[PATCH 00/15] Zeus patch review

[PATCH 00/15] Zeus patch review

[Armin Kuster]

Please have comments back by Tuesday

The following changes since commit aad5b3d070cd8c58828b0975cf861d8ebc90f460:

  README: updated Maintainers list for Zeus (2019-10-30 14:16:04 -0700)

are available in the git repository at:

  git://git.openembedded.org/meta-openembedded-contrib stable/zeus-nut
  http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/zeus-nut

Andreas Oberritter (1):
  samba: fix installation for minimal build

Hongxu Jia (1):
  python-more-itertools.inc: fix python2 package not incorrectly
    generated

Khem Raj (1):
  rsyslog: Dont force enable atomic builtins on mips

Michael Scott (1):
  modemmanager: Upgrade 1.10.6 -> 1.10.8

Slater, Joseph (1):
  php: fix CVE-2019-11043

Stefan Wiehler (1):
  nvme-cli: defer host ID generation to post installation

Trevor Gamblin (3):
  rsyslog: fix CVE-2019-17041
  rsyslog: upgrade from v8.1908.0 to v8.1910.0
  quagga: fix PIDFile path for service files

Yi Zhao (2):
  samba: upgrade 4.10.8 -> 4.10.10
  freeradius: fix CVE-2019-10143

Zheng Ruoqin (2):
  mariadb: upgrade 10.3.16 -> 10.3.18
  wireshark: upgrade 3.0.3 -> 3.0.6

niko.mauno@vaisala.com (2):
  gitpkgv.bbclass: Use --git-dir option
  gitpkgv.bbclass: Support also lightweight tags

 ...-to-radiusd-user-group-when-rotating-logs.patch | 104 +++++++++++++++++++++
 .../freeradius/freeradius_3.0.19.bb                |   1 +
 .../samba/{samba_4.10.8.bb => samba_4.10.10.bb}    |  20 ++--
 .../recipes-protocols/quagga/files/bgpd.service    |   4 +-
 .../recipes-protocols/quagga/files/ospf6d.service  |   4 +-
 .../recipes-protocols/quagga/files/ospfd.service   |   4 +-
 .../recipes-protocols/quagga/files/ripd.service    |   4 +-
 .../recipes-protocols/quagga/files/ripngd.service  |   4 +-
 .../recipes-protocols/quagga/files/zebra.service   |   4 +-
 .../{wireshark_3.0.3.bb => wireshark_3.0.6.bb}     |   4 +-
 meta-oe/classes/gitpkgv.bbclass                    |  15 ++-
 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb       |   5 +-
 ...demmanager_1.10.6.bb => modemmanager_1.10.8.bb} |   4 +-
 ...native_10.3.16.bb => mariadb-native_10.3.18.bb} |   0
 meta-oe/recipes-dbs/mysql/mariadb.inc              |   4 +-
 .../{mariadb_10.3.16.bb => mariadb_10.3.18.bb}     |   0
 .../recipes-devtools/php/php/CVE-2019-11043.patch  |  38 ++++++++
 meta-oe/recipes-devtools/php/php_7.3.9.bb          |   1 +
 .../rsyslog/rsyslog/0001-Out-of-bounds-issue.patch |  31 ------
 .../{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb}   |   6 +-
 .../python/python-more-itertools.inc               |   2 -
 21 files changed, 186 insertions(+), 73 deletions(-)
 create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch
 rename meta-networking/recipes-connectivity/samba/{samba_4.10.8.bb => samba_4.10.10.bb} (95%)
 rename meta-networking/recipes-support/wireshark/{wireshark_3.0.3.bb => wireshark_3.0.6.bb} (95%)
 rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.10.6.bb => modemmanager_1.10.8.bb} (92%)
 rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.3.16.bb => mariadb-native_10.3.18.bb} (100%)
 rename meta-oe/recipes-dbs/mysql/{mariadb_10.3.16.bb => mariadb_10.3.18.bb} (100%)
 create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
 delete mode 100644 meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
 rename meta-oe/recipes-extended/rsyslog/{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb} (97%)

-- 
2.7.4

[PATCH 01/15] php: fix CVE-2019-11043

[Armin Kuster]

From: "Slater, Joseph" <joe.slater@windriver.com>

Backport unmodified patch from git.php.net.  Fixed in php 7.3.11.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-devtools/php/php/CVE-2019-11043.patch  | 38 ++++++++++++++++++++++
 meta-oe/recipes-devtools/php/php_7.3.9.bb          |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch

diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
new file mode 100644
index 0000000..7e20063
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
@@ -0,0 +1,38 @@
+From ab061f95ca966731b1c84cf5b7b20155c0a1c06a Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka@php.net>
+Date: Sat, 12 Oct 2019 15:56:16 +0100
+Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE)
+
+CVE: CVE-2019-11043
+
+Fixed in php version 7.3.11.
+
+Upstream-Status: Backport [https://git.php.net/repository/php-src.git]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ NEWS                                          |  4 +-
+ sapi/fpm/fpm/fpm_main.c                       |  4 +-
+ .../tests/bug78599-path-info-underflow.phpt   | 61 +++++++++++++++++++
+ sapi/fpm/tests/tester.inc                     | 11 +++-
+ 4 files changed, 75 insertions(+), 5 deletions(-)
+ create mode 100644 sapi/fpm/tests/bug78599-path-info-underflow.phpt
+
+diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
+index 24a7e5d56a..50f92981f1 100644
+--- a/sapi/fpm/fpm/fpm_main.c
++++ b/sapi/fpm/fpm/fpm_main.c
+@@ -1209,8 +1209,8 @@ static void init_request_info(void)
+ 								path_info = script_path_translated + ptlen;
+ 								tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
+ 							} else {
+-								path_info = env_path_info ? env_path_info + pilen - slen : NULL;
+-								tflag = (orig_path_info != path_info);
++								path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
++								tflag = path_info && (orig_path_info != path_info);
+ 							}
+ 
+ 							if (tflag) {
+-- 
+2.17.1
+
diff --git a/meta-oe/recipes-devtools/php/php_7.3.9.bb b/meta-oe/recipes-devtools/php/php_7.3.9.bb
index a5c7b9b..e886cb1 100644
--- a/meta-oe/recipes-devtools/php/php_7.3.9.bb
+++ b/meta-oe/recipes-devtools/php/php_7.3.9.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://0001-acinclude.m4-don-t-unset-cache-variables.patch \
             file://0001-Use-pkg-config-for-libxml2-detection.patch \
             file://debian-php-fixheader.patch \
             file://CVE-2019-6978.patch \
+            file://CVE-2019-11043.patch \
            "
 SRC_URI_append_class-target = " \
                                 file://pear-makefile.patch \
-- 
2.7.4

[PATCH 02/15] modemmanager: Upgrade 1.10.6 -> 1.10.8

[Armin Kuster]

From: Michael Scott <mike@foundries.io>

This is a bugfix release on the 1.10 branch.

