Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upstream merge (next) (meta-openembedded) #72

Merged
merged 53 commits into from
Oct 24, 2024

Conversation

usercw88
Copy link

Merge latest upstream

No conflict

AB#2836162

Testing

  • bitbake packagefeed-ni-core
  • bitbake packagegroup-ni-desirable
  • bitbake package-index && bitbake nilrt-base-system-image
  • deployed base system image to cRIO-9053 and rebooted

akash hadke and others added 30 commits September 9, 2024 15:14
nativesdk support is needed in some of the projects for codegeneration

Signed-off-by: Nisha Parrakat <[email protected]>
Signed-off-by: Akash Hadke <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the
`Access-Control-Allow-Private-Network` CORS header to be set to true
by default, without any configuration option. This behavior can expose
private network resources to unauthorized external access, leading to
significant security risks such as data breaches, unauthorized access
to sensitive information, and potential network intrusions.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6221

Upsteam-Patch:
corydolphin/flask-cors@7ae310c

Signed-off-by: Soumya Sambu <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
This reverts commit e11df06.

This isn't needed in scarthgap where buildpaths aren't in
default ERROR_QA and it's not a correct fix anyway, see
https://lists.openembedded.org/g/openembedded-devel/message/112048

This doesn't work with multilib where the package is named ${PN}-src
(e.g. lib32-gcab-src) and it's better to just lower buildpaths from
ERROR_QA to WARN_QA instead of skipping it completely, because it's
still an issue which should be fixed (at least to improve hashserv
efficiency if you don't care about reproducibility itself)

and commits in master:
https://git.openembedded.org/meta-openembedded/commit/?id=154f5bb1342739d88185ac0cce9c15b7b2958187
https://git.openembedded.org/meta-openembedded/commit/?id=6644c4a420db82da1ce71697ff889e7b1b6e41ad

Signed-off-by: Martin Jansa <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Starting with Linux 6.6, RDCYCLE is a privileged instruction on RISC-V
and can't be used directly from userland. This causes 'systemctl start
mysqld.service' failed with error:
[ 1456.918172] mariadbd[12115]: unhandled signal 4 code 0x1 at 0x000055558689d134 in mariadbd[555585bfa000+14a7000]
[ 1456.921772] CPU: 1 PID: 12115 Comm: mariadbd Not tainted 6.6.43-yocto-standard ni#1
[ 1456.922327] Hardware name: riscv-virtio,qemu (DT)
[ 1456.923045] epc : 000055558689d134 ra : 000055558620ea48 sp : 00007fffdc487770
[ 1456.923525]  gp : 00005555872ec400 tp : 00007fff89560780 t0 : 0000555587be32e8
[ 1456.923951]  t1 : 0000555586886042 t2 : 000000002d6a89f0 s0 : 00007fffdc4877b0

Signed-off-by: Changqing Li <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
CVE's fixed by upgrade:
CVE-2024-8250

Other Changes between 4.2.5 -> 4.2.7
======================================
https://www.wireshark.org/docs/relnotes/wireshark-4.2.7.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.6.html

Signed-off-by: Vijay Anusuri <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
According to homepage https://xlsxwriter.readthedocs.io/license.html
and pypi page https://pypi.org/project/XlsxWriter/ as well as
https://github.com/jmcnamara/XlsxWriter/blob/RELEASE_3.1.9/LICENSE.txt
the module is licensed under BSD-2-Clause.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Both project pypi page: https://pypi.org/project/cbor2/ as well as
https://github.com/agronholm/cbor2/blob/5.6.3/LICENSE.txt state that it
is subject to MIT rather than Apache-2.0 license. Also update
LIC_FILES_CHKSUM value to reference the LICENSE.txt file from the
downloaded archive.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
According to https://github.com/ICRAR/crc32c/blob/v2.3/LICENSE and
https://github.com/ICRAR/crc32c?tab=readme-ov-file#license change
'LGPL-2.0-or-later' in LICENSE value to 'LGPL-2.1-or-later'.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Both https://pypi.org/project/email-validator/ and
https://github.com/JoshData/python-email-validator/blob/v2.1.1/LICENSE
declare this project is subject to 'Unlicense'.

