The changes made in commit 2497cf2960
[dnsmasq: steal resolvconf support from Ubuntu] broke systemd only
dnsmasq runtime. No sysvinit scripts are included in systemd only
builds (and should not be) and the dnsmasq executable has not moved to
/usr/sbin.
Reverting to the previous version of the systemd service file. If
folks want the local dnsmasq instance to be queried before going to
an external DNS they should add 'nameserver 127.0.0.1' to
/etc/resolv.conf. Or submit a change which will work with systemd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Acked-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The update of Samba requires a newer version of libtalloc, so update it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The update of Samba requires a newer version of libtdb, so update it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The update of Samba requires a newer version of libtevent, so update it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The update of Samba requires a newer version of libldb, so update it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add support for resolvconf integration as done in Ubuntu. This implies
updates of start-scripts, resolvconf plugin (on nameserver update ...),
populate-volatiles control file for saved nameserver list.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed:
WARNING: QA Issue: ctdb rdepends on libtdb, but it isn't a build dependency? [build-deps]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed:
cim-schema-exper-2.39.0: cim-schema-exper: /cim-schema-exper/usr/share/mof/cimv2.39.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
cim-schema-final-2.40.0: cim-schema-final: /cim-schema-final/usr/share/mof/cimv2.40.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
lib32-cim-schema-exper-2.39.0: lib32-cim-schema-exper: /lib32-cim-schema-exper/usr/share/mof/cimv2.39.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
lib32-cim-schema-final-2.40.0: lib32-cim-schema-final: /lib32-cim-schema-final/usr/share/mof/cimv2.40.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
It uses cp -a to install the files, so fix the owner to root:root
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed when build with multilib:
lib32-nbd-3.11: lib32-nbd: Files/directories were installed but not shipped in any package:
/usr/sbin/nbd-client
/usr/bin/nbd-trdump
/usr/bin/nbd-server
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-nbd: 3 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Wireshark official site keeps in /src only latest
versions of sources, moving them to /src/all-versions
after some time.
Update the SRC_URI string so wireshark can be built
even after few month after release.
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Depending on the configuration used to build ntp it is possible to
have an empty libexecdir. This can cause QA issues. Add a test at the
end of install() to remove libexecdir if it is empty, thus avoiding
the possibility of QA issues, regardless of configuration.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
QA error fix:
ERROR: QA Issue: ntp: Files/directories were installed but not shipped in any package:
/usr/libexec
CVES addressed:
Bug 2948 / CVE-2015-8158
Bug 2945 / CVE-2015-8138: origin: Zero Origin Timestamp Bypass
Bug 2942 / CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode
Bug 2940 / CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list
Bug 2939 / CVE-2015-7977: reslist NULL pointer dereference
Bug 2938 / CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames
Bug 2937 / CVE-2015-7975: nextvar() missing length check
Bug 2936 / CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers
Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on authenticated broadcast mode
Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay attacks
Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin
NTP-4.2.8p5
NtpBug2956: Small-step/Big-step CVE-2015-5300
Bug #2829 Clean up pipe_fds in ntpd.c
Bug #2887 stratum -1 config results as showing value 99.
Bug #2932 Update leapsecond file info in miscopt.html.
Bug #2934 tests/ntpd/t-ntp_scanner.c has a magic constant wired in.
Bug #2944 errno is not preserved properly in ntpdate after sendto call.
Bug #2952 peer associations were broken by the fix for NtpBug2901 CVE-2015-7704
Bug #2954 Version 4.2.8p4 crashes on startup on some OSes.
Bug #2957 'unsigned int' vs 'size_t' format clash.
Bug #2958 ntpq: fatal error messages need a final newline.
Bug #2962 truncation of size_t/ptrdiff_t on 64bit targets.
Bug #2965 Local clock didn't work since 4.2.8p4.
Bug #2967 ntpdate command suffers an assertion failure
Bug #2969 Seg fault from ntpq/mrulist when looking at server with lots of clients.
Bug #2971 ntpq bails on ^C: select fails: Interrupted system call
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This recipe currently relies on EXTRA_OEMAKE having been to set to
"-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make
this explicit so that the default in bitbake.conf can be changed.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
While building an image I was getting an error during rootfs creation
that ctdb was conflicting with base-files as both were creating
'/var/run':
warning: Removing ctdb-2.5.1-r0@core2_64 due to file /var/run \
conflicting with base-files-3.0.14-r89@genericx86_64
This is normally a volatile directory so we have no need
to include this in the ctdb package, so revert the actions of the
Makefile by deleting the directory.
