* [hardknott][PATCH 0/2] hardknott merge request @ 2021-10-11 3:37 changqing.li 2021-10-11 3:37 ` [PATCH 1/2] vsftpd: Upgrade to 3.0.5 changqing.li ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: changqing.li @ 2021-10-11 3:37 UTC (permalink / raw) To: openembedded-devel From: Changqing Li <changqing.li@windriver.com> postgresql: fix CVE-2021-3677, refer: https://www.postgresql.org/support/security/CVE-2021-3677 vsftpd: fix vsftpd, refer: https://security.appspot.com/vsftpd/Changelog.txt Changqing Li (1): postgresql: upgrade 13.3 -> 13.4 Mingli Yu (1): vsftpd: Upgrade to 3.0.5 ...-allow-newfstatat-and-pselect6-sysca.patch | 51 ------------------- ...llow-syscalls-in-the-seccomp-sandbox.patch | 46 ----------------- ...-with-musl-which-does-not-have-utmpx.patch | 0 .../makefile-destdir.patch | 0 .../makefile-libs.patch | 0 .../makefile-strip.patch | 0 .../nopam-with-tcp_wrappers.patch | 0 .../nopam.patch | 0 .../vsftpd-2.1.0-filter.patch | 0 .../vsftpd-tcp_wrappers-support.patch | 0 .../{vsftpd_3.0.3.bb => vsftpd_3.0.5.bb} | 5 +- ...n-bypass-autoconf-2.69-version-check.patch | 11 ++-- ...{postgresql_13.3.bb => postgresql_13.4.bb} | 2 +- 13 files changed, 10 insertions(+), 105 deletions(-) delete mode 100644 meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch delete mode 100644 meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-destdir.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-libs.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-strip.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/nopam-with-tcp_wrappers.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/nopam.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/vsftpd-2.1.0-filter.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/vsftpd-tcp_wrappers-support.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd_3.0.3.bb => vsftpd_3.0.5.bb} (93%) rename meta-oe/recipes-dbs/postgresql/{postgresql_13.3.bb => postgresql_13.4.bb} (78%) -- 2.17.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] vsftpd: Upgrade to 3.0.5 2021-10-11 3:37 [hardknott][PATCH 0/2] hardknott merge request changqing.li @ 2021-10-11 3:37 ` changqing.li 2021-10-11 3:37 ` [PATCH 2/2] postgresql: upgrade 13.3 -> 13.4 changqing.li ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: changqing.li @ 2021-10-11 3:37 UTC (permalink / raw) To: openembedded-devel From: Mingli Yu <mingli.yu@windriver.com> Drop 2 seccomp patches as seccomp sandbox policy tweaks in new version [1]. [1] https://security.appspot.com/vsftpd/Changelog.txt Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> --- ...-allow-newfstatat-and-pselect6-sysca.patch | 51 ------------------- ...llow-syscalls-in-the-seccomp-sandbox.patch | 46 ----------------- ...-with-musl-which-does-not-have-utmpx.patch | 0 .../makefile-destdir.patch | 0 .../makefile-libs.patch | 0 .../makefile-strip.patch | 0 .../nopam-with-tcp_wrappers.patch | 0 .../nopam.patch | 0 .../vsftpd-2.1.0-filter.patch | 0 .../vsftpd-tcp_wrappers-support.patch | 0 .../{vsftpd_3.0.3.bb => vsftpd_3.0.5.bb} | 5 +- 11 files changed, 1 insertion(+), 101 deletions(-) delete mode 100644 meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch delete mode 100644 meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-destdir.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-libs.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-strip.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/nopam-with-tcp_wrappers.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/nopam.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/vsftpd-2.1.0-filter.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/vsftpd-tcp_wrappers-support.patch (100%) rename meta-networking/recipes-daemons/vsftpd/{vsftpd_3.0.3.bb => vsftpd_3.0.5.bb} (93%) diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch deleted file mode 100644 index 29ce85cc1..000000000 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 7bc261076ec94efa3197beaca39eba095d162b5e Mon Sep 17 00:00:00 2001 -From: Yi Zhao <yi.zhao@windriver.com> -Date: Fri, 26 Feb 2021 16:32:27 +0800 -Subject: [PATCH] seccompsandbox.c: allow newfstatat and pselect6 syscalls in - the seccomp sandbox - -Allow newfstatat and pselect6 in the seccomp sanbox for glibc 2.33. - -Fixes the following OOPS error: -root@qemux86-64:~# tnftp 192.168.1.1 -Connected to 192.168.1.1. -220 (vsFTPd 3.0.3) -Name (192.168.1.1:root): anonymous -331 Please specify the password. -Password: -230 Login successful. -Remote system type is UNIX. -Using binary mode to transfer files. -ftp> ls -OOPS: priv_sock_get_cmd - -Upstream-Status: Pending - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - seccompsandbox.