summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-confHannu Lounento2020-07-081-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some openssl command line operations like creating an X.509 CSR require the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes -keyout my.key Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory 140289168594176:error:02001002:system library:fopen:No such file or directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r') 140289168594176:error:2006D080:BIO routines:BIO_new_file:no such file:../openssl-1.1.1g/crypto/bio/bss_file.c:76: which is the case e.g. in core-image-minimal with just the package openssl-bin added to the image by declaring IMAGE_INSTALL_append = " openssl-bin" e.g. in local.conf. The file did not exist in the aforementioned image / configuration because it was packaged to the main openssl package FILES_${PN} =+ "${libdir}/ssl-1.1/*" (there is no other FILES specification that would match the file either) and path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm [...] /usr/lib/ssl-1.1/openssl.cnf [...] Hence move /usr/lib/ssl-1.1/openssl.cnf (and openssl.cnf.dist as it seems closely related) to the ${PN}-conf package to have it installed with ${PN}-bin, which already (indirectly) depends on ${PN}-conf. Note that the openssl recipe has the comment Add the openssl.cnf file to the openssl-conf package. Make the libcrypto package RRECOMMENDS on this package. This will enable the configuration file to be installed for both the openssl-bin package and the libcrypto package since the openssl-bin package depends on the libcrypto package. but openssl-conf only contained /etc/ssl/openssl.cnf path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm /etc /etc/ssl /etc/ssl/openssl.cnf /usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to ../../../etc/ssl/openssl.cnf. Other files and directories in /usr/lib/ssl-1.1/ were considered as well because they seem to be configuration files and / or related to (symlinks pointing to) /etc. They were not moved though, because based on our use case and testing moving the openssl.cnf symlink is sufficient for fixing the immediate problem and we lack knowledge about the other files in order to make a decision to change their packaging. Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: upgrade 2.4.3 -> 2.5.1Andreas Müller2020-06-282-50/+9
| | | | | | | | | | | * cacheio was fixed upstream slightly different * nfsdclnts is a python3 script for printing various nfs client information pack it in ${PN}-stats * replace leading spaces by tabs in shell tasks * remove SRC_URI[md5sum] Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libuv: update to the last version in meta-oeakuster2020-06-281-1/+1
| | | | | | | | | | | | Looks like I forgot to update the contrib branch. This is a squished set of these changes: https://git.openembedded.org/meta-openembedded/commit/?id=e03b48481438c747322f07ac1e1f04add541ffac https://git.openembedded.org/meta-openembedded/commit/?id=9b61f412d36b390f8d71ad1fb5875f5f6e32fd8a https://git.openembedded.org/meta-openembedded/commit/?id=644ea1ee145902b00e4e66856ebe8d8800dfc1f0 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Security fix CVE-2020-12695Armin Kuster2020-06-284-1/+267
| | | | | | | | | | Source: http://w1.fi/security/ Disposition: Backport from http://w1.fi/security/2020-1/ Affects <= 2.9 wpa-supplicant Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libuv: move from meta-oe to core for bind updateArmin Kuster2020-06-231-0/+19
| | | | | Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.19akuster2020-06-163-240/+2
| | | | | | | | | | | | | | Bug fix only updates. suitable for Stable branch updates where applicable. Drop CVE patches included in update LIC_FILES_CHKSUM update copyright year to 2020 Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Don't inherit 'features_check' in recipes that don't utilize itJacob Kroon2020-06-121-1/+1
| | | | | Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi-dnsconfd: rdepends on avahi-daemonKai Kang2020-06-101-0/+1
| | | | | | | | | Systemd service avahi-dnsconfd.service requires avahi-daemon.socket and avahi-daemon.service which are from avahi-daemon. So make avahi-dnsconfd rdepends on avahi-daemon. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: remove service templates from SYSTEMD_SERVICEKai Kang2020-06-081-3/+3
| | | | | | | | | Remove service templates wpa_supplicant-nl80211@.service and wpa_supplicant-wired@.service from SYSTEMD_SERVICE that they should NOT be started/stopped by calling 'systemctl' in postinst and prerm scripts. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: upgrade 5.6.0 -> 5.7.0Alexander Kanavin2020-06-082-3/+26
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: update 2.4.7 -> 2.4.8Alexander Kanavin2020-06-038-570/+78
| | | | | | | | | | | Drop patches: 0001-ppp-Fix-compilation-errors-in-Makefile.patch - issue fixed upstream 0001-pppoe-include-netinet-in.h-before-linux-in.h.patch - backport cifdefroute.patch - superseded by new default route metric option ppp-2.4.7-DES-openssl.patch - openssl support added upstream Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 8.2p1 -> 8.3p1Alex Kiernan2020-06-031-2/+1
| | | | | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix CVE-2020-8616/7Lee Chee Yang2020-05-273-0/+237
| | | | | | | fix CVE-2020-8616 and CVE-2020-8617 Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: upgrade 5.5.0 -> 5.6.0Wang Mingyu2020-05-241-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: Don't advertise example services by defaultPaul Barker2020-05-221-0/+5