Although /run and $localstatedir/run are linked to be consistent we
update the .service file to use the latter. To ensure the 'ctdb'
subdir exists we patch the use of RuntimeDirectory= in to the .service
file. This will compensate for our removal of this directory creation
from the Makefile.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Also make geoip package rdepend on geoip-database and
add symbolic link to GeoIPCity.dat.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade openvpn from 2.3.7 to 2.3.8.
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade dovecot from 2.2.18 to 2.2.21.
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upgrade stunnel from 5.21 to 5.28.
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Dnsmasq functions as DHCP and DNS servers by default and listens on all
interfaces. This conflicts with other DHCP or DNS servers already on
the network and corrupts DNS configuration on Windows systems.
We noticed that after installing docker, the Linux system became a
magnet for DNS requests coming from Windows systems. Dnsmasq is a
dependency for lxc which is recommended for docker.
Windows periodically broadcasts DHCPInform and DHCP servers reply with
DHCPAck. If the DHCPAck from the Linux target reaches the Windows
system first, Windows changes its DNS server IP to the Linux system
running dnsmasq. Dnsmasq ends up forwarding the DNS requests to the
official DNS server and replies back the answer to the original
requestor. The Linux system transparently becomes a DNS proxy on the
subnet.
Signed-off-by: Ovidiu Vancea <ovidiu.vancea@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* cifs.idmap links with keyutils as log.do_package shows:
DEBUG: cifs-utils: Dependency libkeyutils.so.1 requires package keyutils (used by files: /home2/mjansa/build/build-starfish-jethro/BUILD/work/h15-starfish-linux-gnueabi/cifs-utils/6.4-r0/packages-split/cifs-utils/usr/sbin/cifs.idmap)
* that causes following QA issue when keyutils are autodetected from
sysroot:
WARNING: QA Issue: cifs-utils rdepends on keyutils, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* otherwise there are unpackaged files:
ERROR: QA Issue: cifs-utils: Files/directories were installed but not shipped in any package:
/usr/lib/security
/usr/lib/security/pam_cifscreds.so
/usr/lib/security/.debug
/usr/lib/security/.debug/pam_cifscreds.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
cifs-utils: 4 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
It fails to fetch source of libtalloc:
| ERROR: Fetcher failure: Fetch command failed with exit code 8, output:
| https://www.samba.org/ftp/libtalloc/talloc-2.1.3.tar.gz:
| 2015-12-21 10:22:09 ERROR 404: Not Found.
Fix it by replace ${BPN} with original package name talloc.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Matches start-on-boot behaviour of current strongswan.service.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixes strongswan configure script for systemd >= 209,
where it merged libsystemd-journal and libsystemd-daemon
into libsystemd.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
- Add aesni, charon, gmp, openssl, scep, stroke, swanctl, and
systemd-charon.
- Organize the packageconfig list alphabetically.
- Update the default PACKAGECONFIG to match current defaults.
- If swanctl is enabled, use strongswan-swanctl.service instead of
strongswan.service.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libldb is autodetected from sysroot:
WARN: ctdb: ctdb rdepends on libtdb, but it isn't a build dependency?
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Since waf configure infrastructure is a body blow compared to reasonable
autoconf script from packager point of view, samba support libs need
feature-disable-patches. This one is for libtevent removing libcap
(introduced by libldap_r) and attr.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add a patch to remove the check for openldap but mark prove result negative unless
ldap dependency is enabled explicitely.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
To avoid errors when building dev-images (talloc-dev is missing), and to avoid
insane empty packages for that, rename talloc -> libtalloc as libtevent shows.
With that, remove dependencies to attr/xattr - unless explicitely enabled via
PACKAGECONFIG.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
restore PE
updated comments:
QT is the new default GUI for the binary 'wireshark'. This mode is currently disabled in the build. We build with GTK as the default gui so the resulting binary is now wireshark-gtk.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
onnode is a shell script with bashisms and bash #!.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The script ypbind will cause error if using ypdomainname command
provided by busybox. So add RDEPENDCY on yp-tools and change
the path of ypdomainname.
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
If run bitbake -c patch -f netcat-openbsd twice, the patch conflict
will happen, so replace the patch with quilt to avoid do_patch failed.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* fixes:
cifs-utils-6.4: cifs-utils rdepends on samba, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
A more common place is required for gnulib because of other recipes (e.g
fontforge) will depend on it
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
The permission bits should be 0644 instead of 0755.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
changes include CVE-2015-7830
see https://www.wireshark.org/docs/relnotes/wireshark-1.12.8.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When ntp could be correctly built with openssh and libcrypto, we would meet
the following QA issue.
WARNING: QA Issue: package ntp contains bad RPATH ... [rpath]
Fix this problem by adding '--disable-rpath' to EXTRA_OECONF.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
If multilib is enabled, errors about 'installed-not-shipped' would appear.
