Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It does not provide/enable systemd script generation which results in
ERROR: nbd-3.26.1-r0 do_package: nbd does not appear in package list, please add it
Signes-off-by: Khem Raj <raj.khem@gmail.com>
mdio-netlink source make reference to ${S}/.. which breaks
-fdebug-prefix-map and results in the full TMPDIR path being present in
the -dbg package and, also, change a related CRC in the main package.
This changes ${S} to enclose the whole SRC_URI repo and adapt relative paths to
build (MODULES_MODULE_SYMVERS_LOCATION)
This make mdio-netlink reproducible and fixes this warning:
WARNING: mdio-netlink-1.3.1-r0 do_package_qa: QA Issue: File /lib/modules/6.6.29-yocto-standard/updates/.debug/mdio-netlink.ko in package mdio-netlink-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When build on Debian 11 (gcc10), squid fails to build[0] because of a
bug[1] in the configure step (it mixes options between old native compiler
and recent target compiler: the former needs the std=c++17 option, the latter
doesn't).
The workaround is to force the "-std=c++17" option for the native build.
NB: Our Buildroot friends have the same workaround[2].
[0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/23/steps/28/logs/stdio
[1]: https://bugs.squid-cache.org/show_bug.cgi?id=5376
Bug closed as invalid by upstream
[2]: 932b52fad8/package/squid/squid.mk (L24)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Fix#207: crash when adding IPv6 multicast route on a kernel without IPv6 multicast support
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* Improve the support for 2FA dynamic challenge, not
saving the response into the profile.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When PACKAGECONFIG does not contains 'programs', the hello binary will
not be generated, but the ALTERNATIVE 'hello' is still set, causing the
update-alternatives bbclass to generate warnings for the missing
'hello' binary.
This commit fixes that by only populating ALTERNATIVES when 'programs'
is enabled.
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-fping-Initialize-msghdr-struct-in-a-portable-way.patch
removed since it's included in 5.2
Changelog:
============
-New option -X / --fast-reachable to exit immediately once N hosts have been found
-New option -k / -fwmark to set Linux fwmark mask
-Always output fatal error messages
-Fallback to SO_TIMESTAMP if SO_TIMESTAMPNS is not available
-Fix "not enough sequence numbers available" error on BSD-like systems
-Fix running in unprivileged mode
-Fix build issue for NetBSD/alpha
-Fix build issue for OpenBSD/alpha
-Fix build warning for long int usage
-Fix build error with musl libc
-Fix to guard against division by zero
-Decouple -a/-u effects from -c
-Added contrib/Dockerfile
-Remove host from Netdata chart titles
-Add additional tests
-Update github action os images
-Fix Azure pipeline tests
-Various autoconf fixes
-Extended configure script with --enable-debug and output cpu usage
-Documentation: Update Netdata website link
-Documentation: fix description of --file option
-Documentation: improve exit status description
-Documentation: move description of -i MSEC
-Documentation: improve help output for options -c and -C
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- also copy GLib*Typelib to STAGING_LIBDIR_NATIVE to avoid:
| gi.RepositoryError: Typelib file for namespace 'GLib', version '2.0' not found
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Basically what is done in:
https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=4c40897893f43a99e6ae12e652c0cf789d89df90
This fixes:
| gi.RepositoryError: Typelib file for namespace 'Gobject', version '2.0' not found
| gi.RepositoryError: Typelib file for namespace 'Gio', version '2.0' not found
| gi.RepositoryError: Typelib file for namespace 'GModule', version '2.0' not found
- Remove uneeded do_compile:prepend. It was broken because of {B}} and seems to be unneeded anyway
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For now, the known non-reproducible packages list is stored inside the
autobuilder config.json file. This is not ideal. Let's move this list
into each layers of meta-openembedded.