Includes: Fix for an issue presenting after 1.10.6 update where modem
would enter status denied state.

See:
https://cgit.freedesktop.org/ModemManager/ModemManager/commit/?h=1.10.8&id=47fd8a1e55cac0b0b45812e1dda826f38c264d1b

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../modemmanager/{modemmanager_1.10.6.bb => modemmanager_1.10.8.bb}   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.10.6.bb => modemmanager_1.10.8.bb} (92%)

diff --git a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.6.bb b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.8.bb
similarity index 92%
rename from meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.6.bb
rename to meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.8.bb
index 92d4fe0..3cd21cc 100644
--- a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.6.bb
+++ b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.10.8.bb
@@ -14,8 +14,8 @@ DEPENDS = "glib-2.0 libgudev intltool-native libxslt-native"
 SRC_URI = "http://www.freedesktop.org/software/ModemManager/ModemManager-${PV}.tar.xz \
            "
 
-SRC_URI[md5sum] = "7452a94f0d1ca361ae51ff1d287c53f5"
-SRC_URI[sha256sum] = "3c2ca73782215664141042422759899ca9846440fc26d6223c7cf7ea4dd3c996"
+SRC_URI[md5sum] = "c05ac4246c81cc15d617c4a129232988"
+SRC_URI[sha256sum] = "cbe174078dbdf3f746a55f0004353d3c27da2a31da553036d90fc7dc34a0169a"
 
 S = "${WORKDIR}/ModemManager-${PV}"
 
-- 
2.7.4

[PATCH 03/15] python-more-itertools.inc: fix python2 package not incorrectly generated

[Armin Kuster]

From: Hongxu Jia <hongxu.jia@windriver.com>

The package of python2 is incorrected generated to python3
...
tmp-glibc/work/core2-64-wrs-linux/python-more-itertools/7.2.0-r0$ find image/
image/
image/usr
image/usr/lib64
image/usr/lib64/python3.7
image/usr/lib64/python3.7/site-packages
image/usr/lib64/python3.7/site-packages/more_itertools
image/usr/lib64/python3.7/site-packages/more_itertools/__init__.py
image/usr/lib64/python3.7/site-packages/more_itertools/more.py
image/usr/lib64/python3.7/site-packages/more_itertools/recipes.py
image/usr/lib64/python3.7/site-packages/more_itertools/tests
image/usr/lib64/python3.7/site-packages/more_itertools/tests/__init__.py
image/usr/lib64/python3.7/site-packages/more_itertools/tests/test_more.py
image/usr/lib64/python3.7/site-packages/more_itertools/tests/test_recipes.py
image/usr/lib64/python3.7/site-packages/more_itertools/tests/__pycache__
image/usr/lib64/python3.7/site-packages/more_itertools/tests/__pycache__/__init__.cpython-37.pyc
image/usr/lib64/python3.7/site-packages/more_itertools/tests/__pycache__/test_more.cpython-37.pyc
image/usr/lib64/python3.7/site-packages/more_itertools/tests/__pycache__/test_recipes.cpython-37.pyc
image/usr/lib64/python3.7/site-packages/more_itertools/__pycache__
image/usr/lib64/python3.7/site-packages/more_itertools/__pycache__/__init__.cpython-37.pyc
image/usr/lib64/python3.7/site-packages/more_itertools/__pycache__/more.cpython-37.pyc
image/usr/lib64/python3.7/site-packages/more_itertools/__pycache__/recipes.cpython-37.pyc
image/usr/lib64/python3.7/site-packages/more_itertools-7.2.0-py3.7.egg-info
image/usr/lib64/python3.7/site-packages/more_itertools-7.2.0-py3.7.egg-info/PKG-INFO
image/usr/lib64/python3.7/site-packages/more_itertools-7.2.0-py3.7.egg-info/SOURCES.txt
image/usr/lib64/python3.7/site-packages/more_itertools-7.2.0-py3.7.egg-info/dependency_links.txt
image/usr/lib64/python3.7/site-packages/more_itertools-7.2.0-py3.7.egg-info/top_level.txt
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-python/recipes-devtools/python/python-more-itertools.inc | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta-python/recipes-devtools/python/python-more-itertools.inc b/meta-python/recipes-devtools/python/python-more-itertools.inc
index 41c334e..8d814a6 100644
--- a/meta-python/recipes-devtools/python/python-more-itertools.inc
+++ b/meta-python/recipes-devtools/python/python-more-itertools.inc
@@ -5,5 +5,3 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3396ea30f9d21389d7857719816f83b5"
 
 SRC_URI[md5sum] = "f647bfd27243a7bebe53b5ddb6a3b1c4"
 SRC_URI[sha256sum] = "409cd48d4db7052af495b09dec721011634af3753ae1ef92d2b32f73a745f832"
-
-inherit pypi setuptools3
-- 
2.7.4

[PATCH 04/15] gitpkgv.bbclass: Use --git-dir option

[Armin Kuster]

From: "niko.mauno@vaisala.com" <niko.mauno@vaisala.com>

Avoid redundant shell working directory change by resorting to
'--git-dir' option for git command instead.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/classes/gitpkgv.bbclass | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/meta-oe/classes/gitpkgv.bbclass b/meta-oe/classes/gitpkgv.bbclass
index 2d9680a..22609f5 100644
--- a/meta-oe/classes/gitpkgv.bbclass
+++ b/meta-oe/classes/gitpkgv.bbclass
@@ -87,10 +87,8 @@ def get_git_pkgv(d, use_tags):
 
                 if not os.path.exists(rev_file) or os.path.getsize(rev_file)==0:
                     commits = bb.fetch2.runfetchcmd(
-                        "cd %(repodir)s && "
-                        "git rev-list %(rev)s -- 2> /dev/null "
-                        "| wc -l" % vars,
-                        d, quiet=True).strip().lstrip('0')
+                        "git --git-dir=%(repodir)s rev-list %(rev)s -- 2>/dev/null | wc -l"
+                        % vars, d, quiet=True).strip().lstrip('0')
 
                     if commits != "":
                         oe.path.remove(rev_file, recurse=False)
@@ -105,9 +103,8 @@ def get_git_pkgv(d, use_tags):
                 if use_tags:
                     try:
                         output = bb.fetch2.runfetchcmd(
-                            "cd %(repodir)s && "
-                            "git describe %(rev)s 2>/dev/null" % vars,
-                            d, quiet=True).strip()
+                            "git --git-dir=%(repodir)s describe %(rev)s 2>/dev/null"
+                            % vars, d, quiet=True).strip()
                         ver = gitpkgv_drop_tag_prefix(output)
                     except Exception:
                         ver = "0.0-%s-g%s" % (commits, vars['rev'][:7])
-- 
2.7.4

[PATCH 05/15] gitpkgv.bbclass: Support also lightweight tags

[Armin Kuster]

From: "niko.mauno@vaisala.com" <niko.mauno@vaisala.com>

When checking for commit specific tags during GITPKGVTAG resolution, use
additional '--tags' and '--exact-match' options for 'git describe'
command.

