forked from openembedded/meta-openembedded
-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upstream merge (next) (meta-openembedded) #72
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nativesdk support is needed in some of the projects for codegeneration Signed-off-by: Nisha Parrakat <[email protected]> Signed-off-by: Akash Hadke <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. References: https://nvd.nist.gov/vuln/detail/CVE-2024-6221 Upsteam-Patch: corydolphin/flask-cors@7ae310c Signed-off-by: Soumya Sambu <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
This reverts commit e11df06. This isn't needed in scarthgap where buildpaths aren't in default ERROR_QA and it's not a correct fix anyway, see https://lists.openembedded.org/g/openembedded-devel/message/112048 This doesn't work with multilib where the package is named ${PN}-src (e.g. lib32-gcab-src) and it's better to just lower buildpaths from ERROR_QA to WARN_QA instead of skipping it completely, because it's still an issue which should be fixed (at least to improve hashserv efficiency if you don't care about reproducibility itself) and commits in master: https://git.openembedded.org/meta-openembedded/commit/?id=154f5bb1342739d88185ac0cce9c15b7b2958187 https://git.openembedded.org/meta-openembedded/commit/?id=6644c4a420db82da1ce71697ff889e7b1b6e41ad Signed-off-by: Martin Jansa <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Starting with Linux 6.6, RDCYCLE is a privileged instruction on RISC-V and can't be used directly from userland. This causes 'systemctl start mysqld.service' failed with error: [ 1456.918172] mariadbd[12115]: unhandled signal 4 code 0x1 at 0x000055558689d134 in mariadbd[555585bfa000+14a7000] [ 1456.921772] CPU: 1 PID: 12115 Comm: mariadbd Not tainted 6.6.43-yocto-standard ni#1 [ 1456.922327] Hardware name: riscv-virtio,qemu (DT) [ 1456.923045] epc : 000055558689d134 ra : 000055558620ea48 sp : 00007fffdc487770 [ 1456.923525] gp : 00005555872ec400 tp : 00007fff89560780 t0 : 0000555587be32e8 [ 1456.923951] t1 : 0000555586886042 t2 : 000000002d6a89f0 s0 : 00007fffdc4877b0 Signed-off-by: Changqing Li <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
CVE's fixed by upgrade: CVE-2024-8250 Other Changes between 4.2.5 -> 4.2.7 ====================================== https://www.wireshark.org/docs/relnotes/wireshark-4.2.7.html https://www.wireshark.org/docs/relnotes/wireshark-4.2.6.html Signed-off-by: Vijay Anusuri <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Upstream-Status: Backport []https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=79c7a7e29695a32fef2e65682be224b8d61ec972 Signed-off-by: Ashish Sharma <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
According to homepage https://xlsxwriter.readthedocs.io/license.html and pypi page https://pypi.org/project/XlsxWriter/ as well as https://github.com/jmcnamara/XlsxWriter/blob/RELEASE_3.1.9/LICENSE.txt the module is licensed under BSD-2-Clause. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Both project pypi page: https://pypi.org/project/cbor2/ as well as https://github.com/agronholm/cbor2/blob/5.6.3/LICENSE.txt state that it is subject to MIT rather than Apache-2.0 license. Also update LIC_FILES_CHKSUM value to reference the LICENSE.txt file from the downloaded archive. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
According to https://github.com/ICRAR/crc32c/blob/v2.3/LICENSE and https://github.com/ICRAR/crc32c?tab=readme-ov-file#license change 'LGPL-2.0-or-later' in LICENSE value to 'LGPL-2.1-or-later'. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Both https://pypi.org/project/email-validator/ and https://github.com/JoshData/python-email-validator/blob/v2.1.1/LICENSE declare this project is subject to 'Unlicense'. For additional reference, see upstream commit JoshData/python-email-validator@5d72f53 ("Relicense under the Unlicense (instead of CC0)") Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
According to https://pypi.org/project/lru-dict/ and https://github.com/amitdev/lru-dict/blob/v1.3.0/LICENSE the project is licensed under MIT. Also change SUMMARY to DESCRIPTION as it's value is clearly over 72 characters long. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
According to https://github.com/testing-cabal/mock/blob/5.1.0/LICENSE.txt the project is subject to BSD-2-Clause license. (Also https://pypi.org/project/mock/ states 'BSD License'.) Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
According to https://pypi.org/project/parse-type/ and https://github.com/jenisys/parse_type/blob/v0.6.2/LICENSE the project is subject to MIT license. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
According to https://pypi.org/project/pillow/ and https://github.com/python-pillow/Pillow/blob/10.3.0/LICENSE the project is subject to HPND license. Also change SUMMARY to DESCRIPTION as it's value is clearly over 72 characters long. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
According to https://pypi.org/project/platformdirs/ and https://github.com/platformdirs/platformdirs/blob/4.2.0/LICENSE the project is subject to MIT license. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
https://github.com/tartley/colorama?tab=readme-ov-file#license and https://github.com/tartley/colorama/blob/0.4.6/LICENSE.txt declare that this project is subject to BSD-3-Clause license. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