These lists can be used with, in local.conf:
include conf/include/non-repro-meta-oe.inc
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "${KNOWN_NON_REPRO_META_OE}"
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
spice-gtk seems to be the last recipe in meta-openembedded that uses
usbids instead of hwdata.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* make sure Homebrew packages for macOS are built with --enable-legacy-pppd
* do not print TLS socket options in log (revert change from 1.16.0)
* add option to specify SNI
* change most occurrences of "SSL" to "TLS" in user-visible text
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it's used since:
da679d27c5
included with the upgrade to 1.5.0 in:
https://git.openembedded.org/meta-openembedded/commit/?id=47ccb88d94852e327f3bdd45425f33e56983b50c
* libidn2 is usually pulled into the RSS by the dependency from gnutls
but when gnutls doesn't depend on it, the build fails with:
-- Checking for module 'libidn2'
-- No package 'libidn2' found
CMake Error at include/freeDiameter/CMakeLists.txt:144 (MESSAGE):
Unable to find libidn2, please install libidn2-dev or equivalent, or set
DIAMID_IDNA_IGNORE or DIAMID_IDNA_REJECT
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
-Merge pull request #1444 from yishaih/mlx5_dr
-Merge pull request #1439 from Kamalheib/qedr_pr
-mlx5: DR, Using sq ts format when RoCE is disabled
-Merge pull request #1440 from Honggang-LI/doc
-librdmacm: adjust ECE function name in man page
-providers/qedr: Remove unused debug files
-roviders/qelr: Replace DP_ERR with verbs_err
-providers/qelr: Replace DP_VERBOSE with verbs_debug
-providers/qelr: Remove unused macros
-Merge pull request #1438 from amzn/fix-rdma-tracepoint
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The following paths have been replaced with PYTHON_SITEPACKAGES_DIR:
- "${libdir}/${PYTHON_DIR}/site-packages"
- "${libdir}/python${PYTHON_BASEVERSION}/site-packages"
- "${libdir}/python*/site-packages"
- "${libdir}/python3.*/site-packages"
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This also fixes all ptests, therefore move freediameter
out of PTESTS_PROBLEMS_META_NETWORKING to PTESTS_FAST_META_NETWORKING
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2024-0962:
A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow.
Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311]
WARNING: libcoap-4.3.4-r0 do_cve_check: Found unpatched CVE (CVE-2024-0962)
This vulnerability is only exist in 4.3.4.
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
oldincludedir was removed in oe-core by
commit 506c91cbc6a604a84e37e53ccff430436369802e
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It gets OOMs with memory < 2G on x86_64 qemu
Export NFT variable in run-ptest script its used by few tests
Add required runtime dependencies for ptests to pass
This also requires changes to kernel config
features/nf_tables/nft_test.scc and CONFIG_VETH
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch the SRC_URI to http since the postfix site does not yet use https.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch SRC_URI to https (yes, the URI still has ftp in the path!).
Also drop the obsolete SRC_URI[md5sum].
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch the SRC_URI from "ftp:" to "https:". Drop the obsolete SRC_URI[md5sum].
Drop ncftp-3.2.5-gcc10.patch since we're using gcc13 and upstream has fixed the build
to work by adding an extern to sh_util/gpshare.c for example.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is an LTS release.
Includes security fixes:
* CVE-2024-28960 - Insecure handling of shared memory in PSA Crypto APIs
Full release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The following ShellCheck violations in "run-ptest" are fixed:
- line 4:
SC2164: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
- line 7:
SC2086: Double quote to prevent globbing and word splitting.
- line 9:
SC2006: Use $(...) notation instead of legacy backticks `...`.
SC2086: Double quote to prevent globbing and word splitting.
SC2126: Consider using 'grep -c' instead of 'grep|wc -l'.
- line 10:
SC2006: Use $(...) notation instead of legacy backticks `...`.
SC2086: Double quote to prevent globbing and word splitting.
SC2126: Consider using 'grep -c' instead of 'grep|wc -l'.
- line 17:
SC2086: Double quote to prevent globbing and word splitting.
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the following ptest output format issues:
- For "sed" command, change "-e" option to "-E" option. I believe the
previous "-e" option is a typo based on the manual page of "sed":
-e script, --expression=script
add the script to the commands to be executed
"-E" option, on the other hand, makes "sed" "use extended regular
expressions in the script" according to the manual page.
- The test result summary line is being treated as both a passed
testcase and a failed testcase due to this line containing substring
"[OK]" and "[FAILED]". The following is a sample test result summary
line:
I: results: [OK] 379 [SKIPPED] 1 [FAILED] 0 [TOTAL] 380
The fix is to change run-ptest to look for "I: [OK]" and
"W: [FAILED]" when determining which lines correspond to
passed/failed testcases.