This changes the behaviour so that in case an annotated tag does not
exist for the particular commit, then the latest lightweight
(non-annotated) tag is used instead, in case that commit has at least
one such tag.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/classes/gitpkgv.bbclass | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-oe/classes/gitpkgv.bbclass b/meta-oe/classes/gitpkgv.bbclass
index 22609f5..ab591bd 100644
--- a/meta-oe/classes/gitpkgv.bbclass
+++ b/meta-oe/classes/gitpkgv.bbclass
@@ -7,8 +7,8 @@
 #   NN equals the total number of revs up to SRCREV
 #   GITHASH is SRCREV's (full) hash
 #
-# - GITPKGVTAG which is the output of 'git describe' allowing for
-#   automatic versioning
+# - GITPKGVTAG which is the output of 'git describe --tags --exact-match'
+#   allowing for automatic versioning
 #
 # gitpkgv.bbclass assumes the git repository has been cloned, and
 # contains SRCREV. So ${GITPKGV} and ${GITPKGVTAG} should never be
@@ -103,7 +103,7 @@ def get_git_pkgv(d, use_tags):
                 if use_tags:
                     try:
                         output = bb.fetch2.runfetchcmd(
-                            "git --git-dir=%(repodir)s describe %(rev)s 2>/dev/null"
+                            "git --git-dir=%(repodir)s describe %(rev)s --tags --exact-match 2>/dev/null"
                             % vars, d, quiet=True).strip()
                         ver = gitpkgv_drop_tag_prefix(output)
                     except Exception:
-- 
2.7.4

[PATCH 06/15] mariadb: upgrade 10.3.16 -> 10.3.18

[Armin Kuster]

From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[Bug fix only update
https://mariadb.com/kb/en/library/mariadb-10318-release-notes/
includes:
CVE-2019-2805
CVE-2019-2740
CVE-2019-2739
CVE-2019-2737
CVE-2019-2758 ]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../mysql/{mariadb-native_10.3.16.bb => mariadb-native_10.3.18.bb}    | 0
 meta-oe/recipes-dbs/mysql/mariadb.inc                                 | 4 ++--
 meta-oe/recipes-dbs/mysql/{mariadb_10.3.16.bb => mariadb_10.3.18.bb}  | 0
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.3.16.bb => mariadb-native_10.3.18.bb} (100%)
 rename meta-oe/recipes-dbs/mysql/{mariadb_10.3.16.bb => mariadb_10.3.18.bb} (100%)

diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.3.16.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.3.18.bb
similarity index 100%
rename from meta-oe/recipes-dbs/mysql/mariadb-native_10.3.16.bb
rename to meta-oe/recipes-dbs/mysql/mariadb-native_10.3.18.bb
diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc
index f1c71fe..e1ae58a 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb.inc
+++ b/meta-oe/recipes-dbs/mysql/mariadb.inc
@@ -19,8 +19,8 @@ SRC_URI = "http://archive.mariadb.org/${BP}/source/${BP}.tar.gz \
            file://clang_version_header_conflict.patch \
            file://fix-arm-atomic.patch \
           "
-SRC_URI[md5sum] = "11220d0b94c5c24caa2e1e9eaba38e31"
-SRC_URI[sha256sum] = "39e9723eaf620afd99b0925b2c2a5a50a89110ba50040adf14cce7cf89e5e21b"
+SRC_URI[md5sum] = "b3524c0825c3a1c255496daea38304a0"
+SRC_URI[sha256sum] = "69456ca85bf9d96c6d28b4ade2a9f6787d79a602e27ef941f9ba4e0b55dddedc"
 
 UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases"
 
diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.3.16.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.3.18.bb
similarity index 100%
rename from meta-oe/recipes-dbs/mysql/mariadb_10.3.16.bb
rename to meta-oe/recipes-dbs/mysql/mariadb_10.3.18.bb
-- 
2.7.4

[PATCH 07/15] samba: fix installation for minimal build

[Armin Kuster]

From: Andreas Oberritter <obi@opendreambox.org>

| chmod: cannot access '.../image/etc/sudoers.d': No such file or directory
| sed: can't read .../image/usr/bin/samba-tool: No such file or directory

Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-connectivity/samba/samba_4.10.8.bb           | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/meta-networking/recipes-connectivity/samba/samba_4.10.8.bb b/meta-networking/recipes-connectivity/samba/samba_4.10.8.bb
index d824eac..4ab8b26 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.10.8.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.10.8.bb
@@ -189,15 +189,17 @@ do_install_append() {
         sed -i 's:\(#!/bin/\)bash:\1sh:' ${D}${bindir}/onnode
     fi
 
-    chmod 0750 ${D}${sysconfdir}/sudoers.d
+    chmod 0750 ${D}${sysconfdir}/sudoers.d || true
     rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log
     
-    sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba-gpupdate
-    sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba_upgradedns 
-    sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba_spnupdate
-    sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba_kcc
-    sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/samba_dnsupdate
-    sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${bindir}/samba-tool
+    for f in samba-gpupdate samba_upgradedns samba_spnupdate samba_kcc samba_dnsupdate; do
+        if [ -f "${D}${sbindir}/$f" ]; then
+            sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${sbindir}/$f
+        fi
+    done
+    if [ -f "${D}${bindir}/samba-tool" ]; then
+        sed -i -e 's,${PYTHON},/usr/bin/env python3/,g' ${D}${bindir}/samba-tool
+    fi
     
 }
 
-- 
2.7.4

[PATCH 08/15] samba: upgrade 4.10.8 -> 4.10.10

[Armin Kuster]

From: Yi Zhao <yi.zhao@windriver.com>

Security fixes:

CVE-2019-10218: Client code can return filenames containing path
                separators.
CVE-2019-14833: Samba AD DC check password script does not receive the
                full password.
CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
                server via dirsync.

