dnssec-conf relies heavily on python2 code and was not updated since
2010.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update recipe to include support for python3. Introduce a patch which
converts samples to utilize pytho3 on the target.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This aids cross-building, otherwise configure goes into weeks to find
these especially python-config and starts to poke at host files e.g.
if /etc/debian_release exists then it errors out, but if it does not
then it deploys a workaround and continues build, as a result we see
ntop fail the build on debian-like build hosts but not on others eg.
archlinux
Ensure that linking with libpython happens therefore use
python3-config --libs --embed
Fixes
checking for arm-yoe-linux-gnueabi-python-config... no
checking for python-config... no
Please install python-dev and rerun configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
coreutils-native tool dependency was implicitly met while building with
source GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
gettext tool dependency was implicitly met while building with source
GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As TARGET_PREFIX may vary from source GCC tool-set to external GCC
tool-set. Also, libtool-cross is installed in recipe sysroot using
HOST_SYS variable only.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
flex-native tool dependency was implicitly met while building with
source GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change makes the parsing go though, we still might have build
issues, which will be reported in world builds seprately
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-files/0001-dhcpcd-Fix-build-error-with-musl.patch
Removed since this is included in 8.1.5.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport the CVE patch from the upstream to fix the memory leak.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
plugins tab and about dialog have created dependency with commit[1]
this fails to build when qt5 is in bblayers
Fixes
wireshark-3.2.0/ui/qt/about_dialog.cpp:137:29: error: 'plugins_add_description' was not declared in this scope; did you mean 'plugins_get_descriptions'?
137 | extcap_get_descriptions(plugins_add_description, &plugin_data);
| ^~~~~~~~~~~~~~~~~~~~~~~
| plugins_get_descriptions
[1] 5dfde7ff83
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-gcc-6-conflicts-signbit.patch
Removed since they are included in 4.9.0
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes:
CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
See: https://www.samba.org/samba/history/samba-4.10.11.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The current NTP server responds to mode 6 queries from any clients.
Devices that respond to these queries have the potential to be used in
NTP amplification attacks. An unauthenticated, remote attacker could
potentially exploit this, via a specially crafted mode 6 query, to cause
a reflected denial of service condition.
See: https://www.tenable.com/plugins/nessus/97861https://scan.shadowserver.org/ntpversion/
Update ntp.conf to restrict NTP mode 6 queries.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Guest accounts for Samba are a known potential vulnerability
(see https://www.tenable.com/plugins/nessus/26919) where info
about the host can be obtained without proper access. The option
"map to guest = bad user" allows login attempts with usernames
that don't exist to map to the guest account, while the
"restrict anonymous" value (implicitly set to 0 before this patch)
would allow any queries to obtain user and group list information.
Raise the default security level by setting "restrict anonymous"
to "1" and "map to guest" to "never" to avoid providing user/group
info to unauthenticated users and reject login attempts with an
invalid password, respectively.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
error: 'runtime_error' is not a member of 'std'
throw std::runtime_error("Allocation error.");
^~~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ERROR: firewalld-0.7.2-r0 do_package: QA Issue: firewalld: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/firewalld
/usr/lib/firewalld/zones
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It shows an warning of openl2tp in systemd log:
| /lib/systemd/system/openl2tpd.service:8: PIDFile= references a path
| below legacy directory /var/run/, updating /var/run/openl2tpd.pid →
| /run/openl2tpd.pid; please update the unit file accordingly.
Update the systemd service file to fix the warning.
Update SRC_URI as well that the homepage openl2tp.org has been closed.
Use archived file on sourceforge instead.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fill out PACKAGECONFIG options for json, mini-gmp, readline and xtables
whilst matching existing behaviour. Drop PACKAGECONFIG to weak default.
Fix upstream version matching so the very old 0.099 is rejected as the
newest version.
Drop seemingly redundant ASNEEDED which was added in 5477d5bcb7
("nftables: Upgrade to 0.7") without explanation.
Package python files from libdir not libdir_native; whilst they're the
same thing, building a target package with native variables is odd.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
/usr/src/debug/rdma-core/26.1-r0/git/librdmacm/rsocket.c:3041: undefined reference to `pthread_yield'
collect2: error: ld returned 1 exit status
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Kai Kang <kai.kang@windriver.com>
Upgrade rdma-core from 18.1 to 27.0
* remove 4 patches which have been merged by upstream
* update context and remove more unbuildable manual in
0001-Remove-man-files-which-cant-be-built.patch
* set services file for systemd
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This helps in avoiding packaging errors seen with distros enabling
multilib
Fixes
ERROR: grpc-1.24.3-r0 do_package: QA Issue: grpc: Files/directories were installed but not shipped in any package:
/usr/lib/libgrpc++.so.1.24.3
...
/usr/lib/cmake
/usr/lib/cmake/grpc
/usr/lib/cmake/grpc/gRPCConfigVersion.cmake
/usr/lib/cmake/grpc/gRPCConfig.cmake
/usr/lib/cmake/grpc/gRPCTargets-noconfig.cmake
/usr/lib/cmake/grpc/gRPCTargets.cmake
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or de
lete them within do_install.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix corosync build error when package config rdma enabled.