- Previously, only "W: [FAILED]" out of the following testcase failure
prompts is parsed:
W: [CHK DUMP]
W: [VALGRIND]
W: [TAINTED]
W: [DUMP FAIL]
W: [FAILED]
Adding parsing for all testcase failure prompts.
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Add --without-rlm_json to fix:
configure: error: set --without-rlm_json to disable it explicitly
* Add --without-rlm_cache_redis to fix:
configure: error: set --without-rlm_cache_redis to disable it explicitly.
* Drop 0017-add-python.m4-for-detecting-python-3.10.patch and add
0017-Add-acinclude.m4-to-include-required-macros.patch to fix python3 related
build errors
* Rebased other patches for 3.2.3.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bugfix:
=========
-wnpa-sec-2024-06 T.38 dissector crash.
-Extcap with configuration never starts; "Configure all extcaps before start of capture." is shown instead.
-Packet Dissection CSV Export includes last column even if hidden.
-Inject TLS secrets closes Wireshark on Windows.
-Wireshark crashes when adding another port to the HTTP dissector.
-When adding a new row to a table an error report may be inserted.
-'--export-objects' does not work as expected on tshark version later than 3.2.10.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Curl for People C++ Requests is a simple wrapper around
libcurl inspired by the excellent Python Requests project.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The last patch 0012-Fix-configuration-of-NETSNMP_FD_MASK_TYPE.patch
brought in with 5.9.4 upgrade is not sufficient and infact has a regression
introduced for clang+musl builds.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Update copyright years to 2024
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst
Security fixes:
CVE-2024-27459: Windows: fix a possible stack overflow in the
interactive service component which might lead to a local privilege
escalation.
CVE-2024-24974: Windows: disallow access to the interactive service pipe
from remote computers.
CVE-2024-27903: Windows: disallow loading of plugins from untrusted
installation paths, which could be used to attack openvpn.exe via a
malicious plugin. Plugins can now only be loaded from the OpenVPN
install directory, the Windows system directory, and possibly from a
directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.
CVE-2024-1305: Windows TAP driver: Fix potential integer overflow in
!TapSharedSendPacket.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Improve performance when getting interface status
- update project URL
- Add environment variables to manpage.
- Don't start the daemon if there's nothing to do
- _interface_scan: fix wrong index into iface map
- _interface_scan: force handle_state for new interfaces
- Add missing administrative state 'initialized'
- use os.path.dirname instead of os.path.basename
- make sure scripts are not writeable by non-root users
- don't allow unknown operational/admin states (CVE-2022-29799, CVE-2022-29800)
- Fix missing word in exception message
- fix some new linting issues from pylint
- manpage: fix missing slash in "configured.d" directory name
- Normalize parsed IP address value
- Drop support for Python 3.4
- Add testing for Python 3.10
- README.md: fix code formatting
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* as oe-core did in:
https://git.openembedded.org/openembedded-core/commit/?id=d4c346e8ab
* when people are have to maintain own PRs for recipes in oe-core, they
might add them for meta-oe recipes at the same time when upgrading
to next LTS
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* add Pending to .patch files where it was accidentally droped
with upgrades or modifications in:
f88e5b146e postgresql: upgrade 15.5 -> 16.2
c904e169db multipath-tools: upgrade 0.9.3 -> 0.9.8
105be9b3d9 unionfs-fuse: upgrade 2.2 --> 3.4
or new patches where the author didn't notice/care:
2a7f74cdb0 dropwatch: Use header files from sysroot instead of build host
f5cc9f272a yasm: improve reproducibility
39028d0d9d python3-pybind11: Restore strip prevention patch
authors of these added to CC, please be more careful with removing
or not adding these or enable patch-status in ERROR_QA for your
builds, see:
https://lists.openembedded.org/g/openembedded-core/topic/104922136#197113
* added with:
for p in `/OE/layers/openembedded-core/scripts/contrib/patchreview.py -v . | grep Missing.Upstream-Status.tag | sed 's/.*(//g;s/)$//g'`; do grep -q ^Upstream-Status: $p || sed -i "s/^---$/\nUpstream-Status: Pending\n---/g" $p; grep -q ^Upstream-Status: $p || sed -i "1iUpstream-Status: Pending\n" $p; done
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We're seeing errors like below in log.do_configure:
./conftest: cannot execute binary file: Exec format error
The tcprelay's configure have two places to execute ./conftest.
