Commit Graph

1110 Commits

Author SHA1 Message Date
Joe MacDonald
3927abca04 wireguard: blacklist
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-05-01 11:11:21 -04:00
Joe MacDonald
bf357b2e48 wireguard: add dependencies and kernel build options
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-27 12:04:37 -04:00
Stefan Agner
9867ffa48e wireguard: add WireGuard kernel module and tools
WireGuard is an extremely simple yet fast and modern VPN that utilizes
state-of-the-art cryptography. It aims to be faster, simpler, leaner,
and more useful than IPSec, while avoiding the massive headache.

The recipes add the current experimental snapshot v0.0.20170421
out-of-tree kernel module and tools. The kernel module has some kernel
configuration dependencies such as some configuration part of
features/netfilter/netfilter.scc, hence netfilter.scc should be part
of KERNEL_EXTRA_FEATURES (which is the case by default).

Since wireguard-tools is TUNE_PKGARCH and depends on wireguard-module
which is MACHINE_ARCH (like all kernel modules) we need to add this
dependency to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS.

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-27 12:02:13 -04:00
David Vincent
57d3b5c5c8 strongswan: Split plugins
strongSwan offers a plugin mechanism therefore it should not be
mandatory to install all of them when installing the package. Each
plugin is now a self-contained package with the library and its
configuration.

To remain compatible with the current configuration, a default set of
plugins has been selected as RDEPENDS of the main package. This default
list is based on the default strongSwan list minus some plugins enabled
via PACKAGECONFIG
(see https://wiki.strongswan.org/projects/strongswan/PluginList).

Signed-off-by: David Vincent <freesilicon@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-27 12:02:13 -04:00
Khem Raj
be327baf0e opensaf: Upgrade to 5.2.0
Fix build with gcc7

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-27 12:02:12 -04:00
Jackie Huang
26c812ece4 openhpi: add new recipe
OpenHPI is an open source project created with
the intent of providing an implementation of
the SA Forum's Hardware Platform Interface (HPI).

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-27 12:02:12 -04:00
Mingli Yu
33310f2890 waf-samba.bbclass: redefine WAF_CROSS_ANSWERS_PATH
* Redefine WAF_CROSS_ANSWERS_PATH in waf-samba.bbclass
  to fix checksum mismatch for those packages which
  inherit waf-samba.bbclass when install eSDK
  # bitbake-diffsigs $Prj/build/sdkext_dir/tmp/stamps/core2-64-wrs-linux/libtalloc/2.1.8-r0.do_configure.sigdata.8a0fd2871f1e464f4586c32f0e67378f $Prj/build/tmp/stamps/core2-64-wrs-linux/libtalloc/2.1.8-r0.do_configure.sigdata.16b87e6ddccb52ca5e988e928f111e5a
  basehash changed from ea2fea38e7efe710a11fa9d13c7ad94c to 943a7ead4ed10ce794532a942569bcf9
  Variable WAF_CROSS_ANSWERS_PATH value changed from '$Prj/build/sdkext_dir/layers/meta-networking/files/waf-cross-answers' to '$Prj/layers/meta-openembedded/meta-networking/files/waf-cross-answers'

* Remove the previous WAF_CROSS_ANSWERS_PATH definition
  in layer.conf

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-26 10:06:32 -04:00
Kai Kang
066360f31e postfix: do NOT create directory /var/spool/mail
postfix installs directory /var/spool/mail which conflicts with package
shadow.

| Error: Transaction check error:
|  file /var/spool/mail conflicts between attempted installs of
|  postfix-3.1.1-r0.ppc64e6500 and shadow-4.2.1-r0.1.ppc64e6500

Make postfix not create /var/spool/mail that it does NOT create the
directory on Fedora and Ubuntu either.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-26 09:59:39 -04:00
Khem Raj
50c15c53d9 autofs: Upgrade to 5.1.2 release
Add patches to make it work when SECURITY_FLAGS are enabled

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:55 -04:00
Huang Qiyu
4e9984d270 dovecot: 2.2.25 -> 2.2.29
Upgrade dovecot from 2.2.25 to 2.2.29.

Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:55 -04:00
Khem Raj
c8d5f975fc yp-tools: Fix build with gcc7
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:55 -04:00
Khem Raj
d16352e9b4 samba: Upgrade to 4.6.2
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:55 -04:00
Khem Raj
8ef5e3ffc3 libtalloc: Upgrade to 2.1.9
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:55 -04:00
Khem Raj
52db0e6c05 squid: Upgrade to 3.5.25
Add patch to fix throw() errors with gcc7
Update copyright year to 2017

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:55 -04:00
Khem Raj
9c022b475e lowpan-tools: Fix build with gcc7
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:52 -04:00
Khem Raj
09e7ae53fd memcached: Upgrade to 1.4.36
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:26 -04:00
Khem Raj
dec5adef49 ipsec-tools: Fix build with gcc7
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:26 -04:00
Benjamin Gaignard
b9b6ace5a1 tinyproxy: Add recipe
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:26 -04:00
Khem Raj
27ac61803c lowpan-tools: Fix build with clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:15 -04:00
Khem Raj
3f63557cc4 ez-ipupdate: Fix formatting security warnings
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:15 -04:00
Khem Raj
752653a10e libnetfilter-conntrack: Upgrade to 1.0.6
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:15 -04:00
Khem Raj
0094968f13 conntrack-tools: Upgrade to 1.4.4
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:15 -04:00
Khem Raj
93de05ce5f libnetfilter-acct: Fix build with clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:15 -04:00
Khem Raj
46eb9bad8a libnetfilter-queue: Fix symbol visibility bug found with clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:15 -04:00
Khem Raj
0237ee20da libnetfilter-cthelper, libnetfilter-cttimeout: Backport patches to fix symbol visibility
These are needed for building it with clang

