================================================
NetworkManager-1.22.14
Overview of changes since NetworkManager-1.22.12
================================================
This is a new stable release of NetworkManager. Notable changes include:
* ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
property silently fails and a profile might accidentally not perform
any authentication (CVE-2020-10754).
* ifcfg-rh: handle 802-1x.pin properties.
================================================
NetworkManager-1.22.12
Overview of changes since NetworkManager-1.22.10
================================================
This is a new stable release of NetworkManager. Notable changes include:
* Fix a bug preventing lease renewal in the internal DHCP client.
* Add a new build option 'firewalld-zone'; when enabled,
NetworkManager installs a firewalld zone for connection sharing and
puts interfaces using IPv4 or IPv6 shared mode in this zone during
activation. The option is enabled by default.
Note that NetworkManager still calls to iptables to enable
masquerading and open needed ports for DHCP and DNS. The new option
is useful on systems using firewalld with the nftables backend,
where the iptables rules would not be sufficient.
* Support changing the MTU of OVS interfaces.
* Better handle a restart of ovsdb process.
* Support the 'no-reload' and 'trust-ad' resolv.conf options.
* Various minor bug fixes and improvements.
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Source: net-snmp.org
MR: 104509
Type: Security Fix
Disposition: Backport from 5f881d3bf2
ChangeID: 206d822029d48d904864f23fd1b1af69dffc26c8
Description:
Fixes CVE-2019-20892 which affect net-snmp <= 5.8pre1
Had to fix up some file do to later code restructioning.
"int refcnt;" addition was done in include/net-snmp/library/snmpusm.h
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Main new features of netplan release 0.99:
- YAML parser is now in a separate library named libnetplan
- Systemd unit file for launching WPA Supplicant with netplan
configuration is now generated at runtime
See here for a full comparison:
https://github.com/CanonicalLtd/netplan/compare/0.98...0.99
Signed-off-by: Jacopo Dall'Aglio <jacopo.dallaglio@kynetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
>From [1]
* Increase cache buffers size to accomodate VLAN edits (#594)
* Correct L2 header length to correct IP header offset (#583)
* Fix warnings from gcc version 10 (#580)
* Heap Buffer Overflow in randomize_iparp (#579)
* Use after free in get_ipv6_next (#578)
* Heap Buffer Overflow in git_ipv6_next (#576)
* Call pcap_freecode() on pcap_compile() (#572)
* Increase max snaplen to 262144 (#571)
* Fix divide by zero in fuzzing (#570)
* Unique IP repeats at very high iteration counts (#566)
* Fails to compile on FreeBSD amd64 13.0 (#558)
* Heap Buffer Overflow in do_checksum (#556) (#577)
* Attempt to correct corrupt pcap files, if possible (#557)
* Fix GCC v10 warnings (#555)
* Remove some duplicated SOURCES entries (#551)
* Expand /dev/bpfX hard limit to fix macOS Mojave (#550)
* Implement --loopdelay-ms when using --loop=0 (#546)
* Heap overflow packet2tree and get_l2len (#530)
[1] https://github.com/appneta/tcpreplay/releases
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
https://samba.org seems to be gone, switch to https://www.samba.org
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The "ssl" PACKAGECONFIG setting contains WITH_EC_OFF instead of
WITH_EC=OFF, resulting in a build break when "ssl" is not set.
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As ??= assignment will be overwritten by += in any case,
one can't define a default of PACKAGECONFIG in this recipe.
Using _append instead mitigates chances of accidental overwriting
the default
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-0001-chdeck-for-gettid-API-during-configure.patch
Removed since this is included in 2.9.16
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refreshed patches for 5.8 due to the following:
ERROR: net-snmp-5.8-r0 do_patch: Command Error: 'quilt --quiltrc .../net-snmp/5.8-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output:
Applying patch 0001-Add-pkg-config-support-for-building-applications-and.patch
patching file configure
...
Hunk #1 succeeded at 32248 with fuzz 2 (offset 1826 lines).
Hunk #2 FAILED at 31447.
1 out of 2 hunks FAILED -- rejects in file configure
...
Patch 0001-Add-pkg-config-support-for-building-applications-and.patch does not apply (enforce with -f)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Full changelog:
Version 5.0 - 4/22/2020
Major security updates. The key exchange and key derivation algorithms
were modified and supported algorithms were pruned using TLS 1.3 as a
basis. This includes:
- HKDF used in multiple stages for key derivation from raw shared secrets.
- Included addtional context in key derivation and signatures to protect
against replay attacks and downgrade attacks.
- Reduced set of supported EC curves to those supported by TLS 1.3
- Removed RSA key exchange which does not provide perfect forward secrecy.
All key exchanges now use ECDH.
- Removed support for SHA-1 hashes in key exchanges.
- Supported symmetric ciphers are AES in AEAD mode (GCM or CCM).
- Increased supported RSA key sizes
Encrypted sessions are now enabled by default. It can be disabled by
specifying "none" for the key type in the server's -Y option.
Backward compatibility retained for version 4.x in clients and proxies.
When communicating with a 4.x server, only allow algorithms and key
exchange modes permitted in the new version.
Clients and proxies no longer need to use signature keys that match the
type and size used by the server. As a result, the -k and -K options to
the client now only accept a single key instead of multiple. The proxy
still supports multiple keys for 4.x compatibility, however only the first
key listed is used for any version 5.x session.