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/seccompsandbox.c b/seccompsandbox.c -index 377c50e..f601241 100644 ---- a/seccompsandbox.c -+++ b/seccompsandbox.c -@@ -267,6 +267,7 @@ seccomp_sandbox_setup_data_connections() - 3, IPPROTO_TCP); - allow_nr(__NR_bind); - allow_nr(__NR_select); -+ allow_nr(__NR_pselect6); - if (tunable_port_enable) - { - allow_nr(__NR_connect); -@@ -411,6 +412,7 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) - allow_nr(__NR_getdents); - allow_nr(__NR_getdents64); - allow_nr(__NR_sysinfo); -+ allow_nr(__NR_newfstatat); - /* Misc */ - allow_nr(__NR_umask); - --- -2.17.1 - diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch deleted file mode 100644 index 7573c967f..000000000 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch +++ /dev/null @@ -1,46 +0,0 @@ -From dd353303f62d1dfe32cb000e482616b021708fbe Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Thu, 29 Nov 2018 00:47:34 -0800 -Subject: [PATCH] vsftpd: allow syscalls in the seccomp sandbox - -* Allow sysinfo() and getdents64 in the seccomp - sandbox otherwise comes below OOPS: priv_sock_get_cmd - as the syscall sysinfo() and getdents64 not allowed - -root@qemux86-64:~# tnftp 192.168.1.1 -Connected to 192.168.1.1. -220 (vsFTPd 3.0.3) -Name (192.168.1.1:root): anonymous -331 Please specify the password. -Password: -230 Login successful. -Remote system type is UNIX. -Using binary mode to transfer files. -ftp> prompt -Interactive mode off. -ftp> mget small* -OOPS: priv_sock_get_cmd - -Upstream-Status: Pending - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - seccompsandbox.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/seccompsandbox.c b/seccompsandbox.c -index 2c350a9..377c50e 100644 ---- a/seccompsandbox.c -+++ b/seccompsandbox.c -@@ -409,6 +409,8 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) - allow_nr(__NR_getcwd); - allow_nr(__NR_chdir); - allow_nr(__NR_getdents); -+ allow_nr(__NR_getdents64); -+ allow_nr(__NR_sysinfo); - /* Misc */ - allow_nr(__NR_umask); - --- -2.17.1 - diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch similarity index 100% rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-destdir.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-destdir.patch similarity index 100% rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-destdir.patch rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-destdir.patch diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-libs.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-libs.patch similarity index 100% rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-libs.patch rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-libs.patch diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-strip.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-strip.patch similarity index 100% rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-strip.patch rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-strip.patch diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/nopam-with-tcp_wrappers.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam-with-tcp_wrappers.patch similarity index 100% rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/nopam-with-tcp_wrappers.patch rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam-with-tcp_wrappers.patch diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/nopam.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam.patch similarity index 100% rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/nopam.patch rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam.patch diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/vsftpd-2.1.0-filter.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-2.1.0-filter.patch similarity index 100% rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/vsftpd-2.1.0-filter.patch rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-2.1.0-filter.patch diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/vsftpd-tcp_wrappers-support.