* replace dependency librdmacm from layer meta-cloud-services with
rdma-core from meta-networking
* add patch to fix issue that fail to find rdma library via pkgconfig
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
>From https://hewlettpackard.github.io/netperf/doc/netperf.html:
Other optional configure-time settings include --enable-intervals=yes to give
netperf the ability to “pace” its _STREAM tests and --enable-histogram=yes to
have netperf keep a histogram of interesting times.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libappindicator is a library to allow applications to export a menu into
the Unity Menu bar. Unity is not supported in openembedded, so disable
appindicator support for blueman.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Canonical's Netplan is a network configuration abstraction renderer written in
Python. It's compatible with NetworkManager and systemd-networkd.
Signed-off-by: Jacopo Dall'Aglio <jacopo.dallaglio@kynetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
A ntpdc is a special NTP query program. It shouldn't be part of ntp-utils
which is depending on perl.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Previously the kernel module was only pulled in for ${PN}-utils and
${PN}-ptest, but not for the library itself. As a result, appsexternal
to this recipe using only the library fail because kernel module is
not installed in the image.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch PACKAGECONFIG from man to manpages so we are included when
api-documentation is set. Ensure correct tools are available to build
the documentation and avoid unsupported option failures by not passing
`--enable-man-doc`.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
we install dnsmasq under /usr/bin by default, correct
the path in comments.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
do_install never executed as a result it was empty install
Create ruli-bin package for utilities, so libraries can be packages
granularily
Drop the makefile patch which is no longer needed, set the make
variables to get the needed bits set
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The 84-nm-drivers.rules is not required for systemd-udevd versions
v210 and later. The file has been split into a separate file so
distributions with a new enough systemd version can drop it. See
also:
1e03758262
I noticed this while investigating into a warning show during
bootup:
/usr/lib/udev/rules.d/84-nm-drivers.rules:10 Invalid value "/bin/sh -c
'ethtool -i $1 | sed -n s/^driver:\ //p' -- $env{INTERFACE}" for PROGRAM
(char 24: invalid substitution type), ignoring, but please fix it.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang does delegate the atomic<double> calls to libatomic on x86 where
as gcc tries to use intrinsics, its debatable who is right, but it does
seem that clang is safe in case pointer is unaligned
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It was only added because samba was a dependency, but was not removed
again when the dependency on samba was removed in commit 6207331f.
This effectively reverts commit a190c2e3.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Balik <martin.balik@siemens.com>
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Mbed TLS 2.16.3 is a maintenance release of the Mbed TLS 2.16 branch, and
provides bug fixes and minor enhancements.
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.3
Most importantly, this fixes breakage on ARMv5TE platforms:
* Fix the build on ARMv5TE in ARM mode to not use assembly instructions that
are only available in Thumb mode.
https://github.com/ARMmbed/mbedtls/pull/2169
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes:
CVE-2019-10218: Client code can return filenames containing path
separators.
CVE-2019-14833: Samba AD DC check password script does not receive the
full password.
CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
server via dirsync.
See: https://www.samba.org/samba/history/samba-4.10.10.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update-rc.d complains if no sysvinit script is present. This happens
in hybrid systemd/sysvinit builds, because autofs does not install
the init script if configured with '--with-systemd'.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The configure script used by autofs tries to detect paths on the
build system. Avoid it by presetting fixed values.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| chmod: cannot access '.../image/etc/sudoers.d': No such file or directory
| sed: can't read .../image/usr/bin/samba-tool: No such file or directory
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nghttp2 also provides http client, server, and proxy.
Add the necessary DEPENDS and build flags to enable those.
They are all packaged into individual packages, with
'nghttp2' being a meta-package now and pulling in all
of the above three applications.
The shared library itself (the only part that this recipe
had been building so far), is also being split into its
own package, meaning existing users shouldn't be affected,
as nobody should have an RDEPENDS on 'nghttp2' at the
moment (due to bitbake's shlibs dependency tracking).
The deflatehd and inflatehd binaries have been completely
dropped, as they are (header) test applications for HTTP/2.
Debian doesn't ship them either.
The python script fetch-ocsp-response is (only) needed
by the proxy, and itself calls out to openssl. We can easily
make this python3 using a simple patch, though.
Minor additional fixes:
* sort DEPENDS alphabetically
* drop python-dir, this is implied by pythonnative
* inherit manpages so as to benefit from man-db processing
(note that manpages are not generated here, we just want
the automatic update of the package index caches)
We need to add a PACKAGECONFIG, as manpages.bbclass
requires it to be present, even though nghttp2
unconditionally installs them
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This was added incorrectly in the previous recipe update
and doesn't actually work.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This ensures that when libc does not include stdint.h indirectly then it
still can compile
Fixes
| ../include/protocols/rwhod.h:57:2: error: unknown type name 'int32_t'; did you mean 'uint32_t'?