See: https://www.samba.org/samba/history/samba-4.10.10.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-connectivity/samba/{samba_4.10.8.bb => samba_4.10.10.bb}  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-networking/recipes-connectivity/samba/{samba_4.10.8.bb => samba_4.10.10.bb} (98%)

diff --git a/meta-networking/recipes-connectivity/samba/samba_4.10.8.bb b/meta-networking/recipes-connectivity/samba/samba_4.10.10.bb
similarity index 98%
rename from meta-networking/recipes-connectivity/samba/samba_4.10.8.bb
rename to meta-networking/recipes-connectivity/samba/samba_4.10.10.bb
index 4ab8b26..e002a9d 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.10.8.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.10.10.bb
@@ -34,8 +34,8 @@ SRC_URI_append_libc-musl = " \
            file://0001-samba-fix-musl-lib-without-innetgr.patch \
           "
 
-SRC_URI[md5sum] = "f3c722bbcd903479008fa1b529f56365"
-SRC_URI[sha256sum] = "c41f05fb567f7359998b451543501c7690a2bf6551d658a76bd6916316a410f4"
+SRC_URI[md5sum] = "dde27447f39d124efe18f719ccf956dd"
+SRC_URI[sha256sum] = "700c734b51610e2feaa0d6744f9bec0c0d8917bca8cc78d5b63a4591f32866a5"
 
 UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.10(\.\d+)+).tar.gz"
 
-- 
2.7.4

[PATCH 09/15] wireshark: upgrade 3.0.3 -> 3.0.6

[Armin Kuster]

From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[Bug fix only update
includes:
CVE-2019-16319
]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../wireshark/{wireshark_3.0.3.bb => wireshark_3.0.6.bb}              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-networking/recipes-support/wireshark/{wireshark_3.0.3.bb => wireshark_3.0.6.bb} (95%)

diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.0.3.bb b/meta-networking/recipes-support/wireshark/wireshark_3.0.6.bb
similarity index 95%
rename from meta-networking/recipes-support/wireshark/wireshark_3.0.3.bb
rename to meta-networking/recipes-support/wireshark/wireshark_3.0.6.bb
index a3c0b49..ccaa0c9 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.0.3.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.0.6.bb
@@ -12,8 +12,8 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
 
-SRC_URI[md5sum] = "e945d76a57db2c3e6cf776f95da2cf0e"
-SRC_URI[sha256sum] = "af92729c781d870110885c31ebcbe4c4224ed51bb580d00c896fe9746994211c"
+SRC_URI[md5sum] = "c6f8d12a3efe21cc7885f7cb0c4bd938"
+SRC_URI[sha256sum] = "a87f4022a0c15ddbf1730bf1acafce9e75a4e657ce9fa494ceda0324c0c3e33e"
 
 PE = "1"
 
-- 
2.7.4

[PATCH 10/15] rsyslog: fix CVE-2019-17041

[Armin Kuster]

From: Trevor Gamblin <trevor.gamblin@windriver.com>

Backport fix to zeus; master branch already has v8.1910.0

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...rwardedfrom-bugfix-potential-misadressing.patch | 43 ++++++++++++++++++++++
 .../recipes-extended/rsyslog/rsyslog_8.1908.0.bb   |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
new file mode 100644
index 0000000..0b32766
--- /dev/null
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
@@ -0,0 +1,43 @@
+From 10549ba915556c557b22b3dac7e4cb73ad22d3d8 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Fri, 27 Sep 2019 13:36:02 +0200
+Subject: [PATCH] pmaixforwardedfrom bugfix: potential misadressing
+
+---
+ contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/pull/3884]
+CVE: CVE-2019-17041
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+index 37157c7d4..ebf12ebbe 100644
+--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
++++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+@@ -109,6 +109,10 @@ CODESTARTparse
+ 	/* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from
+ " or "From " with the hostname */
+ 	lenMsg -=skipLen;
++	if(lenMsg < 2) {
++		dbgprintf("not a AIX message forwarded from message has nothing after header\n");
++		ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++	}
+ 	memmove(p2parse, p2parse + skipLen, lenMsg);
+ 	*(p2parse + lenMsg) = '\n';
+ 	*(p2parse + lenMsg + 1)  = '\0';
+@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
+ 		--lenMsg;
+ 		++p2parse;
+ 	}
++	if (lenMsg < 1) {
++		dbgprintf("not a AIX message forwarded from message has nothing after colon "
++			"or no colon at all\n");
++		ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++	}
+ 	if (lenMsg && *p2parse != ':') {
+ 	DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has "
+ 		"been removed\n");
+-- 
+2.17.1
+
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
index bd0dbc1..f9e4442 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t
            file://use-pkgconfig-to-check-libgcrypt.patch \
            file://run-ptest \
            file://0001-Out-of-bounds-issue.patch \
+           file://0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch \
 "
 
 SRC_URI_append_libc-musl = " \
-- 
2.7.4

[PATCH 11/15] rsyslog: upgrade from v8.1908.0 to v8.1910.0

[Armin Kuster]

From: Trevor Gamblin <trevor.gamblin@windriver.com>

Upgrade rsyslog to latest version for various
fixes including the following CVEs:

CVE: CVE-2019-17040
CVE: CVE-2019-17041

Backported patches for those fixes were removed since
they are contained in v8.1910.0.

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[Bug fix only
https://www.adiscon.com/news/rsyslog-8-1910-0-released/]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../rsyslog/rsyslog/0001-Out-of-bounds-issue.patch | 31 ----------------
 ...rwardedfrom-bugfix-potential-misadressing.patch | 43 ----------------------
 .../{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb}   |  6 +--
 3 files changed, 2 insertions(+), 78 deletions(-)
 delete mode 100644 meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
 delete mode 100644 meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
 rename meta-oe/recipes-extended/rsyslog/{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb} (96%)

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
deleted file mode 100644
index b494ca6..0000000
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001
-From: Philippe Duveau <pduveau@users.noreply.github.com>
-Date: Tue, 24 Sep 2019 20:45:25 +0200
-Subject: [PATCH] Out of bounds issue
-
-Add a new sanity check after determining the level len.
----
- contrib/pmdb2diag/pmdb2diag.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6]
-CVE: CVE-2019-17040
-Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
-diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c
-index 2b5916301..5810eb4df 100644
---- a/contrib/pmdb2diag/pmdb2diag.c
-+++ b/contrib/pmdb2diag/pmdb2diag.c
-@@ -134,6 +134,10 @@ CODESTARTparse2
- 		ABORT_FINALIZE(0);
- 	}
- 
-+	/* let recheck with the real level len */
-+	if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len)
-+		ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
-+
- 	DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity);
- 
- 	end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ;
--- 
-2.17.1
-
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
deleted file mode 100644
index 0b32766..0000000
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 10549ba915556c557b22b3dac7e4cb73ad22d3d8 Mon Sep 17 00:00:00 2001
-From: Rainer Gerhards <rgerhards@adiscon.com>
-Date: Fri, 27 Sep 2019 13:36:02 +0200
-Subject: [PATCH] pmaixforwardedfrom bugfix: potential misadressing
-
----
- contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/pull/3884]
-CVE: CVE-2019-17041
-Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
-
-diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
-index 37157c7d4..ebf12ebbe 100644
---- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
-+++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
-@@ -109,6 +109,10 @@ CODESTARTparse
- 	/* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from
- " or "From " with the hostname */
- 	lenMsg -=skipLen;
-+	if(lenMsg < 2) {
-+		dbgprintf("not a AIX message forwarded from message has nothing after header\n");
-+		ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
-+	}
- 	memmove(p2parse, p2parse + skipLen, lenMsg);
- 	*(p2parse + lenMsg) = '\n';
- 	*(p2parse + lenMsg + 1)  = '\0';
-@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
- 		--lenMsg;
- 		++p2parse;
- 	}
-+	if (lenMsg < 1) {
-+		dbgprintf("not a AIX message forwarded from message has nothing after colon "
-+			"or no colon at all\n");
-+		ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
-+	}
- 	if (lenMsg && *p2parse != ':') {
- 	DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has "
- 		"been removed\n");
--- 
-2.17.1
-
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
similarity index 96%
rename from meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
rename to meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
index f9e4442..f50f9a3 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
@@ -23,16 +23,14 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t
            file://rsyslog.logrotate \
            file://use-pkgconfig-to-check-libgcrypt.patch \
            file://run-ptest \
-           file://0001-Out-of-bounds-issue.patch \
-           file://0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch \
 "
 