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-tcp_wrappers-support.patch similarity index 100% rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/vsftpd-tcp_wrappers-support.patch rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-tcp_wrappers-support.patch diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.5.bb similarity index 93% rename from meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb rename to meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.5.bb index 024b776de..192f8de33 100644 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.5.bb @@ -18,11 +18,9 @@ SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \ file://volatiles.99_vsftpd \ file://vsftpd.service \ file://vsftpd-2.1.0-filter.patch \ - file://0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)} \ file://0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch \ - file://0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch \ " UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/v/vsftpd/" @@ -31,8 +29,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.orig\.tar" LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \ file://COPYRIGHT;md5=04251b2eb0f298dae376d92454f6f72e \ file://LICENSE;md5=654df2042d44b8cac8a5654fc5be63eb" -SRC_URI[md5sum] = "da119d084bd3f98664636ea05b5bb398" -SRC_URI[sha256sum] = "9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7" +SRC_URI[sha256sum] = "26b602ae454b0ba6d99ef44a09b6b9e0dfa7f67228106736df1f278c70bc91d3" PACKAGECONFIG ??= "tcp-wrappers" -- 2.17.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] postgresql: upgrade 13.3 -> 13.4 2021-10-11 3:37 [hardknott][PATCH 0/2] hardknott merge request changqing.li 2021-10-11 3:37 ` [PATCH 1/2] vsftpd: Upgrade to 3.0.5 changqing.li @ 2021-10-11 3:37 ` changqing.li [not found] ` <16ACDCD61DE3AF4D.10559@lists.openembedded.org> [not found] ` <16ACDCD603E52F57.10559@lists.openembedded.org> 3 siblings, 0 replies; 5+ messages in thread From: changqing.li @ 2021-10-11 3:37 UTC (permalink / raw) To: openembedded-devel From: Changqing Li <changqing.li@windriver.com> Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> --- ...figure.in-bypass-autoconf-2.69-version-check.patch | 11 ++++++++--- .../{postgresql_13.3.bb => postgresql_13.4.bb} | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) rename meta-oe/recipes-dbs/postgresql/{postgresql_13.3.bb => postgresql_13.4.bb} (78%) diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch index 45f283a02..db9769f82 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch @@ -1,4 +1,4 @@ -From 7177d8334a3c28ab0ec5c90e0656f43414929659 Mon Sep 17 00:00:00 2001 +From eba2c940afcd83521f591ccf6b49eca06908ea8e Mon Sep 17 00:00:00 2001 From: Yi Fan Yu <yifan.yu@windriver.com> Date: Fri, 5 Feb 2021 17:15:42 -0500 Subject: [PATCH] configure.in: bypass autoconf 2.69 version check @@ -12,11 +12,13 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> configure.in | 4 ---- 1 file changed, 4 deletions(-) +diff --git a/configure.in b/configure.in +index fb14dcc..a2b4a4f 100644 --- a/configure.in +++ b/configure.in -@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch un +@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [13.3], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [13.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not @@ -25,3 +27,6 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> AC_COPYRIGHT([Copyright (c) 1996-2020, PostgreSQL Global Development Group]) AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) AC_CONFIG_AUX_DIR(config) +-- +2.17.1 + diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb b/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb similarity index 78% rename from meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb rename to meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb index 862dd61bd..f63d23dbe 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb +++ b/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb @@ -9,4 +9,4 @@ SRC_URI += "\ file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \ " -SRC_URI[sha256sum] = "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1" +SRC_URI[sha256sum] = "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd" -- 2.17.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
[parent not found: <16ACDCD61DE3AF4D.10559@lists.openembedded.org>]
