Fixes:
INFO: Skip package exfat-utils (status = UNKNOWN_BROKEN, current version = 1.3.0, next version = N/A)
After this commit:
INFO: Skip package exfat-utils (status = MATCH, current version = 1.3.0, next version = 1.3.0)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
python3-pygobject already in oe-core, previously,
we have python-pygobject in meta-oe, but recently, in order
to drop python2, we transfer python-pygobject to
python3-pygobject, so duplicated with oe-core, meantime,
this will cause test_signature failure when do yocto-check-layer
for layer meta-oe.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
macro-prefix-map points to build WORKDIR which will
cause reproducibilty failures.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version.h contains the configure options passed during the build
which differs between multilibs
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version.h contains the options passed to configure, which includes
the path to the recipe-sysroot on the build host.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update SRCREV to latest v2.1.0 and SRC_URI to reflect new Eclipse Foundation project location.
Signed-off-by: Mihai Tudor Panu <mihai.tudor.panu@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes:
INFO: Skip package cloc (status = UNKNOWN_BROKEN, current version = 1.84, next version = N/A)
After this commit:
INFO: Skip package cloc (status = MATCH, current version = 1.84, next version = 1.84)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package icewm (status = UNKNOWN_BROKEN, current version = 1.5.5, next version = N/A)
After this commit:
INFO: icewm, 1.5.5, 1.6.4, None, N/A
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package libstatgrab (status = UNKNOWN_BROKEN, current version = 0.92, next version = N/A)
After this commit:
INFO: Skip package libstatgrab (status = MATCH, current version = 0.92, next version = 0.92)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package uim (status = UNKNOWN_BROKEN, current version = 1.8.8, next version = N/A)
After this commit:
INFO: Skip package uim (status = MATCH, current version = 1.8.8, next version = 1.8.8)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package pugixml (status = UNKNOWN_BROKEN, current version = 1.10, next version = N/A)
After this commit:
INFO: Skip package pugixml (status = MATCH, current version = 1.10, next version = 1.10)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package jq (status = UNKNOWN_BROKEN, current version = 1.6, next version = N/A)
After this commit:
INFO: Skip package jq (status = MATCH, current version = 1.6, next version = 1.6)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package dbus-broker (status = UNKNOWN_BROKEN, current version = 21, next version = N/A)
After this commit:
INFO: dbus-broker, 21, 22, None, N/A
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package irssi (status = UNKNOWN_BROKEN, current version = 1.1.2, next version = N/A)
After this commit:
INFO: irssi, 1.1.2, 1.2.2, None, N/
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package czmq (status = UNKNOWN_BROKEN, current version = 4.2.0, next version = N/A)
After this commit:
INFO: Skip package czmq (status = MATCH, current version = 4.2.0, next version = 4.2.0)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package zeromq (status = UNKNOWN_BROKEN, current version = 4.3.2, next version = N/A)
After this commit:
INFO: Skip package zeromq (status = MATCH, current version = 4.3.2, next version = 4.3.2)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Fixes:
INFO: Skip package uriparser (status = UNKNOWN_BROKEN, current version = 0.9.3, next version = N/A)
After this commit:
INFO: Skip package uriparser (status = MATCH, current version = 0.9.3, next version = 0.9.3)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Backport the CVE patch from the upstream to fix the heap-based buffer
over-read in tiffWriter.
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Fix host-user-contaminated QA issues
- make clean is broken so mark it so
- Enable PIC in asm which fixes textrels issue
- Fix build on mips
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes
*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.19 but the autoconf macros are from gettext version 0.20
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts commit af22a7a46a.
The recipe is staying in OE-core.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Drop unused 0001-dlm-fix-package-qa-error.patch
- Merge appends into main task
- remove explicitly mentioning systemd in deps, systemd bbclass will add it
- Add a patch to fix install using cp cmd to preserve file permissions
Fixes
dlm: /usr/lib/libdlmcontrol.so.3 is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Reformat COPYING file
0.8.8 is a security release to especially address CVE-2019-14889.