This patch fixes this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-parallel-make.patch is not needed any more,so delete.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* update md5sum of license file
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Change recipe name from drbd to drbd-utils,since
after 8.4.5, the drbd userland tools had been moved to
their own repository at http://git.linbit.com/drbd-utils.git
(tarball at http://oss.linbit.com/drbd)
* Add 0001-Makefile.in-don-t-compile-documentation.patch to
avoid build Errors.
* Dropped drbd.service,since it is provided by Upstream.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add the "status" command in initscript to check the status of ypbind.
remove ypbind-yocto.init as ypbind.init, which is the initscript, make
its name similar to other recipes
Signed-off-by: Zhu Yanjun <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsmi is autodetected in configure, but in most cases disabled because of
cross-compilation so keep it explicitly disabled
* resolves following difference in builds with and without libsmi built
before tcpdump:
4.7.4-r0-with/temp/log.do_configure:checking smi.h usability... yes
4.7.4-r0-with/temp/log.do_configure:checking smi.h presence... yes
4.7.4-r0-with/temp/log.do_configure:checking for smi.h... yes
4.7.4-r0-with/temp/log.do_configure:checking for smiInit in -lsmi... yes
4.7.4-r0-with/temp/log.do_configure:checking whether to enable libsmi... not when cross-compiling
4.7.4-r0-without/temp/log.do_configure:checking smi.h usability... no
4.7.4-r0-without/temp/log.do_configure:checking smi.h presence... no
4.7.4-r0-without/temp/log.do_configure:checking for smi.h... no
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
- Cim-schema-exper(Experimental-MOFs) is dependence of openlmi.
- Cim-schema_2.40.0.bb is renamed to cim-schema-final_2.40.0.bb.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
*Modify SRC_URI.
*Modify chksum of file COPYING and LICENSE,since year changed,
and the LICENSE explanation for file base64.c, md5.c and types.h
was deleted.But the LICENSE has not been changed.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When doing a multilib build, /usr/lib is still created but not collected
into FILES_${PN} by default, resulting in a QA error. Adding both
${libdir} and ${nonarch_libdir} catches all scenarios.
It also turns out that the previous do_install_append would throw an error
in a multilib build since systemd always installs to .../lib/... but
${libdir] would point at .../lib64/...
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
We will need the conditional dependency on systemd.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
replace to run "make install" with directly calling install command,
since "make install" asks "bin" user and group, and maybe fail when
system has not;
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
5.3.2 includes the fixes for CVE-2015-3991 and CVE-2015-4171
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
4.2.8p3 fixed CVE-2015-5146 and Bugs.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Dropped building-rquota_xdr.c-depend-on-rquota.h.patch,since 2.2.18 fixed the problem.
Update 0001-configure.ac-convert-AC_TRY_RUN-to-AC_TRY_LINK-state.patch,since
the file configure.ac has been changed.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Remove three very minor bashisms, all about redirecting stdout/stderr.
The initscript identifies as /bin/sh, this change ensures that the script
should work with a non-bash /bin/sh as well.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The named packages explicitly install some items under /lib,
but the recipes assume they are in base_libdir. We change
the recipes.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
include a security fixes but no CVE #
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-19
WCCP dissector crash. ([2]Bug 11153)
* [3]wnpa-sec-2015-20
GSM DTAP dissector crash. ([4]Bug 11201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
fixed broken url and cleaned up the PACKAGECONFIG
removed patch as it is included in this release
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-12
The LBMR dissector could go into an infinite loop. ([2]Bug 11036)
[3]CVE-2015-3808 [4]CVE-2015-3809
* [5]wnpa-sec-2015-13
The WebSocket dissector could recurse excessively. ([6]Bug 10989)
[7]CVE-2015-3810
* [8]wnpa-sec-2015-14
The WCP dissector could crash while decompressing data. ([9]Bug
10978) [10]CVE-2015-3811
* [11]wnpa-sec-2015-15
The X11 dissector could leak memory. ([12]Bug 11088)
[13]CVE-2015-3812
* [14]wnpa-sec-2015-16
The packet reassembly code could leak memory. ([15]Bug 11129)
[16]CVE-2015-3813
* [17]wnpa-sec-2015-17
The IEEE 802.11 dissector could go into an infinite loop. ([18]Bug
11110) [19]CVE-2015-3814
* [20]wnpa-sec-2015-18
The Android Logcat file parser could crash. Discovered by Hanno
Böck. ([21]Bug 11188) [22]CVE-2015-3815
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This fixed the CVE-2015-4047:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
upgrade to include the fix for CVE-2015-3644:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3644
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Ntimed is an unreleased ntpd replacement being sponsored by the Linux
Foundation. Currently it only includes a work-in-progress client, but for
future use this recipe emits an ntimed-client package and an ntimed meta
package which will pull in client and server.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
- `geoipupdate` now verifies the MD5 of the new database before deploying it.