Proxies now send their keys in a separate message instead of injecting them
in the ANNOUNCE sent by the server. This allows clients to be fully
aware of proixes and allows them to authenticate servers and proxies
separately.
Format of client's server list modified to specify the proxy that a server
communicates through. Fingerprints listed in this file now always
specify the server as opposed to having the proxy's key in some cases.
Added -R option to client to specify a list of proxies along with their
public key fingerprints. The old use of -R to specify a version 4.x
response proxy has moved to -r.
Previously, using -S in the client or proxy to specify a server list would
automatically enable source specific multicast (SSM). The use of SSM is
now enabled separately via the -o option on both the client and proxy.
Fixed a bug that caused ECDSA signatures created on Linux with curve
secp521r1 from being verified successfully on Windows.
Fixed cleanup on clients and proxies to prevent occasional crashes on
shutdown under Windows.
Update timstamps in messages to use 64-bit microseconds since the epoch,
addressing Y2038 issues.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Make sure PNBLACKLIST assignments in recipe files use weak assignment,
so they can be overridden in, for example, local.conf files.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-dnsmasq/0001-dnsmasq-fix-build-against-5.2-headers.patch
-dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch
Removed since these are included in 2.81
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it needs to link with libsystemd when using systemd as init system
Fixes
Package libsystemd was not found in the pkg-config search path.
Perhaps you should add the directory containing `libsystemd.pc'
to the PKG_CONFIG_PATH environment variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a security release in order to address the following defects:
CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes building TCPDump without OpenSSL. Current version does not
recognize the option --without-openssl.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It is unnecessary, and libbsd uses the "BSD-4-Clause" license, which can
be problematic.
To make it deterministic, a patch is introduced to allow libbsd support
to be disabled. It resembles similar patches in, e.g., libldb,
libtalloc, libtdb and libtevent.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Release 4.4.0 of wolfSSL embedded TLS has bug fixes, new features
and fixes for security vulnerabilities.
See full changelog https://github.com/wolfSSL/wolfssl/releases/tag/v4.4.0-stablefixes
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are some shell scripts such as kea-admin,
upgrade_4.0_to_5.0.sh, wipe_data.sh and etc contain
build path.
Actually the build path is meanlingless on the target,
so replace abs_top_builddir to abs_top_builddir_placeholder
to avoid expanding abs_top_builddir which introduces
build path.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commit 89d86b96f8 which tries to fix
the installation issue for ostree introduces a recursive dependency
issue. When installing the postfix package on target via online
repository, the postinst function for postfix-cfg package needs
newaliases but this command is from postfix package which causes an
error:
Configuring postfix-cfg.
/var/lib/opkg/info/postfix-cfg.postinst: line 9: newaliases: not found
pkg_run_script: package "postfix-cfg" postinst script returned status 127.
Split a new package postfix-bin from postfix and make it as the runtime
dependency for postfix-cfg.
Set USERADD_PACKAGES to ${PN}-bin to avoid image do_rootfs warnings when
installing postfix via IMAGE_INSTALL:
[log_check] warning: group postdrop does not exist - using root
[log_check] warning: user postfix does not exist - using root
Set ALTERNATIVE to ${PN}-bin to make sure the newaliases symbolic link
is installed before installing postfix-cfg.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This gets it in sync with libhugetlbfs which according to the comment,
is supposed to be correct.
Signed-off-by: Drew Moseley <drew.moseley@northern.tech>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This includes:
Version 4.10.2
Fixed security issue where using sha384 or sha512 would set encryption keys
to all bytes 0
When using ECDH key exchange with closed group membership, an incorrect
signature would be applied to the ANNOUCE message, causing the session
to fail. Bug fixes.
Relaxed server side checks on the type of key supplied by a client when not
using public key signatures on all messages. This will assist in the
upgrade process to the upcoming version 5.0.
Fixed various small memory leaks
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Nbdkit uses plugins to add more sources of data for nbd client.
Nbdkit can also spawn nbd-client, uses unix or network socket to
communicate with client, uses different plugins to serve data for nbd
device eg. curl, file, custom plugins in many languages (perl, python)
and some others.
Fix build when printf is a macro instead of function
Use BSD-3-Clause for license
inherit bash-completion so these are packaged correctly
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License has been changed due to date time, no new stuff added.
delete source patch reproducibility-respect-source-date-epoch.patch
for new version source tree contains it.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for NVM-Express target user space configuration utility. It
contains a command line interface to the NVMe over Fabrics nvmet in
the Linux kernel. It allows configuring the nvmet interactively as well
as saving/restoring the configuration to/from a json file.
Signed-off-by: Jonathan Richardson <jonathan.richardson@broadcom.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As per discussed in a previous email under the subject "Regarding
poppler auto PACKAGECONFIG when qt5-layer exists", adding a layer
but not using it should not change PACKAGECONFIG automatically. It
may result unexpected error.
Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently miniupnpd.service fails to start
without miniupnpd_functions.sh in rootfs
Signed-off-by: Vinothkumar <vinothkumar_baskaran@comcast.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the following manpage conflicts:
* check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man1/tftp.1
But that file is already provided by package * tftp-hpa-doc
* check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man8/tftpd.8
But that file is already provided by package * tftp-hpa-doc
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the following manpage installation conflict:
* check_data_file_clashes: Package netkit-telnet-doc wants to install file /usr/share/man/man8/telnetd.8
But that file is already provided by package * inetutils-doc
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When S is pointing to a level up, it calls clean target which also tries
to clean the module build objects, which causes make clean to misnehave
since the env is not set to build module and it tries to reach out to
/lib/modules dir on host
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This recipe fetches from debian archives, therefore we need logic to
apply the patches which are part of tarball
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix error:
Fetcher failure: Repository
git://github.com/FreeRADIUS/freeradius-server.git has LFS content,
install git-lfs on host to download (or set lfs=0 to ignore it)
upstream has file .lfsconfig to make it not download lfs files by
default, so we also don't download it by default
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
>From [1]:
=======================================================
NetworkManager-openvpn-1.8.12
Overview of changes since NetworkManager-openvpn-1.8.10
=======================================================
* The auth helper in external UI mode can now be run without a display
server. Future nmcli version will utilize this for handling the
secrets without a graphical desktop.
* libnm-glib compatibility (NetworkManager < 1.0) is disabled by default.
It can be enabled by passing --with-libnm-glib to configure script.
Nobody should need it by now. Users that still use this are encouraged
to let us know before the libnm-glib support is removed for good.
* Add support for the following OpenVPN options: tls-version-min,
tls-version-max, compress.
* Support inline CRL blobs during import.
* Allow option mssfix to be set to zero.
* Update Catalan, Czech, Danish, Dutch, Friulian, Hungarian,
Indonesian, Italian, Polish, Serbian, Spanish, Swedish and Ukrainian
translations.
[1] http://ftp.gnome.org/pub/gnome/sources/NetworkManager-openvpn/1.8/NetworkManager-openvpn-1.8.12.news
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-waf-add-support-of-cross_compile.patch
removed since it's not available for 1.4.3
refresh tdb-Add-configure-options-for-packages.patch
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
arptables-init-busybox.patch
arptables-remove-bashism.patch
removed since they are not available in 0.0.5
refresh 0001-Use-ARPCFLAGS-for-package-specific-compiler-flags.patch
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang isn't suppressing warnings from system headers like it should
Fixes
../../git/libknet/transport_udp.c:326:48: error: comparison of integers of different signs: 'unsigned long' and 'int' [-Werror,-Wsign-compare]
for (cmsg = CMSG_FIRSTHDR(&msg);cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
^~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rationale can be found in the Debian packaging (debian/changelog):
Revert change enabling SRV functionality, it is disabled by default
upstream and of little benefit to any end user, but adds reasonable
complexity to the code.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- rebased patches
- added two more small patches
- Option --enable-polkit-agent is not available with current NM, removed
- Option --with-libnm-glib is not available with current NM, removed
- New package NM-cloud-setup for new experimental cloud setup feature
- NM tries to re-license from GPL to LGPL, added LGPL to LICENSES
- Removed empty packages libnmutil libnmglib libnmglib-vpn
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
net-snmp/net-snmp-config.h:
- encodes type sizes
- encodes pathing into the libdir
net-snmp-config:
- encodes build configuration data and lib pathing.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
macro-prefix-map points to build WORKDIR which will
cause reproducibilty failures.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version.h contains the configure options passed during the build
which differs between multilibs
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version.h contains the options passed to configure, which includes
the path to the recipe-sysroot on the build host.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Drop unused 0001-dlm-fix-package-qa-error.patch
- Merge appends into main task
- remove explicitly mentioning systemd in deps, systemd bbclass will add it
- Add a patch to fix install using cp cmd to preserve file permissions
Fixes
dlm: /usr/lib/libdlmcontrol.so.3 is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* because sysdig from meta-oe depends on it now, since:
commit ed798c7643
Author: Khem Raj <raj.khem@gmail.com>
Date: Wed Jan 2 17:59:20 2019 -0800
sysdig: Upgrade to 0.26.5
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Building an SDK with this included fails:
* calculate_dependencies_for: Cannot satisfy the following dependencies for ncp-dev:
* libowfat (= 0.32-r0) *
* opkg_solver_install: Cannot install package ncp-dev.
libowfat only provides a static library, so there no
${PN} package is created by default.
Add ALLOW_EMPTY_${PN} = "1" to allow creation of an empty
${PN} package.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| DEBUG: Executing shell function autotools_preconfigure
| NOTE: make clean
| (cd ftp && make clean)
| make[1]: Entering directory '/project/tmp/work/i586-oe-linux/netkit-ftp/0.17-r0/netkit-ftp-0.17/ftp'
| Makefile:3: ../MCONFIG: No such file or directory
| make[1]: *** No rule to make target '../MCONFIG'. Stop.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-librdmacm-Use-sched_yield-instead-of-pthread_yield.patch
removed because it is included in 28.0.
refresh 0001-Remove-man-files-which-cant-be-built.patch
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ipmi_serial_bmc_emu.c-include-readline.h-from-readli.patch
removed because it is included in 2.0.28.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Open-LLDP provides a Link Layer Discovery Protocol agent that supports
DCB (Data Center Bridging). The tc utility from iproute is needed to
manipulate traffic control settings in the kernel.
Signed-off-by: Jonathan Richardson <jonathan.richardson@broadcom.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nodejs from meta-oe depends on this since:
commit 76dd3dac1f
Author: André Draszik <git@andred.net>
Date: Tue Oct 29 16:42:24 2019 +0000
nodejs: allow use of system c-ares (and make default)
Use system c-ares via PACKAGECONFIG by default. So far,
nodejs had been built using its embedded copy of c-ares,
which we generally try to avoid, for the known reasons
(independent updates, cve & license checks, etc).