 SRC_URI_append_libc-musl = " \
     file://0001-Include-sys-time-h.patch \
 "
 
-SRC_URI[md5sum] = "6e9aa4ef4cad8ae49affa0a786cc9e2f"
-SRC_URI[sha256sum] = "f8c8e53b651e03a011667c60bd2d4dba7a7cb6ec04b247c8ea8514115527863b"
+SRC_URI[md5sum] = "6d4d94359d083f449f089b8dbb93c423"
+SRC_URI[sha256sum] = "0219ee692f31a39743acb62aaf4196b644ce94edf386df4605fd6a11a4fe0c93"
 
 UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"
-- 
2.7.4

[PATCH 12/15] rsyslog: Dont force enable atomic builtins on mips

[Armin Kuster]

From: Khem Raj <raj.khem@gmail.com>

This would ensure that checks are performed properly before using them

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
index f50f9a3..8287d2b 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
@@ -39,6 +39,7 @@ inherit autotools pkgconfig systemd update-rc.d ptest
 
 EXTRA_OECONF += "--disable-generate-man-pages ap_cv_atomic_builtins=yes"
 EXTRA_OECONF += "--enable-imfile-tests"
+EXTRA_OECONF_remove_mipsarch = "ap_cv_atomic_builtins=yes"
 
 # first line is default yes in configure
 PACKAGECONFIG ??= " \
-- 
2.7.4

[PATCH 13/15] quagga: fix PIDFile path for service files

[Armin Kuster]

From: Trevor Gamblin <trevor.gamblin@windriver.com>

Multiple quagga service files are causing the following type of message to
appear during boot:

/lib/systemd/system/zebra.service:10: PIDFile= references a path below legacy
directory /var/run/, updating /var/run/quagga/zebra.pid → /run/quagga/zebra.pid;
please update the unit file accordingly.

Update the service files included as part of the recipe to use /run instead of
/var/run as the PIDFile path.

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-networking/recipes-protocols/quagga/files/bgpd.service   | 4 ++--
 meta-networking/recipes-protocols/quagga/files/ospf6d.service | 4 ++--
 meta-networking/recipes-protocols/quagga/files/ospfd.service  | 4 ++--
 meta-networking/recipes-protocols/quagga/files/ripd.service   | 4 ++--
 meta-networking/recipes-protocols/quagga/files/ripngd.service | 4 ++--
 meta-networking/recipes-protocols/quagga/files/zebra.service  | 4 ++--
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/meta-networking/recipes-protocols/quagga/files/bgpd.service b/meta-networking/recipes-protocols/quagga/files/bgpd.service
index 76f9f61..c1021fb 100644
--- a/meta-networking/recipes-protocols/quagga/files/bgpd.service
+++ b/meta-networking/recipes-protocols/quagga/files/bgpd.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/bgpd.conf
 [Service]
 Type=forking
 EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/bgpd.pid
+PIDFile=/run/quagga/bgpd.pid
 ExecStart=@SBINDIR@/bgpd -d $bgpd_options -f @SYSCONFDIR@/quagga/bgpd.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/bgpd.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/bgpd.pid
 Restart=on-abort
 
 [Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/ospf6d.service b/meta-networking/recipes-protocols/quagga/files/ospf6d.service
index a2e493b..99d0e6d 100644
--- a/meta-networking/recipes-protocols/quagga/files/ospf6d.service
+++ b/meta-networking/recipes-protocols/quagga/files/ospf6d.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/ospf6d.conf
 [Service]
 Type=forking
 EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/ospf6d.pid
+PIDFile=/run/quagga/ospf6d.pid
 ExecStart=@SBINDIR@/ospf6d -d $ospf6d_options -f @SYSCONFDIR@/quagga/ospf6d.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/ospf6d.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/ospf6d.pid
 Restart=on-abort
 
 [Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/ospfd.service b/meta-networking/recipes-protocols/quagga/files/ospfd.service
index 0c62cbc..fe8343b 100644
--- a/meta-networking/recipes-protocols/quagga/files/ospfd.service
+++ b/meta-networking/recipes-protocols/quagga/files/ospfd.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/ospfd.conf
 [Service]
 Type=forking
 EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/ospfd.pid
+PIDFile=/run/quagga/ospfd.pid
 ExecStart=@SBINDIR@/ospfd -d $ospfd_options -f @SYSCONFDIR@/quagga/ospfd.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/ospfd.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/ospfd.pid
 Restart=on-abort
 
 [Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/ripd.service b/meta-networking/recipes-protocols/quagga/files/ripd.service
index 1d20389..7af65ca 100644
--- a/meta-networking/recipes-protocols/quagga/files/ripd.service
+++ b/meta-networking/recipes-protocols/quagga/files/ripd.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/ripd.conf
 [Service]
 Type=forking
 EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/ripd.pid
+PIDFile=/run/quagga/ripd.pid
 ExecStart=@SBINDIR@/ripd -d $ripd_options -f @SYSCONFDIR@/quagga/ripd.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/ripd.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/ripd.pid
 Restart=on-abort
 
 [Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/ripngd.service b/meta-networking/recipes-protocols/quagga/files/ripngd.service
index 0355ad1..9305f86 100644
--- a/meta-networking/recipes-protocols/quagga/files/ripngd.service
+++ b/meta-networking/recipes-protocols/quagga/files/ripngd.service
@@ -7,9 +7,9 @@ ConditionPathExists=@SYSCONFDIR@/quagga/ripngd.conf
 [Service]
 Type=forking
 EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/ripngd.pid
+PIDFile=/run/quagga/ripngd.pid
 ExecStart=@SBINDIR@/ripngd -d $ripngd_options -f @SYSCONFDIR@/quagga/ripngd.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/ripngd.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/ripngd.pid
 Restart=on-abort
 