If the database MD5 does not match the expected MD5, `geoipupdate` will
exit with an error.
- The copy of `base64.c` and `base64.h` was switched to a version under GPL 2+
to prevent a license conflict.
- The `LICENSE` file was added to the distribution.
- Several issues in the documentation were fixed.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The default configuration of ntp includes a large number of reference
clock drivers. Provide a PACKAGECONFIG to allow control over whether
or not these refclock drivers are built. Leave enabled by default.
http://doc.ntp.org/4.2.8/refclock.html
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Remove two unneeded patches, configure.patch and tcpdump-cross-getaddrinfo.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
6.4 fixed a CVE defect:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2830
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils
before 6.4, as used in pam_cifscreds, allows remote attackers to have
unspecified impact via unknown vectors.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ipsec-tools-0.8.2: ipsec-tools: Files/directories were installed but not shipped
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/racoon.service [installed-vs-shipped]
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ntp 4.2.8p2 has more CVE fixes, like CVE-2015-1799, CVE-2015-1798;
and remove ntp-4.2.8-ntp-keygen-no-openssl.patch which 4.2.8p2 has integrated
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Neither -utils nor -ptest packages make sense w/o actual kernel support
for SCTP protocol. Make both packages RRECOMMEND kernel-module-sctp.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When building for a system including systemd ypbind-mt will link against
libsystemd creating an implicit dependency. Make that explicit.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
esmtp use 'sbinsendmail' to define alternative ${sbindir}/sendmail, but
other packages msmtp and postfix use 'sendmail'. When remove esmtp, it
removes ${sbindir}/sendmail even msmtp or postfix is installed which has
alternative ${sbindir}/sendmail.
Make esmtp use 'sendmail' too to fix this issue.
Remove ${libdir}/sendmail which is only used by LSB core test for
historical reasons. And only create link file with fixed path
/usr/lib/sendmail for LSB images even for 64 bits system.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-06
The ATN-CPDLC dissector could crash. ([2]Bug 9952) [3]CVE-2015-2187
* [4]wnpa-sec-2015-07
The WCP dissector could crash. ([5]Bug 10844) [6]CVE-2015-2188
* [7]wnpa-sec-2015-08
The pcapng file parser could crash. ([8]Bug 10895) [9]CVE-2015-2189
* [10]wnpa-sec-2015-09
The LLDP dissector could crash. ([11]Bug 10983) [12]CVE-2015-2190
* [13]wnpa-sec-2015-10
The TNEF dissector could go into an infinite loop. Discovered by
Vlad Tsyrklevich. ([14]Bug 11023) [15]CVE-2015-2191
* [16]wnpa-sec-2015-11
The SCSI OSD dissector could go into an infinite loop. Discovered
by Vlad Tsyrklevich. ([17]Bug 11024) [18]CVE-2015-2192
For more information see
https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The updated yp-tools fails on qemuarm:
/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5e-oe-linux-gnueabi/yp-tools/3.3-r0/yp-tools-3.3/lib/do_ypcall.c: In function 'do_ypcall_tr':
/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5e-oe-linux-gnueabi/yp-tools/3.3-r0/yp-tools-3.3/lib/do_ypcall.c:461:27:
error: cast increases required alignment of target type [-Werror=cast-align]
status = ypprot_err (((struct ypresp_val *) resp)->status);
http://errors.yoctoproject.org/Errors/Details/9221/
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Update to the latest stable NIS tools. The yp-tools libraries and headers
conflict with the RPC headers provided by glibc, so install them to a
different location. Systems that intend to build using the NIS-provided
versions will need to specify the alternate location, but that is covered
by pkg-config, so it should only be necessary to point pkg-config at the
alternate .pc file.
The older stable versions are suitable for IPv4-only setups, so keep them
around in case those are required for some systems.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Both yp-tools and ypbind-mt were out of date with their latest released
versions, so bump them up to current. Remove two dead patches at the same
time and reorganize the recipes to better follow the preferred OE style.
Finally, the new release includes a new version of the GPLv2 COPYING file,
with a significant amount of whitespace fixes, so update the license
checksum.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Typically the major-version-only link for shared libs are included in the
base package. Move the links into the base packages here, leaving the
un-versioned links in the -dev packages.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
configure: error: Header file pcap.h not found; if you installed libpcap
don't use pcap. Use the internal version.
And minor configure cleanups
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Directory /var/run/openvpn is required by service.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Use a better filename for the local copy of the
source.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The old ones are invalid.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed:
xmlto: Can't continue, xsltproc tool not found or not executable.