And the result happens to be correct even with the error above.
Instead of leaving the errors as they are, we explicitly skip
running ./conftest in case of cross compiling. The build will
continue to succeed and result will remain the same.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/net-snmp/net-snmp/blob/V5-9-patches/CHANGES
* Refresh patches
* Drop backport CVE patch
* Drop 0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch as the
issue has been fixed upstream.
* Add a patch to fix build on musl
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.46.0/NEWS
Highlights:
- Drop build with python2, python3 is now required
- Support randomizing the MAC address based on the Wi-Fi network
- IPv4 DAD (Duplicate Address Detection) enabled by default
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.72
License-Update: Copyright year updated to 2024.
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.2.1.
- OpenSSL FIPS Provider updated to version 3.0.8.
* Bugfixes
- Fixed SSL_CTX_new() errors handling.
- Fixed OPENSSL_NO_PSK builds.
- Android build updated for NDK r23c.
- stunnel.nsi updated for Debian 12.
- Fixed tests with OpenSSL older than 1.0.2.
- Fixed the console output of tstunnel.exe.
- Fixed TLS socket EOF handling with OpenSSL 3.x.
This bug caused major interoperability issues between
stunnel built with OpenSSL 3.x and Microsoft's
Schannel Security Support Provider (SSP).
- Fixed reading certificate chains from PKCS#12 files.
* Features sponsored by SAE IT-systems
- OCSP stapling is requested and verified in the client mode.
- Using "verifyChain" automatically enables OCSP
stapling in the client mode.
- OCSP stapling is always available in the server mode.
- An inconclusive OCSP verification breaks TLS negotiation.
This can be disabled with "OCSPrequire = no".
- Added the "TIMEOUTocsp" option to control the maximum
time allowed for connecting an OCSP responder.
* Features
- Added support for Red Hat OpenSSL 3.x patches.
- Added configurable delay for the "retry" option.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
-updates translations, and tightens OpenSSL/wolfSSL version requirements in order
to track their security fixes and deprecations.
OpenSSL 3.0.9, 3.1.4, 3.2.0 and wolfSSL 5.6.2 (or newer on the respective compatible branches) remain supported.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
drbd-utils configure step check the build host udev version to enable
or disable the target udev rule. This leads to a clear
non-reproducibility.
This patch fixes this by adding a configure option to the configure step
which allows to skip the udev version checks and unconditionally enable
the udev rule.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Line "DRBD mirrors a block device over the network to another machine"
is written twice in DESCRIPTION.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
rebased patches:
0001-drbd-utils-support-usrmerge.patch
0001-drbdmon-add-LDFLAGS-when-linking.patch
removed patches that already in upstream code repository
0001-replace-off64_t-with-off_t.patch
0002-drbdadm-drop-use-of-GLOB_MAGCHAR-use-strchr-heuristi.patch
add keyutils depends
Change log
==========
9.27.0
* adjust,v9: retry for diskless primaries
* tests: sanitize env (e.g., TZ)
* drbdmeta: dump and restore the members field
9.26.0
* config,v9: new config option load-balance-paths
* config,v9: new config options rdma-ctrls-(snd|rcv)buf-size
* drbdadm,v9: fix segfault if proxy has no path
* drbd: increase maximum CPU mask size
* systemd: introduce drbd-graceful-shutdown.service
* drbdmeta,v9: fix regression, allow attach after offline resize
* drbdsetup,v9: add path established information to JSON status
* events2: terminate on module unload even under --poll
* events2: specif exit code if module unload
* docs: add spdx license file
* drbdmon: various smaller improvements
* drbdsetup,v9: support for TLS/kTLS
9.25.0
* drbdsetup,v9,show: fix meta disk format for json
* drbdmon: various updates
* build: fix RHEL6 spec builds
* drbdmeta: {hex,}dump superblock
* drbdmon: major rewrite
* build: gcc v12 cleanups
* misc: put locks into separate dir
* selinux: add fowner fsetsid, they dropped a global noaudit rule
9.24.0
* windrbd: various fixes
* v9: Support user-defined block-size
* doc,v9: improvements all over the place
* drbdadm,v9: implement drbdadm role <res:peer>
* drbdadm,v9: pass --verbose/--statistics to drbdsetup status
* drbd{adm,meta}: add repair-md subcommand
9.23.1
* drbdadm,v9,resync-after: fix too strict check
9.23.0
* drbdadm,v9,floating: fixup fake uname for 9.2.x strict_names=1
* drbdadm,v9,parser: fixup globs, also rm GNU libc specific extensions
* drbdadm,v9,parser: allow via outside-address for NATed peers
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We encountered a do_configure error when using dash on Ubuntu 20.04:
conftest.c:31:26: fatal error: Python.h: No such file or directory
31 | #include <Python.h>
| ^~~~~~~~~~
It seems that PYTHON_CPPFLAGS is not passed to configure command
correctly. Use configuration option --with-pythoncflags instead of
passing it in cmdline.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it uses gdbus-codegen from glib-2.0-native which depended
on python3-distutils-native until
https://lists.openembedded.org/g/openembedded-core/message/196136
but distutils on host was enforced by sanity check only until mickledore with:
https://git.openembedded.org/openembedded-core/commit/?id=8e3a5b0709384f2b455a82ac1e8e212686fe4456
so on hosts without distutils this was already failing with:
http://errors.yoctoproject.org/Errors/Details/754697/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import distutils.version
ModuleNotFoundError: No module named 'distutils'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
and the glib-2.0-native change only changes the dependency from
distutils to packaging which results in:
http://errors.yoctoproject.org/Errors/Details/754693/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import packaging.version
ModuleNotFoundError: No module named 'packaging'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
* packaging probably isn't as wide spread on host distros as old
distutils was, so make sure it's available by using
python3-native with python3-packaging-native from OE build
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes CVE-2023-50387 and CVE-2023-50868
Remove backported CVE patch.
Remove patch for lua as hardcoding lua version was removed.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: lib32-snort3-3+git-r0 do_populate_sysroot: QA Issue: snort.pc failed sanity test (tmpdir) in path lib32-snort3/3+git/sysroot-destdir/usr/lib/pkg
* it's broken for non-multilib builds as well, the issue is that
FLEX_CPPFLAGS points to native include dir, e.g.
FLEX_CPPFLAGS=-I/OE/../lib32-snort3/3+git/recipe-sysroot-native/usr/include
and the work around from:
9736478480
sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/pkgconfig/snort.pc
strips the "/OE/../lib32-snort3/3+git/recipe-sysroot" part in non-multilib
case, but leaves:
FLEX_CPPFLAGS=-I-native/usr/include
which is still wrong, but not detected by buildpaths QA check anymore
and in multilib case, this didn't strip the first part because the
target sysroot is:
"/OE/../lib32-snort3/3+git/lib32-recipe-sysroot"
so it didn't strip anything from native sysroot:
"/OE/../lib32-snort3/3+git/recipe-sysroot-native"
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
wavemon is an ncurses-based monitoring application for wireless network
devices on Linux.
We have to provide the path to libnl3 headers since the build system is
not able to find them.
In order to workaround a link issue with pthread library, we have to
add -pthread to CFLAGS in order to add the library after the object
file.
arm-none-linux-gnueabihf/bin/ld: info_scr.o: undefined reference to symbol 'pthread_mutex_trylock@@GLIBC_2.4'
[...]/wavemon/0.9.5-r0/recipe-sysroot/lib/libpthread.so.0: error adding symbols: DSO missing from command line
"We should mention the library on the command line after the object files being compiled" [1]
[1] https://stackoverflow.com/questions/19901934/libpthread-so-0-error-adding-symbols-dso-missing-from-command-line
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If llvm unwind is present then disable unwinding support since it will
not have all unw_* functions eg. unw_strerror
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort2 is legacy now.
See more: https://github.com/snort3/snort3
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort3 depends on it.
snort3 recipe will be provided in next commit.
See more: https://github.com/snort3/libdaq
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ERROR: samba-4.19.4-r0 do_package: QA Issue: samba: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/samba/domain_update.py
/usr/lib/python3.12/site-packages/samba/ntstatus.so
/usr/lib/python3.12/site-packages/samba/descriptor.py
......
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python 2 is long unsupported, so we no longer need this variable
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it does not match with our real head file form kernel.(net_dropmon.h)
net_dropmon.h in dropwatch local src/net_dropmon.h.
linux kernel also have it in include/uapi/linux/net_dropmon.h
for example,our kernel is linux5.10:
diff tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/recipe-sysroot/usr/
include/linux/net_dropmon.h tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/git/src/net_dropmon.h
1c1,3
<
95a94
> NET_DM_ATTR_REASON, /* string */
it will cause mismatch when we use dropwatch in older kernel version(v5.10),
will cause dropwatch and kernel drop_monitor module mismatch with netlink talk.
we should build it with header from sysroot which comes from matching
kernel.
Signed-off-by: chenheyun <chen_heyun@163.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In reproducible test, useradd config comes from static files:
meta-networking/files/static-{passwd,group}-meta-networking
Those files were not coherent :
* an unused "rasvd" was defined (a typo for "radvd")
* passwd referenced a unexisting group id.
This patch aligns static files to the USERADD_PARAM recipe value.
This will fix the errors seen during reproducibility tests:
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: radvd: useradd command did not succeed.
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: ExecutionError('/home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/run.useradd_sysroot.1178426', 1, None, None)
stdio: ERROR: Logfile of failure stored in: /home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/log.do_prepare_recipe_sysroot.1178426
stdio: ERROR: Task (/home/pokybuild/yocto-worker/reproducible-meta-oe/build/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb:do_prepare_recipe_sysroot) failed with exit code '1'
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Use "git archive" for the "make releasetar" process.
- Makefile.in: Add the releasecheck target.
- Cirrus CI: Add the "make releasecheck" command in the Linux task.
- INSTALL.md: Add missing files.
- Makefile.in: Add "make -s install" in the releasecheck target.
- Makefile.in: Add the whitespacecheck target.
- Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
- Makefile.in: Add some missing files in the distclean target.
- autoconf: Add autogen.sh, remove configure and config.h.in.
- autoconf: Require at least autoconf 2.69.
- autoconf: Address most warnings from Autoconf 2.71.
- autoconf: Update install-sh script to the latest available version.
- autoconf: Update config.{guess,sub}, timestamps 2024-01-01
- Fix a build error on Haiku.
- Do the version number the same way as in tcpdump and libpcap.
- Lose unused missing/strlcpy.c.
- Use posix_fadvise() on input files if available.
- Prefer calloc() over malloc().
- Fix --static-pcap-only test on Solaris 10.
- autoconf: replace --with-system-libpcap with --disable-local-libpcap.
- autoconf: Find a local libpcap even with rcX directory suffix
- configure: special-case macOS /usr/bin/pcap-config
- On Solaris, for 64-bit builds, use the 64-bit pcap-config.
- configure: don't use egrep, use $EGREP.
- Add some warning flags for Clang 13 or newer.
- Fix some warnings with -Wmissing-variable-declarations.
- Make various improvements to the instrument functions.
- autoconf: Remove many obsolete elements, including workarounds for BSD/OS,
IRIX, OSF/1, Solaris, Ultrix and possibly other OSes.
- autoconf: Refine reporting of os-proto.h.
- tcpslice(1): Use bold font more consistently.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- MS Windows portability improvements and some documentation improvements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
-Fixed #1105 which caused a SIGBUS on some some platforms due misaligned accesses.
-Fixed a problem when using absolute CMake target directories.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
DumpStateLog() calls LogMsgWithLevelv() with category == NULL, avoid
crashing in this case.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When adding scapy to core-image-base from poky those dependecies were
missing causing scapys start to fail.
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
-sharkd is not installed by the Windows installer.
-Fuzz job crash output: fuzz-2024-01-01-7740.pcap.
-Can't open a snoop file from the Open dialog box unless I select \"All files\" as the file type.
-Add s4607 dissector to \"decode as\"
-Updater for 4.2.1 hangs.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Dropwatch is a utility to help developers and system administrators to
diagnose problems in the Linux Networking stack, specifically their
ability to diagnose where packets are getting dropped.
References:
* https://github.com/nhorman/dropwatch
Signed-off-by: Christophe Vu-Brugier <christophe.vu-brugier@seagate.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes installed-vs-shipped when libdir in target is different than in
native python e.g. with multilib enabled:
ERROR: QA Issue: libtdb: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/tdb.so
/usr/lib/python3.12/site-packages/_tdb_text.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libtdb: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: QA Issue: libtalloc: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/talloc.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libtalloc: 1 installed and not shipped files. [installed-vs-shipped]
ERROR: QA Issue: libtevent: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/_tevent.so
/usr/lib/python3.12/site-packages/tevent.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-libtevent: 2 installed and not shipped files. [installed-vs-shipped]
* waflib has some fallback to query distutils when PYTHONARCHDIR isn't
set in environment as in:
84c26588fc
but this still returns wrong value from
print(get_python_lib(plat_specific=1, standard_lib=0, prefix='/usr'))
e.g.
/usr/lib/python3.12/site-packages
matching native layout instead of:
/usr/lib64/python3.12/site-packages
* python3targetconfig inherit breaks waflib as well as shown in config.log:
['libtdb/1.4.9/recipe-sysroot-native/usr/bin/python3-native/python3', '-c', "\ntry:\n\tfrom distutils.sysconfig import get_config_var, get_python_lib\nexcept ImportError:\n\tfrom sysconfig import get_config_var, get_path\n\tdef get_python_lib(*k, **kw):\n\t\tkeyword='platlib' if kw.get('plat_specific') else 'purelib'\n\t\tif 'prefix' in kw:\n\t\t\treturn get_path(keyword, vars={'installed_base': kw['prefix'], 'platbase': kw['prefix']})\n\t\treturn get_path(keyword)\n\nprint(repr(get_python_lib(standard_lib=0, prefix='/usr') or ''))"]
err: Traceback (most recent call last):
File "<string>", line 12, in <module>
File "<string>", line 9, in get_python_lib
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 636, in get_path
return get_paths(scheme, vars, expand)[name]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 626, in get_paths
return _expand_vars(scheme, vars)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 270, in _expand_vars
_extend_dict(vars, get_config_vars())
^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 728, in get_config_vars
_init_config_vars()
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 670, in _init_config_vars
_init_posix(_CONFIG_VARS)
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 536, in _init_posix
_temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ModuleNotFoundError: No module named '_sysconfigdata'
* setting PYTHONARCHDIR is simplest fix
* this also fixes libldb failure when it fails to find e.g. tevent after
these installed-vs-shipped issues instealled it in wrong libdir:
Checking for system tevent (>=0.15.0) : yes
Traceback (most recent call last):
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 159, in waf_entry_point
run_commands()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 255, in run_commands
ctx = run_command(cmd_name)
^^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 239, in run_command
ctx.execute()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Configure.py", line 159, in execute
super(ConfigurationContext, self).execute()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 214, in execute
self.recurse([os.path.dirname(g_module.root_path)])
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 296, in recurse
user_function(self)
File "lib32-libldb/2.8.0/ldb-2.8.0/wscript", line 54, in configure
conf.RECURSE('lib/tevent')
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 66, in fun
return f(*k, **kw)
^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 469, in RECURSE
return ctx.recurse(relpath)
^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 296, in recurse
user_function(self)
File "lib32-libldb/2.8.0/ldb-2.8.0/lib/tevent/wscript", line 51, in configure
conf.CHECK_BUNDLED_SYSTEM_PYTHON('pytevent', 'tevent', minversion=VERSION):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 66, in fun
return f(*k, **kw)
^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_bundled.py", line 270, in CHECK_BUNDLED_SYSTEM_PYTHON
if not found and not conf.LIB_MAY_BE_BUNDLED(libname):
^^^^^
UnboundLocalError: cannot access local variable 'found' where it is not associated with a value
and then it needs PYTHONARCHDIR as well to fix:
ERROR: libldb-2.8.0-r0 do_package: QA Issue: libldb: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/python3.12
/usr/lib/python3.12/site-packages
/usr/lib/python3.12/site-packages/_ldb_text.py
/usr/lib/python3.12/site-packages/ldb.so
/usr/lib/python3.12/site-packages/.debug
/usr/lib/python3.12/site-packages/.debug/ldb.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libldb: 7 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Error: Transaction test error:
file /usr/share/yang/ietf-interfaces.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.cortexa57 and frr-9.1-r1.cortexa57
libsmi also uses the doc 'ietf-interfaces.yang'.
libsmi has a priority of 50.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
* Multiple registers can now be dumped at once, via the generic dump
operation.
* Relax the driver matching to accept the strings used in kernels 6.2
and newer.
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