For additional reference, see upstream commit
JoshData/python-email-validator@5d72f53
("Relicense under the Unlicense (instead of CC0)")

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
According to https://pypi.org/project/lru-dict/ and
https://github.com/amitdev/lru-dict/blob/v1.3.0/LICENSE the project is
licensed under MIT.

Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
According to
https://github.com/testing-cabal/mock/blob/5.1.0/LICENSE.txt the
project is subject to BSD-2-Clause license. (Also
https://pypi.org/project/mock/ states 'BSD License'.)

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
According to https://pypi.org/project/parse-type/ and
https://github.com/jenisys/parse_type/blob/v0.6.2/LICENSE the
project is subject to MIT license.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
According to https://pypi.org/project/pillow/ and
https://github.com/python-pillow/Pillow/blob/10.3.0/LICENSE the project
is subject to HPND license.

Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
According to https://pypi.org/project/platformdirs/ and
https://github.com/platformdirs/platformdirs/blob/4.2.0/LICENSE
the project is subject to MIT license.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
https://github.com/tartley/colorama?tab=readme-ov-file#license and
https://github.com/tartley/colorama/blob/0.4.6/LICENSE.txt declare
that this project is subject to BSD-3-Clause license.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
In the source code repository the LICENSE file is GPL-3.0-only:
https://github.com/nmmapper/python3-nmap/blob/1.5.2/LICENSE
https://github.com/nmmapper/python3-nmap/blob/1.7.0/LICENSE

Also change the LIC_FILES_CHKSUM reference to the GPLv3.0 license
containing LICENSE file in the downloaded archive.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Contents of
https://github.com/pycurl/pycurl/blob/REL_7_45_2/COPYING-LGPL
correspond to version 2.1 of the license rather than 2.0.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Change the reference to the Apache-2.0 license containing LICENSE file
in the downloaded archive.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Change the reference to the MIT license containing COPYING file in the
downloaded archive.

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
46.2
====
* Potential crasher fix
* Improved disconnection messages
* Broader client compatibility support
* Various security hardening improvements
* CVE-2024-5148 Limit login screen->user session handover access to appropriate user

Contributors:
 Pascal Nowack, Ray Strode

Translators:
  Balázs Úr [hu], Efstathios Iosifidis [el], Fabio Tomat [fur],
  Hugo Carvalho [pt], Jordi Mas i Hernandez [ca],
  Juliano de Souza Camargo [pt_BR]

- add polkitd user and fix permissions to avoid:
Error: Transaction test error:
  file /usr/share/polkit-1/rules.d conflicts between attempted installs of gnome-remote-desktop-46.2-r0.corei7_64 and gnome-control-center-46.2-r0.corei7_64

Signed-off-by: Markus Volk <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 7ecfdeb)
Signed-off-by: Armin Kuster <[email protected]>
Project has moved to github.

Signed-off-by: Marc Ferland <[email protected]>
(cherry picked from commit fb34082)
Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Martin Jansa <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 7e8a786)
Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Martin Jansa <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit bbcb7d6)
Signed-off-by: Armin Kuster <[email protected]>
ChangeLog:
https://www.samba.org/samba/history/samba-4.19.7.html

Signed-off-by: Yi Zhao <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 41df431)
Signed-off-by: Armin Kuster <[email protected]>
Changelog:
 https://www.samba.org/samba/history/samba-4.19.8.html

Signed-off-by: Wang Mingyu <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 3cbd140)
Signed-off-by: Armin Kuster <[email protected]>
0003-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 16.4
drop: CVE-2024-7348.patch

Signed-off-by: Wang Mingyu <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 4d253bc)
[Drop CVE patch now included in update]
Signed-off-by: Armin Kuster <[email protected]>

---
[V2]
Missed dropping CVE patch
bpftool is supported for riscv64 and tested on qemuriscv64.