Notes:
* otherwise nodejs uses its bundled version of c-ares
* the PACKAGECONFIG variable is 'ares' so as to be in
line with other uses of this (wget & curl recipes in
OE core)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Package-owned tmpfiles snippets belong in /usr/lib/tmpfiles.d,
/etc/tmpfiles.d is for administrator customisations.
Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openconnect puts the default absolute path to the vpnc-script into
its binary from the --with-vpnc-script configure options.
So do not prepend the value with the path to the OE sysroot.
RDEPEND on vpnc-script to have the script from vpnc installed on target.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vpnc-script can be used unchanged with the openconnect package. Provide
it in its own package and make vpnc RDEPEND on it.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Apple's default implementation of the Posix backend for mDNSResponder
has a number of weaknesses. Address several of them, most notably:
* Improve interface tracking, preventing confusion to mdns's state
machine. Prevents spurious removal/republication cycles whenever
network interfaces are added or removed.
* Support network interfaces whose indeces are great than 31. Indices
grow past that range surprisingly quickly, especially with multi-
homed, mobile, wifi, Bluetooth, VPN, VLANs, or other interfaces
present.
* Correctly handle edge cases during removal of a network interface.
The fixes are kept as a patch series for clarity.
Signed-off-by: Matt Hoosier <matt.hoosier@garmin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nng is the nanomsg project's rewrite of their libnanomsg library. Just
like nanomsg it is a socket library that provides several common
communication patterns.
Unlike nanomsg it does not normally provide a number of tools and we do
not attempt to add them here. We allow for optional mbedtls support.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
dnssec-conf relies heavily on python2 code and was not updated since
2010.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update recipe to include support for python3. Introduce a patch which
converts samples to utilize pytho3 on the target.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This aids cross-building, otherwise configure goes into weeks to find
these especially python-config and starts to poke at host files e.g.
if /etc/debian_release exists then it errors out, but if it does not
then it deploys a workaround and continues build, as a result we see
ntop fail the build on debian-like build hosts but not on others eg.
archlinux
Ensure that linking with libpython happens therefore use
python3-config --libs --embed
Fixes
checking for arm-yoe-linux-gnueabi-python-config... no
checking for python-config... no
Please install python-dev and rerun configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
coreutils-native tool dependency was implicitly met while building with
source GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
gettext tool dependency was implicitly met while building with source
GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As TARGET_PREFIX may vary from source GCC tool-set to external GCC
tool-set. Also, libtool-cross is installed in recipe sysroot using
HOST_SYS variable only.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
flex-native tool dependency was implicitly met while building with
source GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change makes the parsing go though, we still might have build
issues, which will be reported in world builds seprately
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-files/0001-dhcpcd-Fix-build-error-with-musl.patch
Removed since this is included in 8.1.5.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport the CVE patch from the upstream to fix the memory leak.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
plugins tab and about dialog have created dependency with commit[1]
this fails to build when qt5 is in bblayers
Fixes
wireshark-3.2.0/ui/qt/about_dialog.cpp:137:29: error: 'plugins_add_description' was not declared in this scope; did you mean 'plugins_get_descriptions'?
137 | extcap_get_descriptions(plugins_add_description, &plugin_data);
| ^~~~~~~~~~~~~~~~~~~~~~~
| plugins_get_descriptions
[1] 5dfde7ff83
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-gcc-6-conflicts-signbit.patch
Removed since they are included in 4.9.0
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes:
CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
See: https://www.samba.org/samba/history/samba-4.10.11.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The current NTP server responds to mode 6 queries from any clients.
Devices that respond to these queries have the potential to be used in
NTP amplification attacks. An unauthenticated, remote attacker could
potentially exploit this, via a specially crafted mode 6 query, to cause
a reflected denial of service condition.
See: https://www.tenable.com/plugins/nessus/97861https://scan.shadowserver.org/ntpversion/
Update ntp.conf to restrict NTP mode 6 queries.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Guest accounts for Samba are a known potential vulnerability
(see https://www.tenable.com/plugins/nessus/26919) where info
about the host can be obtained without proper access. The option
"map to guest = bad user" allows login attempts with usernames
that don't exist to map to the guest account, while the
"restrict anonymous" value (implicitly set to 0 before this patch)
would allow any queries to obtain user and group list information.
Raise the default security level by setting "restrict anonymous"
to "1" and "map to guest" to "never" to avoid providing user/group
info to unauthenticated users and reject login attempts with an
invalid password, respectively.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
error: 'runtime_error' is not a member of 'std'
throw std::runtime_error("Allocation error.");
^~~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ERROR: firewalld-0.7.2-r0 do_package: QA Issue: firewalld: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/firewalld
/usr/lib/firewalld/zones
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It shows an warning of openl2tp in systemd log:
| /lib/systemd/system/openl2tpd.service:8: PIDFile= references a path
| below legacy directory /var/run/, updating /var/run/openl2tpd.pid →
| /run/openl2tpd.pid; please update the unit file accordingly.
Update the systemd service file to fix the warning.
Update SRC_URI as well that the homepage openl2tp.org has been closed.
Use archived file on sourceforge instead.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fill out PACKAGECONFIG options for json, mini-gmp, readline and xtables
whilst matching existing behaviour. Drop PACKAGECONFIG to weak default.
Fix upstream version matching so the very old 0.099 is rejected as the
newest version.
Drop seemingly redundant ASNEEDED which was added in 5477d5bcb7
("nftables: Upgrade to 0.7") without explanation.