Makefile:20: recipe for target 'dnssec-configure.8' failed
make: *** [dnssec-configure.8] Error 3
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-01
The WCCP dissector could crash. ([2]Bug 10720, ws-buglink:10806)
CVE-2015-0559, CVE-2015-0560
* [3]wnpa-sec-2015-02
The LPP dissector could crash. ([4]Bug 10773)
CVE-2015-0561
* [5]wnpa-sec-2015-03
The DEC DNA Routing Protocol dissector could crash. ([6]Bug 10724)
CVE-2015-0562
* [7]wnpa-sec-2015-04
The SMTP dissector could crash. ([8]Bug 10823)
CVE-2015-0563
* wnpa-sec-2015-05
Wireshark could crash while decypting TLS/SSL sessions.
Discovered by Noam Rathaus.
CVE-2015-0564
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
busybox provides traceroute command and uses the default priority to
update-alternatives, if traceroute is not defined the priority, the
traceroute maybe link to busybox's
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Some updates for lksctp-tools:
* add ptest subpackage
* only blacklist lksctp-tools when gold ld is used. Refer to:
https://bugs.gentoo.org/show_bug.cgi?id=530318
* update licenses and add homepage.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The package includes a few data files. Despite the names,
these are very small databases only useful for running the
perl test scripts.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fix perl path in ntp-wait and calc_tickadj.
Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Also fix LICENSE to be "or any later version" (as specified in the
upstream source headers); both licenses apply so use &.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Newer automake compatibility fixed upstream, so drop patches.
* LIC_FILES_CHKSUM changed due to a trailing space being removed, no
actual change to the license text.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The ntp-utils package contains at least one perl-using script as well as
a supporting perl module, therefore we need a dependency on perl.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
After the upgrade to 4.2.8, ntp's configure process now uses a custom
script which looks at the host to determine what install locations it
should use. This resulted in the recipe working on some people's
machines and failing during do_install on others. Force it to use the
"redhat" configuration as this seems closest to what we used to be
using prior to the upgrade (this means that binaries are now back in
sbindir as they used to be).
Thanks to Philip Balister for reporting this.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Drivers and tools to support ATM networking under Linux
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
for update the IP geolocation databases
Signed-off-by: leimh <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
GeoIP app allow you to look up information about a given IP address.
Signed-off-by: leimh <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The sysroot/${libdir}/sendmail conflicts with lsb's, and it's a
symlink to ${bindir}/esmtp which is meaningless for sysroot, so
remove it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
dnssec-conf builds manpages using xmlto. Remove the raw manpages and add
a dependency on xmlto-native to support building the manapages from the
actual source.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Upgrade to 4.2.8 which fixes several security issues, including
CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296. For
more details please see:
https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A
* LIC_FILES_CHKSUM changed due to a number of copyright year and patch
list changes; nothing material about the license text changed.
* This version moves a number of binaries from sbindir to bindir;
there's supposed to be a configure option --with-locfile=legacy to use
the old layout but it does not seem to work. I guess we'll just have
to live with the change.
* Drop patches which are no longer applicable.
* Merge inc file into recipe; there were too many changes required to
the inc file in this version and it's unlikely it was much use split
out in any case.
* Move remaining files in files/ to ntp/
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
DNSSEC configuration and priming tool. Dnssec-conf includes a commandline
configuration client for Bind and Unbound, known DNSSEC keys, URL's to
official publication pages of keys, and harvested keys, as well a script
to harvest DNSKEY's from DNS.
Signed-off-by: Qian Lei <qianl.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The purpose of this patch as below.
1. upgrade openvpn to 2.3.6 in order to fix CVE-2014-8104
2. enable systemd
3. provide new packages named ${PN}-sample to help user create config file
easily and check whether is openvpn work.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Add a test to find libpcap if testdir/.. is a sysroot.
Upstream-Status: Pending
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
DRBD is a block device which is designed to build high availability
clusters.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The esmtp is not longer being maintained since 1.2,
but it's used at many distribution now such as Ubuntu trusty(14.04LTS).
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The previous do_install is empty and do nothing.
Tweak install doc dir, so the man doc could be installed to /usr/share/man
rather than /usr/locale/man.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The previous do_install is empty and do nothing.
Unset variables datadir and mandir, use pimd's default set.
So it could install doc files correctly.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed:
make[1]: *** No rule to make target '-lm', needed by 'traceroute'. Stop.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fix the service so that the ntpd daemon is run under ntp:ntp.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Acked-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This solves the following warning:
lib32-ntp-4.2.6p5: lib32-ntp: Files/directories were installed but not shipped
/lib/systemd/system/sntp.service [installed-vs-shipped]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
In the commit 'openvpn: use default iproute2 path', the configure flag
to explicitly set the iproute2 path was removed, since busybox now
provides the 'ip' applet at the default path. However, setting this
flag is necessary to bypass the configure-time check for /sbin/ip on the
host, which will otherwise fail if iproute2 is not installed on the
host. Add back the flag (pointing to the correct path), and add a
comment to describe why this is necessary.