According to https://github.com/FutureLinkCorporation/fann2/tree/1.1.2?tab=readme-ov-file#license and https://github.com/FutureLinkCorporation/fann2/blob/1.1.2/LICENSE this project is subject to LGPL-2.1-only license. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
In the source code repository the LICENSE file is GPL-3.0-only: https://github.com/nmmapper/python3-nmap/blob/1.5.2/LICENSE https://github.com/nmmapper/python3-nmap/blob/1.7.0/LICENSE Also change the LIC_FILES_CHKSUM reference to the GPLv3.0 license containing LICENSE file in the downloaded archive. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Contents of https://github.com/pycurl/pycurl/blob/REL_7_45_2/COPYING-LGPL correspond to version 2.1 of the license rather than 2.0. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Change the reference to the Apache-2.0 license containing LICENSE file in the downloaded archive. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Change the reference to the MIT license containing LICENSE file in the downloaded archive. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Change the reference to the MIT license containing COPYING file in the downloaded archive. Signed-off-by: Niko Mauno <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
46.2 ==== * Potential crasher fix * Improved disconnection messages * Broader client compatibility support * Various security hardening improvements * CVE-2024-5148 Limit login screen->user session handover access to appropriate user Contributors: Pascal Nowack, Ray Strode Translators: Balázs Úr [hu], Efstathios Iosifidis [el], Fabio Tomat [fur], Hugo Carvalho [pt], Jordi Mas i Hernandez [ca], Juliano de Souza Camargo [pt_BR] - add polkitd user and fix permissions to avoid: Error: Transaction test error: file /usr/share/polkit-1/rules.d conflicts between attempted installs of gnome-remote-desktop-46.2-r0.corei7_64 and gnome-control-center-46.2-r0.corei7_64 Signed-off-by: Markus Volk <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 7ecfdeb) Signed-off-by: Armin Kuster <[email protected]>
Project has moved to github. Signed-off-by: Marc Ferland <[email protected]> (cherry picked from commit fb34082) Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Martin Jansa <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 7e8a786) Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Martin Jansa <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit bbcb7d6) Signed-off-by: Armin Kuster <[email protected]>
ChangeLog: https://www.samba.org/samba/history/samba-4.19.7.html Signed-off-by: Yi Zhao <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 41df431) Signed-off-by: Armin Kuster <[email protected]>
Changelog: https://www.samba.org/samba/history/samba-4.19.8.html Signed-off-by: Wang Mingyu <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 3cbd140) Signed-off-by: Armin Kuster <[email protected]>
0003-configure.ac-bypass-autoconf-2.69-version-check.patch refreshed for 16.4 drop: CVE-2024-7348.patch Signed-off-by: Wang Mingyu <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 4d253bc) [Drop CVE patch now included in update] Signed-off-by: Armin Kuster <[email protected]> --- [V2] Missed dropping CVE patch
bpftool is supported for riscv64 and tested on qemuriscv64. Signed-off-by: Harish Sadineni <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
This fixes errors from buildhistory changes where packages-split would be empty. Signed-off-by: Peter Kjellerstedt <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 90f96e0) Signed-off-by: Armin Kuster <[email protected]>
CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize() urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-45231: Potential user email enumeration via response status on password reset Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes. To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the django.contrib.auth logger. CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat() The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize() urlize() and urlizetrunc() were subject to a potential denial-of-service attack via certain inputs with a very large number of brackets. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords The django.contrib.auth.backends.ModelBackend.authenticate() method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save() Derived classes of the django.core.files.storage.Storage base class which override generate_filename() without replicating the file path validations existing in the parent class, allowed for potential directory-traversal via certain inputs when calling save(). Built-in Storage sub-classes were not affected by this vulnerability. CVE-2024-39614: Potential denial-of-service in django.utils.translation.get_supported_language_variant() get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. To mitigate this vulnerability, the language code provided to get_supported_language_variant() is now parsed up to a maximum length of 500 characters. Fixed a crash in Django 4.2 when validating email max line lengths with content decoded using the surrogateescape error handling scheme (#35361) Signed-off-by: Fathi Boudra <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize() urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-45231: Potential user email enumeration via response status on password reset Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes. To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the django.contrib.auth logger. CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat() The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize() urlize() and urlizetrunc() were subject to a potential denial-of-service attack via certain inputs with a very large number of brackets. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords The django.contrib.auth.backends.ModelBackend.authenticate() method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save() Derived classes of the django.core.files.storage.Storage base class which override generate_filename() without replicating the file path validations existing in the parent class, allowed for potential directory-traversal via certain inputs when calling save(). Built-in Storage sub-classes were not affected by this vulnerability. CVE-2024-39614: Potential denial-of-service in django.utils.translation.get_supported_language_variant() get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. To mitigate this vulnerability, the language code provided to get_supported_language_variant() is now parsed up to a maximum length of 500 characters. Signed-off-by: Fathi Boudra <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1 Security fixes: CVE-2024-45157 CVE-2024-45158 CVE-2024-45159 * According to commit[1], install data_files into framework directory for ptest. [1] Mbed-TLS/mbedtls@9c4dd4e Signed-off-by: Yi Zhao <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Soumya Sambu <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
ChangeLog https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9 Security fix: CVE-2024-45157 Signed-off-by: Yi Zhao <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Soumya Sambu <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Upstream-Status: Backport from fujita/tgt@abd8e0d Signed-off-by: Hitendra Prajapati <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Yi Zhao <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 09f8ef2) Signed-off-by: Armin Kuster <[email protected]>
Use inherit_defer instead of inhert. This way, setuptools3 is not inherited when python is removed from PACKAGECONFIG in a .bbappend file. This avoids dependencies added by setuptools3. Don't add nftables-python to PACKAGES if python is disabled. It adds extra runtime dependencies on python3-core and python3-json. Signed-off-by: Michael Olbrich <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 5cf3766) Signed-off-by: Nikhil R <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
This commit updates the RDEPENDS for the ptest package to include ${PN}-python only when the 'python' PACKAGECONFIG option is enabled. This fix is required as ptest is enabled in the Distro features, which was causing the following error: ERROR: Nothing RPROVIDES 'nftables-python' (but /home/builder/src/base/node0/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb RDEPENDS on or otherwise requires it) NOTE: Runtime target 'nftables-python' is unbuildable, removing... Missing or unbuildable dependency chain was: ['nftables-python'] ERROR: Required build target 'nftables' has no buildable providers. Missing or unbuildable dependency chain was: ['nftables', 'nftables-python'] Signed-off-by: Nikhil R <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
* Fixes following stringop-overflow warning with gcc-13: In file included from /usr/include/c++/13/atomic:41, from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/../../include/oneapi/tbb/detail/_utils.h:22, from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/task_dispatcher.h:20, from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/arena.cpp:17: In member function ‘void std::__atomic_base<_IntTp>::store(__int_type, std::memory_order) [with _ITp = bool]’, inlined from ‘void std::atomic<bool>::store(bool, std::memory_order)’ at /usr/include/c++/13/atomic:104:20, inlined from ‘void tbb::detail::r1::concurrent_monitor_base<Context>::notify_one_relaxed() [with Context = long unsigned int]’ at /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/concurrent_monitor.h:293:53: /usr/include/c++/13/bits/atomic_base.h:481:25: error: ‘void __atomic_store_1(volatile void*, unsigned char, int)’ writing 1 byte into a region of size 0 overflows the destination [-Werror=stringop-overflow=] 481 | __atomic_store_n(&_M_i, __i, int(__m)); | ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~ compilation terminated due to -Wfatal-errors. cc1plus: all warnings being treated as errors (cherry picked from commit e131071769ee3df51b56b053ba6bfa06ae9eff25) Signed-off-by: Yogesh Tyagi <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
To ensure android-tools-adbd.service starts at boot, the path for ConditionPathExists must be present at build time. /etc is more suitable for build-time files than /var, which is for runtime files. Changed ConditionPathExists from /var/usb-debugging-enabled to /etc/usb-debugging-enabled Backport-of: 8106cfe ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists") CC: Khem Raj <[email protected]> CC: Dmitry Baryshkov <[email protected]> Signed-off-by: Raghuvarya S <[email protected]> Acked-by: Dmitry Baryshkov <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