Thins includes the following changes from the 0.8.4 version:
7850307 Bump version to 0.8.8
30c0f0c cpack: Ignore patch files and other stuff
b0edec4 CVE-2019-14889: scp: Quote location to be used on shell
391c78d CVE-2019-14889: scp: Don't allow file path longer than 32kb
2ba1dea CVE-2019-14889: misc: Add function to quote file names
82c375b CVE-2019-14889: scp: Log SCP warnings received from the server
4aea835 CVE-2019-14889: scp: Reformat scp.c
2fbeb2a gitlab-ci: Mips is dead
e981113 doc: Add a note about OpenSSL linking
3736a03 libcrypto: Add missing includes for modes.h
be73335 sftp: Document how to free memory retruned by sftp_canonicalize_path()
5298611 Bump version to 0.8.7
7a49ee5 cmake: Bump API version to 4.7.4
c842bc2 Remove SHA384 HMAC
8892577 Use constant time comparison function for HMAC comparison
ac7c64a pki_gcrypt: Include missing stdbool.h
47014eb pki: Fix size type for len in privatekey_string_to_buffer()
2223106 connect: Fix size type for i an j in ssh_select()
4af7736 connector: Fallback on the socket output callback
f4a0fcc connector: Don't NULL connector (in|out) channels on event remove
fa150ef options: Removed outdated param annotations of ssh_options_set()
810dbd3 config: Avoid buffer overflow
fa6aa12 tests/pkd: repro rsa-sha2-{256,512} negotiation bug
a4948f6 kex: honor client preference for rsa-sha2-{256,512} host key algorithms
e05e4ae pki_crypto: plug pki_signature_from_blob leaks
b6d2755 pki: NULL check pki_signature_from_rsa_blob result
e69fb89 pki_container_openssh: Add padding to be compatible with OpenSSH
f9beb3c gitlab-ci: Disable debian cross mips runner
bfc39d5 kex: List also the SHA2 extension when ordering hostkey algorithms
0acfd81 server: Correctly handle extensions
d028b24 dh: Make sure we do not access uninitialized memory
68fc17c Bump version to 0.8.6
d327712 Bump SO version to 4.7.3
fded1fb channels: Don't call ssh_channel_close() twice
a6e055c packet: Allow SSH2_MSG_EXT_INFO when authenticated
32221ea channels: Send close if we received a remote close
917ba07 channels: Reformat ssh_channel_free()
bcdbc11 channel: Add SSH_CHANNEL_FLAG_CLOSED_LOCAL
79289dc channel: Reformat ssh_channel_close()
45172a7 sftp: Do not overwrite errors set by channel functions
7b0c80b tests: Test calling ssh_init() after ssh_finalize()
d5bc9a1 libcrypto: Fix access violation in ssh_init()
80d3e10 tests: Verify that signatures are sane and can not be verified by non-matching key
455d495 pki: Sanitize input to verification
b1bae1d pki: Return default RSA key type for DIGEST_AUTO
ad4f1db pki: Verify the provided public key has expected type
5ffe695 pki: Sanity-check signature matches base key type
230a437 tests: Do not require base RSA type for SHA2 extension whitelist
1df272c packet_cb: Properly verify the signature type
c3a57fe pki: Separate signature extraction and verification
a238df2 pki: Set correct type for imported signatures
f5e8fa5 pki: Use self-explanatory variable names
0a07266 The largest ECDSA key has 521 bits
953eae8 pki_gcrypt: Do not abort on bad signature
1d5215a server: Do not send SSH_MSG_EXT_INFO after rekey
2d06a83 kex: Do not negotiate extensions during rekey
fd844ca tests: Verify setting NULL knownhosts does not crash
a106a00 options: Do not crash when setting knownhosts to NULL (T108)
d8372c3 gcrypt: Bugfix for very slow ecdh
9462105 socket: Add missing braces
fe0331c socket: Remove redundant code
709c48e socket: Fix potential buffer overrun
3d56bda pki: Fix typos in documentation
8b4de1c packet: Fix timeout on hostkey type mismatch instead of proper error
906f63b packets: Fix ssh_send_keepalive()
26ea4f0 COPYING: Reformat the last paragraph
3b46198 tests: Fix chroot_wrapper location
3de3494 tests: Ensure the ssh session fd is read-/writeable in torture_proxycommand
69cb3c5 knownhosts: Take StrictHostKeyChecking option into account
5102b16 crypto: Fix compilation for OpenSSL without deprecated APIs
dc071dc cmake: Refresh the CMake Config files
a8d4fba tests: Improve error reporting in auth test
56b7d2d tests: Typo -- the flags should be checked according to the comment