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The default path of ntp drift file is /etc/ntp.drift, ntp daemon
maybe fails to create this file since the user ntp is not always
permitted to write /etc.
Refer to other distributions such as RedHat, Debian, just moving
the file to /var/lib/ntp which the home dir of user ntp.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This allows the base recipe and bbappends to reference persistent
mutable state such as a drift file.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Bashism:
possible bashism in memcached/etc/init.d/memcached line 40 (bash arrays, ${name[0|*|@]}):
if [ -r "${FILES[0]}" ]; then
possible bashism in memcached/etc/init.d/memcached line 42 (bash arrays, ${name[0|*|@]}):
for FILE in "${FILES[@]}";
possible bashism in memcached/etc/init.d/memcached line 53 (should be VAR="${VAR}foo"):
CONFIGS+=($NAME)
possible bashism in memcached/etc/init.d/memcached line 54 (should be 'b = a'):
elif [ "memcached_$2" == "$NAME" ];
possible bashism in memcached/etc/init.d/memcached line 62 (bash arrays, ${name[0|*|@]}):
if [ ${#CONFIGS[@]} == 0 ];
possible bashism in memcached/etc/init.d/memcached line 71 (bash arrays, ${name[0|*|@]}):
CONFIG_NUM=${#CONFIGS[@]}
possible bashism in memcached/etc/init.d/memcached line 72 ('((' should be '$(('):
for ((i=0; i < $CONFIG_NUM; i++)); do
possible bashism in memcached/etc/init.d/memcached line 73 (bash arrays, ${name[0|*|@]}):
NAME=${CONFIGS[${i}]}
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Bashism:
possible bashism in arptables/etc/init.d/arptables line 14 (should be '.', not 'source'):
source /etc/init.d/functions
possible bashism in arptables/etc/init.d/arptables line 96 ($"foo" should be eval_gettext "foo"):
echo $"Usage $0 {start|stop|restart|condrestart|save|status}"
Use "." to replace of "source", and change /bin/bash to /bin/sh, the
echo $"foo" works well in our busybox.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
tcpslice is a tool for extracting parts of a tcpdump packet trace,
so put it under tcpdump dir
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Refreshed lua.patch due to whitespace changes in top-level Makefile.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
While kernel is processing the UPDATE message which is sent from racoon,
it maybe interrupted by certain system signal and if this case happens,
kernel responds with an EINTR message to racoon and kernel fails to
establish the corresponding SA.
Fix this problem by resend the UPDATE message when EINTR(Interrupted
system call) error happens.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add knob to detect whether hugetlbfs are checked or not.
This patch fixed the error:
ld: cannot find -lhugetlbfs
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ntp checks for presence of sys/timepps.h to determine whether the kernel
supports the RFC 2783 KPPS interface. Under Linux the pps-tools package
installs this header. Without this feature the ATOM clock driver does
not work, and other drivers like NMEA have reduced precision. Remove
the feature non-determinism and increase ntpd capabilities by adding an
explicit dependency.
See: http://doc.ntp.org/4.2.6/kernpps.html
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The description in a previous patch to disable debugging is incorrect.
Although the option is default-enabled in configure.ac, configure does
respect the option that disables it.
In ntp 4.2.7 the option code is refactored to ntp_debug.m4 and has an
effect in sntp as well. Adding --disable-debugging to the top-level
configure options overrides the default for both 4.2.6 and 4.2.7 without
patching the distribution.
Make the selection explicit and configurable, but restore the historical
default. Absence of debugging capability in the server makes it
difficult to validate complex configurations.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* removed two patches which were already integrated in 5.2.0:
strongswan-4.3.3-5.1.1_asn1_unwrap.patch
strongswan-5.0.0-5.1.2_reject_child_sa.patch
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
1. uprev to 2.0.20
2. Update the license md5sum, since the address is changed in COPYING*:
From:
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
To:
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
1. uprev to 4.6.1
2. remove three obsolete patches
3. use PACKAGECONFIG, and the default value is ipv6 openssl
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The monlist feature in ntp_request.c in ntpd in NTP before
4.2.7p26 allows remote attackers to cause a denial of service
(traffic amplification) via forged (1) REQ_MON_GETLIST or
(2) REQ_MON_GETLIST_1 requests, as exploited in the wild
in December 2013.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
There is a problem in configure.ac file that whether or not
'--enable-debugging' is specified in configure cmdline, debugging
is always enabled.