ConditionPathExists is set to /etc/usb-debugging-enabled as part of meta-oe/recipes-devtools/android-tools/android-tools/android-tools- -adbd.service file. However, in meta-oe/dynamic-layers/selinux/ recipes-devtool/android-tools/android-tools/android-tools-adbd.service file ConditionPathExists is set to /var/usb-debugging-enabled This causes an internal inconsistency between selinux-enabled and selinux-disabled configurations. Backport-of: a29c638 ("android-toold-adbd: Fix inconsistency between selinux configurations") Reported-by: Dmitry Baryshkov <[email protected]> Signed-off-by: Raghuvarya S <[email protected]> Acked-by: Dmitry Baryshkov <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Location of the file that systemd uses to check whether to start adbd or not has been updated from /var to /etc in android-tools-adbd.service. This change changes the path of creation of usb-debugging-enabled flag file in android-tools recipes from /var/usb-debugging-enabled to /etc/usb-debugging-enabled Backport-of: 2a3d4be ("android-tools: create flag flag file for adbd at a proper location") Fixes: a29c638 ("android-toold-adbd: Fix inconsistency between selinux configurations") Fixes: 8106cfe ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists") Signed-off-by: Dmitry Baryshkov <[email protected]> Signed-off-by: Raghuvarya S <[email protected]> Acked-by: Dmitry Baryshkov <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
This reverts commit e5c0a0b. pkg being updated Signed-off-by: Armin Kuster <[email protected]>
Drop upstreamed patches Fixes build with fmt11 Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Yogita Urade <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Busybox can optionally provide an httpd server, but by default The Yocto Project defconfig for busybox does not enable it. If it is enabled, busybox puts the resulting /usr/sbin/httpd object under the control of update-alternatives. apache2, on the other hand, does not put /usr/sbin/httpd under the control of update-alternatives. Therefore, in the off chance a user enables the busybox httpd server, it does not play well with apache2. Add update-alternatives information to apache2 so that it plays nicely with busybox which can optionally provide an httpd server at /usr/sbin/httpd. Signed-off-by: Trevor Woerner <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Picked patches according to http://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt First patch is style commit picked to have a clean cherry-pick of all mentioned commits without any conflict. Patch CVE-2024-3596_03.patch was removed as it only patched wpa_supplicant. The patch names were not changed so it is comparable with wpa_supplicant recipe. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Pick patches according to http://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt SAE H2E and incomplete downgrade protection for group negotiation Patch 0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch was removed as it only patched wpa_supplicant. The patch names were not changed so it is comparable with wpa_supplicant recipe. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Modify the CMakeLists.txt to add an Option for STATIC target import, as available for shared library. Link: facebook/rocksdb#12890 Configure static library default to switched off as shared libraries are sufficient in most cases. Signed-off-by: Bhabu Bindu <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 233079a) Signed-off-by: Armin Kuster <[email protected]>
Affected components: - cpupower - intel-speed-select - spidev-test When the externalsrc class is used the tasks listed in SRCTREECOVEREDTASKS are deleted to prevent them being executed. If externalsrc is used for the kernel then this will include virtual/kernel:do_patch. Signed-off-by: Andrej Valek <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
In testing adding in more kernel-selftests there were a number of issues that arose that require changes that are more appropriate for the main recipe and not a bbappend. 1) Stop looping over TEST_LIST ourselves and use the TARGETS="" provided by the kernel-sefltest Makefiles. This correctly sets up various variables that the selftest Makefiles all need. Also, do_install becomes cleaner because the main Makefile already installs the list of tests and the top level script. 2) Add DEBUG_PREFIX_MAP to the CC setting to avoid some "buildpaths" QA errors. 3) Add two INSANE_SKIPS for "already-stripped" and "ldflags". Some of the selftest Makefiles are adding flags to their compiles that basically break the above checks. Since these compiles are not really meant as user level tools and instead testing, it should be ok to just always set INSANE_SKIP for these two. Signed-off-by: Ryan Eatmon <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
* github repo was force pushed and git history re-written since 2018 commit: 69ee98df Release 1.43.07 * $ git branch -a --contains 352aeaa9ae49e90e55187cbda839f2113df06278 $ * $ git diff 352aeaa9ae49e90e55187cbda839f2113df06278 08b052692b70171a6fcb437d4f52a46977eda62e $ * so at least the 1.59.01 content is the same Signed-off-by: Martin Jansa <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Can Wong <[email protected]>
chaitu236
approved these changes
Oct 23, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note to self: Merge commit was created here because I merged 6d85db2 to the repo without waiting for it to propagate through upstream; shouldn't have done that.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge latest upstream
No conflict
AB#2836162
Testing