| Age | Commit message (Collapse) | Author |
|---|
|
CVE patches is already applied in v2.7
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
I goofed up the scissor line on the last attempt. Not sure how much it matters,
but here it is correct this time.
Here it is, updated to work with wpa-supplicant_2.6.bb.
-- >8 --
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
When building root filesystems with any of the wpa_supplicant systemd
template service files enabled (current default is to have them disabled) the
systemd-native-fake script would not process the line:
Alias=multi-user.target.wants/wpa_supplicant@%i.service
appropriately due the the use of "%i."
According to the systemd documentation "WantedBy=foo.service in a service
bar.service is mostly equivalent to Alias=foo.service.wants/bar.service in
the same file." However, this is not really the intended purpose of install
Aliases.
All lines of the form:
Alias=multi-user.target.wants/*%i.service
Were replaced with the following lines:
WantedBy=multi-user.target
Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After adding #pragma once to wrapper header ( opensslconf.h ) this
latent issue got to bite us, where it expect bn.h to be including
openssl.h to define BN_* defines, which is fragile. This patch removes
the contraints for nested includes for bn.h
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To avoid issue like below if run "bitbake lib32-core-image-minimal"
with series userspace packages(LAMP,krb5...) added.
Add multilib_script support for openssl's c_rehash which is a perl script.
Error: Transaction check error:
file /usr/bin/c_rehash conflicts between attempted installs of
lib32-openssl-bin-1.1.1-r0.armv7at2hf_neon and openssl-bin-1.1.1-r0.aarch64
Signed-off-by: Xulin Sun <xulin.sun@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit 85b76e52d206 "connman: update to 1.36" dropped
0001-inet-Add-prefixlen-to-iproute_default_function.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Oleksandr Kravchuk <dev@sashko.rv.ua>
Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit 7cb42ae87ef9 "dhcp: update 4.4.1" dropped
0008-tweak-to-support-external-bind.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit "c37207d0aca5 bind: update to ESV version 9.11.3" dropped
0001-build-use-pkg-config-to-find-libxml2.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix handling of escape characters in regexs and hence fix python
Deprecation warnings which will be problematic in python 3.8.
Note that some show up as:
"""
meta/classes/package.bbclass:1293: DeprecationWarning: invalid escape sequence \.
"""
where the problem isn't on 1293 in package.bbclass but in some _prepend to a
package.bbclass function in a different file like mesa.inc, often from
do_package_split() calls.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update the bluez5 init script to resolve an issue where the status
subcommand would exit without printing any message if bluez was not
running. The early exit was caused by the fact that the init script has
"set -e". When "pidof ${DAEMON} >/dev/null" is executed, the script
terminates immediately if bluez isn't running because pidof returns a
non-zero result. The fixed version does not suffer from this issue and
makes use of the "status" function from the functions library.
Signed-off-by: David Frey <dpfrey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They work well now.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
* Redefine the reference path of libnfs.a to
../support/nfs/.libs/libnfs.a to fix below
error when run "make -C tests statdb_dump".
| make: *** No rule to make target '../support/nfs/libnfs.a', needed by 'statdb_dump'. Stop.
| make: *** No rule to make target '../../support/nfs/libnfs.a', needed by 'nsm_client'. Stop.
* The function generic_make_pathname is introduced in
nfs-utils 2.3.1.
Add the source file which defines function generic_make_pathname to
libnsm_a_SOURCES of libnsm.a to fix the undefined reference
when run "make -C tests statdb_dump"
| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname':
| /usr/src/debug/nfs-utils/2.3.1-r0/nfs-utils-2.3.1/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
| /usr/src/debug/nfs-utils/2.3.1-r0/nfs-utils-2.3.1/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
| /usr/src/debug/nfs-utils/2.3.1-r0/nfs-utils-2.3.1/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames':
| /usr/src/debug/nfs-utils/2.3.1-r0/nfs-utils-2.3.1/support/nsm/file.c:280: undefined reference to `generic_setup_basedir'
| collect2: error: ld returned 1 exit status
* After the logic of commit[dbb643e Removed missing-prototypes warnings.]
introduced, there comes below error when run
"make -C tests/nsm_client nsm_client"
| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes]
It is because rpcgen doesn't generate -Wmissing-prototypes
free code for nlm_sm_inter_svc.c with below logic
in tests/nsm_client/Makefile.am
[snip]
GENFILES_SVC = nlm_sm_inter_svc.c
[snip]
$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN)
test -f $@ && rm -rf $@ || true
$(RPCGEN) -m -o $@ $<
So add the patch to not fatalize -Wmissing-prototypes.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was change to git recently to obtain openssl 1.1 compatible pre-release code
(before 7.9 was out), however tarballs are preferred, and with them upstream version
checks work (openssh uses a weird git tag scheme).
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* For changes, see:
https://www.tcpdump.org/libpcap-changes.txt
* Merge inc and bb and remove unnecessary flags.
* Remove all patches, they have either been upstreamed or fixed
differently.
* Compilation with bluez5 works just fine, enable it and remove bluez4
config.
* Backport a commit to fix musl builds.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The current iw4.14 has a fatal bug that could casue a Segmentation fault
when parsing WEP keys. The issue has been fixed by upstream.