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes a race condition e.g.
testminissdp.c:15:10: fatal error: config.h: No such file or directory
15 | #include "config.h"
| ^~~~~~~~~~
compilation terminated.
<builtin>: recipe for target 'testminissdp.o' failed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1) Upgrade iscsi-initiator-utils from 2.0.877 to 2.0.878.
2) Remove patches have been merged in 2.0.878.
0001-Fix-i586-build-issues-with-string-length-overflow.patch
0001-Make-iscsid-systemd-usage-optional.patch
0001-Use-pkg-config-in-Makefiles-for-newer-libraries.patch
3) Fix DEPENDS and EXTRA_OECONF for systemd as in new version systemd is default on.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1) Upgrade pure-ftpd from 1.0.47 to 1.0.49.
2) Update LIC_FILES_CHKSUM as date has been changed.
3) Update 0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch for 1.0.49.
4) Delete "--with-minimal" to fix error as follows:
/usr/src/debug/pure-ftpd/1.0.49-r0/build/src/../../pure-ftpd-1.0.49/src/ls.c:1080: undefined reference to `modernformat'
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-When compiling version 5.1.6 on musl, the following error occurs:
| In file included from defaults.c:32:
| ../include/log.h:49:8: error: unknown type name 'pid_t'
-Add autofs/0001-Bug-fix-for-pid_t-not-found-on-musl.patch to fix it.
-Refresh the following patch:
autofs/0001-Do-not-hardcode-path-for-pkg.m4.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When launch blueman-manager while bluetooth is disable, it may fails
with error:
Failed to enable bluetooth
Because when get bluetooth status right after change its status, the
status may not be updated that plugin applet/KillSwitch.py sets the
bluetooth status via method of another dbus service which doesn't return
immediately.
Provides a new dbus method for PowerManager which checks whether dbus
method SetBluetoothStatus() has finished. Then it makes sure to get
right bluetooth status.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This postinst can fail depending on host setup, which makes non-deterministic
build on different host.
Use postinst ontarget to always fail at do_rootfs and rerun at target first
boot.
In this situation, remove postfix-native from PACKAGE_WRITE_DEPS
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In postinst of ${PN}, call newaliases on etc may fail at do_rootfs
due to host setup. If fail, the postinst will rerun at target first
boot which cause update-alternatives in postinst rerun.
For ostree system, /usr is readonly, /etc is writable, the
update-alternatives will be failed when run on target since it
needs write files in /usr. Split the postinst into two packages
can fix the problem:
* update-alternatives runs at do_rootfs
* newaliases runs at do_rootfs or first boot, it needs write files
in /etc when run at first boot, while /etc is writable for ostree.
For non-ostree, everything will be OK as normal
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of spice-protocol is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of libmemcached is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of radiusclient is BSD-3-Clause and
BSD-2-Clause and HPND.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of freediameter is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of netkit-telnet is BSD-4-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of netkit-rwho is BSD-4-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of netkit-rusers is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of netkit-ftp is BSD-4-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of corosync is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
radiusd.service references a legacy path for its PIDFile, which
results in a warning at boot:
systemd[1]: /lib/systemd/system/radiusd.service:7: PIDFile= references a path
below legacy directory /var/run/, updating /var/run/radiusd/radiusd.pid →
/run/radiusd/radiusd.pid; please update the unit file accordingly.
Modify the recipe's radiusd.service file to use the correct path.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Multiple quagga service files are causing the following type of message to
appear during boot:
/lib/systemd/system/zebra.service:10: PIDFile= references a path below legacy
directory /var/run/, updating /var/run/quagga/zebra.pid → /run/quagga/zebra.pid;
please update the unit file accordingly.
Update the service files included as part of the recipe to use /run instead of
/var/run as the PIDFile path.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Strongswan installs a signal handler for SIGSEGV, SIGILL, and SIGBUS
which attempts to print a stack trace of the crash. For producing line
numbers in the stack trace, it can use libbfd from binutils, or
libunwind, or else it falls back to a slower method using
/usr/bin/addr2line.
Currently the addr2line method is unlikely to actually work, since there
is no RDEPENDS to pull that command into the image.
This patch adds a PACKAGECONFIG to enable the libbfd-based stack traces,
which is likely the best alternative since binutils is already required
for building everything, and it will be faster than the addr2line method
(which requires addr2line and libbfd anyway).
Signed-off-by: Khem Raj <raj.khem@gmail.com>
After upgrade to 1.7.0, path of database file changed from
/var/kea to /var/lib/kea, correct the path to fix service
start failed problem
DHCP6_CONFIG_LOAD_FAIL configuration error using file:
/etc/kea/kea-dhcp6.conf, reason: Unable to open database:
unable to open '/var/lib/kea/kea-leases6.csv'
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use the systemd class to correctly plug the package into the systemd
infrastructure.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We already depend on systemd in DISTRO_FEATURES so adding it to
RDEPENDS is redundant. We also rdepend on two python packages, so
there's no need to explicitly depend on python3.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use distro_features_check to check for systemd in DISTRO_FEATURES
instead of a hand-crafted python function.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since it is not used in the tcpdump recipe anymore.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