| | | | | | | | | | | | | The example service files are placed into /etc/avahi/services when we run `make install` for avahi. This results in ssh and sftp-ssh services being announced by default even if no ssh server is installed in an image. These example files should be moved away to another location such as /usr/share/doc/avahi (taking inspiration from Arch Linux). Signed-off-by: Paul Barker <pbarker@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: Remove -fcommonAdrian Bunk2020-05-141-1/+1
| | | | | | | This was fixed in upstream version 5.5.0. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: Cover gtk packageconfig with x11/wayland distro featuresKhem Raj2020-05-091-1/+1
| | | | | | | This ensures that avahi can compile for EGLFS distros (headless) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Include vpn-script in FILESAlejandro Hernandez2020-05-091-1/+2
| | | | | | | | | When vpnc support is included through PACKAGECONFIG, there is now an extra vpn-script coming after the atest upgrade, include that script into FILES so it gets packaged. Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: update to 0.8Alexander Kanavin2020-05-072-59/+9
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: merge avahi-ui into the main recipeAlexander Kanavin2020-05-073-143/+95
| | | | | | | | | | | The split was building the same code twice, awkward to maintain, and causing issues with upgrades. Disabling the gtk bits can be easily done through the standard PACKAGECONFIG mechanism when needed. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Remove remaining INC_PR variablesRichard Purdie2020-05-071-2/+0
| | | | | | | | | | | | Most of these were unused, remaining in the inc files long after the PR values were removed from the recipes. The only two which did anything wre in xorg-font and for those, bump PR by hand and remove the INC_PR to clean up all references. This kind of change is much better handled by PRServ now. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: update to 1.38Alexander Kanavin2020-05-055-62/+26
| | | | | | | Drop a patch merged upstream. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade 1.1.1f -> 1.1.1gJan Luebbe2020-05-021-1/+1
| | | | | | | This also fixes CVE-2020-1967. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Move sshdgenkeys.service to sshd.socketAlex Kiernan2020-04-262-2/+1
| | | | | | | | | sshd.socket launches the templated sshd@.service, so by moving the sshdgenkeys.service to sshd.socket, key generation can start in advance of a connection. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "dhclient: not always skip the nfsroot interface"Mingli Yu2020-04-071-25/+1
| | | | | | | | | | | | | | | | | | | This reverts commit[27aec88 dhclient: not always skip the nfsroot interface] which used to address the IP address renew issue when boot a system in a nfsroot fs and altogether boot with ip=dhcp. But reported by some tester, the above commit introduces below issue when run ltp test on a nfsroot system which boot with ip=dhcp: nfs: server 192.168.100.1 not responding, still trying nfs: server 192.168.100.1 not responding, still trying [snip] So revert the above commit now to avoid blocking test. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: add RDEPENDS for dhcp-clientMingli Yu2020-04-021-0/+1
| | | | | | | | | | | Add iproute2 RDEPENDS for dhcp-client as /sbin/dhclient-systemd-wrapper which called by dhclient.service depends on ip command which provided by iproute2 package when systemd enabled in DISTRO_FEATURES. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhclient: not always skip the nfsroot interfaceMingli Yu2020-04-021-1/+25
| | | | | | | | | | Don't skip the nfsroot interface when use dhcp to get the address for nfsroot interface as the nfsroot interface may need dhclient to renew the lease. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* inetutils: Use alternatives to avoid manpage conflictOvidiu Panait2020-04-011-1/+5
| | | | | | | | | | | | | Fix the following manpage conflicts: * check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man1/tftp.1 But that file is already provided by package * tftp-hpa-doc * check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man8/tftpd.8 But that file is already provided by package * tftp-hpa-doc * check_data_file_clashes: Package netkit-telnet-doc wants to install file /usr/share/man/man8/telnetd.8 But that file is already provided by package * inetutils-doc Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update to 1.1.1fAlexander Kanavin2020-04-011-1/+1
| | | | | | | | This also un-breaks python3 ptest which got broken with 1.1.1e update. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: add LICENSE for individual packagesMatthew2020-03-291-0/+10