* Re: [oe] [PATCH 1/2] vsftpd: Upgrade to 3.0.5 [not found] ` <16ACDCD61DE3AF4D.10559@lists.openembedded.org> @ 2021-10-20 2:08 ` Changqing Li 0 siblings, 0 replies; 5+ messages in thread From: Changqing Li @ 2021-10-20 2:08 UTC (permalink / raw) To: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 11537 bytes --] ping On 10/11/21 11:37 AM, Changqing Li wrote: > From: Mingli Yu <mingli.yu@windriver.com> > > Drop 2 seccomp patches as seccomp sandbox policy tweaks in new version [1]. > > [1] https://security.appspot.com/vsftpd/Changelog.txt > > Signed-off-by: Mingli Yu <mingli.yu@windriver.com> > Signed-off-by: Khem Raj <raj.khem@gmail.com> > --- > ...-allow-newfstatat-and-pselect6-sysca.patch | 51 ------------------- > ...llow-syscalls-in-the-seccomp-sandbox.patch | 46 ----------------- > ...-with-musl-which-does-not-have-utmpx.patch | 0 > .../makefile-destdir.patch | 0 > .../makefile-libs.patch | 0 > .../makefile-strip.patch | 0 > .../nopam-with-tcp_wrappers.patch | 0 > .../nopam.patch | 0 > .../vsftpd-2.1.0-filter.patch | 0 > .../vsftpd-tcp_wrappers-support.patch | 0 > .../{vsftpd_3.0.3.bb => vsftpd_3.0.5.bb} | 5 +- > 11 files changed, 1 insertion(+), 101 deletions(-) > delete mode 100644 meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch > delete mode 100644 meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch > rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch (100%) > rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-destdir.patch (100%) > rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-libs.patch (100%) > rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/makefile-strip.patch (100%) > rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/nopam-with-tcp_wrappers.patch (100%) > rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/nopam.patch (100%) > rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/vsftpd-2.1.0-filter.patch (100%) > rename meta-networking/recipes-daemons/vsftpd/{vsftpd-3.0.3 => vsftpd-3.0.5}/vsftpd-tcp_wrappers-support.patch (100%) > rename meta-networking/recipes-daemons/vsftpd/{vsftpd_3.0.3.bb => vsftpd_3.0.5.bb} (93%) > > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch > deleted file mode 100644 > index 29ce85cc1..000000000 > --- a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch > +++ /dev/null > @@ -1,51 +0,0 @@ > -From 7bc261076ec94efa3197beaca39eba095d162b5e Mon Sep 17 00:00:00 2001 > -From: Yi Zhao <yi.zhao@windriver.com> > -Date: Fri, 26 Feb 2021 16:32:27 +0800 > -Subject: [PATCH] seccompsandbox.c: allow newfstatat and pselect6 syscalls in > - the seccomp sandbox > - > -Allow newfstatat and pselect6 in the seccomp sanbox for glibc 2.33. > - > -Fixes the following OOPS error: > -root@qemux86-64:~# tnftp 192.168.1.1 > -Connected to 192.168.1.1. > -220 (vsFTPd 3.0.3) > -Name (192.168.1.1:root): anonymous > -331 Please specify the password. > -Password: > -230 Login successful. > -Remote system type is UNIX. > -Using binary mode to transfer files. > -ftp> ls > -OOPS: priv_sock_get_cmd > - > -Upstream-Status: Pending > - > -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> > ---- > - seccompsandbox.c | 2 ++ > - 1 file changed, 2 insertions(+) > - > -diff --git a/seccompsandbox.c b/seccompsandbox.c > -index 377c50e..f601241 100644 > ---- a/seccompsandbox.c > -+++ b/seccompsandbox.c > -@@ -267,6 +267,7 @@ seccomp_sandbox_setup_data_connections() > - 3, IPPROTO_TCP); > - allow_nr(__NR_bind); > - allow_nr(__NR_select); > -+ allow_nr(__NR_pselect6); > - if (tunable_port_enable) > - { > - allow_nr(__NR_connect); > -@@ -411,6 +412,7 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) > - allow_nr(__NR_getdents); > - allow_nr(__NR_getdents64); > - allow_nr(__NR_sysinfo); > -+ allow_nr(__NR_newfstatat); > - /* Misc */ > - allow_nr(__NR_umask); > - > --- > -2.17.1 > - > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch > deleted file mode 100644 > index 7573c967f..000000000 > --- a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch > +++ /dev/null > @@ -1,46 +0,0 @@ > -From dd353303f62d1dfe32cb000e482616b021708fbe Mon Sep 17 00:00:00 2001 > -From: Mingli Yu <mingli.yu@windriver.com> > -Date: Thu, 29 Nov 2018 00:47:34 -0800 > -Subject: [PATCH] vsftpd: allow syscalls in the seccomp sandbox > - > -* Allow sysinfo() and getdents64 in the seccomp > - sandbox otherwise comes below OOPS: priv_sock_get_cmd > - as the syscall sysinfo() and getdents64 not allowed > - > -root@qemux86-64:~# tnftp 192.168.1.1 > -Connected to 192.168.1.1. > -220 (vsFTPd 3.0.3) > -Name (192.168.1.1:root): anonymous > -331 Please specify the password. > -Password: > -230 Login successful. > -Remote system type is UNIX. > -Using binary mode to transfer files. > -ftp> prompt > -Interactive mode off. > -ftp> mget small* > -OOPS: priv_sock_get_cmd > - > -Upstream-Status: Pending > - > -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> > ---- > - seccompsandbox.c | 2 ++ > - 1 file changed, 2 insertions(+) > - > -diff --git a/seccompsandbox.c b/seccompsandbox.c > -index 2c350a9..377c50e 100644 > ---- a/seccompsandbox.c > -+++ b/seccompsandbox.c > -@@ -409,6 +409,8 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) > - allow_nr(__NR_getcwd); > - allow_nr(__NR_chdir); > - allow_nr(__NR_getdents); > -+ allow_nr(__NR_getdents64); > -+ allow_nr(__NR_sysinfo); > - /* Misc */ > - allow_nr(__NR_umask); > - > --- > -2.17.1 > - > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch > similarity index 100% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch > rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-destdir.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-destdir.patch > similarity index 100% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-destdir.patch > rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-destdir.patch > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-libs.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-libs.patch > similarity index 100% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-libs.patch > rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-libs.patch > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-strip.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-strip.patch > similarity index 100% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/makefile-strip.patch > rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/makefile-strip.patch > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/nopam-with-tcp_wrappers.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam-with-tcp_wrappers.patch > similarity index 100% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/nopam-with-tcp_wrappers.patch > rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam-with-tcp_wrappers.patch > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/nopam.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam.patch > similarity index 100% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/nopam.patch > rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam.patch > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/vsftpd-2.1.0-filter.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-2.1.0-filter.patch > similarity index 100% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/vsftpd-2.1.0-filter.patch > rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-2.1.0-filter.patch > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/vsftpd-tcp_wrappers-support.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-tcp_wrappers-support.patch > similarity index 100% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/vsftpd-tcp_wrappers-support.patch > rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-tcp_wrappers-support.patch > diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.5.bb > similarity index 93% > rename from meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb > rename to meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.5.bb > index 024b776de..192f8de33 100644 > --- a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb > +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.5.bb > @@ -18,11 +18,9 @@ SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \ > file://volatiles.99_vsftpd \ > file://vsftpd.service \ > file://vsftpd-2.1.0-filter.patch \ > - file://0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch \ > ${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)} \ > ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)} \ > file://0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch \ > - file://0001-seccompsandbox.c-allow-newfstatat-and-pselect6-sysca.patch \ > " > > UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/v/vsftpd/" > @@ -31,8 +29,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.orig\.tar" > LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \ > file://COPYRIGHT;md5=04251b2eb0f298dae376d92454f6f72e \ > file://LICENSE;md5=654df2042d44b8cac8a5654fc5be63eb" > -SRC_URI[md5sum] = "da119d084bd3f98664636ea05b5bb398" > -SRC_URI[sha256sum] = "9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7" > +SRC_URI[sha256sum] = "26b602ae454b0ba6d99ef44a09b6b9e0dfa7f67228106736df1f278c70bc91d3" > > > PACKAGECONFIG ??= "tcp-wrappers" > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#93213): https://lists.openembedded.org/g/openembedded-devel/message/93213 > Mute This Topic: https://lists.openembedded.org/mt/86229292/3616873 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [changqing.li@windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- > [-- Attachment #2: Type: text/html, Size: 13575 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <16ACDCD603E52F57.10559@lists.openembedded.org>]
