Please omit this patch. Thank you.
On 11/17/20 2:26 PM, Li Zhou wrote:
Backport commit from <https://github.com/golang/go/commit/
32159824698a82a174b60a6845e8494ae3243102> to solve CVE-2020-28366.
Adapted the patch to solve context issues.
Signed-off-by: Li Zhou
---
meta/recipes-devto
Backport commit from <https://github.com/golang/go/commit/
32159824698a82a174b60a6845e8494ae3243102> to solve CVE-2020-28366.
Adapted the patch to solve context issues.
Signed-off-by: Li Zhou
---
meta/recipes-devtools/go/go-1.12.inc | 1 +
.../go/go-1.12/CVE-2020-28366
Backport patch from <https://github.com/python/cpython/commit/
ca75fec1ed358f7324272608ca952b2d8226d11a> to solve CVE-2020-26116.
Signed-off-by: Li Zhou
---
.../python/python3/CVE-2020-26116.patch| 106 +
meta/recipes-devtools/python/python3_3.7.8.bb
Sorry, I recall this mail because I meant to send it to zeus branch.
On 9/29/20 2:00 PM, Li Zhou wrote:
Backport patch from <https://github.com/python/cpython/commit/
ca75fec1ed358f7324272608ca952b2d8226d11a> to solve CVE-2020-26116.
Signed-off-by: Li Zhou
---
.../python/python3/CV
Backport patch from <https://github.com/python/cpython/commit/
ca75fec1ed358f7324272608ca952b2d8226d11a> to solve CVE-2020-26116.
Signed-off-by: Li Zhou
---
.../python/python3/CVE-2020-26116.patch| 106 +
meta/recipes-devtools/python/python3_3.7.8.bb
Backport the patch from <https://github.com/golang/go/commit/
eb07103a083237414145a45f029c873d57037e06> to solve CVE-2020-24553.
Signed-off-by: Li Zhou
---
meta/recipes-devtools/go/go-1.12.inc | 2 +
...tp-cgi-rename-a-test-file-to-be-less-cute.patch | 28 ++
.../go/go-1.
Hi, Ross:
Do you have any plan to do this patch?
I think my issue can disappear with your planned patch.
Thanks.
On 8/27/20 6:10 PM, Ross Burton wrote:
On Thu, 27 Aug 2020 at 09:48, zhou li wrote:
I have a question here:
building for a real machine (say,
Backport patch from <https://gitlab.isc.org/isc-projects/bind9/
commit/e4cccf9668c7adee4724a7649ec64685f82c8677> to solve CVE-2020-8624.
Signed-off-by: Li Zhou
---
.../bind/bind/CVE-2020-8624.patch | 33 ++
meta/recipes-connectivity/bind/bind_9.11
Backport patch from <https://gitlab.isc.org/isc-projects/bind9/
commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab> to solve CVE-2020-8623.
Signed-off-by: Li Zhou
---
.../bind/bind/CVE-2020-8623.patch | 402 +
meta/recipes-connectivity/bind/bind_9.11
Backport patch from <https://gitlab.isc.org/isc-projects/bind9/
commit/6ed167ad0a647dff20c8cb08c944a7967df2d415> to solve CVE-2020-8622.
Signed-off-by: Li Zhou
---
.../bind/bind/CVE-2020-8622.patch | 60 ++
meta/recipes-connectivity/bind/bind_9.11
On 8/26/20 9:06 PM, Ross Burton wrote:
On Fri, 21 Aug 2020 at 09:07, Martin Jansa wrote:
We're using connman-conf to configure networking on various target machines -
not only on qemu*. If this is merged I'll just undo this in our layer - and
that's fine, but if there are more people using
ndo this in
our layer - and that's fine, but if there are more people using
connman-conf like this, then we should re-consider this commit (or at
least better explain why it's needed in commit message).
On Fri, Aug 21, 2020 at 4:54 AM Li Zhou <mailto:li.z...@windriver.com>> wrote:
connman-conf is only for qemu machines, so use COMPATIBLE_MACHINE
to limit that it is only available for qemuall, or else it can be
built successfully without the package connman-conf generated.