[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed:
cp ../bluez-5.50/tools/hid2hci.rules tools/97-hid2hci.rules
cp: cannot create regular file tools/97-hid2hci.rules: No such file or directory
make[1]: *** [tools/97-hid2hci.rules] Error 1
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These warnings are intricate and we can ignore that for now as they are
being found by gcc 9, eventually this should be not needed when code
upstream is fixed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This code is written for elfv1 ABI in mind and linked as such: disable
all optimizations at the moment when building for powerpc64 with musl.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When built without D-Bus, libavahi-client is not build:
Building libavahi-client: no (You need avahi-daemon and D-Bus!)
which causes avahi-dev RDEPENDS failing when creating an image
containing development-tools:
* - nothing provides libavahi-client = 0.7-r0 needed by avahi-dev-0.7-r0.cortexa8hf-neon
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In case of SDK generation, /usr/bin/ path are not correct
and must be replaced by ${bindir}.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
enhance the musl-only patch to degrade certain Werros into Warnings
which helps in compiling on musl, since its checking for __GLIBC__
defines which are undefined on musl.
fix build on x32 ABI
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This file contains CC, CPP, CFLAGS, CXXFLAGS and the like.
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
According to both the README and source headers, the LICENSE value for
socat is explicitly GPLv2, not v2 or later, so adjust LICENSE
accordingly (leaving aside whether "GPL-2.0+-with-OpenSSL-exception"
should actually be considered a valid LICENSE string or not).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Whether the AFALG engine (use of hardware crypto via AF_ALG) is enable or
disable depends on whether the host kernel is 4.1 or above, which has no bearing
on whether the target system supports it.
Remove the complicated logic and simply enable/disable as requested.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To aid debugging configure, dump the configdata in do_configure.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Introduced at or before 5.50.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The openssl build system generates buildinf.h containing the full
compiler command line used to compile objects. This breaks
reproducibility, as the compile command is baked into libcrypto, where
it is used when running `openssl version -f`.
Add stripped build variables for the compiler and cflags lines, and use
those when generating buildinfo.h.
This is based on a similar patch for older openssl versions:
https://patchwork.openembedded.org/patch/147229/
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- updated connman to v1.36
- removed mainstreamed patches
- includes.patch has been rabased and transformed into git format
Signed-off-by: Oleksandr Kravchuk <dev@sashko.rv.ua>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
includes:
CVE-2018-5738
drop patch for CVE-2018-5740 now included in update
see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
Add RECIPE_NO_UPDATE_REASON for lts
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
see: https://lwn.net/Articles/768991/
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2018-0735 for openssl 1.1.1.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches to fix CVE-2018-0734 for both openssl 1.0.2p and 1.1.1
versions.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
OpenSSL supports out-of-tree builds so we should use them. This makes builds
more reliable, and makes it easier to reduce the size of the ptest package.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previously the ptest installation was simply a copy of the entire build tree,
which is terribly ugly.
Instead copy just the pieces we need, symlink to /usr as appropriate, and add
missing dependencies. Remove PRIVATE_LIBS as we don't ship copies of the
libraries now.
Also remember to do 'set -x' in run-ptest, so if the tests fail the runner
knows!
[ YOCTO #12965 ]
[ YOCTO #12967 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use dhcpd6.conf for DHCP IPv6 and dhpcd.conf for DHCP IPv4.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The comment here stated that openssl is dual-licensed, but that would
mean that either of the two licenses could be used which is *not* the
case [1]. However LICENSE = "openssl" *is* correct because in OE that
maps to a generic license file which includes both licenses, which
makes sense because there isn't really any such thing as OpenSSL that
would be covered by the "OpenSSL license" and not the "SSLeay license".
Correct the comment to avoid any confusion.
[1] https://www.openssl.org/source/license.html
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The generated key file should try to have bind group so that if
the named daemon is started via '-u bind' option, which is the
default in OE core, we will not get startup failure because of
'permission denied' error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. The building openssl requires to install perl Text::Template module(>=1.46),
but Text::Template is a non core Perl module, openssl chooses to bundle
Text::Template 1.46 into the source, for convenience.
https://github.com/openssl/openssl/commit/8ff2af548303d311ce3591406111f77862875a60
2. While Text::Template < 1.46, the produced build files are gravely faulty.
https://github.com/openssl/openssl/pull/6682
3. If host has installed Text::Template < 1.46 (such as CentOS-7.5 has Text::
Template 1.45). The mismatched old module was used although the right one in
openssl source.
So set PERL5LIB to use deterministic perl Text::Template module bundled
by openssl source and ignore the one of host
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These patches are all upstream now, so mark as Backport.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The upstreamable include-tweaking patches contained fragments that should be in
the not-upstreamable musl-specific res_ninit replacement, so move them to the
right patch.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The case in ptest use `nm -Pg libcrypto.so' to check symbol presence,
if library is stripped or debug split, the case will fail.
The test case needs debug symbols then we just disable that test.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It adds ${libdir} to linker options in scripts bind9-config and
isc-config.sh. And then causes install file conflicts when install bind
andl ib32-bind both.
Inherit multilib_script.bbclass to fix this issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Changhyeok Bae
Joshua DeWeese
Khem Raj
Xulin Sun
Ruslan Bilovol
Alexander Kanavin
Richard Purdie
David Frey
Robert Yang
Mingli Yu
Anuj Mittal
Liu Haitao
Serhey Popovych
Jens Rehsack
Christophe PRIOUZEAU
Douglas Royds
Paul Eggleton
Ross Burton
Peter A. Bigot
Martin Hundebøll
Olekandr Kravchuk
Armin Kuster
Kai Kang
Yi Zhao
Chen Qi
Hongxu Jia