 [Install]
diff --git a/meta-networking/recipes-protocols/quagga/files/zebra.service b/meta-networking/recipes-protocols/quagga/files/zebra.service
index e4fb6c8..e34af72 100644
--- a/meta-networking/recipes-protocols/quagga/files/zebra.service
+++ b/meta-networking/recipes-protocols/quagga/files/zebra.service
@@ -7,10 +7,10 @@ ConditionPathExists=@SYSCONFDIR@/quagga/zebra.conf
 [Service]
 Type=forking
 EnvironmentFile=-@SYSCONFDIR@/default/quagga
-PIDFile=@localstatedir@/run/quagga/zebra.pid
+PIDFile=/run/quagga/zebra.pid
 ExecStartPre=@BASE_SBINDIR@/ip route flush proto zebra
 ExecStart=@SBINDIR@/zebra -d $zebra_options -f @SYSCONFDIR@/quagga/zebra.conf
-ExecStopPost=@base_bindir@/rm -rf @localstatedir@/run/quagga/zebra.pid
+ExecStopPost=@base_bindir@/rm -rf /run/quagga/zebra.pid
 Restart=on-abort
 
 [Install]
-- 
2.7.4

[PATCH 14/15] freeradius: fix CVE-2019-10143

[Armin Kuster]

From: Yi Zhao <yi.zhao@windriver.com>

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-10143

Patch from:
https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...-to-radiusd-user-group-when-rotating-logs.patch | 104 +++++++++++++++++++++
 .../freeradius/freeradius_3.0.19.bb                |   1 +
 2 files changed, 105 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch

diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch
new file mode 100644
index 0000000..5859dc7
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch
@@ -0,0 +1,104 @@
+From 1f233773962bf1a9c2d228a180eacddb9db2d574 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Tue, 7 May 2019 16:04:29 -0400
+Subject: [PATCH] su to radiusd user/group when rotating logs
+
+The su directive to logrotate ensures that log rotation happens under the
+owner of the logs. Otherwise, logrotate runs as root:root, potentially
+enabling privilege escalation if a RCE is discovered against the
+FreeRADIUS daemon.
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574]
+
+CVE: CVE-2019-10143
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ debian/freeradius.logrotate  | 3 +++
+ redhat/freeradius-logrotate  | 1 +
+ scripts/logrotate/freeradius | 3 +++
+ suse/radiusd-logrotate       | 1 +
+ 4 files changed, 8 insertions(+)
+
+diff --git a/debian/freeradius.logrotate b/debian/freeradius.logrotate
+index 7d837d5..a8d29b7 100644
+--- a/debian/freeradius.logrotate
++++ b/debian/freeradius.logrotate
+@@ -9,6 +9,7 @@
+ 	notifempty
+ 
+ 	copytruncate
++	su freerad freerad
+ }
+ 
+ # (in order)
+@@ -26,6 +27,7 @@
+ 	notifempty
+ 
+ 	nocreate
++	su freerad freerad
+ }
+ 
+ # There are different detail-rotating strategies you can use.  One is
+@@ -45,4 +47,5 @@
+ 	notifempty
+ 
+ 	nocreate
++	su freerad freerad
+ }
+diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate
+index 360765d..bb97ca5 100644
+--- a/redhat/freeradius-logrotate
++++ b/redhat/freeradius-logrotate
+@@ -9,6 +9,7 @@ rotate 4
+ missingok
+ compress
+ delaycompress
++su radiusd radiusd
+ 
+ #
+ #  The main server log
+diff --git a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius
+index 3de435e..eecf631 100644
+--- a/scripts/logrotate/freeradius
++++ b/scripts/logrotate/freeradius
+@@ -17,6 +17,7 @@
+ 	notifempty
+ 
+ 	copytruncate
++	su radiusd radiusd
+ }
+ 
+ # (in order)
+@@ -34,6 +35,7 @@
+ 	notifempty
+ 
+ 	nocreate
++	su radiusd radiusd
+ }
+ 
+ # There are different detail-rotating strategies you can use.  One is
+@@ -53,4 +55,5 @@
+ 	notifempty
+ 
+ 	nocreate
++	su radiusd radiusd
+ }
+diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate
+index 24d56be..be5a797 100644
+--- a/suse/radiusd-logrotate
++++ b/suse/radiusd-logrotate
+@@ -11,6 +11,7 @@ missingok
+ compress
+ delaycompress
+ notifempty
++su radiusd radiusd
+ 
+ #
+ #  The main server log
+-- 
+2.7.4
+
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb
index 9da15e0..8c95bba 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x; \
     file://freeradius-fix-quoting-for-BUILT_WITH.patch \
     file://freeradius-fix-error-for-expansion-of-macro.patch \
     file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
+    file://0001-su-to-radiusd-user-group-when-rotating-logs.patch \
     file://radiusd.service \
     file://radiusd-volatiles.conf \
 "
-- 
2.7.4

[PATCH 15/15] nvme-cli: defer host ID generation to post installation

[Armin Kuster]

From: Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>

Signed-off-by: Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb b/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
index 6133b3a..92c902b 100644
--- a/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
+++ b/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/linux-nvme/nvme-cli"
 SECTION = "console/utils"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022"
-DEPENDS = "util-linux util-linux-native"
+DEPENDS = "util-linux"
 PV .= "+git${SRCPV}"
 
 SRC_URI = "git://github.com/linux-nvme/nvme-cli.git"
@@ -21,6 +21,7 @@ do_install() {
 
 pkg_postinst_ontarget_${PN}() {
     ${sbindir}/nvme gen-hostnqn > ${sysconfdir}/nvme/hostnqn
+    ${bindir}/uuidgen > ${sysconfdir}/nvme/hostid
 }
 
 PACKAGES =+ "${PN}-dracut ${PN}-zsh-completion"
@@ -28,3 +29,5 @@ PACKAGES =+ "${PN}-dracut ${PN}-zsh-completion"
 FILES_${PN} += "${systemd_system_unitdir}"
 FILES_${PN}-dracut = "${libdir}/dracut/dracut.conf.d"
 FILES_${PN}-zsh-completion = "${datadir}/zsh/site-functions"
+
+RDEPENDS_${PN} = "util-linux-uuidgen"
-- 
2.7.4

Re: [PATCH 00/15] Zeus patch review

[Khem Raj]