We should disable ntp debugging by default.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The deprecated test code was no longer used, so remove it
to avoid compiling failure with -Werror=unused-function
...
| example21.cpp:51:8: error: 'size_t {anonymous}::readData(char*,
size_t, size_t)' defined but not used [-Werror=unused-function]
| size_t readData(char *buffer, size_t size, size_t nitems)
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove 0001-Fix-warning-with-gcc-4.8.patch, it has been in 0.8.2
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Patches really belong in the recipe, not the .inc, given patches are generally
version-bound.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
dnsmasq runs pkg-config to get cflags/libs for its dependencies.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
init script should be installed under /etc/init.d/, not /etc/rc.d/init.d
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The dnsmasq target depends on .configured and $(objs). .configured does an rm
-f *.o. Yet the only thing telling make to build the .configured target before
the $(objs) target was the order of the dependencies of the dnsmasq target. We
can't rely on that order when doing a paralllel make build, so add an explicit
rule to enforce that order.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Commit 6d781369 warranted a PE bump but didn't include it. Update it,
correct a typo in EXTRA_OECONF and explicitly disable c-ares resolver at
the same time.
Acked-by: Armin Kuster <akuster@mvista.com>
Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Minor tweaks to the README to make the email suggestion follow the format
used in other meta-openembedded README files and adding clarification on
building wireshark in a GUI environment.
Acked-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
strongSwan before 5.1.2 allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon crash) via a crafted
ID_DER_ASN1_DN ID payload.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This should address issues found in test-dependencies 2014-07-25
wireshark/wireshark/latest lost dependency on libcap libnl libnl-genl libnl-nf libnl-route portaudio-v19 sbc
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Inital wireshark support on gtk+, gtk3
* README with additional info
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Dead peer detection (DPD) is a method that network devices use to verify
the current existence and availability of other peer devices.
* NAT traversal (sometimes abbreviated as NAT-T) is a general term for
techniques that establish and maintain Internet protocol connections
traversing network address translation (NAT) gateways
Signed-off-by: Ting Liu <b28495@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
1. use PACKAGECONFIG
2. add three patches which will add the address check, to avoid SEGFAULT
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
it will lead to QA failure, since .debug dir can not be installed into dbg package
ERROR: QA Issue: non debug package contains .debug directory: openvpn path
/work/core2-64-wrs-linux/openvpn/2.3.4-r0/packages-split/openvpn/usr/lib64i
/openvpn/plugins/.debug/openvpn-plugin-down-root.so [debug-files]
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
- Added .bb for version 2.3.4.
- The download URL was broken; it's changed to reflect where the website
points to.
- Force use of iproute2, which is generally recommended when running
OpenVPN as an unprivileged user. Ref:
http://community.openvpn.net/openvpn/wiki/UnprivilegedUser
- Explicitly add libpam to DEPENDS if pam is enabled, and disable the
auth-pam plugin if pam is not enabled.
- Pass the path to the 'ip' utility to the configure script to keep it
from trying to find it on the host.
Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
1. update the patch tcpdump_configure_no_-O2.patch
2. do not check libdlpi dependence on cross-compile, or else it will
cause do_qa_configure to fail.
3. do not check libpcap dependence, since the libpcap has been added
into DEPENDS, or else it will cause do_qa_configure to fail
4. make the check of getaddrinfo work on cross-compile
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fixed SRC_URI:
* ${PN} -> ${BPN}, use ${BP} if it was ${PN}-${PV}
* ${P} -> ${BP}
Otherwise we would meet do_fetch errors when we do the multilib, native
or nativesdk build.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
memcached 1.4.15 has some configuration errors:
configure:5798: error: cannot run test program while cross compiling
Uprev has the needed fix for the configuration error and some other fixes.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* These recipes all use pkg-config in some way but were missing
dependencies on the tool, this patch adds them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
building rquota_xdr.c depends on a head file, which is generated
when building, so add the dependency to ensure the header file is
generated firstly.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
It needs autotools-brokensep, otherwise do_configure error:
cat: config/pthread.c: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
It needs autotools-brokensep, otherwise do_configure error:
LifetimeLibrary.cpp:1:49: fatal error: utilspp/singleton/SingletonHolder.hpp: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
It needs autotools-brokensep, otherwise do_compile error:
src/defines.h:5:18: fatal error: tcpr.h: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
It needs autotools-brokensep, otherwise do_install error:
make: *** No rule to make target `install'. Stop.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Common Information Model (CIM) is a model for describing overall
management information in a network or enterprise environment. CIM
consists of a specification and a schema. The specification defines the
details for integration with other management models. The schema
provides the actual model descriptions.
Signed-off-by: Yao Xinpan <yaoxp@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Do the patching in the do_patch phase instead of the compile
phase. That way if the compile phase needs to be rerun
patching isn't attempted a second time.