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:14 -04:00
Khem Raj
5477d5bcb7 nftables: Upgrade to 0.7
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:14 -04:00
Khem Raj
2571887a95 libnftnl: Upgrade to 1.0.7
Fix build with clang while here

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:14 -04:00
Khem Raj
9a98b3f665 mtr: Upgrade 0.87+git
Fixes for musl build are not in a release yet
until then switch to using git for SRC_URI

License file changes are here

dd42b2305a

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:07 -04:00
Szombathelyi György
81efffcc22 samba: fix conflict between samba and sudo packages
Use the same permissions for sudoers.d as in the sudo package.

Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:38 -04:00
Armin Kuster
c083405d2a wireshark: update to 2.2.6
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-12
  IMAP dissector crash ([2]Bug 13466) [3]CVE-2017-7703
* [4]wnpa-sec-2017-13
  WBMXL dissector infinite loop ([5]Bug 13477) [6]CVE-2017-7702
* [7]wnpa-sec-2017-14
  NetScaler file parser infinite loop ([8]Bug 13478) [9]CVE-2017-7700
* [10]wnpa-sec-2017-15
  RPCoRDMA dissector infinite loop ([11]Bug 13558) [12]CVE-2017-7705
* [13]wnpa-sec-2017-16
  BGP dissector infinite loop ([14]Bug 13557) [15]CVE-2017-7701
* [16]wnpa-sec-2017-17
  DOF dissector infinite loop ([17]Bug 13453) [18]CVE-2017-7704
* [19]wnpa-sec-2017-18
  PacketBB dissector crash ([20]Bug 13559)
* [21]wnpa-sec-2017-19
  SLSK dissector long loop ([22]Bug 13576)
* [23]wnpa-sec-2017-20
  SIGCOMP dissector infinite loop ([24]Bug 13578)
* [25]wnpa-sec-2017-21
  WSP dissector infinite loop ([26]Bug 13581)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:38 -04:00
Andrea Galbusera
b6adc8bae7 openvpn: avoid hardcoded path
Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:38 -04:00
Andrea Galbusera
a6916b2241 openvpn: avoid packaging /run
/run is in FILES_${PN} but nothing either populate or even create it.

Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Andrea Galbusera
07e8b8ebe3 openvpn: openvpn-volatile.conf: avoid hardcoded localstatedir
Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Andrea Galbusera
eb0a49cc9c openvpn: remove duplicate attempt to create dir in ${localstatedir}
When systemd is in DISTRO_FEATURES we have two attempts to create
${localstatedir}/run/openvpn: one at build time with install command and
the other via systemd-tmpfiles at runtime which is enabled by installing
openvpn-volatile.conf. Beside looking redundant, by dropping the build-time
dir creation attempt solves the following error when building images with
both base-files and openvpn:

Error: Transaction check error:
  file /var/run conflicts between attempted installs of
  openvpn-2.3.9-r0.cortexa7hf_neon_vfpv4 and
  base-files-3.0.14-r89.raspberrypi3

Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Andrea Galbusera
ccaf0a99d8 openvpn: ensure ${sysconfdir}/tmpfiles.d is packaged
The file was installed but never packaged, ending up in no systemd-tmpfiles
configuration on the final rootfs.

Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Chen Qi
a6e6115c89 quagga: set ac_cv_path_PERL to '/usr/bin/env perl'
Set ac_cv_path_PERL to '/usr/bin/env perl' to fix problem when
/path/to/hosttools/perl is longer than 128.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Oliver Graute
25bfdafcae nfacct: fixed SRC_URI and dropped workdir statement
Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Jaap de Jong
171c528162 uftp: Add recipe
To: openembedded-devel@lists.openembedded.org

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Khem Raj
1543614e94 ntimed: Use adjtimex on musl
Drop do_compile, default is same
Do not assume that configure is running in S

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Khem Raj
488214259d autofs: Patch to build on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Khem Raj
423d6f08d0 snort: Fix build with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
1412617849 libnetfilter-queue: Update to git for SRC_URI
brings in the fixes to build on musl
Add a typo fix patch

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
3692f1e202 libnetfilter-log: Switch to git URI
Move to tip of tree which has needed fixes for musl build
add missing dependency on libmnl

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
a8d26915e8 arptables: Upgrade to 0.0.4
Switch the SRC_URI to git based fetcher

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
9e69cd9c18 daq: Fix build with musl
unistd.h is not in sys/ on all platforms
use standard location in /usr/include to look for it

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
46cd79e49e vpnc: Update to build from github SRC_URI
Fix build for musl
add packageconfig for crypto selection
Fix build with externalsrc

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
3b94d8533c dibbler: Upgrade to 1.0.2RC1
Delete dibbler from meta-oe

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
764c7f46da vsftpd: Fix build with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
d946331bc0 rp-pppoe: Fix build with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:36 -04:00
Khem Raj
2fee586153 openl2tp: Fix build with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:35 -04:00