-2021-46828 libtirpc: DoS vulnerability with lots of connections.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69e486ddb3059f80ba538e1f59c2ca8a8df0faf9)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream merged a patch to handle the reproducibility issue, switch to
their patch which is functionally equivalent.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit db28cd0e1540e44db963108430205c8c0c817774)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add a patch to avoid writing the full pathname to gperf into source
files which leads to reproducibility issues.
This fixes issues with systemd reproducibility in particular.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dea3c7ee2a413f7dc5f13ec006592084f7fb266c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The original site went down, and at is more or less
maintained in Debian anyway; the tarballs are identical in name
and content.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5fcf9e5c368188e920a995492b342012cbc7016d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This is fixed in 2.4.2, which we have, but the complex CPE in that CVE
isn't parsed by cve-check correctly so it thinks that we're vulnerable.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b40dd920f8b40eabe78db363249257818c63c074)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add two fixes from debian for two CVEs. From:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355
I wans't able to get the reproducers to work but the added error
checking isn't probably a bad thing.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 054be00a632c2918dd1f973e76514e459fc6f017)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Changelog:
=========
drop world-readable permission on state file even when ACLs are enabled (#446)
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
fix a misleading debug message with copytruncate and rotate 0 (#443)
add support for unsigned time_t (#438)
do not lock state file /dev/null (#433)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 391fdcf742c4669c1c4654f9b022b3d277aa0038)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Changelog:
==========
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
- The cupsFileOpen function no longer opens files for append in read-write
mode (Issue #291)
- The cupsd daemon removed processing temporary queue (Issue #364)
- Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm
closing the connection (Issue #365)
- Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
- Fixed CSS related issues in CUPS Web UI (Issue #344)
- Fixed copyright in CUPS Web UI trailer template (Issue #346)
- mDNS hostname in device uri is not resolved when installaling a permanent
- IPP Everywhere queue (Issues #340, #343)
- The lpstat command now reports when the scheduler is not running
(Issue #352)
- Updated the man pages concerning the -h option (Issue #357)
- Re-added LibreSSL/OpenSSL support (Issue #362)
- Updated the Solaris smf service file (Issue #368)
- Fixed a regression in lpoptions option support (Issue #370)
- The scheduler now regenerates the PPD cache information after changing the
"cupsd.conf" file (Issue #371)
- Updated the scheduler to set "auth-info-required" to "username,password" if a
backend reports it needs authentication info but doesn't set a method for
authentication (Issue #373)
- Updated the configure script to look for the OpenSSL library the old way if
pkg-config is not available (Issue #375)
- Fixed the prototype for the httpWriteResponse function (Issue #380)
- Brought back minimal AIX support (Issue #389)
cupsGetResponse did not always set the last error.
- Fixed a number of old references to the Apple CUPS web page.
- Restored the default/generic printer icon file for the web interface.
- Removed old stylesheet classes that are no longer used by the web
interface.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6f4131e73553f47709e19871c23a411275ab3857)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit df78f7bb461c7d3eccac469fd01a77a3d0b800df)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 424f1c24c569afd245463b02ca10c40dad3f8a0c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
ptest testsuite/panic-tests.sh of sed need to be run as a non-root user
so that the expected "sed: couldn't open temporary file <filename>:
Permission denied" error can be generated. After disabling default
shell for "nobody", a shell needs to be specified for running ptest.
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6d7216772f76af4429fdaaca518858cf014293f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Release 1.6.1
crond: Fix regression of handling ranges (x-y) in crontab
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4bcd528050c01a1e7a3d1a847379833672900ad9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The GO_WORKDIR is used only in go-mod.bbclass. As this recipe does
not inherit go-mod.bbclass, this variable is useless here.
This go-helloworld recipe was made to inherit go-mod.bbclass and build
in module-aware mode. However, it was found that we need to build go
recipes in GOPATH mode in order to support offline build. As a result,
this recipe was changed back to only inherit go.bbclass. But the GO_WORKDIR
setting was not cleaned up.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 70bc5b6d40f94bde82415fb87db37fdf2606c2fb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This option is no longer needed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d7130937ea4e47f0fa4d23c1c8394e3ca3f939b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
An attempt to disable the use of syslog() was made in commit 8f181686
(shadow-native: Simplify and fix syslog disable patch). However,
because the code checks if USE_SYSLOG is defined rather than checking
if it evaluates to TRUE the patch did not work as intended.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
as COPYING clearly states that unicode data is baked into
the lib.
Add the license and reference the COPYING file for that
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes in this release [1]
[1] https://github.com/libarchive/libarchive/releases/tag/v3.6.1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
This includes a fix for CVE-2022-1271.
The existing "wrong path" patch needed to be refreshed, because the
context changed due to the following upstream change:
https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=31193bbd13cd2807d8ccaa2ba5b072303d5425e7
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.
Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch]
CVE: CVE-2022-1271
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoid a null pointer dereference.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a libzstd package to remove libstdc++ runtime dependency from
library users and reduce the dependencies and size of the library
package.
Add a lib package instead of a bin package to use a similar name as
other buildtools and be backward compatible.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch from libsigsegv
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch from libsigsegv
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|