Signed-off-by: Harish Sadineni <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Peter Kjellerstedt and others added 23 commits September 22, 2024 10:06
This fixes errors from buildhistory changes where packages-split would
be empty.

Signed-off-by: Peter Kjellerstedt <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 90f96e0)
Signed-off-by: Armin Kuster <[email protected]>
CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize()
urlize and urlizetrunc were subject to a potential denial-of-service attack
via very large inputs with a specific sequence of characters.

CVE-2024-45231: Potential user email enumeration via response status on
password reset
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email
sending are now handled and logged using the django.contrib.auth logger.

CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with
a large exponent.

CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.

CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with
a very large number of Unicode characters.

CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as
a passed *arg.

CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize()
urlize() and urlizetrunc() were subject to a potential denial-of-service
attack via certain inputs with a very large number of brackets.

CVE-2024-39329: Username enumeration through timing difference for users with
unusable passwords
The django.contrib.auth.backends.ModelBackend.authenticate() method allowed
remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.

CVE-2024-39330: Potential directory-traversal in
django.core.files.storage.Storage.save()
Derived classes of the django.core.files.storage.Storage base class which
override generate_filename() without replicating the file path validations
existing in the parent class, allowed for potential directory-traversal via
certain inputs when calling save().
Built-in Storage sub-classes were not affected by this vulnerability.

CVE-2024-39614: Potential denial-of-service in
django.utils.translation.get_supported_language_variant()
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
To mitigate this vulnerability, the language code provided to
get_supported_language_variant() is now parsed up to a maximum length of
500 characters.

Fixed a crash in Django 4.2 when validating email max line lengths with content
decoded using the surrogateescape error handling scheme (#35361)

Signed-off-by: Fathi Boudra <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize()
urlize and urlizetrunc were subject to a potential denial-of-service attack
via very large inputs with a specific sequence of characters.

CVE-2024-45231: Potential user email enumeration via response status on
password reset
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email
sending are now handled and logged using the django.contrib.auth logger.

CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with
a large exponent.

CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.

CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with
a very large number of Unicode characters.

CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as
a passed *arg.

CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize()
urlize() and urlizetrunc() were subject to a potential denial-of-service
attack via certain inputs with a very large number of brackets.

CVE-2024-39329: Username enumeration through timing difference for users with
unusable passwords
The django.contrib.auth.backends.ModelBackend.authenticate() method allowed
remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.

CVE-2024-39330: Potential directory-traversal in
django.core.files.storage.Storage.save()
Derived classes of the django.core.files.storage.Storage base class which
override generate_filename() without replicating the file path validations
existing in the parent class, allowed for potential directory-traversal via
certain inputs when calling save().
Built-in Storage sub-classes were not affected by this vulnerability.

CVE-2024-39614: Potential denial-of-service in
django.utils.translation.get_supported_language_variant()
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
To mitigate this vulnerability, the language code provided to
get_supported_language_variant() is now parsed up to a maximum length of
500 characters.

Signed-off-by: Fathi Boudra <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1

Security fixes:
CVE-2024-45157
CVE-2024-45158
CVE-2024-45159

* According to commit[1], install data_files into framework directory
  for ptest.

[1] Mbed-TLS/mbedtls@9c4dd4e

Signed-off-by: Yi Zhao <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Soumya Sambu <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
ChangeLog
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9

Security fix:
CVE-2024-45157

Signed-off-by: Yi Zhao <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Soumya Sambu <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Upstream-Status: Backport from fujita/tgt@abd8e0d

Signed-off-by: Hitendra Prajapati <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Yi Zhao <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 09f8ef2)
Signed-off-by: Armin Kuster <[email protected]>
Use inherit_defer instead of inhert. This way, setuptools3 is not
inherited when python is removed from PACKAGECONFIG in a .bbappend file.
This avoids dependencies added by setuptools3.