Signed-off-by: Li Zhou
---
meta/recipes-connectivity/connman/connman-conf.bb | 2 ++
meta/recipes
connman-conf is only for qemu machines, so use COMPATIBLE_MACHINE
to limit that it is only available for qemuall, or else it can be
built successfully without the package connman-conf generated.
Signed-off-by: Li Zhou
---
meta/recipes-connectivity/connman/connman-conf.bb | 2 ++
1 file changed
Backport patch from <https://gitlab.freedesktop.org/xorg/xserver/-/
commit/aac28e162e5108510065ad4c323affd6deffd816> to solve
CVE-2020-14347.
Signed-off-by: Li Zhou
---
.../xorg-xserver/xserver-xorg/CVE-2020-14347.patch | 37 ++
.../xorg-xserver/xserver-xorg_1.2
Backport patch from <https://github.com/golang/go/commit/
fa98f46741f818913a8c11b877520a548715131f> to solve CVE-2020-15586.
Signed-off-by: Li Zhou
---
meta/recipes-devtools/go/go-1.12.inc | 1 +
.../go/go-1.12/CVE-2020-15586.patch| 131 ++
is necessary
for this CVE), because some of the above 9 patches are based on them.
Signed-off-by: Li Zhou
---
meta/recipes-devtools/git/git.inc | 12 +
...edential-use-test_i18ncmp-to-check-stderr.patch | 35 +++
...detect-unrepresentable-values-when-parsin.patch | 156 ++
Backport patch from <https://github.com/git/git/commit/
9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b> to solve CVE-2020-5260.
Signed-off-by: Li Zhou
---
meta/recipes-devtools/git/git.inc | 4 +-
meta/recipes-devtools/git/git/CVE-2020-5260.patch | 65 +++
2
Backport patches from
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=patch;
h=c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4>
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=patch;
h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e>
to solve CVE-2019-14855.
Signed-off
0891] x3 : ffc008ae2e28 x2 :
<4>[ 22.690894] x1 : x0 :
<4>[ 22.690896] Call trace:
<4>[ 22.690902] do_lttng_statedump+0xcc/0x8a8 [lttng_statedump]
<4>[ 22.690905] lttng_statedump_start+0x20/0x30 [lttng_statedump]
<4>
The file arch/arm/include/generated/asm/unistd-nr.h is needed by some
external kernel module. Error occurs when building the module with
the SDK.
Add arch/${ARCH}/include/generated dir and files under it to
kernel-devsrc package to solve this issue.
Signed-off-by: Li Zhou
---
meta/recipes
Fix the installation path of libpython3.7m.a on mulitlib lib64
platform to lib64 instead of lib.
Signed-off-by: Li Zhou
---
.../python3/0001-configure.ac-fix-LIBPL.patch | 34 ++
meta/recipes-devtools/python/python3_3.7.6.bb | 5 ++--
2 files changed, 37
write-test'
Signed-off-by: Li Zhou
---
...python3-Do-not-hardcode-lib-for-distutils.patch | 42 ++
meta/recipes-devtools/python/python3_3.7.6.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644
meta/recipes-devtools/python/python3/0001-python3-Do-not-ha
Backport patch from <https://github.com/shadow-maint/shadow/pull/199/
commits/66b7bc0dcfda12d7f58eba993bd02872cae1d713> to solve
CVE-2019-19882.
Signed-off-by: Li Zhou
---
.../shadow/files/CVE-2019-19882.patch | 55 ++
meta/recipes-extended/shadow/shad
qemux86_64-wrs-linux/core-image-minimal/1.0-r0/rootfs
-p '' aBcD]
useradd: invalid user name 'aBcD'
Here move the patch for using relaxed usernames from class_target to
the source code for all.
Signed-off-by: Li Zhou
---
meta/recipes-extended/shadow/shadow.inc | 2 +-
1 file changed, 1 inse
Backporting patch from
https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943
to solve CVE-2019-15890.
Signed-off-by: Li Zhou
---
meta/recipes-devtools/qemu/qemu.inc| 1 +
.../qemu/qemu/CVE-2019-15890.patch | 48 ++
2 files changed, 49
Porting patch from <https://git.netfilter.org/iptables/commit/iptables/
xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e> to solve
CVE-2019-11360.
Signed-off-by: Li Zhou
---
.../iptables/iptables/CVE-2019-11360.patch | 117 +
meta/recipes-extended/ip
ment of the
clean-up label for the 'q' command got misplaced on the error-handling
branch instead of the clean-exit branch. The patch below fixes this
(it is committed for whenever the next bc/dc release gets made).
Thanks for the report,
--Ken Pizzini
Signed-off-by: Li Zhou
---
.../bc/bc/0
ment of the
clean-up label for the 'q' command got misplaced on the error-handling
branch instead of the clean-exit branch. The patch below fixes this
(it is committed for whenever the next bc/dc release gets made).
Thanks for the report,
--Ken Pizzini
Signed-off-by: Li Zhou
---
.../bc/bc/0
d update ptest-runner source code to get the new commit:
Signed-off-by: Li Zhou
---
meta/recipes-support/ptest-runner/ptest-runner_2.3.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.3.bb
b/meta/recipes-support/ptest-runner/pt
Ptest data are installed to PTEST_PATH ?= "${libdir}/${BPN}/ptest".
When libdir isn't "/usr/lib", it will cause "No ptests found" error
when running "ptest-runner" command. Here pass libdir to
DEFAULT_DIRECTORY when compiling to avoid that error.
Revert commit
because /dev/net/tun is usually needed to already been there when system
boots up. With this commit, /dev/net/tun is missing when sysvinit is
used.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...01-eudev-create-static-nodes-from-modules.patch
hen
compiling python/python3:
x86_64-wrs-linux-gcc: error: strict: No such file or directory
x86_64-wrs-linux-gcc: error: unrecognized command line option '-fp-model'
Here use cc_basename to replace CC for checking compiler to avoid such
kind of issue.
Signed-off-by: Li Zhou <li.z...@windrive
t;export -f xxx" is wrong
for dash.
So start the new terminal using SHELL to interpret the init srcipt,
which can solve the issue caused by the difference between SHELL and
/bin/sh.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/classes/terminal.bbclass | 2 +-
1 file changed,
When update-alternatives is moved from opkg to opkg-utils, a line in
the file is changed
from
Porting patch from <https://github.com/curl/curl/commit/
5ff2c5ff25750aba1a8f64fbcad8e5b891512584> to solve CVE-2017-1000254.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
.../curl/curl/CVE-2017-1000254.patch | 138 +
meta/recipes-support/curl
Fix segfaults if Tcl is built with stubs and Expect clib function is used
directly from C program.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...segfaults-if-Tcl-is-built-with-stubs-and-.patch | 91 ++
meta/recipes-devtools/expect/expect_5.45.bb| 1 +
2
Fix segfaults if Tcl is built with stubs and Expect clib function is used
directly from C program.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...segfaults-if-Tcl-is-built-with-stubs-and-.patch | 90 ++
meta/recipes-devtools/expect/expect_5.45.bb| 1 +
2
Fix segfaults if Tcl is built with stubs and Expect clib function is used
directly from C program.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...segfaults-if-Tcl-is-built-with-stubs-and-.patch | 90 ++
meta/recipes-devtools/expect/expect_5.45.bb| 1 +
2
.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb
b/meta/recipes-graphics/xorg-driver/xf86-video-intel_
Remove building host related path from python2 and python3 packages.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-devtools/python/python3_3.5.3.bb | 7 ++-
meta/recipes-devtools/python/python_2.7.13.bb | 5 +
2 files changed, 11 insertions(+), 1 deletion(-)
diff
Move config-*/Makefile in libdir from misc package to dev package for
python3, because it is only needed in development process.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-devtools/python/python-3.5-manifest.inc | 2 +-
scripts/contrib/python/generate-manifest-
3-misc to python3-dev
package.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...-Use-_sysconfigdata.py-to-initialize-dist.patch | 66 ++
meta/recipes-devtools/python/python3_3.5.3.bb | 1 +
2 files changed, 67 insertions(+)
create mode 100644
meta/recipes-dev
Porting patch from
<https://github.com/python/cpython/commit/409482251b06fe75c4ee56e85ffbb4b23d934159>
to use _sysconfigdata.py to initialize distutils.sysconfig.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...-Use-_sysconfigdata.py-to-initialize-dis
Remove building host related path from python2 and python3 packages.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-devtools/python/python3_3.5.2.bb | 8 +++-
meta/recipes-devtools/python/python_2.7.13.bb | 6 ++
2 files changed, 13 insertions(+), 1 deletion(-)
Move config/Makefile in libdir from core package to dev package for
python, because it is only needed in development process.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-devtools/python/python-2.7-manifest.inc | 4 ++--
meta/recipes-devtools/python/python-3.5-manifest.i
popd in bash might allow local users to bypass the restricted shell
and cause a use-after-free via a crafted address.
Porting patch from <https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/
bash44-006> to solve CVE-2016-9401.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
et PACKAGECONFIG to be without "ddns".
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...001-DDNS-disable-DNS-update-functionality.patch | 28 ++
meta/recipes-connectivity/dhcp/dhcp_4.3.5.bb | 13 +++---
2 files changed, 38 insertions(+), 3
Libtiff is vulnerable to a heap buffer overflow in the tools/tiffcp
resulting in DoS or code execution via a crafted BitsPerSample value.
Porting patch from <https://github.com/vadz/libtiff/commit/
5c080298d59efa53264d7248bbe3a04660db6ef7> to solve CVE-2017-5225.
Signed-off-by: Li Zhou
mit/
c76fac666ea038753294f2ac94d310f8adece9ce> to solve CVE-2016-10010.
Adapted the patch to solve context issues.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
.../openssh/openssh/openssh-CVE-2016-10010.patch | 38 ++
meta/recipes-connectivity/openssh/openssh_7.3p1.bb | 1 +
2 files
mit/
c76fac666ea038753294f2ac94d310f8adece9ce> to solve CVE-2016-10010.
Adapted the patch to solve context issues.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
.../openssh/openssh/openssh-CVE-2016-10010.patch | 38 ++
meta/recipes-connectivity/openssh/openssh_7.3p1.bb | 1 +
2 files
e, and use the default pthreads mutex.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-support/db/db_6.0.35.bb | 9 -
1 file changed, 9 deletions(-)
diff --git a/meta/recipes-support/db/db_6.0.35.bb
b/meta/recipes-support/db/db_6.0.35.bb
index f60edf9..b1bec0e 1
e, and use the default pthreads mutex.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-support/db/db_6.0.30.bb | 9 -
1 file changed, 9 deletions(-)
diff --git a/meta/recipes-support/db/db_6.0.30.bb
b/meta/recipes-support/db/db_6.0.30.bb
index 50a469b..2d08b5e 1
e, and use the default pthreads mutex.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-support/db/db_6.0.30.bb | 9 -
1 file changed, 9 deletions(-)
diff --git a/meta/recipes-support/db/db_6.0.30.bb
b/meta/recipes-support/db/db_6.0.30.bb
index 50a469b..2d08b5e 1
Consider setting $PYTHONHOME to [:]
Fatal Python error: Py_Initialize: Unable to get the locale encoding
ImportError: No module named 'encodings'
Here correct the rebasing error and solve this issue.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...ython3-correct-the-multilib-support-
kage name in Provides too,
and one result example is: "smart query glibc" gets the same result
with "smart query libc6".
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...e-smart-query-info-search-package-name-in.patch | 51 ++
meta/recipes-devtoo
Porting three net-tools SCTP related patches from
<https://archive.fedoraproject.org/pub/archive/fedora/linux/releases/
12/Fedora/source/SRPMS/net-tools-1.60-95.fc12.src.rpm> to add support
for SCTP option.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
.../net-tools/net-tools/ne
Backport from
fontconfig upstream <http://cgit.freedesktop.org/fontconfig/> to solve
issue: fontconfig changes break pybootchartgui tool generating bootchart
png file.
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
...ges-made-to-FcConfigAppFontAddDir-recentl.
offset not a multiple of 8
Signed-off-by: Li Zhou <li.z...@windriver.com>
---
meta/recipes-devtools/gcc/gcc-cross-canadian.inc |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
b/meta/recipes-devtools/gcc/gcc-cross-canad
Get upstream patch from lttng-tools github:
<https://github.com/lttng/lttng-tools>
,
for solving the filtered tracepoint disabling error.
The use of a simple lookup and match on event name is insufficient
to identify the corresponding ust app event.
Signed-off-by: Li Zhou <li.z...@wind
libunwind: Invalid dwarf opcodes can cause references beyond the end of
the array
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h
in libunwind 1.1 allows local users to have unspecified impact via
invalid dwarf opcodes.
Signed-off-by: Li Zhou <li.z...@windriver.
When running one application under Valgrind on ppc64 arch, we got a
missing syscall error. Get upstream patch from valgrind website to
enable rt_sigpending syscall on ppc64 linux.
Signed-off-by: Li Zhou li.z...@windriver.com
---
...able-rt_sigpending-syscall-on-ppc64-linux.patch | 35
to execute arbitrary code or cause a
denial of service (heap-based buffer overflow and application crash) via
crafted bitmap dimensions that are mishandled during scaling.
Signed-off-by: Li Zhou li.z...@windriver.com
---
...ps-Be-more-careful-about-integer-overflow.patch | 89
The tzdata recipe does not mark the /etc/timezone file and
/etc/localtime link as configuration files. An on target update would
then overwite the user modified versions of those files.
Add those files in CONFFILES_${PN}.
Signed-off-by: Li Zhou li.z...@windriver.com
---
meta/recipes-extended
The tzdata recipe does not mark the /etc/timezone file and
/etc/localtime link as configuration files. An on target update would
then overwite the user modified versions of those files.
Add those files in CONFFILES_${PN}.
Signed-off-by: Li Zhou li.z...@windriver.com
---
meta/recipes-extended
by configuring --with-opkglibdir.
opkg-utils can't get the var value in opkg, so here define OPKGLIBDIR to
set the path.
Signed-off-by: Li Zhou li.z...@windriver.com
---
meta/recipes-devtools/opkg-utils/opkg-utils_git.bb |3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/opkg-utils
by configuring --with-opkglibdir.
opkg-utils can't get the var value in opkg, so here define opkglibdir to
set the path.
Signed-off-by: Li Zhou li.z...@windriver.com
---
meta/recipes-devtools/opkg-utils/opkg-utils_git.bb |3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/opkg-utils
by configuring --with-opkglibdir.
opkg-utils can't get the var value in opkg, so here change back the
directory in update-alternatives only.
Signed-off-by: Li Zhou li.z...@windriver.com
---
...Change-alternatives-lib-path-from-usr-lib.patch | 36
meta/recipes-devtools/opkg-utils/opkg
for boost and libxslt.
Signed-off-by: Li Zhou li.z...@windriver.com
---
meta/recipes-support/boost/boost.inc |2 +-
meta/recipes-support/libxslt/libxslt_1.1.28.bb |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/boost/boost.inc
b/meta
libarchive: Updated libarchive packages fix security vulnerability
Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.
Signed-off-by: Li Zhou li.z
bdfReadProperties: property count needs range check
Avoid integer overflow or underflow when allocating memory arrays
by multiplying the number of properties reported for a BDF font.
Signed-off-by: Li Zhou li.z...@windriver.com
---
...erties-property-count-needs-range-check-C.patch | 38
bdfReadCharacters: bailout if a char's bitmap cannot be read
Previously would charge on ahead with a NULL pointer in ci-bits, and
then crash later in FontCharInkMetrics() trying to access the bits.
Signed-off-by: Li Zhou li.z...@windriver.com
---
...acters-bailout-if-a-char-s-bitmap-cannot
bdfReadCharacters: ensure metrics fit into xCharInfo struct
We use 32-bit ints to read from the bdf file, but then try to stick
into a 16-bit int in the xCharInfo struct, so make sure they won't
overflow that range.
Signed-off-by: Li Zhou li.z...@windriver.com
---
...acters-ensure-metrics-fit
the server to crash (CVE-2015-0255).
Signed-off-by: Li Zhou li.z...@windriver.com
---
...Check-strings-length-against-request-size.patch | 145
...wap-XkbSetGeometry-data-in-the-input-buff.patch | 109 +++
.../xorg-xserver/xserver-xorg_1.16.3.bb|2
The libltdl libraries are put in libltdl-* packages, but libltdl.la
is packaged in libtool-dev. This change puts libltdl.la in libltdl-dev
package instead of libtool-dev.
Signed-off-by: Li Zhou li.z...@windriver.com
---
meta/recipes-devtools/libtool/libtool-2.4.6.inc |1 +
1 file changed, 1
75 matches
Mail list logo