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Joe MacDonald <joe@deserted.net>
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass
authentication by rekeying an IKE_SA during (1) initiation or (2)
re-authentication, which triggers the IKE_SA state to be set to
established.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2338
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
FILES_${PN} is set to null in original .bb file, this would cause
ndisc6 main package is missing, then one build error will happen:
ERROR: ndisc6 not found in the base feeds (qemux86 i586 x86 noarch any all).
To fix this, need to set ALLOW_EMPTY_${PN} = "1".
Signed-off-by: Xudong.zhu <xudong.zhu@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
This patch properly uses the path variables and fixes ntptrace and
ntp-wait, just in case perl is not installed with the hardcode path.
Signed-off-by: Rahat Mahbub <rahat.mahbub@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Fixes a bug with libvirt and DHCP, which is fixed in 2.66.
"Handle the situation where libc headers define
SO_REUSEPORT, but the kernel in use doesn't, to cope with
the introduction of this option to Linux. Thanks to Rich
Felker for the bug report."
Signed-off-by: Christian Ziethén <Christian.Ziethen@enea.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
This fixes:
dovecot/dovecot/latest lost dependency on libcap
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Joe MacDonald <joe@deserted.net>
'--with-ssl=DIR' configure parameter expects the location of the
libraries and include files in the sysroot. This means the directory
containing the 'lib' and 'include' subdirectories, not the include
directory itself.
This fixes an error at configure time:
checking
<local-path>/tmp/sysroots/ccimx6adpt/usr/include/include/openssl/engine.h
usability... no
(notice duplicated include entry in above line)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
If ntp is built without libcap, it refuses to start with the following
message:
Starting ntpd: /usr/sbin/ntpd: The ``user'' option has been disabled -- built
without --enable-clockctl or --enable-linuxcaps
ntpd - NTP daemon program - Ver. 4.2.6p5
USAGE: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
By adding cap to the PACKAGECONFIG the default runs. In the
future, someone could add an option for using clockctl.
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Trying to build stunnel fails with:
ERROR 404: Not Found.
Seems that after the new release (5.x) they have moved the old tarball
under a 'archive/4.x' subdirectory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
...
./bootstrap: Bootstrapping from checked-out netcf sources...
./bootstrap: consider installing git-merge-changelog from gnulib
./bootstrap: line 641:
tmp/sysroots/qemux86/usr/share/gnulib/gnulib-tool: No such file or
directory
...
The gnulib source was incorrectly populated to ${STAGING_DATADIR}.
While the build shared an existed sstate cache, the gnulib's
${SYSROOT_DESTDIR} was empty, the gnulib source code was not
found in sysroots.
We should use do_install task to install them to ${D}, and the
default do_populate_sysroot task will populate them to
${STAGING_DATADIR}.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
The $(subdirs) contains all the dirs under the ${B}, and this one:
do_unpack[cleandirs] = "${S}/patches"
will create a "patches" dir, then there will be compile errors, filter
out the patches will fix the problem.
Note: poky doesn't have this problem since it separates the ${S} and
${B}
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
traceroute6 for the name is misleading and will interfere
with traceroute6 in iputils making an alternate link to
the traceroute6 binary, so we change the name to traceroute.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
We can remove all references to yywrap by adding "%option noyywrap" statements
to each flex source file which doesn't override yywrap. After this, we no longer
need to link against libfl and so no longer get errors about undefined
references to yylex.
Also change the dependency on flex to flex-native as we no longer need libfl
compiled for the target - the lexer is now self-contained.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Joe MacDonald <joe@deserted.net>
"--with-binsubdir" controls whether we use bin_PROGRAMS or
sbin_PROGRAMS while installing executable files in ntp
Makefile, in order to install all the relevant files in
/usr/sbin instead of /usr/bin, we can pass "--with-binsubdir=sbin"
in ntp configure cmdline.
Accordingly, updating the path for the files which are
contained in rpm packages.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Adding ntp:ntp(user:group) to system and running
ntpd dameon as ntp:ntp.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
* Add a patch to fix the function parameter.
* Add PACKAGECONFIG for optional packages instead of explicitly
disable, and set sqlite and curl as default.
* Remove the split package strongswan-plugins.
* Add configure option --without-lib-prefix so it doesn't
search for libraries in includedir and libdir to avoid QA error.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
The netcf downloaded gnulib source to ${S} at the configure time,
while the network disconnected, if sstate cache was cleaned, the
netcf rebuilding failed.
Added a new recipe named 'gnulib' to download gnulib source to
${GITDIR} and populate it to the staging data dir.
So netcf could specify this local directory where gnulib sources
reside to save the bandwidth downloading.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
update-alternatives.bbclass does not create the brctl symbolic links for
multilib, since the wrong use of PN generates
/usr/sbin/brctl.lib32-bridge-utils, not /usr/sbin/brctl.bridge-utils;
In fact, no need to rename brctl by calling mv, since update-alternatives
will handle it
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