| | | | | | | | | | | Fixes [YOCTO #13609] avahi_0.7.bb defines 9 PACKAGES. However, avahi.inc generically sets LICENSE to "GPLv2+ & LGPLv2.1+". The library specific packages should be LGPLv2.1+ only. Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: fix do_package error when enable PACKAGECONFIG[nfsv4]Yi Zhao2020-03-231-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: ERROR: nfs-utils-2.4.3-r0 do_package: QA Issue: nfs-utils: Files/directories were installed but not shipped in any package: /usr/lib/libnfsidmap/nsswitch.so /usr/lib/libnfsidmap/static.so Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. nfs-utils: 2 installed and not shipped files. [installed-vs-shipped] Add rdep on python3-core for PACKAGECONFIG[nfsv4] to fix: ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/clddb-tool contained in package nfs-utils requires /usr/bin/python3, but no providers found in RDEPENDS_nfs-utils? [file-rdeps] Add rdep on libdevmapper for PACKAGECONFIG[nfsv41] to fix: ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/blkmapd contained in package nfs-utils requires libdevmapper.so.1.02()(64bit), but no providers found in RDEPENDS_nfs-utils? [file-rdeps] Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.1.1d -> 1.1.1eAdrian Bunk2020-03-232-761/+1
| | | | | | | Backported patch removed. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade 5.53 -> 5.54Wang Mingyu2020-03-214-182/+2
| | | | | | | | | CVE-2020-0556-1.patch CVE-2020-0556-2.patch removed since they are included in 5.54 Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez: fix CVE-2020-0556Anuj Mittal2020-03-133-0/+180
| | | | | | | | | | | | | | It was discovered that BlueZ's HID and HOGP profiles implementations don't specifically require bonding between the device and the host. This creates an opportunity for an malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix perl shebang in c_rehashMartin Jansa2020-03-081-1/+1
| | | | | | | | | | | | | | | | | | | | | * passing PERL=perl breaks c_rehash calls from dash (works fine with bash) dash doesn't like #!perl shebang PERL="/usr/bin/env perl" unfortunately just passing PERL like this doesn't pass do_configure: Creating Makefile sh: 1: /usr/bin/env perl: not found WARNING: exit code 1 from a shell command. But passing it as: HASHBANGPERL="/usr/bin/env perl" PERL=perl seems to work. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: recommend cryptodev-module for corresponding PACKAGECONFIGDenys Dmytriyenko2020-03-081-1/+1
| | | | | Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: pass PERL=perl environment variable to configuratorRuslan Bilovol2020-03-061-1/+1
| | | | | | | | | | | | | | | | | | | | In our build environment we use wrapper script for perl in non-standard configuration with extra variables set (provided by custom buildtools-tarball). In this case openssl fails to build because by default it's Configure script detects and uses perl executable directly (with absolute path) obviously missing extra settings from wrapper script. Pass PERL=perl environment variable to Configure, so it won't try to use perl executable directly but will use what is provided from environment. Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade 5.52 -> 5.53Anuj Mittal2020-02-211-2/+2
| | | | | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: upgrade 2.4.2 -> 2.4.3Wang Mingyu2020-02-213-47/+10
| | | | | | | | | | | 0001-Don-t-build-tools-with-CC_FOR_BUILD.patch Removed since it is included in 2.4.3. refresh the following patch: 0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: add devlink support to iproute2Scott Branden2020-02-211-11/+23
| | | | | | | Add devlink support to iproute2 recipe. Signed-off-by: Scott Branden <scott.branden@broadcom.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 8.1p1 -> 8.2p1Alex Kiernan2020-02-154-123/+2
| | | | | | | | | | | Drop backports from upstream: 0001-Manually-applied-upstream-fix-for-openssh-test.patch 0001-seccomp-Allow-clock_gettime64-in-sandbox.patch openssh-8.1p1-seccomp-nanosleep.patch Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: add mulitlib_header for platform.hJeremy A. Puhlman2020-02-151-1/+3
| | | | | Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: Security fix CVE-2020-8597Yi Zhao2020-02-142-0/+48
| | | | | | | | | | | | | | CVE-2020-8597: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. References: https://nvd.nist.gov/vuln/detail/CVE-2020-8597 Patch from: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: upgrade 4.4.1 -> 4.4.2Wang Mingyu2020-02-084-153/+6
| | | | | | | | | | | | 0001-Fix-a-NSUPDATE-compiling-issue.patch 0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch Removed since they are included in 4.4.2. refresh the following patch: 0004-Fix-out-of-tree-builds.patch Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix reproducibility issueRichard Purdie2020-02-082-0/+33
| | | | | | | | | There was a build architecture leaking into the target ptest which could vary depending upon host. Remove it as its cosmetic. [YOCTO #13770] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* socat: upgrade 1.7.3.3 -> 1.7.3.4Alexander Kanavin2020-02-031-2/+2
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iw: upgrade 5.3 -> 5.4Changhyeok Bae2020-02-022-10/+18
| | | | | Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: upgrade 5.3.0 -> 5.5.0Changhyeok Bae2020-02-021-2/+2
| | | | | Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: add PACKAGECONFIG for the commandline clientRoss Burton2020-01-271-5/+3
| | | | | | | | | | The client depends on readline which is GPLv3. Add a PACKAGECONFIG so users who don't need the client and are against GPLv3 can disable it. Also remove the explicit installation of the client in do_install_append, as the Makefile installs it now. Signed-off-by: Ross Burton <ross.burton@intel.com>
* openssh: explicitly skip unit testsAlexander Kanavin2020-01-211-0/+1
| | | | | | | | | These tests are already implicitly excluded by not being built. This change avoids a confusing failure-but-not-really printed by run-ptest. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>