Don't add nftables-python to PACKAGES if python is disabled. It adds
extra runtime dependencies on python3-core and python3-json.

Signed-off-by: Michael Olbrich <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 5cf3766)
Signed-off-by: Nikhil R <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
This commit updates the RDEPENDS for the ptest package to include
${PN}-python only when the 'python' PACKAGECONFIG option is enabled.

This fix is required as ptest is enabled in the Distro features,
which was causing the following error:
ERROR: Nothing RPROVIDES 'nftables-python' (but /home/builder/src/base/node0/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb RDEPENDS on or otherwise requires it)
NOTE: Runtime target 'nftables-python' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['nftables-python']
ERROR: Required build target 'nftables' has no buildable providers.
Missing or unbuildable dependency chain was: ['nftables', 'nftables-python']

Signed-off-by: Nikhil R <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
* Fixes following stringop-overflow warning with gcc-13:

In file included from /usr/include/c++/13/atomic:41,
                 from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/../../include/oneapi/tbb/detail/_utils.h:22,
                 from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/task_dispatcher.h:20,
                 from /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/arena.cpp:17:
In member function ‘void std::__atomic_base<_IntTp>::store(__int_type, std::memory_order) [with _ITp = bool]’,
    inlined from ‘void std::atomic<bool>::store(bool, std::memory_order)’ at /usr/include/c++/13/atomic:104:20,
    inlined from ‘void tbb::detail::r1::concurrent_monitor_base<Context>::notify_one_relaxed() [with Context = long unsigned int]’ at /poky/build/tmp/work/x86_64-linux/tbb-native/2021.11.0/git/src/tbb/concurrent_monitor.h:293:53:
/usr/include/c++/13/bits/atomic_base.h:481:25: error: ‘void __atomic_store_1(volatile void*, unsigned char, int)’ writing 1 byte into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
  481 |         __atomic_store_n(&_M_i, __i, int(__m));
      |         ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
compilation terminated due to -Wfatal-errors.
cc1plus: all warnings being treated as errors

(cherry picked from commit e131071769ee3df51b56b053ba6bfa06ae9eff25)

Signed-off-by: Yogesh Tyagi <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
To ensure android-tools-adbd.service starts at boot, the path
for ConditionPathExists must be present at build time. /etc is
more suitable for build-time files than /var, which is for
runtime files. Changed ConditionPathExists from
/var/usb-debugging-enabled to /etc/usb-debugging-enabled

Backport-of: 8106cfe ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists")
CC: Khem Raj <[email protected]>
CC: Dmitry Baryshkov <[email protected]>
Signed-off-by: Raghuvarya S <[email protected]>
Acked-by: Dmitry Baryshkov <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
ConditionPathExists is set to /etc/usb-debugging-enabled as part of
meta-oe/recipes-devtools/android-tools/android-tools/android-tools-
-adbd.service file. However, in meta-oe/dynamic-layers/selinux/
recipes-devtool/android-tools/android-tools/android-tools-adbd.service
file ConditionPathExists is set to /var/usb-debugging-enabled
This causes an internal inconsistency between selinux-enabled and
selinux-disabled configurations.

Backport-of: a29c638 ("android-toold-adbd: Fix inconsistency between selinux configurations")
Reported-by: Dmitry Baryshkov <[email protected]>
Signed-off-by: Raghuvarya S <[email protected]>
Acked-by: Dmitry Baryshkov <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Location of the file that systemd uses to check whether to
start adbd or not has been updated from /var to /etc in
android-tools-adbd.service. This change changes the path
of creation of usb-debugging-enabled flag file in
android-tools recipes from /var/usb-debugging-enabled to
/etc/usb-debugging-enabled

Backport-of: 2a3d4be ("android-tools: create flag flag file for adbd at a proper location")
Fixes: a29c638 ("android-toold-adbd: Fix inconsistency between selinux configurations")
Fixes: 8106cfe ("android-tools-adbd.service: Change /var to /etc in ConditionPathExists")
Signed-off-by: Dmitry Baryshkov <[email protected]>
Signed-off-by: Raghuvarya S <[email protected]>
Acked-by: Dmitry Baryshkov <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
This reverts commit e5c0a0b.