Package python files from libdir not libdir_native; whilst they're the
same thing, building a target package with native variables is odd.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
/usr/src/debug/rdma-core/26.1-r0/git/librdmacm/rsocket.c:3041: undefined reference to `pthread_yield'
collect2: error: ld returned 1 exit status
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Kai Kang <kai.kang@windriver.com>
Upgrade rdma-core from 18.1 to 27.0
* remove 4 patches which have been merged by upstream
* update context and remove more unbuildable manual in
0001-Remove-man-files-which-cant-be-built.patch
* set services file for systemd
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This helps in avoiding packaging errors seen with distros enabling
multilib
Fixes
ERROR: grpc-1.24.3-r0 do_package: QA Issue: grpc: Files/directories were installed but not shipped in any package:
/usr/lib/libgrpc++.so.1.24.3
...
/usr/lib/cmake
/usr/lib/cmake/grpc
/usr/lib/cmake/grpc/gRPCConfigVersion.cmake
/usr/lib/cmake/grpc/gRPCConfig.cmake
/usr/lib/cmake/grpc/gRPCTargets-noconfig.cmake
/usr/lib/cmake/grpc/gRPCTargets.cmake
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or de
lete them within do_install.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix corosync build error when package config rdma enabled.
* replace dependency librdmacm from layer meta-cloud-services with
rdma-core from meta-networking
* add patch to fix issue that fail to find rdma library via pkgconfig
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
>From https://hewlettpackard.github.io/netperf/doc/netperf.html:
Other optional configure-time settings include --enable-intervals=yes to give
netperf the ability to “pace” its _STREAM tests and --enable-histogram=yes to
have netperf keep a histogram of interesting times.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libappindicator is a library to allow applications to export a menu into
the Unity Menu bar. Unity is not supported in openembedded, so disable
appindicator support for blueman.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Canonical's Netplan is a network configuration abstraction renderer written in
Python. It's compatible with NetworkManager and systemd-networkd.
Signed-off-by: Jacopo Dall'Aglio <jacopo.dallaglio@kynetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
A ntpdc is a special NTP query program. It shouldn't be part of ntp-utils
which is depending on perl.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Previously the kernel module was only pulled in for ${PN}-utils and
${PN}-ptest, but not for the library itself. As a result, appsexternal
to this recipe using only the library fail because kernel module is
not installed in the image.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch PACKAGECONFIG from man to manpages so we are included when
api-documentation is set. Ensure correct tools are available to build
the documentation and avoid unsupported option failures by not passing
`--enable-man-doc`.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
we install dnsmasq under /usr/bin by default, correct
the path in comments.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
do_install never executed as a result it was empty install
Create ruli-bin package for utilities, so libraries can be packages
granularily
Drop the makefile patch which is no longer needed, set the make
variables to get the needed bits set
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The 84-nm-drivers.rules is not required for systemd-udevd versions
v210 and later. The file has been split into a separate file so
distributions with a new enough systemd version can drop it. See
also:
1e03758262
I noticed this while investigating into a warning show during
bootup:
/usr/lib/udev/rules.d/84-nm-drivers.rules:10 Invalid value "/bin/sh -c
'ethtool -i $1 | sed -n s/^driver:\ //p' -- $env{INTERFACE}" for PROGRAM
(char 24: invalid substitution type), ignoring, but please fix it.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang does delegate the atomic<double> calls to libatomic on x86 where
as gcc tries to use intrinsics, its debatable who is right, but it does
seem that clang is safe in case pointer is unaligned
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It was only added because samba was a dependency, but was not removed
again when the dependency on samba was removed in commit 6207331f.
This effectively reverts commit a190c2e3.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Balik <martin.balik@siemens.com>
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Mbed TLS 2.16.3 is a maintenance release of the Mbed TLS 2.16 branch, and
provides bug fixes and minor enhancements.
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.3
Most importantly, this fixes breakage on ARMv5TE platforms:
* Fix the build on ARMv5TE in ARM mode to not use assembly instructions that
are only available in Thumb mode.
https://github.com/ARMmbed/mbedtls/pull/2169
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes:
CVE-2019-10218: Client code can return filenames containing path
separators.
CVE-2019-14833: Samba AD DC check password script does not receive the
full password.
CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
server via dirsync.
See: https://www.samba.org/samba/history/samba-4.10.10.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update-rc.d complains if no sysvinit script is present. This happens
in hybrid systemd/sysvinit builds, because autofs does not install
the init script if configured with '--with-systemd'.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The configure script used by autofs tries to detect paths on the
build system. Avoid it by presetting fixed values.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| chmod: cannot access '.../image/etc/sudoers.d': No such file or directory
| sed: can't read .../image/usr/bin/samba-tool: No such file or directory
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nghttp2 also provides http client, server, and proxy.
Add the necessary DEPENDS and build flags to enable those.
They are all packaged into individual packages, with
'nghttp2' being a meta-package now and pulling in all
of the above three applications.
The shared library itself (the only part that this recipe
had been building so far), is also being split into its
own package, meaning existing users shouldn't be affected,
as nobody should have an RDEPENDS on 'nghttp2' at the
moment (due to bitbake's shlibs dependency tracking).
The deflatehd and inflatehd binaries have been completely
dropped, as they are (header) test applications for HTTP/2.
Debian doesn't ship them either.
The python script fetch-ocsp-response is (only) needed
by the proxy, and itself calls out to openssl. We can easily
make this python3 using a simple patch, though.
Minor additional fixes:
* sort DEPENDS alphabetically
* drop python-dir, this is implied by pythonnative
* inherit manpages so as to benefit from man-db processing
(note that manpages are not generated here, we just want
the automatic update of the package index caches)
We need to add a PACKAGECONFIG, as manpages.bbclass
requires it to be present, even though nghttp2
unconditionally installs them
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This was added incorrectly in the previous recipe update
and doesn't actually work.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This ensures that when libc does not include stdint.h indirectly then it
still can compile
Fixes
| ../include/protocols/rwhod.h:57:2: error: unknown type name 'int32_t'; did you mean 'uint32_t'?
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes a race condition e.g.
testminissdp.c:15:10: fatal error: config.h: No such file or directory
15 | #include "config.h"
| ^~~~~~~~~~
compilation terminated.
<builtin>: recipe for target 'testminissdp.o' failed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1) Upgrade iscsi-initiator-utils from 2.0.877 to 2.0.878.
2) Remove patches have been merged in 2.0.878.
0001-Fix-i586-build-issues-with-string-length-overflow.patch
0001-Make-iscsid-systemd-usage-optional.patch
0001-Use-pkg-config-in-Makefiles-for-newer-libraries.patch
3) Fix DEPENDS and EXTRA_OECONF for systemd as in new version systemd is default on.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1) Upgrade pure-ftpd from 1.0.47 to 1.0.49.
2) Update LIC_FILES_CHKSUM as date has been changed.
3) Update 0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch for 1.0.49.
4) Delete "--with-minimal" to fix error as follows:
/usr/src/debug/pure-ftpd/1.0.49-r0/build/src/../../pure-ftpd-1.0.49/src/ls.c:1080: undefined reference to `modernformat'
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-When compiling version 5.1.6 on musl, the following error occurs:
| In file included from defaults.c:32:
| ../include/log.h:49:8: error: unknown type name 'pid_t'
-Add autofs/0001-Bug-fix-for-pid_t-not-found-on-musl.patch to fix it.
-Refresh the following patch:
autofs/0001-Do-not-hardcode-path-for-pkg.m4.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When launch blueman-manager while bluetooth is disable, it may fails
with error:
Failed to enable bluetooth
Because when get bluetooth status right after change its status, the
status may not be updated that plugin applet/KillSwitch.py sets the
bluetooth status via method of another dbus service which doesn't return
immediately.
Provides a new dbus method for PowerManager which checks whether dbus
method SetBluetoothStatus() has finished. Then it makes sure to get
right bluetooth status.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This postinst can fail depending on host setup, which makes non-deterministic
build on different host.
Use postinst ontarget to always fail at do_rootfs and rerun at target first
boot.
In this situation, remove postfix-native from PACKAGE_WRITE_DEPS
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In postinst of ${PN}, call newaliases on etc may fail at do_rootfs
due to host setup. If fail, the postinst will rerun at target first
boot which cause update-alternatives in postinst rerun.
For ostree system, /usr is readonly, /etc is writable, the
update-alternatives will be failed when run on target since it
needs write files in /usr. Split the postinst into two packages
can fix the problem:
* update-alternatives runs at do_rootfs
* newaliases runs at do_rootfs or first boot, it needs write files
in /etc when run at first boot, while /etc is writable for ostree.
For non-ostree, everything will be OK as normal
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of spice-protocol is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of libmemcached is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of radiusclient is BSD-3-Clause and
BSD-2-Clause and HPND.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of freediameter is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of netkit-telnet is BSD-4-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of netkit-rwho is BSD-4-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of netkit-rusers is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of netkit-ftp is BSD-4-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The License of corosync is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
radiusd.service references a legacy path for its PIDFile, which
results in a warning at boot:
systemd[1]: /lib/systemd/system/radiusd.service:7: PIDFile= references a path
below legacy directory /var/run/, updating /var/run/radiusd/radiusd.pid →
/run/radiusd/radiusd.pid; please update the unit file accordingly.
Modify the recipe's radiusd.service file to use the correct path.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Multiple quagga service files are causing the following type of message to
appear during boot:
/lib/systemd/system/zebra.service:10: PIDFile= references a path below legacy
directory /var/run/, updating /var/run/quagga/zebra.pid → /run/quagga/zebra.pid;
please update the unit file accordingly.
Update the service files included as part of the recipe to use /run instead of
/var/run as the PIDFile path.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Strongswan installs a signal handler for SIGSEGV, SIGILL, and SIGBUS
which attempts to print a stack trace of the crash. For producing line
numbers in the stack trace, it can use libbfd from binutils, or
libunwind, or else it falls back to a slower method using
/usr/bin/addr2line.
Currently the addr2line method is unlikely to actually work, since there
is no RDEPENDS to pull that command into the image.
This patch adds a PACKAGECONFIG to enable the libbfd-based stack traces,
which is likely the best alternative since binutils is already required
for building everything, and it will be faster than the addr2line method
(which requires addr2line and libbfd anyway).
Signed-off-by: Khem Raj <raj.khem@gmail.com>
After upgrade to 1.7.0, path of database file changed from
/var/kea to /var/lib/kea, correct the path to fix service
start failed problem
DHCP6_CONFIG_LOAD_FAIL configuration error using file:
/etc/kea/kea-dhcp6.conf, reason: Unable to open database:
unable to open '/var/lib/kea/kea-leases6.csv'
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use the systemd class to correctly plug the package into the systemd
infrastructure.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We already depend on systemd in DISTRO_FEATURES so adding it to
RDEPENDS is redundant. We also rdepend on two python packages, so
there's no need to explicitly depend on python3.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use distro_features_check to check for systemd in DISTRO_FEATURES
instead of a hand-crafted python function.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since it is not used in the tcpdump recipe anymore.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: Copyright year updated to 2019.
-fetchmail/02_remove_SSLv3.patch
Removed since this is included in 6.4.1.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I have no idea if this is the right thing to do, but without the patch I
can't actually buil OE because none of these layers are compatible
with the change in openembedded-core to move to zeus.
Fixes: a5c9709b8d ("layer.conf: Update for zeus series") # openembedded-core
Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
freeradius fails to build for armv5:
| *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
| *** libfreeradius-server.so is not portable!
|
| *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
| *** libfreeradius-eap.so is not portable!
path -Wl,/yow-lpggp31/tgamblin/freeradius.build/tmp-glibc/work/armv5e-oe-linux-gnueabi/freeradius/3.0.19-r0/git/build/lib/local//.libs
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_compare_exchange_8'
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_load_8'
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_store_8'
| collect2: error: ld returned 1 exit status
| scripts/boiler.mk:630: recipe for target 'build/bin/local/radeapclient' failed
Explicitly link libatomic to fix the issue.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
upb dependency needs to fed as source, since it lacks the CMake based
external module builds like some other deps
Forward port the cross lib installation patch
Drop gettid patch as it was a backport which is in this revision
Link with libatomic on mips
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade adds some new features and fixes numerous bugs including
the following CVEs:
CVE: CVE-2017-16808 (AoE)
CVE: CVE-2018-14468 (FrameRelay)
CVE: CVE-2018-14469 (IKEv1)
CVE: CVE-2018-14470 (BABEL)
CVE: CVE-2018-14466 (AFS/RX)
CVE: CVE-2018-14461 (LDP)
CVE: CVE-2018-14462 (ICMP)
CVE: CVE-2018-14465 (RSVP)
CVE: CVE-2018-14881 (BGP)
CVE: CVE-2018-14464 (LMP)
CVE: CVE-2018-14463 (VRRP)
CVE: CVE-2018-14467 (BGP)
CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
CVE: CVE-2018-10105 (SMB - too unreliably reproduced,
SMB printing disabled)
CVE: CVE-2018-14880 (OSPF6)
CVE: CVE-2018-16451 (SMB)
CVE: CVE-2018-14882 (RPL)
CVE: CVE-2018-16227 (802.11)
CVE: CVE-2018-16229 (DCCP)
CVE: CVE-2018-16301 (was fixed in libpcap)
CVE: CVE-2018-16230 (BGP)
CVE: CVE-2018-16452 (SMB)
CVE: CVE-2018-16300 (BGP)
CVE: CVE-2018-16228 (HNCP)
CVE: CVE-2019-15166 (LMP)
CVE: CVE-2019-15167 (VRRP)
CVE: CVE-2018-14879 (tcpdump -V)
Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since the fix is included in the upgrade.
Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch",
"unnecessary-to-check-libpcap.patch", and "add-ptest.path" since
the upgrade renamed configure.in to configure.ac and made changes
to the file.
Added PACKAGECONFIG for smb. It is disabled by default in
the upgraded version in both the package's configure script and this
bitbake recipe since it is insecure.
Modified the parsing of ptest result to align with the new output
format.
With core-image-minimal on qemux86-64/kvm:
Recipe | Passed | Failed | Skipped | Time(s)
Before | 408 | 0 | 2 | 4
After | 431 | 11 | 2 | 10
11 test failed after the upgrade since libpcap is not upgraded
alongside with tcpdump.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
According to configure.ac, make install might fail when run with multiple jobs:
$ tail -15 log.do_configure
...
When running "make install" do not use any form of parallel or job
server options (such as GNU make's -j option). Doing so may cause
errors.
...
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These are needed for other packages which want to link against
libstrongswan or other libraries included with Strongswan.
By default, no headers are installed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add qttools-native to PACKAGECONFIG[qt5] DEPENDS to resolve missing
Qt5LinguistTools build error.
Add qtmultimedia to PACKAGECONFIG[qt5] DEPENDS to resolve missing
Qt5Multimedia build error.
Add qtsvg to PACKAGECONFIG[qt5] DEPENDS to resolve missing Qt5Svg build
error.
Inherit cmake_qt5 when qt5 is in PACKAGECONFIG to resolve
get_target_property() called with non-existent target "Qt5::qmake"
build error.
Automatically add qt5 to PACKAGECONFIG when meta-qt5 is in the build
since adding qt5 via a .bbappend won't satisfy the conditional inherit
cmake_qt5. The poppler recipe does exactly this.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts commit 5f32fd6b08.
* fixed by restricting -Wno-error=address-of-packed-member only for
target, spice-native is still useful for qemu-native when spice
PACKAGECONFIG is enabled
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* with older native gcc on host this will break spice-native with:
cc1: error: -Werror=address-of-packed-member: no option -Waddress-of-packed-member
because older gcc doesn't recognize address-of-packed-member warning
to work around this ignore them all
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
some plugins are installed into libdir/opensaf but we were making a copy
into libdir as well, this patch changes that so the packaged files are
appearing only once
create_empty_library should be using cross compiler with linker flags,
existig code in this area is not cross compile friendly
skip dev-so QA test since some .so are stubs which are packages in PN
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove perl-lib since it had been removed by oe-core:
commit 68552c353255188de3d5b42135360a30e7eac535
Author: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Sun Dec 2 12:46:37 2018 +0100
perl: remove the previous version of the recipe
Now the files are in perl pacakge.
* Fix perl paths when perl is enabled.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libOpenIPMI.so.0 is SONAME for openIPMI.so in openipmi-perl package
which means the shlibs code will automatically add it as a provider for
this shared library but actual public library is provided by openipmi
package, and it results in
ERROR: openipmi-2.0.27-r0 do_package: openipmi: Multiple shlib providers for libOpenIPMI.so.0: openipmi-perl, openipmi (used by files: /mnt/jenkins/workspace/Yocto-world-musl/build/tmp/work/aarch64-yoe-linux/openipmi/2.0.27-r0/packages-split/openipmi/usr/bin/openipmi_eventd)
The library in perl package is actually not required to compete to
provide for public interfaces
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The license checksum change is due to the date being updated.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
$ bitbake spice-native
checking whether the C compiler works... no
configure: error: in `/path/to/spice-native/0.14.2+gitAUTOINC+7cbd70b931_4fc4c2db36-r0/build':
configure: error: C compiler cannot create executables
It's a broken native recipe which means no ones need it any more, so remove it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The restriction to ARM instruction set came in the original
wireshark recipe, which was 2 major versions ago (and also
a few toolchains ago). Wireshark 3.x seems to be building
fine allowing thumb instructions, at least on cortexa9t2hf.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes:
CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition.
See: https://www.samba.org/samba/history/samba-4.10.8.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
A lot of changes upstream since the last upgrade, the highlights:
* MQTT v5 protocol support
* Performance improvements
* New mosquitto_rr (request/response) client
* TLS enhancements: OCSP stapling, TLS Engine support, explicit TLS v1.3
support, removed TLS v1.0 support
For further details, see https://mosquitto.org/blog/
Additionally, SUMMARY and DESCRIPTION were tidied up as needed.
Based upon an earlier upgrade patch by Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* when usrmerge is enabled, ${libdir} is /usr/lib, and
${systemd_unitdir} is /usr/lib/systemd, sine PACKAGE
ntpdate is after ntp in variable PACKAGES, so file
${systemd_unitdir}/system/ntpdate.service will be populated
into PACKAGE ntp, but actually we have add it into FILES_ntpdate
when usrmerge is disabled, ${libdir} is empty, and usrmerge is
enabled, files under ${libdir} have been covered by other FILES
config, so fix by remove ${libdir}
* libexecdir is empty, so remove it FILES_${PN}
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport selected parts of three upstream commits to fix
CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read.
Upstream-Status: Backport
[ several ]
Upstream commits fully backported:
46aead6 [CVE-2017-16808/AoE: Add a missing bounds check]
Upstream commits partially backported:
7068209 [Use nd_ types in 802.x and FDDI headers.]
84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using
pointers (1/n)]
46aead6 fixes the vulnerability and requires two macros defined in
7068209 and 84ef17a, which are committed after the release of 4.9.2.
Only the definition of the macros are taken from the two commits
as they impact a wide range of code and are difficult to integrate.
CVE: CVE-2017-16808
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Do not try to compile ptests for snmp-bc if it is not in PACKGECONFIG.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it is not proper change source in do_configure, it will make
source not updated even local.conf have change the DISTRO_FEATURES
[YOCTO: #13493]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixed do_configure failed:
$ bitbake lib32-netcf
cp: cannot stat '/path/to/lib32-recipe-sysroot/usr/share/gnulib': No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
PKG_CONFIG is hardcoded to /usr/bin/pkg-config which is not cross
compile safe and ends up with build errors especially on hosts where
pkgconf is used it ends up with errors like
/usr/bin/pkg-config: line 11: exec: pkgconf: not found
/usr/bin/pkg-config: line 11: exec: pkgconf: not found
Override it to use own native pkg-config which can deal with sysroot
correctly
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixed:
$ bitbake netcf
WARNING: netcf-0.2.8+gitAUTOINC+2c5d425585-r0 do_package: Manifest /path/sstate-control/manifest-x86_64_x86_64-nativesdk-gnulib.packagedata not found in intel_x86_64 corei7-64 core2-64 x86_64 allarch x86_64_x86_64-nativesdk (variant '')?
This is because gnulib has no related tasks:
do_package[noexec] = "1"
do_packagedata[noexec] = "1"
deltask package_write_ipk
deltask package_write_deb
deltask package_write_rpm
deltask do_deploy_archives
Depends on gnulib:do_populate_sysroot explicitly to fix the problem.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This gives users a proper error message when trying to build
a known non-building package.
netkit-rsh already had COMPATIBLE_HOST_libc-musl = 'null'.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream linux y2038 work has moved some definitions SIOCGSTAMP is
defined in linux/sockios.h, not asm/sockios.h now. So we need to
add that include to fix the build.
Upstream-status: backport of http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3052ce208acf602f0163166dcefb7330d537cedb
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove a generated file with always changing hash from LIC_FILES_CHKSUM.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh patch:
0002-avoid-naming-local-function-as-one-of-printf-family.patch
Add two new file in this patch:
src/expr/synproxy.c
src/obj/ct_expect.c
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It is no longer necessary to introduce a potential security
vulnerability for fixing the musl build.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: QA Issue: /usr/bin/radcrypt contained in package freeradius-utils requires /usr/bin/perl, but no providers found in RDEPENDS_freeradius-utils? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