On Sat, Nov 30, 2019 at 10:11 AM Armin Kuster <akuster808@gmail.com> wrote:
>
> Please have comments back by Tuesday
>
> The following changes since commit aad5b3d070cd8c58828b0975cf861d8ebc90f460:
>
>   README: updated Maintainers list for Zeus (2019-10-30 14:16:04 -0700)
>
> are available in the git repository at:
>
>   git://git.openembedded.org/meta-openembedded-contrib stable/zeus-nut
>   http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/zeus-nut
>
> Andreas Oberritter (1):
>   samba: fix installation for minimal build
>
> Hongxu Jia (1):
>   python-more-itertools.inc: fix python2 package not incorrectly
>     generated
>
> Khem Raj (1):
>   rsyslog: Dont force enable atomic builtins on mips
>
> Michael Scott (1):
>   modemmanager: Upgrade 1.10.6 -> 1.10.8
>
> Slater, Joseph (1):
>   php: fix CVE-2019-11043
>
> Stefan Wiehler (1):
>   nvme-cli: defer host ID generation to post installation
>
> Trevor Gamblin (3):
>   rsyslog: fix CVE-2019-17041
>   rsyslog: upgrade from v8.1908.0 to v8.1910.0
>   quagga: fix PIDFile path for service files
>
> Yi Zhao (2):
>   samba: upgrade 4.10.8 -> 4.10.10
>   freeradius: fix CVE-2019-10143
>
> Zheng Ruoqin (2):
>   mariadb: upgrade 10.3.16 -> 10.3.18
>   wireshark: upgrade 3.0.3 -> 3.0.6
>
> niko.mauno@vaisala.com (2):
>   gitpkgv.bbclass: Use --git-dir option
>   gitpkgv.bbclass: Support also lightweight tags
>

this list looks good to me.

>  ...-to-radiusd-user-group-when-rotating-logs.patch | 104 +++++++++++++++++++++
>  .../freeradius/freeradius_3.0.19.bb                |   1 +
>  .../samba/{samba_4.10.8.bb => samba_4.10.10.bb}    |  20 ++--
>  .../recipes-protocols/quagga/files/bgpd.service    |   4 +-
>  .../recipes-protocols/quagga/files/ospf6d.service  |   4 +-
>  .../recipes-protocols/quagga/files/ospfd.service   |   4 +-
>  .../recipes-protocols/quagga/files/ripd.service    |   4 +-
>  .../recipes-protocols/quagga/files/ripngd.service  |   4 +-
>  .../recipes-protocols/quagga/files/zebra.service   |   4 +-
>  .../{wireshark_3.0.3.bb => wireshark_3.0.6.bb}     |   4 +-
>  meta-oe/classes/gitpkgv.bbclass                    |  15 ++-
>  meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb       |   5 +-
>  ...demmanager_1.10.6.bb => modemmanager_1.10.8.bb} |   4 +-
>  ...native_10.3.16.bb => mariadb-native_10.3.18.bb} |   0
>  meta-oe/recipes-dbs/mysql/mariadb.inc              |   4 +-
>  .../{mariadb_10.3.16.bb => mariadb_10.3.18.bb}     |   0
>  .../recipes-devtools/php/php/CVE-2019-11043.patch  |  38 ++++++++
>  meta-oe/recipes-devtools/php/php_7.3.9.bb          |   1 +
>  .../rsyslog/rsyslog/0001-Out-of-bounds-issue.patch |  31 ------
>  .../{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb}   |   6 +-
>  .../python/python-more-itertools.inc               |   2 -
>  21 files changed, 186 insertions(+), 73 deletions(-)
>  create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch
>  rename meta-networking/recipes-connectivity/samba/{samba_4.10.8.bb => samba_4.10.10.bb} (95%)
>  rename meta-networking/recipes-support/wireshark/{wireshark_3.0.3.bb => wireshark_3.0.6.bb} (95%)
>  rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.10.6.bb => modemmanager_1.10.8.bb} (92%)
>  rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.3.16.bb => mariadb-native_10.3.18.bb} (100%)
>  rename meta-oe/recipes-dbs/mysql/{mariadb_10.3.16.bb => mariadb_10.3.18.bb} (100%)
>  create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
>  delete mode 100644 meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
>  rename meta-oe/recipes-extended/rsyslog/{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb} (97%)
>
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [PATCH 03/15] python-more-itertools.inc: fix python2 package not incorrectly generated

[Adrian Bunk]

This needs two more patches, see
http://lists.openembedded.org/pipermail/openembedded-devel/2019-November/203247.html

Thanks
Adrian

Re: [PATCH 00/15] Zeus patch review

[Denys Dmytriyenko]

On Sat, Nov 30, 2019 at 10:22:18AM -0800, Khem Raj wrote:
> On Sat, Nov 30, 2019 at 10:11 AM Armin Kuster <akuster808@gmail.com> wrote:
> >
> > Please have comments back by Tuesday
> >
> > The following changes since commit aad5b3d070cd8c58828b0975cf861d8ebc90f460:
> >
> >   README: updated Maintainers list for Zeus (2019-10-30 14:16:04 -0700)
> >
> > are available in the git repository at:
> >
> >   git://git.openembedded.org/meta-openembedded-contrib stable/zeus-nut
> >   http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/zeus-nut
> >
> > Andreas Oberritter (1):
> >   samba: fix installation for minimal build
> >
> > Hongxu Jia (1):
> >   python-more-itertools.inc: fix python2 package not incorrectly
> >     generated
> >
> > Khem Raj (1):
> >   rsyslog: Dont force enable atomic builtins on mips
> >
> > Michael Scott (1):
> >   modemmanager: Upgrade 1.10.6 -> 1.10.8
> >
> > Slater, Joseph (1):
> >   php: fix CVE-2019-11043
> >
> > Stefan Wiehler (1):
> >   nvme-cli: defer host ID generation to post installation
> >
> > Trevor Gamblin (3):
> >   rsyslog: fix CVE-2019-17041
> >   rsyslog: upgrade from v8.1908.0 to v8.1910.0
> >   quagga: fix PIDFile path for service files
> >
> > Yi Zhao (2):
> >   samba: upgrade 4.10.8 -> 4.10.10
> >   freeradius: fix CVE-2019-10143
> >
> > Zheng Ruoqin (2):
> >   mariadb: upgrade 10.3.16 -> 10.3.18
> >   wireshark: upgrade 3.0.3 -> 3.0.6
> >
> > niko.mauno@vaisala.com (2):
> >   gitpkgv.bbclass: Use --git-dir option
> >   gitpkgv.bbclass: Support also lightweight tags
> >
> 
> this list looks good to me.

Also missed mbedtls for armv5te breakage.

