* Linux 5.10 introduces a new lockless ringbuffer. The new ringbuffer
  is structured completely different to the previous iterations.
  Add support for retrieving the ringbuffer from debug information
  and/or using vmcoreinfo. The new ringbuffer is detected based on
  the availability of the "prb" symbol.

* Support newer kernels as follows:

  - 5.10, 5.11, 5.12  (x86_64 SPARSEMEM)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

https://github.com/openembedded/meta-openembedded/commit/427c3e1ed6c1f909638976d74325945b549590cb#diff-b083e2fac146e23597aa0b458dff835d9c1700afce08afedbc17d4ac40728e56

Signed-off-by: Armin Kuster <akuster808@gmail.com>

Remove duplicate code
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa22894f

)
[Fixup for Hardknott context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>

* based on commit from honister, but without the upgrade:
  commit 8691de25


  Author: Khem Raj <raj.khem@gmail.com>
  Date:   Sat May 8 14:38:52 2021 -0700

    abseil-cpp: Upgrade to lts_2021_03_24

    Fix build with glibc 2.34 while here
    Forward patches to this version
    Let system package the libraries

  to fix abseil-cpp-native build on e.g. Ubuntu-22.04 with glibc-2.34 to fix:

  | FAILED: absl/debugging/CMakeFiles/failure_signal_handler.dir/failure_signal_handler.cc.o
  | /OE/lge/build/webosose/hardknott/BUILD/hosttools/g++ -Dfailure_signal_handler_EXPORTS -I/OE/lge/build/webosose/hardknott/BUILD/work/x86_64-linux/abseil-cpp-native/20200923+gitAUTOINC+6f9d96a1f4-r0/git -isystem/OE/lge/build/webosose/hardknott/BUILD/work/x86_64-linux/abseil-cpp-native/20200923+gitAUTOINC+6f9d96a1f4-r0/recipe-sysroot-native/usr/include -O2 -pipe -fPIC -Wall -Wextra -Wcast-qual -Wconversion-null -Wmissing-declarations -Woverlength-strings -Wpointer-arith -Wundef -Wunused-local-typedefs -Wunused-result -Wvarargs -Wvla -Wwrite-strings -Wno-missing-field-initializers -Wno-sign-compare -DNOMINMAX -std=gnu++14 -MD -MT absl/debugging/CMakeFiles/failure_signal_handler.dir/failure_signal_handler.cc.o -MF absl/debugging/CMakeFiles/failure_signal_handler.dir/failure_signal_handler.cc.o.d -o absl/debugging/CMakeFiles/failure_signal_handler.dir/failure_signal_handler.cc.o -c /OE/lge/build/webosose/hardknott/BUILD/work/x86_64-linux/abseil-cpp-native/20200923+gitAUTOINC+6f9d96a1f4-r0/git/absl/debugging/failure_signal_handler.cc
  | /OE/lge/build/webosose/hardknott/BUILD/work/x86_64-linux/abseil-cpp-native/20200923+gitAUTOINC+6f9d96a1f4-r0/git/absl/debugging/failure_signal_handler.cc: In function ‘bool absl::lts_2020_09_23::SetupAlternateStackOnce()’:
  | /OE/lge/build/webosose/hardknott/BUILD/work/x86_64-linux/abseil-cpp-native/20200923+gitAUTOINC+6f9d96a1f4-r0/git/absl/debugging/failure_signal_handler.cc:138:32: error: no matching function for call to ‘max(long int, int)’
  |   138 |   size_t stack_size = (std::max(SIGSTKSZ, 65536) + page_mask) & ~page_mask;
  |       |                        ~~~~~~~~^~~~~~~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

fix CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

ChangeLog:
https://downloads.apache.org/httpd/CHANGES_2.4.53



Security fixes:
CVE-2022-23943
CVE-2022-22721
CVE-2022-22720
CVE-2022-22719

Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 81bbe657

)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit d6c8d3a1bad2276001c3bdc09de4dee107357a1d)
[Fixup for hardknott context, overrides]
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The git repo for multipath-tools was changed, so update the
SRC_URI accordingly with the new link.
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

* the branch was renamed in upstream
* it's already resolved in meta-oe/kirkstone since this commit:
  commit cef2d142


  Author: Robert Joslyn <robert.joslyn@redrectangle.org>
  Date:   Sat Jan 15 06:19:04 2022 -0800
  Subject: htop: Update to 3.1.2

    Upstream renamed the branch to "main", update SRC_URI.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

* fixes:
  ERROR: Nothing RPROVIDES 'x265' (but meta-openembedded/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb RDEPENDS on or otherwise requires it)
  x265 was skipped: because it has a restricted license 'commercial'. Which is not whitelisted in LICENSE_FLAGS_WHITELIST

* also include i686 so that it's included e.g. with default DEFAULTTUNE of qemux86 as recipe allows that with:
  COMPATIBLE_HOST = '(x86_64|i.86).*-linux'
  i586 isn't used by qemux86 since:

  commit f3b1e577ec94c849d0354f5679257f02ef4e4fe9
  Author: Alexander Kanavin <alex.kanavin@gmail.com>
  Date:   Thu May 16 17:04:04 2019 +0200

    qemux86: use a Core 2 Duo CPU instead of the original circa-1993 Pentium
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The commit 4fe018038f87 is in the main branch, so the do_fetch task failed.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b8bb7dc1

)
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The master branch has been renamed to main in the github repo.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Release notes (https://github.com/lxml/lxml/blob/master/CHANGES.txt

):

4.6.5 (2021-12-12)
==================

Bugs fixed
----------

* A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
  content through SVG images (CVE-2021-43818).

* A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
  content through CSS imports and other crafted constructs (CVE-2021-43818).

4.6.4 (2021-11-01)
==================

Features added
--------------

* GH#317: A new property ``system_url`` was added to DTD entities.
  Patch by Thirdegree.

* GH#314: The ``STATIC_*`` variables in ``setup.py`` can now be passed via env vars.
  Patch by Isaac Jurado.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The delta between 3.2.5 and 3.2.12 contain numerous CVE and other
bugfixes. git log --oneline 3.2.5..3.2.12 shows:

fdf209eab8 (tag: 3.2.12) [3.2.x] Bumped version for 3.2.12 release.
d16133568e [3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
1a1e8278c4 [3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
a7e89fe776 [3.2.x] Added stub release notes for 3.2.12 and 2.2.27.
027f4c4ceb [3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive.
0a9a46a1d7 [3.2.x] Post-release version bump.
6e499a28ac (tag: 3.2.11) [3.2.x] Bumped version for 3.2.11 release.
8d2f7cff76 [3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
c7fe895bca [3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
a8b32fe13b [3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
b0aa0709a5 [3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases.
ae242235db [3.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10.
ecd2793897 [3.2.x] Added CVE-2021-44420 to security archive.
1cea03ab00 [3.2.x] Post-release version bump.
0153a63a67 (tag: 3.2.10) [3.2.x] Bumped version for 3.2.10 release.
333c656030 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
6014b812e2 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_callable_default() crash on Oracle.
cb724ef6c0 [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL.
0cf2d48ba8 [3.2.x] Added requirements.txt to files ignored by Sphinx builds.
487a2da02e [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.
742d6bc8db [3.2.x] Corrected signatures of QuerySet's methods.
99532fdadf [3.2.x] Corrected isort example in coding style docs.
31539a63f2 [3.2.x] Corrected "pip install" call in coding style docs.
76a0a8a917 [3.2.x] Configured Read The Docs to build all formats.
04e66e245d [3.2.x] Fixed crash building HTML docs since Sphinx 4.3.
dfa1145a22 [3.2.x] Corrected multiply defined labels in docs.
9d171643d4 [3.2.x] Refs #33247 -- Corrected configuration for Read The Docs.
327dac6e7c [3.2.x] Fixed #33247 -- Added configuration for Read The Docs.
bc691d555e [3.2.x] Corrected module reference in contributing tutorial.
3357ad2de2 [3.2.x] Fixed typo in docs/topics/logging.txt.
34e5e61479 [3.2.x] Added stub release notes for Django 3.2.10.
21a56d596a [3.2.x] Post-release version bump.
1b3c0d3b54 (tag: 3.2.9) [3.2.x] Bumped version for 3.2.9 release.
e299cc2d2c [3.2.x] Added release date for 3.2.9.
947d2707c6 [3.2.x] Added Google Cloud Spanner to list of third-party DB backends.
128179c0f8 [3.2.x] Refs #33182 -- Adjusted custom admin theming example to use correct template block.
f5802a21c4 [3.2.x] Fixed #33194 -- Fixed migrations when altering a field with functional indexes on SQLite.
fdc1c6435c [3.2.x] Fixed #33198 -- Corrected BinaryField.max_length docs.
dbcd81841f [3.2.x] Refs #32074 -- Removed usage of deprecated asyncore and smtpd modules.
137a9899d7 [3.2.x] Refs #27131 -- Removed SMTPBackendTests.test_server_login().
1128291650 [3.2.x] Added 'formatter' to spelling wordlist.
82fee0446d [3.2.x] Refs #32074 -- Doc'd Python 3.10 compatibility in Django 3.2.x.
1aed4663c3 [3.2.x] Refs #32074 -- Added Python 3.10 to classifiers and tox.ini.
53fad80ffe [3.2.x] Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop() on Python 3.7+.
f6726fdc3e [3.2.x] Refs #32074 -- Fixed find_module()/find_loader() warnings on Python 3.10+.
d0dc446444 [3.2.x] Refs #32074 -- Removed usage of deprecated Thread.setDaemon().
8bebb1c04a [3.2.x] Refs #32074 -- Removed usage of Python's deprecated distutils.version package.
faeae84dad [3.2.x] Skipped test_archive tests when bz2/lzma module is not installed.
329311ecbd [3.2.x] Added stub release notes for Django 3.2.9.
85e4af6a22 [3.2.x] Post-release version bump.
4540e976d4 (tag: 3.2.8) [3.2.x] Bumped version for 3.2.8 release.
65367b0500 [3.2.x] Added release date for 3.2.7.
51e4dbfeb2 [3.2.x] Refs #27694 -- Doc'd lookups that can be chained with HStoreField key transforms.
031ffc5c84 [3.2.x] Corrected field and model check messages in docs.
7607fe922f [3.2.x] Removed obsolete GEOS 3.5 requirement note.
6760f4fa25 [3.2.x] Fixed #33083 -- Fixed selecting all items in the admin changelist when actions are both top and bottom.
e235c7815a [3.2.x] Fixed broken links and redirects in docs.
51e76c922f [3.2.x] Used :rfc: role in docs/topics/conditional-view-processing.txt.
d4a587a5fa [3.2.x] Fixed #33077 -- Fixed links to related models for admin's readonly fields in custom admin site.
561a1c0905 [3.2.x] Fixed typo in docs/intro/reusable-apps.txt.
454ee4d3b8 [3.2.x] Corrected outputs and made cosmetic edits in GeoDjango tutorial.
b51e0a37cf [3.2.x] Doc'd Jinja2 form renderer.
a7be74d017 [3.2.x] Clarified type of Window()'s partition_by and order_by arguments.
54684a3ec0 [3.2.x] Refs #31055 -- Doc'd 'databases' argument of check functions.
1f86ff31b1 [3.2.x] Fixed typo in docs/topics/i18n/formatting.txt.
b61f44c339 [3.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+.
707239eabf [3.2.x] Added stub release notes for Django 3.2.8.
d5710f405a [3.2.x] Post-release version bump.
45a0c54b67 (tag: 3.2.7) [3.2.x] Bumped version for 3.2.7 release.
4b80a40272 [3.2.x] Added release date for 3.2.7.
4e55806720 [3.2.x] Refs #25264 -- Doc's that not all default options are supported by every management command.
fe3a854e1d [3.2.x] Fixed #32992 -- Restored offset extraction for fixed offset timezones.
382374a360 [3.2.x] Corrected BaseDatabaseSchemaEditor.execute() signature in docs.
11b2cbb65f [3.2.x] Made sentence about Model consistent in docs.
69009f4952 [3.2.x] Fixed #33046 -- Added note about using length of cached result by QuerySet.count().
d95a0144e5 [3.2.x] Used backend vendors in custom model fields docs.
358e65a5cd [3.2.x] Fixed #33030 -- Fixed broken links to GDAL docs.
d29a9ed504 [3.2.x] The geodjango mailing list moved to the Django Forum.
eb26b8a0fe [3.2.x] The django-i18n mailing list moved to the Django Forum.
6bb74f3de8 [3.2.x] Fixed some broken links and redirects in docs.
f18da11b8a [3.2.x] Updated BaseDatabaseFeatures link in testing tools docs.
2c46e55314 [3.2.x] Clarified URL patterns in tutorial 3.
87e7399760 [3.2.x] Added stub release notes for Django 3.2.7.
e1cad66dca [3.2.x] Post-release version bump.
eb0f298e76 (tag: 3.2.6) [3.2.x] Bumped version for 3.2.6 release.
70840232f9 [3.2.x] Confirmed release date for Django 3.2.6.
d9e05ea17a [3.2.x] Refs #31676 -- Updated technical board description in organization docs.
99d9a3ef7c [3.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs.
ed29959812 [3.2.x] Refs #31676 -- Removed Core team from organization docs.
55daaa0c79 [3.2.x] Made minor edits to QuerySet.update_or_create() docs.
5fa70c91b4 [3.2.x] Fixed typo in docs/ref/contrib/admin/index.txt.
aace6c531d [3.2.x] Fixed #32933 -- Documented BoundField.initial as preferred over Form.get_initial_for_field().
bdd4cbe84a [3.2.x] Fixed #32957 -- Improved visibility of arguments sections in Model.save() docs.
b2f7b53fac [3.2.x] Fixed #32947 -- Fixed hash() crash on reverse M2M relation when through_fields is a list.
de5a044cf4 [3.2.x] Fixed #32950 -- Removed myproject from imports in admin docs where appropriate.
f4cf86f870 [3.2.x] Refs #32949 -- Adjusted release note wording.
1346381760 [3.2.x] Fixed #32949 -- Restored invalid number handling in DecimalField.validate().
05e997c404 [3.2.x] Fixed typo in docs/ref/databases.txt.
9a65e62c93 [3.2.x] Fixed typo in docs/releases/3.1.13.txt.
0ee092c8dd [3.2.x] Fixed typo in docs/topics/signals.txt.
b7d25d025e [3.2.x] Fixed typo in docs/internals/deprecation.txt.
6931963886 [3.2.x] Fixed typo in docs/internals/contributing/committing-code.txt.
f36edbc378 [3.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs.
527482c513 [3.2.x] Fixed typo in docs/ref/contrib/gis/tutorial.txt.
1d53d2502d [3.2.x] Documented in_bulk behavior with nonexistent id_list items.
9fadb97583 [3.2.x] Added CVE-2021-35042 to security archive.
92efd69107 [3.2.x] Added stub release notes for Django 3.2.6.
3ab942f10a [3.2.x] Post-release version bump.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The delta between 2.2.24 and 2.2.27 contain numerous CVE and other
bugfixes. git log --oneline 2.2.24..2.2.27 shows:

e541f2d05b (tag: 2.2.27) [2.2.x] Bumped version for 2.2.27 release.
c477b76180 [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
c27a7eb9f4 [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
4cafd3aacb [2.2.x] Added stub release notes 2.2.27.
77d0fe5868 [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive.
e085d46e4b [2.2.x] Post-release version bump.
44e7cca623 (tag: 2.2.26) 2.2.x] Bumped version for 2.2.26 release.
4cb35b384c [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
c9f648ccfa [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
2135637fdd [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
03b733d8a8 [2.2.x] Added stub release notes for 2.2.26 release.
b87820668e [2.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10.
573e70ea48 [2.2.x] Added CVE-2021-44420 to security archive.
8439938602 [2.2.x] Post-release version bump.
79d8dcefb2 (tag: 2.2.25) [2.2.x] Bumped version for 2.2.25 release.
7cf7d74e8a [2.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
0007a5f9fa [2.2.x] Added requirements.txt to files ignored by Sphinx builds.
fac0fdd95d [2.2.x] Added stub release notes for 2.2.25.
4bc10b7955 [2.2.x] Fixed crash building HTML docs since Sphinx 4.3.
5289fcfffe [2.2.x] Configured Read The Docs to build all formats.
9a4a2b2089 [2.2.x] Refs #33247 -- Corrected configuration for Read The Docs.
029c830b71 [2.2.x] Fixed #33247 -- Added configuration for Read The Docs.
12141e3116 [2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required.
cf63dd5c1b [2.2.x] Added 'formatter' to spelling wordlist.
05bc1c81aa [2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+.
a9c0aa11e7 [2.2.x] Refs #31676 -- Updated technical board description in organization docs.
66008c2af0 [2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs.
d4d1c2b3db [2.2.x] Refs #31676 -- Removed Core team from organization docs.
8f59f72a20 [2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs.
837ffcfa68 [2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required.
dc43667eab [2.2.x] Fixed docs header underlines in security archive.
3e7bb564be [2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive.
48bde7cab4 [2.2.x] Post-release version bump.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Stable security bug-fix release that fixes CVE-2021-4122.

ReleaseNotes:
https://kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.7-ReleaseNotes

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

master branch on the repository has been renamed in upstream to main.
Signed-off-by: Kartikey Rameshbhai Parmar <kartikey.rameshbhai.parmar@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 24873912

)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 480d42fa87b7f42cd7a72c0803ced328b875cca0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Point to patchwork.yoctoproject.org
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8b8bfbca

)
Signed-off-by: Armin Kuster <akuster808@gmail.com>

upstream commit 245afbc8



If you add -dev packages to an image, as in an
sdk, ${PN}-dev is pulled in, which depends on ${PN}
which no longer exists in the new package layout.

Error:
 Problem: conflicting requests
  - nothing provides cdrkit = 1.1.11-r0.1 needed by
cdrkit-dev-1.1.11-r0.1.corei7_64
(try to add '--skip-broken' to skip uninstallable packages)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The `dot` tool requires to be run once after installation in order to
create its configuration file.

The do_prepare_recipe_sysroot task uses do_populate_sysroot in order to
prepare the recipe-sysroot-native. Package postinstall scripts are not
executed for -native packages, but files under ${BINDIR}/postinst-* are.

This is quite the same as graphviz-setup.sh does for nativesdk. The
general idea has been taken from
OECORE/meta/classes/pixbufcache.bbclass.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The upstream ebtables-legacy-save perl script is replaced by a bash
implementation (taken from Fedora). So there's nothing left which
RDEPENDs on perl.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

CVE: CVE-2021-29338

Ref:
* https://github.com/uclouvain/openjpeg/issues/1338

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Backport three patches from 9.0.0 upstream to fix CVES.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The missing `return` statement leads to a `SIGABRT`.
Signed-off-by: Leif Middelschulte <Leif.Middelschulte@klsmartin.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The license files were renamed in oe-core to match the SPDX names.

Most recipes here were already updated in commit ed54f12e


("recipes: Update common-licenses references to match new names"),
but spidev-test was still missing.
Signed-off-by: Daniel Klauer <daniel.klauer@gin.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Upstream created a branch for the sources for this version.
update accordingly
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Remove c11_atomics.patch as the logic is already included in the
new version [1].

[1] https://github.com/MariaDB/server/commit/f502ccbcb5dfce29067434885a23db8d1bd5f134

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

KillMode=none is deprecated, so we need to stop using it [1].

For now, use `KillMode=mixed` and `IgnoreOnIsolate=true` instead.

In the future, we should change plymouth to be able to exit and
start again without restarting the active animation, but that's
going to require some effort.

[1] https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/123

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The protobuf 3.15.2 suffers from the C++ "Static Initialization Fiasco"
issue. This patches makes the extension attributes have a higher
priority than the attributes, so there's no possibility of random
initialization orders.
Signed-off-by: Jani Nurminen <jani.nurminen@windriver.com>

Upstream-Status: Pending
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

This is a security and bugfix release. With this update, the backported
patches for CVE-2021-2314 and CVE-2021-23222 are no longer needed. Full
release notes are available at:
https://www.postgresql.org/docs/release/13.5/

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Upgrade udisks2 from 2.9.2 to 2.9.4. This upgrade will solves
CVE-2021-3802.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

For more infromation, see:
https://www.wireshark.org/docs/relnotes/wireshark-3.4.11.html



refresh 0004-lemon-Remove-line-directives.patch

Includes CVEs:

3.4.11:
wnpa-sec-2021-16 Gryphon dissector crash. Issue 17737. CVE-2021-4186.
wnpa-sec-2021-17 RTMPT dissector infinite loop. Issue 17745. CVE-2021-4185.
wnpa-sec-2021-18 BitTorrent DHT dissector infinite loop. Issue 17754. CVE-2021-4184.
wnpa-sec-2021-20 RFC 7468 file parser infinite loop. Issue 17801. CVE-2021-4182.
wnpa-sec-2021-21 Sysdig Event dissector crash. CVE-2021-4181.

3.4.10:
wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
wnpa-sec-2021-08 Bluetooth HCI_ISO dissector crash. Issue 17649. CVE-2021-39926.
wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.
wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
wnpa-sec-2021-15 IPPUSB dissector crash. Issue 17705. CVE-2021-39920.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 89bf10d0

)
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Changelog:
==========
 *) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
     multipart content in mod_lua of Apache HTTP Server 2.4.51 and
     earlier (cve.mitre.org)
     A carefully crafted request body can cause a buffer overflow in
     the mod_lua multipart parser (r:parsebody() called from Lua
     scripts).
     The Apache httpd team is not aware of an exploit for the
     vulnerabilty though it might be possible to craft one.
     This issue affects Apache HTTP Server 2.4.51 and earlier.

  *) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
     forward proxy configurations in Apache HTTP Server 2.4.51 and
     earlier (cve.mitre.org)
     A crafted URI sent to httpd configured as a forward proxy
     (ProxyRequests on) can cause a crash (NULL pointer dereference)
     or, for configurations mixing forward and reverse proxy
     declarations, can allow for requests to be directed to a
     declared Unix Domain Socket endpoint (Server Side Request
     Forgery).
     This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
     (included).

  *) http: Enforce that fully qualified uri-paths not to be forward-proxied
     have an http(s) scheme, and that the ones to be forward proxied have a
     hostname, per HTTP specifications.

  *) OpenSSL autoconf detection improvement: pick up openssl.pc in the
     specified openssl path.

  *) mod_proxy_connect, mod_proxy: Do not change the status code after we
     already sent it to the client.

  *) mod_http: Correctly sent a 100 Continue status code when sending an interim
     response as result of an Expect: 100-Continue in the request and not the
     current status code of the request. PR 65725

  *) mod_dav: Some DAV extensions, like CalDAV, specify both document
     elements and property elements that need to be taken into account
     when generating a property. The document element and property element
     are made available in the dav_liveprop_elem structure by calling
     dav_get_liveprop_element().

  *) mod_dav: Add utility functions dav_validate_root_ns(),
     dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and
     dav_find_attr() so that other modules get to play too.

  *) mpm_event: Restart stopping of idle children after a load peak. PR 65626.

  *) mod_http2: fixes 2 regressions in server limit handling.
     1. When reaching server limits, such as MaxRequestsPerChild, the
        HTTP/2 connection send a GOAWAY frame much too early on new
        connections, leading to invalid protocol state and a client
        failing the request. See PR65731.
        The module now initializes the HTTP/2 protocol correctly and
        allows the client to submit one request before the shutdown
        via a GOAWAY frame is being announced.
     2. A regression in v1.15.24 was fixed that could lead to httpd
        child processes not being terminated on a graceful reload or
        when reaching MaxConnectionsPerChild. When unprocessed h2
        requests were queued at the time, these could stall.
        See <https://github.com/icing/mod_h2/issues/212>.

  *) mod_ssl: Add build support for OpenSSL v3.

  *) mod_proxy_connect: Honor the smallest of the backend or client timeout
     while tunneling.

  *) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
     half-close forwarding when tunneling protocols.

  *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
     a third-party module.  PR 65627.

  *) mod_md: Fix memory leak in case of failures to load the private key.
     PR 65620

  *) mod_md: adding v2.4.8 with the following changes
    - Added support for ACME External Account Binding (EAB).
      Use the new directive `MDExternalAccountBinding` to provide the
      server with the value for key identifier and hmac as provided by
      your CA.
      While working on some servers, EAB handling is not uniform
      across CAs. First tests with a Sectigo Certificate Manager in
      demo mode are successful. But ZeroSSL, for example, seems to
      regard EAB values as a one-time-use-only thing, which makes them
      fail if you create a seconde account or retry the creation of the
      first account with the same EAB.
    - The directive 'MDCertificateAuthority' now checks if its parameter
      is a http/https url or one of a set of known names. Those are
      'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
      for now and they are not case-sensitive.
      The default of LetsEncrypt is unchanged.
    - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
      section.
    - Treating 401 HTTP status codes for orders like 403, since some ACME
      servers seem to prefer that for accessing oders from other accounts.
    - When retrieving certificate chains, try to read the repsonse even
      if the HTTP Content-Type is unrecognized.
    - Fixed a bug that reset the error counter of a certificate renewal
      and prevented the increasing delays in further attempts.
    - Fixed the renewal process giving up every time on an already existing
      order with some invalid domains. Now, if such are seen in a previous
      order, a new order is created for a clean start over again.
      See <https://github.com/icing/mod_md/issues/268

>
    - Fixed a mixup in md-status handler when static certificate files
      and renewal was configured at the same time.

  *) mod_md: values for External Account Binding (EAB) can
     now also be configured to be read from a separate JSON
     file. This allows to keep server configuration permissions
     world readable without exposing secrets.

  *) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.
     PR 65616.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ea76fc64

)
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Changelog:
http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.20.HISTORY

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Backport a patch to fix build against glibc 2.34 (e.g. on Fedora 35)

Fixes:
| In file included from attr_clnt.c:88:
| /usr/include/unistd.h:363:13: error: conflicting types for
‘closefrom’; have ‘void(int)’
|   363 | extern void closefrom (int __lowfd) __THROW;
|       |             ^~~~~~~~~
| In file included from attr_clnt.c:87:
| ./sys_defs.h:1506:12: note: previous declaration of ‘closefrom’ with
type ‘int(int)’
|  1506 | extern int closefrom(int);
|       |            ^~~~~~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Backport patch to fix CVE-2021-43527.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The master branch has been renamed to main in the github repo.

Change-Id: I19e9ea3998cf22508425d87fceb64ae68fbff166
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

The original fix for team_basic_test.py only change the interpreter
to python3, but still some error as below:
 # ./run-ptest
 File "/usr/lib64/libteam/ptest/./team_basic_test.py", line 35
 print "Usage: team_basic_test.py [OPTION...]"
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?

 # ./run-ptest
 RUN #1
 # "ip link add testteamx type team"
 # "teamnl testteamx getoption mode"
 # "ip link del testteamx"
 # "modprobe -r team_mode_loadbalance team_mode_roundrobin team_mode_activebackup team_mode_broadcast team"
 Traceback (most recent call last):
  File "/usr/lib64/libteam/ptest/./team_basic_test.py", line 206, in <module>
    main()
  File "/usr/lib64/libteam/ptest/./team_basic_test.py", line 203, in main
    btest.run()
  File "/usr/lib64/libteam/ptest/./team_basic_test.py", line 180, in run
    self._run_one_loop(i + 1)
  File "/usr/lib64/libteam/ptest/./team_basic_test.py", line 173, in _run_one_loop
    self._run_one_mode(mode_name)
  File "/usr/lib64/libteam/ptest/./team_basic_test.py", line 101, in _run_one_mode
    cmd_exec("teamnl %s getoption mode" % team_name, "*NOMODE*")
  File "/usr/lib64/libteam/ptest/./team_basic_test.py", line 80, in cmd_exec
    raise CmdExecUnexpectedOutputException(output, expected_output)
 __main__.CmdExecUnexpectedOutputException: Command execution output unexpected: "b'*NOMODE*'" != "*NOMODE*"

 So rework team_basic_test.py to fix the above issue.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Commit [1] changed the pidfile dir to /var/run/syslog-ng. This also changed
the location where the control socket is searched for, causing the following
error with systemd:

root@qemux86-64:~# syslog-ng-ctl config
Error connecting control socket, socket='/var/run/syslog-ng/syslog-ng.ctl',
error='No such file or directory'

Update the systemd service file to point to the new location.

[1] 00d1d63e ("syslog-ng: provide correct PID directory location to
                   restart/stop syslog-ng daemon")

(master rev: b57d824f

)
Signed-off-by: lmorales <luisalejandro.moralespena@windriver.com>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>