pkg being updated
Signed-off-by: Armin Kuster <[email protected]>
Drop upstreamed patches
Fixes build with fmt11

Signed-off-by: Khem Raj <[email protected]>
Signed-off-by: Yogita Urade <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Busybox can optionally provide an httpd server, but by default The Yocto
Project defconfig for busybox does not enable it. If it is enabled,
busybox puts the resulting /usr/sbin/httpd object under the control of
update-alternatives.

apache2, on the other hand, does not put /usr/sbin/httpd under the control
of update-alternatives. Therefore, in the off chance a user enables the
busybox httpd server, it does not play well with apache2.

Add update-alternatives information to apache2 so that it plays nicely with
busybox which can optionally provide an httpd server at /usr/sbin/httpd.

Signed-off-by: Trevor Woerner <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Picked patches according to
http://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt

First patch is style commit picked to have a clean cherry-pick of all
mentioned commits without any conflict.
Patch CVE-2024-3596_03.patch was removed as it only patched
wpa_supplicant. The patch names were not changed so it is comparable
with wpa_supplicant recipe.

Signed-off-by: Peter Marko <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Pick patches according to
http://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt
SAE H2E and incomplete downgrade protection for group negotiation

Patch 0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
was removed as it only patched wpa_supplicant. The patch names were
not changed so it is comparable with wpa_supplicant recipe.

Signed-off-by: Peter Marko <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Modify the CMakeLists.txt to add an Option for
STATIC target import, as available for shared library.

Link: facebook/rocksdb#12890

Configure static library default to switched off
as shared libraries are sufficient in most cases.

Signed-off-by: Bhabu Bindu <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 233079a)
Signed-off-by: Armin Kuster <[email protected]>
Affected components:
 - cpupower
 - intel-speed-select
 - spidev-test

When the externalsrc class is used the tasks listed in SRCTREECOVEREDTASKS
are deleted to prevent them being executed. If externalsrc is used for
the kernel then this will include virtual/kernel:do_patch.

Signed-off-by: Andrej Valek <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
In testing adding in more kernel-selftests there were a number of issues
that arose that require changes that are more appropriate for the main
recipe and not a bbappend.

1) Stop looping over TEST_LIST ourselves and use the TARGETS="" provided
by the kernel-sefltest Makefiles.  This correctly sets up various
variables that the selftest Makefiles all need.  Also, do_install
becomes cleaner because the main Makefile already installs the list of
tests and the top level script.

2) Add DEBUG_PREFIX_MAP to the CC setting to avoid some "buildpaths" QA
errors.

3) Add two INSANE_SKIPS for "already-stripped" and "ldflags".  Some of
the selftest Makefiles are adding flags to their compiles that basically
break the above checks.  Since these compiles are not really meant as
user level tools and instead testing, it should be ok to just always set
INSANE_SKIP for these two.

Signed-off-by: Ryan Eatmon <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
* github repo was force pushed and git history re-written since 2018 commit:
  69ee98df Release 1.43.07

* $ git branch -a --contains 352aeaa9ae49e90e55187cbda839f2113df06278
  $

* $ git diff 352aeaa9ae49e90e55187cbda839f2113df06278 08b052692b70171a6fcb437d4f52a46977eda62e
  $

* so at least the 1.59.01 content is the same

Signed-off-by: Martin Jansa <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Can Wong <[email protected]>
@usercw88 usercw88 requested a review from a team October 23, 2024 12:37
Copy link

@chaitu236 chaitu236 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note to self: Merge commit was created here because I merged 6d85db2 to the repo without waiting for it to propagate through upstream; shouldn't have done that.

@usercw88 usercw88 merged commit e2d7eee into ni:nilrt/master/next Oct 24, 2024
@usercw88 usercw88 deleted the dev/automerge/ni branch October 24, 2024 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.