a4b99ee knownhosts: Make sure we have both knownhosts files ready
8a8498b client: Reformat comment
44b32e9 tests/pkd: Properly clean up memory
0590795 session: Drop unused structure member (SSHv1)
f11be32 misc: Properly check for errors returned from getpwuid_r()
a9be4ab misc: Reformat ssh_get_user_home_dir and ssh_file_readaccess_ok
273fb4c Bump version to 0.8.5
56f7c27 Bump SO version to 4.7.2
1285b37 doc: fix up various typos and trailing whitespace
b7de358 libcrypto: Fix memory leak in evp_final()
bea6393 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)
9158cc5 socket: Undouble socket fds
8ba10ef client: Send KEX as soon as banners are exchanged
2ff8a09 tests: Verify we can authenticate using ed25519 key
d52fa9a tests: Global known_hosts are used for host key verification
ec3fdb4 knownhosts: Consult also the global known hosts file
d877969 options: Set the global known_hosts file
b1a7bd2 tests: Verify the hostkey ordering for negotiation is correct
0831b85 tests: Generate valid known_hosts file, fixing the current test
34d1f5e tests: Verify the ecdsa key types are handled correctly
fcf2cd0 kex: Use all supported hostkey algorithms for negotiation
4a4ca44 kex: Honor more host key algorithms than the first one (ssh-ed25519)
17a6c3f knownhosts: Use the correct name for ECDSA keys for host key negotiation
e24bb93 tests: Do not trace sshd
5c2d444 tests: Add option tests for global and user specific known_hosts
9763563 options: Add support for getting the known_hosts locations
5f9d9f4 examples: Explicitly track auth state in samplesshd-kbdint
e8f3207 messages: Check that the requested service is 'ssh-connection'
e5cee20 server: Set correct state after sending INFO_REQUEST (Kbd Interactive)
63056d1 priv: Add ssize_t if not available with MSVC
09e4f3d packet: Add missing break in ssh_packet_incoming_filter()
4b886ac src: Fix typos
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use system brotli via PACKAGECONFIG by default. So far,
nodejs had been built using its embedded copy of brotli,
which we generally try to avoid, for the known reasons
(independent updates, cve & license checks, etc).
The nodejs patches to enable this have been submitted.
brotli is in meta-oe, so enabling this by default should
not be a problem.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
During the python3 / nodejs update, the dependencies weren't updated, so
using system-gyp ends up trying to use the python2 version of system-
gyp, which will of course fail.
Fixing this to depend on the python3 version of gyp still doesn't
doesn't make things work, though:
ERROR: nodejs-native-12.14.1-r0 do_configure: Execution of '.../nodejs-native/12.14.1-r0/temp/run.do_configure.26054' failed with exit code 1:
gyp: Error importing pymod_do_mainmodule (ForEachFormat): No module named 'ForEachFormat' while loading dependencies of .../nodejs-native/12.14.1-r0/node-v12.14.1/node.gyp while trying to load .../nodejs-native/12.14.1-r0/node-v12.14.1/node.gyp
Error running GYP
The reason is commit fff922afee6e ("deps,build: compute torque_outputs in v8.gyp")
in NodeJS v12, where they modified their bundled version of gyp to
become incompatible with the upstream version of gyp by adding extra /
unusual search paths to gyp.
Since I'm not sure how to deal with that when using system-gyp, and because
the original intention for using system-gyp was to make the previous nodejs
version compatible with python3 by ultimately switching to the python3 version
of system-gyp which isn't necessary anymore, and given nobody else seems to
be using this PACKAGECONFIG, just drop it.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nodejs (-native) can be built against a system-installed version of
the brotli libraries. Allow doing that by provide a -native version
of brotli.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* because sysdig from meta-oe depends on it now, since:
commit ed798c7643
Author: Khem Raj <raj.khem@gmail.com>
Date: Wed Jan 2 17:59:20 2019 -0800
sysdig: Upgrade to 0.26.5
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