* Re: [oe] [PATCH 2/2] postgresql: upgrade 13.3 -> 13.4 [not found] ` <16ACDCD603E52F57.10559@lists.openembedded.org> @ 2021-10-20 2:08 ` Changqing Li 0 siblings, 0 replies; 5+ messages in thread From: Changqing Li @ 2021-10-20 2:08 UTC (permalink / raw) To: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 3495 bytes --] ping On 10/11/21 11:37 AM, Changqing Li wrote: > From: Changqing Li <changqing.li@windriver.com> > > Signed-off-by: Changqing Li <changqing.li@windriver.com> > Signed-off-by: Khem Raj <raj.khem@gmail.com> > --- > ...figure.in-bypass-autoconf-2.69-version-check.patch | 11 ++++++++--- > .../{postgresql_13.3.bb => postgresql_13.4.bb} | 2 +- > 2 files changed, 9 insertions(+), 4 deletions(-) > rename meta-oe/recipes-dbs/postgresql/{postgresql_13.3.bb => postgresql_13.4.bb} (78%) > > diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch > index 45f283a02..db9769f82 100644 > --- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch > +++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch > @@ -1,4 +1,4 @@ > -From 7177d8334a3c28ab0ec5c90e0656f43414929659 Mon Sep 17 00:00:00 2001 > +From eba2c940afcd83521f591ccf6b49eca06908ea8e Mon Sep 17 00:00:00 2001 > From: Yi Fan Yu <yifan.yu@windriver.com> > Date: Fri, 5 Feb 2021 17:15:42 -0500 > Subject: [PATCH] configure.in: bypass autoconf 2.69 version check > @@ -12,11 +12,13 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> > configure.in | 4 ---- > 1 file changed, 4 deletions(-) > > +diff --git a/configure.in b/configure.in > +index fb14dcc..a2b4a4f 100644 > --- a/configure.in > +++ b/configure.in > -@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch un > +@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros > > - AC_INIT([PostgreSQL], [13.3], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) > + AC_INIT([PostgreSQL], [13.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) > > -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. > -Untested combinations of 'autoconf' and PostgreSQL versions are not > @@ -25,3 +27,6 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> > AC_COPYRIGHT([Copyright (c) 1996-2020, PostgreSQL Global Development Group]) > AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) > AC_CONFIG_AUX_DIR(config) > +-- > +2.17.1 > + > diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb b/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb > similarity index 78% > rename from meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb > rename to meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb > index 862dd61bd..f63d23dbe 100644 > --- a/meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb > +++ b/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb > @@ -9,4 +9,4 @@ SRC_URI += "\ > file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \ > " > > -SRC_URI[sha256sum] = "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1" > +SRC_URI[sha256sum] = "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd" > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#93212): https://lists.openembedded.org/g/openembedded-devel/message/93212 > Mute This Topic: https://lists.openembedded.org/mt/86229291/3616873 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [changqing.li@windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- > [-- Attachment #2: Type: text/html, Size: 5244 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-20 2:08 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-10-11 3:37 [hardknott][PATCH 0/2] hardknott merge request changqing.li 2021-10-11 3:37 ` [PATCH 1/2] vsftpd: Upgrade to 3.0.5 changqing.li 2021-10-11 3:37 ` [PATCH 2/2] postgresql: upgrade 13.3 -> 13.4 changqing.li [not found] ` <16ACDCD61DE3AF4D.10559@lists.openembedded.org> 2021-10-20 2:08 ` [oe] [PATCH 1/2] vsftpd: Upgrade to 3.0.5 Changqing Li [not found] ` <16ACDCD603E52F57.10559@lists.openembedded.org> 2021-10-20 2:08 ` [oe] [PATCH 2/2] postgresql: upgrade 13.3 -> 13.4 Changqing Li
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).