Denys


> >  ...-to-radiusd-user-group-when-rotating-logs.patch | 104 +++++++++++++++++++++
> >  .../freeradius/freeradius_3.0.19.bb                |   1 +
> >  .../samba/{samba_4.10.8.bb => samba_4.10.10.bb}    |  20 ++--
> >  .../recipes-protocols/quagga/files/bgpd.service    |   4 +-
> >  .../recipes-protocols/quagga/files/ospf6d.service  |   4 +-
> >  .../recipes-protocols/quagga/files/ospfd.service   |   4 +-
> >  .../recipes-protocols/quagga/files/ripd.service    |   4 +-
> >  .../recipes-protocols/quagga/files/ripngd.service  |   4 +-
> >  .../recipes-protocols/quagga/files/zebra.service   |   4 +-
> >  .../{wireshark_3.0.3.bb => wireshark_3.0.6.bb}     |   4 +-
> >  meta-oe/classes/gitpkgv.bbclass                    |  15 ++-
> >  meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb       |   5 +-
> >  ...demmanager_1.10.6.bb => modemmanager_1.10.8.bb} |   4 +-
> >  ...native_10.3.16.bb => mariadb-native_10.3.18.bb} |   0
> >  meta-oe/recipes-dbs/mysql/mariadb.inc              |   4 +-
> >  .../{mariadb_10.3.16.bb => mariadb_10.3.18.bb}     |   0
> >  .../recipes-devtools/php/php/CVE-2019-11043.patch  |  38 ++++++++
> >  meta-oe/recipes-devtools/php/php_7.3.9.bb          |   1 +
> >  .../rsyslog/rsyslog/0001-Out-of-bounds-issue.patch |  31 ------
> >  .../{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb}   |   6 +-
> >  .../python/python-more-itertools.inc               |   2 -
> >  21 files changed, 186 insertions(+), 73 deletions(-)
> >  create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch
> >  rename meta-networking/recipes-connectivity/samba/{samba_4.10.8.bb => samba_4.10.10.bb} (95%)
> >  rename meta-networking/recipes-support/wireshark/{wireshark_3.0.3.bb => wireshark_3.0.6.bb} (95%)
> >  rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.10.6.bb => modemmanager_1.10.8.bb} (92%)
> >  rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.3.16.bb => mariadb-native_10.3.18.bb} (100%)
> >  rename meta-oe/recipes-dbs/mysql/{mariadb_10.3.16.bb => mariadb_10.3.18.bb} (100%)
> >  create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
> >  delete mode 100644 meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
> >  rename meta-oe/recipes-extended/rsyslog/{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb} (97%)
> >
> > --
> > 2.7.4
> >
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> -- 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [PATCH 00/15] Zeus patch review

[Denys Dmytriyenko]

On Sat, Nov 30, 2019 at 10:22:18AM -0800, Khem Raj wrote:
> On Sat, Nov 30, 2019 at 10:11 AM Armin Kuster <akuster808@gmail.com> wrote:
> >
> > Please have comments back by Tuesday
> >
> > The following changes since commit aad5b3d070cd8c58828b0975cf861d8ebc90f460:
> >
> >   README: updated Maintainers list for Zeus (2019-10-30 14:16:04 -0700)
> >
> > are available in the git repository at:
> >
> >   git://git.openembedded.org/meta-openembedded-contrib stable/zeus-nut
> >   http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/zeus-nut
> >
> > Andreas Oberritter (1):
> >   samba: fix installation for minimal build
> >
> > Hongxu Jia (1):
> >   python-more-itertools.inc: fix python2 package not incorrectly
> >     generated
> >
> > Khem Raj (1):
> >   rsyslog: Dont force enable atomic builtins on mips
> >
> > Michael Scott (1):
> >   modemmanager: Upgrade 1.10.6 -> 1.10.8
> >
> > Slater, Joseph (1):
> >   php: fix CVE-2019-11043
> >
> > Stefan Wiehler (1):
> >   nvme-cli: defer host ID generation to post installation
> >
> > Trevor Gamblin (3):
> >   rsyslog: fix CVE-2019-17041
> >   rsyslog: upgrade from v8.1908.0 to v8.1910.0
> >   quagga: fix PIDFile path for service files
> >
> > Yi Zhao (2):
> >   samba: upgrade 4.10.8 -> 4.10.10
> >   freeradius: fix CVE-2019-10143
> >
> > Zheng Ruoqin (2):
> >   mariadb: upgrade 10.3.16 -> 10.3.18
> >   wireshark: upgrade 3.0.3 -> 3.0.6
> >
> > niko.mauno@vaisala.com (2):
> >   gitpkgv.bbclass: Use --git-dir option
> >   gitpkgv.bbclass: Support also lightweight tags
> >
> 
> this list looks good to me.

Ping again - would you be able to pick up mbedtls update to unbreak armv5te 
machines:
http://lists.openembedded.org/pipermail/openembedded-devel/2019-November/203065.html

Denys


> >  ...-to-radiusd-user-group-when-rotating-logs.patch | 104 +++++++++++++++++++++
> >  .../freeradius/freeradius_3.0.19.bb                |   1 +
> >  .../samba/{samba_4.10.8.bb => samba_4.10.10.bb}    |  20 ++--
> >  .../recipes-protocols/quagga/files/bgpd.service    |   4 +-
> >  .../recipes-protocols/quagga/files/ospf6d.service  |   4 +-
> >  .../recipes-protocols/quagga/files/ospfd.service   |   4 +-
> >  .../recipes-protocols/quagga/files/ripd.service    |   4 +-
> >  .../recipes-protocols/quagga/files/ripngd.service  |   4 +-
> >  .../recipes-protocols/quagga/files/zebra.service   |   4 +-
> >  .../{wireshark_3.0.3.bb => wireshark_3.0.6.bb}     |   4 +-
> >  meta-oe/classes/gitpkgv.bbclass                    |  15 ++-
> >  meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb       |   5 +-
> >  ...demmanager_1.10.6.bb => modemmanager_1.10.8.bb} |   4 +-
> >  ...native_10.3.16.bb => mariadb-native_10.3.18.bb} |   0
> >  meta-oe/recipes-dbs/mysql/mariadb.inc              |   4 +-
> >  .../{mariadb_10.3.16.bb => mariadb_10.3.18.bb}     |   0
> >  .../recipes-devtools/php/php/CVE-2019-11043.patch  |  38 ++++++++
> >  meta-oe/recipes-devtools/php/php_7.3.9.bb          |   1 +
> >  .../rsyslog/rsyslog/0001-Out-of-bounds-issue.patch |  31 ------
> >  .../{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb}   |   6 +-
> >  .../python/python-more-itertools.inc               |   2 -
> >  21 files changed, 186 insertions(+), 73 deletions(-)
> >  create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch
> >  rename meta-networking/recipes-connectivity/samba/{samba_4.10.8.bb => samba_4.10.10.bb} (95%)
> >  rename meta-networking/recipes-support/wireshark/{wireshark_3.0.3.bb => wireshark_3.0.6.bb} (95%)
> >  rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.10.6.bb => modemmanager_1.10.8.bb} (92%)
> >  rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.3.16.bb => mariadb-native_10.3.18.bb} (100%)
> >  rename meta-oe/recipes-dbs/mysql/{mariadb_10.3.16.bb => mariadb_10.3.18.bb} (100%)
> >  create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
> >  delete mode 100644 meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
> >  rename meta-oe/recipes-extended/rsyslog/{rsyslog_8.1908.0.bb => rsyslog_8.1910.0.bb} (97%)
> >
> > --
> > 2.7.4
> >
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> -- 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel