Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add LDFLAGS variable to Makefile so that extra linker flags can be sent
via this variable.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fix two fatal warnings. The cast error only
occurs for some architectures.
Not applicable to yp-tools-4.x.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The current version of ifenslave is 2.6_1.1.0 actually, then update to
2.7 and change the version to 2.7 too.
* update to SRC_URI to the debian git repo
* the license is changed from GPLv2 to GPLv3
* the program is rewrote with shell script
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* remove tabs which sneaked in since last cleanup
* meta-oe layers are using consistent indentation with 4 spaces, see
http://www.openembedded.org/wiki/Styleguide
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Upgrade tnftp from tnftp20130505 to tnftp20151004
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade geoipupdate from 2.2.1 to 2.2.2.
Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade geoip from 1.6.6 to 1.6.9.
Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade dovecot from 2.2.21 to 2.2.25.
Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Correct do_compile_append() and do_install(), as the location of
the DHCP lease tools has changed.
Signed-off-by: Terry Boese <terry.boese@vecima.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This way ntp can be used as an alternative to ntpd from busybox
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
bridge-utils suffers from a few problems:
- doesn't build on musl
- doesn't respect CFLAGS
- build errors are silently ignored
- doesn't support parallel make
All of these are addressed with the included patches.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
wireshark needs pod2man and pod2html (provided by perl-native)
to create doc files, inherit perlnative instead of the
dependency only, so it sets the correct path to find these
native commands.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Modify the curlpp.pc file in do_install_append to avoid the following QA error.
ERROR: QA Issue: curlpp.pc failed sanity test (tmpdir)
The problem occurs only for tunes which set baselib to 'lib32', and in OE,
we only have two tunes which set such value.
BASE_LIB_tune-octeon2 = "lib32"
BASE_LIB_tune-octeon3 = "lib32"
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
If not requested otherwise as ./configure option, c-ares will strip
any -g from CFLAGS / CPPFLAGS and add -g0 instead, disabling all
debug info.
Similarly, it will try to enable optimisation (but bail out since in
that case it honors an existing -O in CFLAGS / CPPFLAGS)
Since we want to control code generation, patch out the code
mangling -g (and -O for consistency). Alternatively, if we were to
pass --enable-debug to ./configure, c-ares would at the same time
assume that we don't want optimisation anymore.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
chrony is an alternative to ntpd. In particular it may be useful
for quasi-realtime embedded systems that have a pulse-per-second
time reference available and need to rapidly synchronize to it after
boot, which appears to be unachievable with ntpd.
Signed-off-by: Henry Hallam <henry@pericynthion.org>
Reviewed-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-29
The SPOOLS dissector could go into an infinite loop. Discovered by
the CESG.
* [2]wnpa-sec-2016-30
The IEEE 802.11 dissector could crash. ([3]Bug 11585)
* [4]wnpa-sec-2016-31
The IEEE 802.11 dissector could crash. Discovered by Mateusz
Jurczyk. ([5]Bug 12175)
* [6]wnpa-sec-2016-32
The UMTS FP dissector could crash. ([7]Bug 12191)
* [8]wnpa-sec-2016-33
Some USB dissectors could crash. Discovered by Mateusz Jurczyk.
([9]Bug 12356)
* [10]wnpa-sec-2016-34
The Toshiba file parser could crash. Discovered by iDefense Labs.
([11]Bug 12394)
* [12]wnpa-sec-2016-35
The CoSine file parser could crash. Discovered by iDefense Labs.
([13]Bug 12395)
* [14]wnpa-sec-2016-36
The NetScreen file parser could crash. Discovered by iDefense Labs.
([15]Bug 12396)
* [16]wnpa-sec-2016-37
The Ethernet dissector could crash. ([17]Bug 12440)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixes the following compile error:
| [ 6/27] Compiling lib/replace/test/testsuite.c
| In file included from ../lib/replace/test/testsuite.c:49:0:
| ../lib/replace/system/aio.h:29:20: fatal error: libaio.h: No such file or directory
| compilation terminated.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add PACKAGECONFIG for cifsacl and update PACKAGECONFIG for cifsidmap
to make samba a conditional dependency. It is nice to be able to
get mount.cifs without needing to build samba.
Signed-off-by: S. Lockwood-Childs <sjl@vctlabs.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
fix for QA Warning: No GNU_HASH in elf binary, it won't obey the default
LDFLAGS which results in QA Warning while building with external toolchain,
so adding the default LDFLAGS.
WARNING: netcat-openbsd-1.105-r0 do_package_qa:QA Issue: No GNU_HASH in the
elf binary:..nc.netcat-openbsd' [ldflags]
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
1) error: file /usr/share/man/man1/mailq.1 from install of postfix-doc
conflicts with file from package esmtp-doc
2) error: file /usr/share/man/man1/newaliases.1 from install of postfix-doc
conflicts with file from package esmtp-doc
3) error: file /usr/share/man/man1/sendmail.1 from install of postfix-doc
conflicts with file from package esmtp-doc
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
An mdns package is provided by meta-intel-iot-middleware.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The rmdir in configure prepend seemed like a nice sanity check to
ensure the upstream source didn't change their handling of the
gnulib submodule, but it will be a problem when changed sigs (in
gnulib for example) trigger a reconfigure in an existing build.
In such an instance, the .gnulib dir will have the old copy from
the sysroot, and not be empty and the rmdir will fail.
Given that we don't know what changed in the context of the prepend,
we just assume it could have been the gnulib sysroot content, and
hence blow away the old dir and re-copy in the possibly updated
gnulib sysroot content.
This works for both clean builds, and rebuilds that have triggered
a reconfigure of an existing netcf build.
Fixes: 0939421972 ("netcf: fix mishandling of gnulib submodule
causing build fail")
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The file depcomp would be changed during configure, which is not
suitable for LIC_FILES_CHKSUM, there is a COPYING file which is GPLv2,
so use it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
netcf fails to build on certain hosts with newer versions
of git installed as follows:
| ./bootstrap: Bootstrapping from checked-out netcf sources...
| ./bootstrap: consider installing git-merge-changelog from gnulib
| ./bootstrap: getting gnulib files...
| error: pathspec 'gnulib' did not match any file(s) known to git.
If we do a devshell we will see that our configure prepend that
intended to _create_ the .gitmodules has instead _modified_ it
and left us with this change present:
sh-4.3# git diff
diff --git a/.gitmodules b/.gitmodules
index 7acb1ea19ca7..2d10b0e0e0fe 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
[submodule "gnulib"]
- path = .gnulib
- url = git://git.sv.gnu.org/gnulib.git
+ path = gnulib
+ url = git://git.sv.gnu.org/gnulib
sh-4.3#
What happens is that the newer git does not respect uncommitted
changes to the .gitmodules file, and hence the path ".gnulib" is
still considered valid vs. the in tree updated path "gnulib". It
doesn't help any that the package has its own tracked files in
gnulib/ that we stomp over, but the real fail is just uncommitted
changes to the .gitmodule as this insertion of a random path shows:
sh-4.3# git diff
diff --git a/.gitmodules b/.gitmodules
index 7acb1ea19ca7..91bd45f8e4d4 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
[submodule "gnulib"]
- path = .gnulib
+ path = gnulibaaa
url = git://git.sv.gnu.org/gnulib.git
sh-4.3# git --version
git version 2.7.4
sh-4.3# git submodule init
fatal: no submodule mapping found in .gitmodules for path '.gnulib'
sh-4.3#
Since the original bbclass simply assumed there was no .gitmodules
file to begin with, we can easily solve this by not clobbering it
and respect the path choice used by the package itself.
As the version of ./bootstrap shipped with netcf supports this:
--no-git do not use git to update gnulib. Requires that
--gnulib-srcdir point to a correct gnulib snapshot
we can use it in conjunction with the pathspec since we know the
gnulib was just copied in from the sysroot, and does not need
to try and pull any further updates.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The theory behind this bbclass was reasonable, with the primary
goal being to avoid multiple downloads of gnulib, but it neglected
the fact that packages would be shipping a specific version of the
./bootstrap which will support some flags but maybe not all the
latest ones from the latest gnulib/build-aux/bootstrap file.
I attempted to simply update the two pkgs to use the latest copy
of bootstrap from gnulib but this of course triggers the descent
into autoconf hell that we all know and love. Rather than futzing
with the packages configure.ac and deviating from what the pkg
maintainers intended and tested, we can just let the packages have
independent calls to ./bootstrap with whatever flags are needed.
The goal of this commit is to move the prepend out to the packages
and then delete the class without any real functional change ; i.e.
a purely mechanical change. Then we can adjust each package to
ensure it will still build with a modern host, in an independent
fashion, while keeping the main advantage of not fetching gnulib
two extra times for netcf and fontforge.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fix curlpp recipe to make it succeed to build.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
No CVE's assigned.
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-19
The NCP dissector could crash. ([2]Bug 11591)
* [3]wnpa-sec-2016-20
TShark could crash due to a packet reassembly bug. ([4]Bug 11799)
* [5]wnpa-sec-2016-21
The IEEE 802.11 dissector could crash. ([6]Bug 11824, [7]Bug 12187)
* [8]wnpa-sec-2016-22
The PKTC dissector could crash. ([9]Bug 12206)
* [10]wnpa-sec-2016-23
The PKTC dissector could crash. ([11]Bug 12242)
* [12]wnpa-sec-2016-24
The IAX2 dissector could go into an infinite loop. ([13]Bug 12260)
* [14]wnpa-sec-2016-25
Wireshark and TShark could exhaust the stack. ([15]Bug 12268)
* [16]wnpa-sec-2016-26
The GSM CBCH dissector could crash. ([17]Bug 12278)
* [18]wnpa-sec-2016-27
MS-WSP dissector crash. ([19]Bug 12341)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
CVE-2016-1551
CVE-2016-2516
CVE-2016-2517
CVE-2016-2518
CVE-2016-2519
CVE-2016-1547
CVE-2015-7704
CVE-2015-8138
CVE-2016-1550
for more info see:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
Signed-off-by: Armin Kuster <akuster@mvista.com>
Acked-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Modify FILES_${PN} and FILES_${PN}-dev to fix QA issue and remove dovecot
from blacklist.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ctdbd_wrapper requires pgrep.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The systemd service is disabled by default, as the service will fail to start
without /etc/ctdb/nodes. If the user supplies this, they can re-enable the
service.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
this package is in 5 other layers.
Move to a more common location and update version.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The changes made in commit 2497cf2960
[dnsmasq: steal resolvconf support from Ubuntu] broke systemd only
dnsmasq runtime. No sysvinit scripts are included in systemd only
builds (and should not be) and the dnsmasq executable has not moved to
/usr/sbin.
Reverting to the previous version of the systemd service file. If
folks want the local dnsmasq instance to be queried before going to
an external DNS they should add 'nameserver 127.0.0.1' to
/etc/resolv.conf. Or submit a change which will work with systemd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Acked-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The update of Samba requires a newer version of libtalloc, so update it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The update of Samba requires a newer version of libtdb, so update it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The update of Samba requires a newer version of libtevent, so update it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The update of Samba requires a newer version of libldb, so update it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add support for resolvconf integration as done in Ubuntu. This implies
updates of start-scripts, resolvconf plugin (on nameserver update ...),
populate-volatiles control file for saved nameserver list.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed:
WARNING: QA Issue: ctdb rdepends on libtdb, but it isn't a build dependency? [build-deps]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed:
cim-schema-exper-2.39.0: cim-schema-exper: /cim-schema-exper/usr/share/mof/cimv2.39.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
cim-schema-final-2.40.0: cim-schema-final: /cim-schema-final/usr/share/mof/cimv2.40.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
lib32-cim-schema-exper-2.39.0: lib32-cim-schema-exper: /lib32-cim-schema-exper/usr/share/mof/cimv2.39.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
lib32-cim-schema-final-2.40.0: lib32-cim-schema-final: /lib32-cim-schema-final/usr/share/mof/cimv2.40.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
It uses cp -a to install the files, so fix the owner to root:root
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed when build with multilib:
lib32-nbd-3.11: lib32-nbd: Files/directories were installed but not shipped in any package:
/usr/sbin/nbd-client
/usr/bin/nbd-trdump
/usr/bin/nbd-server
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-nbd: 3 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Wireshark official site keeps in /src only latest
versions of sources, moving them to /src/all-versions
after some time.
Update the SRC_URI string so wireshark can be built
even after few month after release.
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Depending on the configuration used to build ntp it is possible to
have an empty libexecdir. This can cause QA issues. Add a test at the
end of install() to remove libexecdir if it is empty, thus avoiding
the possibility of QA issues, regardless of configuration.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
QA error fix:
ERROR: QA Issue: ntp: Files/directories were installed but not shipped in any package:
/usr/libexec
CVES addressed:
Bug 2948 / CVE-2015-8158
Bug 2945 / CVE-2015-8138: origin: Zero Origin Timestamp Bypass
Bug 2942 / CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode
Bug 2940 / CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list
Bug 2939 / CVE-2015-7977: reslist NULL pointer dereference
Bug 2938 / CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames
Bug 2937 / CVE-2015-7975: nextvar() missing length check
Bug 2936 / CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers
Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on authenticated broadcast mode
Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay attacks
Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin
NTP-4.2.8p5
NtpBug2956: Small-step/Big-step CVE-2015-5300
Bug #2829 Clean up pipe_fds in ntpd.c
Bug #2887 stratum -1 config results as showing value 99.
Bug #2932 Update leapsecond file info in miscopt.html.
Bug #2934 tests/ntpd/t-ntp_scanner.c has a magic constant wired in.
Bug #2944 errno is not preserved properly in ntpdate after sendto call.
Bug #2952 peer associations were broken by the fix for NtpBug2901 CVE-2015-7704
Bug #2954 Version 4.2.8p4 crashes on startup on some OSes.
Bug #2957 'unsigned int' vs 'size_t' format clash.
Bug #2958 ntpq: fatal error messages need a final newline.
Bug #2962 truncation of size_t/ptrdiff_t on 64bit targets.
Bug #2965 Local clock didn't work since 4.2.8p4.
Bug #2967 ntpdate command suffers an assertion failure
Bug #2969 Seg fault from ntpq/mrulist when looking at server with lots of clients.
Bug #2971 ntpq bails on ^C: select fails: Interrupted system call
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This recipe currently relies on EXTRA_OEMAKE having been to set to
"-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make
this explicit so that the default in bitbake.conf can be changed.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
While building an image I was getting an error during rootfs creation
that ctdb was conflicting with base-files as both were creating
'/var/run':
warning: Removing ctdb-2.5.1-r0@core2_64 due to file /var/run \
conflicting with base-files-3.0.14-r89@genericx86_64
This is normally a volatile directory so we have no need
to include this in the ctdb package, so revert the actions of the
Makefile by deleting the directory.
Although /run and $localstatedir/run are linked to be consistent we
update the .service file to use the latter. To ensure the 'ctdb'
subdir exists we patch the use of RuntimeDirectory= in to the .service
file. This will compensate for our removal of this directory creation
from the Makefile.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Also make geoip package rdepend on geoip-database and
add symbolic link to GeoIPCity.dat.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade openvpn from 2.3.7 to 2.3.8.
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade dovecot from 2.2.18 to 2.2.21.
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade stunnel from 5.21 to 5.28.
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Dnsmasq functions as DHCP and DNS servers by default and listens on all
interfaces. This conflicts with other DHCP or DNS servers already on
the network and corrupts DNS configuration on Windows systems.
We noticed that after installing docker, the Linux system became a
magnet for DNS requests coming from Windows systems. Dnsmasq is a
dependency for lxc which is recommended for docker.
Windows periodically broadcasts DHCPInform and DHCP servers reply with
DHCPAck. If the DHCPAck from the Linux target reaches the Windows
system first, Windows changes its DNS server IP to the Linux system
running dnsmasq. Dnsmasq ends up forwarding the DNS requests to the
official DNS server and replies back the answer to the original
requestor. The Linux system transparently becomes a DNS proxy on the
subnet.
Signed-off-by: Ovidiu Vancea <ovidiu.vancea@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* cifs.idmap links with keyutils as log.do_package shows:
DEBUG: cifs-utils: Dependency libkeyutils.so.1 requires package keyutils (used by files: /home2/mjansa/build/build-starfish-jethro/BUILD/work/h15-starfish-linux-gnueabi/cifs-utils/6.4-r0/packages-split/cifs-utils/usr/sbin/cifs.idmap)
* that causes following QA issue when keyutils are autodetected from
sysroot:
WARNING: QA Issue: cifs-utils rdepends on keyutils, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* otherwise there are unpackaged files:
ERROR: QA Issue: cifs-utils: Files/directories were installed but not shipped in any package:
/usr/lib/security
/usr/lib/security/pam_cifscreds.so
/usr/lib/security/.debug
/usr/lib/security/.debug/pam_cifscreds.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
cifs-utils: 4 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
It fails to fetch source of libtalloc:
| ERROR: Fetcher failure: Fetch command failed with exit code 8, output:
| https://www.samba.org/ftp/libtalloc/talloc-2.1.3.tar.gz:
| 2015-12-21 10:22:09 ERROR 404: Not Found.
Fix it by replace ${BPN} with original package name talloc.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Matches start-on-boot behaviour of current strongswan.service.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixes strongswan configure script for systemd >= 209,
where it merged libsystemd-journal and libsystemd-daemon
into libsystemd.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
- Add aesni, charon, gmp, openssl, scep, stroke, swanctl, and
systemd-charon.
- Organize the packageconfig list alphabetically.
- Update the default PACKAGECONFIG to match current defaults.
- If swanctl is enabled, use strongswan-swanctl.service instead of
strongswan.service.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libldb is autodetected from sysroot:
WARN: ctdb: ctdb rdepends on libtdb, but it isn't a build dependency?
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Since waf configure infrastructure is a body blow compared to reasonable
autoconf script from packager point of view, samba support libs need
feature-disable-patches. This one is for libtevent removing libcap
(introduced by libldap_r) and attr.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add a patch to remove the check for openldap but mark prove result negative unless
ldap dependency is enabled explicitely.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
To avoid errors when building dev-images (talloc-dev is missing), and to avoid
insane empty packages for that, rename talloc -> libtalloc as libtevent shows.
With that, remove dependencies to attr/xattr - unless explicitely enabled via
PACKAGECONFIG.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
restore PE
updated comments:
QT is the new default GUI for the binary 'wireshark'. This mode is currently disabled in the build. We build with GTK as the default gui so the resulting binary is now wireshark-gtk.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
onnode is a shell script with bashisms and bash #!.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The script ypbind will cause error if using ypdomainname command
provided by busybox. So add RDEPENDCY on yp-tools and change
the path of ypdomainname.
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
If run bitbake -c patch -f netcat-openbsd twice, the patch conflict
will happen, so replace the patch with quilt to avoid do_patch failed.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* fixes:
cifs-utils-6.4: cifs-utils rdepends on samba, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
A more common place is required for gnulib because of other recipes (e.g
fontforge) will depend on it
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
The permission bits should be 0644 instead of 0755.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
changes include CVE-2015-7830
see https://www.wireshark.org/docs/relnotes/wireshark-1.12.8.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When ntp could be correctly built with openssh and libcrypto, we would meet
the following QA issue.
WARNING: QA Issue: package ntp contains bad RPATH ... [rpath]
Fix this problem by adding '--disable-rpath' to EXTRA_OECONF.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
If multilib is enabled, errors about 'installed-not-shipped' would appear.
This patch fixes this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-parallel-make.patch is not needed any more,so delete.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* update md5sum of license file
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Change recipe name from drbd to drbd-utils,since
after 8.4.5, the drbd userland tools had been moved to
their own repository at http://git.linbit.com/drbd-utils.git
(tarball at http://oss.linbit.com/drbd)
* Add 0001-Makefile.in-don-t-compile-documentation.patch to
avoid build Errors.
* Dropped drbd.service,since it is provided by Upstream.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add the "status" command in initscript to check the status of ypbind.
remove ypbind-yocto.init as ypbind.init, which is the initscript, make
its name similar to other recipes
Signed-off-by: Zhu Yanjun <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsmi is autodetected in configure, but in most cases disabled because of
cross-compilation so keep it explicitly disabled
* resolves following difference in builds with and without libsmi built
before tcpdump:
4.7.4-r0-with/temp/log.do_configure:checking smi.h usability... yes
4.7.4-r0-with/temp/log.do_configure:checking smi.h presence... yes
4.7.4-r0-with/temp/log.do_configure:checking for smi.h... yes
4.7.4-r0-with/temp/log.do_configure:checking for smiInit in -lsmi... yes
4.7.4-r0-with/temp/log.do_configure:checking whether to enable libsmi... not when cross-compiling
4.7.4-r0-without/temp/log.do_configure:checking smi.h usability... no
4.7.4-r0-without/temp/log.do_configure:checking smi.h presence... no
4.7.4-r0-without/temp/log.do_configure:checking for smi.h... no
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
- Cim-schema-exper(Experimental-MOFs) is dependence of openlmi.
- Cim-schema_2.40.0.bb is renamed to cim-schema-final_2.40.0.bb.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
*Modify SRC_URI.
*Modify chksum of file COPYING and LICENSE,since year changed,
and the LICENSE explanation for file base64.c, md5.c and types.h
was deleted.But the LICENSE has not been changed.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When doing a multilib build, /usr/lib is still created but not collected
into FILES_${PN} by default, resulting in a QA error. Adding both
${libdir} and ${nonarch_libdir} catches all scenarios.
It also turns out that the previous do_install_append would throw an error
in a multilib build since systemd always installs to .../lib/... but
${libdir] would point at .../lib64/...
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
We will need the conditional dependency on systemd.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
replace to run "make install" with directly calling install command,
since "make install" asks "bin" user and group, and maybe fail when
system has not;
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
5.3.2 includes the fixes for CVE-2015-3991 and CVE-2015-4171
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
4.2.8p3 fixed CVE-2015-5146 and Bugs.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Dropped building-rquota_xdr.c-depend-on-rquota.h.patch,since 2.2.18 fixed the problem.
Update 0001-configure.ac-convert-AC_TRY_RUN-to-AC_TRY_LINK-state.patch,since
the file configure.ac has been changed.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Remove three very minor bashisms, all about redirecting stdout/stderr.
The initscript identifies as /bin/sh, this change ensures that the script
should work with a non-bash /bin/sh as well.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The named packages explicitly install some items under /lib,
but the recipes assume they are in base_libdir. We change
the recipes.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
include a security fixes but no CVE #
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-19
WCCP dissector crash. ([2]Bug 11153)
* [3]wnpa-sec-2015-20
GSM DTAP dissector crash. ([4]Bug 11201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
fixed broken url and cleaned up the PACKAGECONFIG
removed patch as it is included in this release
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-12
The LBMR dissector could go into an infinite loop. ([2]Bug 11036)
[3]CVE-2015-3808 [4]CVE-2015-3809
* [5]wnpa-sec-2015-13
The WebSocket dissector could recurse excessively. ([6]Bug 10989)
[7]CVE-2015-3810
* [8]wnpa-sec-2015-14
The WCP dissector could crash while decompressing data. ([9]Bug
10978) [10]CVE-2015-3811
* [11]wnpa-sec-2015-15
The X11 dissector could leak memory. ([12]Bug 11088)
[13]CVE-2015-3812
* [14]wnpa-sec-2015-16
The packet reassembly code could leak memory. ([15]Bug 11129)
[16]CVE-2015-3813
* [17]wnpa-sec-2015-17
The IEEE 802.11 dissector could go into an infinite loop. ([18]Bug
11110) [19]CVE-2015-3814
* [20]wnpa-sec-2015-18
The Android Logcat file parser could crash. Discovered by Hanno
Böck. ([21]Bug 11188) [22]CVE-2015-3815
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This fixed the CVE-2015-4047:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
upgrade to include the fix for CVE-2015-3644:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3644
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Ntimed is an unreleased ntpd replacement being sponsored by the Linux
Foundation. Currently it only includes a work-in-progress client, but for
future use this recipe emits an ntimed-client package and an ntimed meta
package which will pull in client and server.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
- `geoipupdate` now verifies the MD5 of the new database before deploying it.
If the database MD5 does not match the expected MD5, `geoipupdate` will
exit with an error.
- The copy of `base64.c` and `base64.h` was switched to a version under GPL 2+
to prevent a license conflict.
- The `LICENSE` file was added to the distribution.
- Several issues in the documentation were fixed.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The default configuration of ntp includes a large number of reference
clock drivers. Provide a PACKAGECONFIG to allow control over whether
or not these refclock drivers are built. Leave enabled by default.
http://doc.ntp.org/4.2.8/refclock.html
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Remove two unneeded patches, configure.patch and tcpdump-cross-getaddrinfo.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
6.4 fixed a CVE defect:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2830
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils
before 6.4, as used in pam_cifscreds, allows remote attackers to have
unspecified impact via unknown vectors.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ipsec-tools-0.8.2: ipsec-tools: Files/directories were installed but not shipped
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/racoon.service [installed-vs-shipped]
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ntp 4.2.8p2 has more CVE fixes, like CVE-2015-1799, CVE-2015-1798;
and remove ntp-4.2.8-ntp-keygen-no-openssl.patch which 4.2.8p2 has integrated
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Neither -utils nor -ptest packages make sense w/o actual kernel support
for SCTP protocol. Make both packages RRECOMMEND kernel-module-sctp.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When building for a system including systemd ypbind-mt will link against
libsystemd creating an implicit dependency. Make that explicit.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
esmtp use 'sbinsendmail' to define alternative ${sbindir}/sendmail, but
other packages msmtp and postfix use 'sendmail'. When remove esmtp, it
removes ${sbindir}/sendmail even msmtp or postfix is installed which has
alternative ${sbindir}/sendmail.
Make esmtp use 'sendmail' too to fix this issue.
Remove ${libdir}/sendmail which is only used by LSB core test for
historical reasons. And only create link file with fixed path
/usr/lib/sendmail for LSB images even for 64 bits system.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-06
The ATN-CPDLC dissector could crash. ([2]Bug 9952) [3]CVE-2015-2187
* [4]wnpa-sec-2015-07
The WCP dissector could crash. ([5]Bug 10844) [6]CVE-2015-2188
* [7]wnpa-sec-2015-08
The pcapng file parser could crash. ([8]Bug 10895) [9]CVE-2015-2189
* [10]wnpa-sec-2015-09
The LLDP dissector could crash. ([11]Bug 10983) [12]CVE-2015-2190
* [13]wnpa-sec-2015-10
The TNEF dissector could go into an infinite loop. Discovered by
Vlad Tsyrklevich. ([14]Bug 11023) [15]CVE-2015-2191
* [16]wnpa-sec-2015-11
The SCSI OSD dissector could go into an infinite loop. Discovered
by Vlad Tsyrklevich. ([17]Bug 11024) [18]CVE-2015-2192
For more information see
https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The updated yp-tools fails on qemuarm:
/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5e-oe-linux-gnueabi/yp-tools/3.3-r0/yp-tools-3.3/lib/do_ypcall.c: In function 'do_ypcall_tr':
/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5e-oe-linux-gnueabi/yp-tools/3.3-r0/yp-tools-3.3/lib/do_ypcall.c:461:27:
error: cast increases required alignment of target type [-Werror=cast-align]
status = ypprot_err (((struct ypresp_val *) resp)->status);
http://errors.yoctoproject.org/Errors/Details/9221/
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Update to the latest stable NIS tools. The yp-tools libraries and headers
conflict with the RPC headers provided by glibc, so install them to a
different location. Systems that intend to build using the NIS-provided
versions will need to specify the alternate location, but that is covered
by pkg-config, so it should only be necessary to point pkg-config at the
alternate .pc file.
The older stable versions are suitable for IPv4-only setups, so keep them
around in case those are required for some systems.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Both yp-tools and ypbind-mt were out of date with their latest released
versions, so bump them up to current. Remove two dead patches at the same
time and reorganize the recipes to better follow the preferred OE style.
Finally, the new release includes a new version of the GPLv2 COPYING file,
with a significant amount of whitespace fixes, so update the license
checksum.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Typically the major-version-only link for shared libs are included in the
base package. Move the links into the base packages here, leaving the
un-versioned links in the -dev packages.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
configure: error: Header file pcap.h not found; if you installed libpcap
don't use pcap. Use the internal version.
And minor configure cleanups
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Directory /var/run/openvpn is required by service.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Use a better filename for the local copy of the
source.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The old ones are invalid.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed:
xmlto: Can't continue, xsltproc tool not found or not executable.
Makefile:20: recipe for target 'dnssec-configure.8' failed
make: *** [dnssec-configure.8] Error 3
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-01
The WCCP dissector could crash. ([2]Bug 10720, ws-buglink:10806)
CVE-2015-0559, CVE-2015-0560
* [3]wnpa-sec-2015-02
The LPP dissector could crash. ([4]Bug 10773)
CVE-2015-0561
* [5]wnpa-sec-2015-03
The DEC DNA Routing Protocol dissector could crash. ([6]Bug 10724)
CVE-2015-0562
* [7]wnpa-sec-2015-04
The SMTP dissector could crash. ([8]Bug 10823)
CVE-2015-0563
* wnpa-sec-2015-05
Wireshark could crash while decypting TLS/SSL sessions.
Discovered by Noam Rathaus.
CVE-2015-0564
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
busybox provides traceroute command and uses the default priority to
update-alternatives, if traceroute is not defined the priority, the
traceroute maybe link to busybox's
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Some updates for lksctp-tools:
* add ptest subpackage
* only blacklist lksctp-tools when gold ld is used. Refer to:
https://bugs.gentoo.org/show_bug.cgi?id=530318
* update licenses and add homepage.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The package includes a few data files. Despite the names,
these are very small databases only useful for running the
perl test scripts.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fix perl path in ntp-wait and calc_tickadj.
Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Also fix LICENSE to be "or any later version" (as specified in the
upstream source headers); both licenses apply so use &.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Newer automake compatibility fixed upstream, so drop patches.
* LIC_FILES_CHKSUM changed due to a trailing space being removed, no
actual change to the license text.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The ntp-utils package contains at least one perl-using script as well as
a supporting perl module, therefore we need a dependency on perl.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
After the upgrade to 4.2.8, ntp's configure process now uses a custom
script which looks at the host to determine what install locations it
should use. This resulted in the recipe working on some people's
machines and failing during do_install on others. Force it to use the
"redhat" configuration as this seems closest to what we used to be
using prior to the upgrade (this means that binaries are now back in
sbindir as they used to be).
Thanks to Philip Balister for reporting this.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Drivers and tools to support ATM networking under Linux
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
for update the IP geolocation databases
Signed-off-by: leimh <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
GeoIP app allow you to look up information about a given IP address.
Signed-off-by: leimh <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The sysroot/${libdir}/sendmail conflicts with lsb's, and it's a
symlink to ${bindir}/esmtp which is meaningless for sysroot, so
remove it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
dnssec-conf builds manpages using xmlto. Remove the raw manpages and add
a dependency on xmlto-native to support building the manapages from the
actual source.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Upgrade to 4.2.8 which fixes several security issues, including
CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296. For
more details please see:
https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A
* LIC_FILES_CHKSUM changed due to a number of copyright year and patch
list changes; nothing material about the license text changed.
* This version moves a number of binaries from sbindir to bindir;
there's supposed to be a configure option --with-locfile=legacy to use
the old layout but it does not seem to work. I guess we'll just have
to live with the change.
* Drop patches which are no longer applicable.
* Merge inc file into recipe; there were too many changes required to
the inc file in this version and it's unlikely it was much use split
out in any case.
* Move remaining files in files/ to ntp/
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
DNSSEC configuration and priming tool. Dnssec-conf includes a commandline
configuration client for Bind and Unbound, known DNSSEC keys, URL's to
official publication pages of keys, and harvested keys, as well a script
to harvest DNSKEY's from DNS.
Signed-off-by: Qian Lei <qianl.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The purpose of this patch as below.
1. upgrade openvpn to 2.3.6 in order to fix CVE-2014-8104
2. enable systemd
3. provide new packages named ${PN}-sample to help user create config file
easily and check whether is openvpn work.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Add a test to find libpcap if testdir/.. is a sysroot.
Upstream-Status: Pending
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
DRBD is a block device which is designed to build high availability
clusters.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The esmtp is not longer being maintained since 1.2,
but it's used at many distribution now such as Ubuntu trusty(14.04LTS).
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The previous do_install is empty and do nothing.
Tweak install doc dir, so the man doc could be installed to /usr/share/man
rather than /usr/locale/man.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The previous do_install is empty and do nothing.
Unset variables datadir and mandir, use pimd's default set.
So it could install doc files correctly.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed:
make[1]: *** No rule to make target '-lm', needed by 'traceroute'. Stop.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
