| Age | Commit message (Collapse) | Author |
|---|
|
A directory can be specified in SRC_URI, there is no need to use
globbing. This means that the files are checksummed correctly and
the recipe rebuilds when the files change as globbing breaks that.
We're about to remove the use of globbing in SRC_URI so improve these.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: isc.org
MR: 105232, 105246, 105260
Type: Security Fix
Disposition: Backport from https://www.isc.org/bind/
ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366
Description:
Bug fix only update
Three CVE fixes
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
For more information see: https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.pdf
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With systemd v246 the syslog target now generates a warning (and has
been deprecated for some time). Drop the target and allow the default to
take effect.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With systemd v246 the syslog target now generates a warning (and has
been deprecated for some time). Drop the target and allow the default to
take effect.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes errors like
telnetd/state.c:69: multiple definition of `not42'; utility.o:/usr/src/debug/inetutils/1.9.4-r0/build/telnetd/../../inetutils-1.9.4/telnetd/utility.c:66: first defined here
| clang-11: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This ensures -fcommon is still used when compiler defaults to
-fno-common in gcc10 and clang11
Fixes
dhcp-4.4.2/server/mdb.c:70: multiple definition of `dhcp_type_host'; dhcpd-omapi.o:/usr/src/debug/dhcp/4.4.2-r0/dhcp-4.4.2/server/omapi.c:50: first defined here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed:
$ dnf install openssl-bin
$ openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes -batch
Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nfs-utils configure searches for rpcgen tool only in default locations:
"/usr/local/bin/rpcgen /usr/bin/rpcgen /bin/rpcgen".
On some of our build machines the rpcgen is not present there and
configure fails:
| configure: error: Please install rpcgen or use --with-rpcgen
HOSTTOOLS_DIR already contains a correct pointer to host rpcgen tool, so
use it from there.
Signed-off-by: Taras Kondratiuk <takondra@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
According to the PACKAGES variable, LICENSE_avahi-client is misspelled.
Additionally, the libavahi-client package actually only includes
LGPLv2.1+ software (as opposed to the global LICENSE variable).
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some openssl command line operations like creating an X.509 CSR require
the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't
root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes -keyout my.key
Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory
140289168594176:error:02001002:system library:fopen:No such file or directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r')
140289168594176:error:2006D080:BIO routines:BIO_new_file:no such file:../openssl-1.1.1g/crypto/bio/bss_file.c:76:
which is the case e.g. in core-image-minimal with just the
package openssl-bin added to the image by declaring
IMAGE_INSTALL_append = " openssl-bin"
e.g. in local.conf.
The file did not exist in the aforementioned image / configuration
because it was packaged to the main openssl package
FILES_${PN} =+ "${libdir}/ssl-1.1/*"
(there is no other FILES specification that would match the file either)
and
path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm
[...]
/usr/lib/ssl-1.1/openssl.cnf
[...]
Hence move /usr/lib/ssl-1.1/openssl.cnf (and openssl.cnf.dist as it
seems closely related) to the ${PN}-conf package to have it installed
with ${PN}-bin, which already (indirectly) depends on ${PN}-conf.
Note that the openssl recipe has the comment
Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
package RRECOMMENDS on this package. This will enable the configuration
file to be installed for both the openssl-bin package and the libcrypto
package since the openssl-bin package depends on the libcrypto package.
but openssl-conf only contained /etc/ssl/openssl.cnf
path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm
/etc
/etc/ssl
/etc/ssl/openssl.cnf
/usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to
../../../etc/ssl/openssl.cnf.
Other files and directories in /usr/lib/ssl-1.1/ were considered as well
because they seem to be configuration files and / or related to
(symlinks pointing to) /etc. They were not moved though, because based
on our use case and testing moving the openssl.cnf symlink is sufficient
for fixing the immediate problem and we lack knowledge about the other
files in order to make a decision to change their packaging.
Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* cacheio was fixed upstream slightly different
* nfsdclnts is a python3 script for printing various nfs client information
pack it in ${PN}-stats
* replace leading spaces by tabs in shell tasks
* remove SRC_URI[md5sum]
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Looks like I forgot to update the contrib branch.
This is a squished set of these changes:
https://git.openembedded.org/meta-openembedded/commit/?id=e03b48481438c747322f07ac1e1f04add541ffac
https://git.openembedded.org/meta-openembedded/commit/?id=9b61f412d36b390f8d71ad1fb5875f5f6e32fd8a
https://git.openembedded.org/meta-openembedded/commit/?id=644ea1ee145902b00e4e66856ebe8d8800dfc1f0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: http://w1.fi/security/
Disposition: Backport from http://w1.fi/security/2020-1/
Affects <= 2.9 wpa-supplicant
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fix only updates.
suitable for Stable branch updates where applicable.
Drop CVE patches included in update
LIC_FILES_CHKSUM update copyright year to 2020
Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Systemd service avahi-dnsconfd.service requires avahi-daemon.socket
and avahi-daemon.service which are from avahi-daemon. So make
avahi-dnsconfd rdepends on avahi-daemon.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove service templates wpa_supplicant-nl80211@.service and
wpa_supplicant-wired@.service from SYSTEMD_SERVICE that they should NOT
be started/stopped by calling 'systemctl' in postinst and prerm scripts.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop patches:
0001-ppp-Fix-compilation-errors-in-Makefile.patch - issue fixed upstream
0001-pppoe-include-netinet-in.h-before-linux-in.h.patch - backport
cifdefroute.patch - superseded by new default route metric option
ppp-2.4.7-DES-openssl.patch - openssl support added upstream
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
fix CVE-2020-8616 and CVE-2020-8617
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The example service files are placed into /etc/avahi/services when we
run `make install` for avahi. This results in ssh and sftp-ssh services
being announced by default even if no ssh server is installed in an
image.
These example files should be moved away to another location such as
/usr/share/doc/avahi (taking inspiration from Arch Linux).
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was fixed in upstream version 5.5.0.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This ensures that avahi can compile for EGLFS distros (headless)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When vpnc support is included through PACKAGECONFIG, there
is now an extra vpn-script coming after the atest upgrade,
include that script into FILES so it gets packaged.
Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The split was building the same code twice, awkward to maintain,
and causing issues with upgrades.
Disabling the gtk bits can be easily done through the standard
PACKAGECONFIG mechanism when needed.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Most of these were unused, remaining in the inc files long after the
PR values were removed from the recipes.
The only two which did anything wre in xorg-font and for those,
bump PR by hand and remove the INC_PR to clean up all references.
This kind of change is much better handled by PRServ now.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop a patch merged upstream.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This also fixes CVE-2020-1967.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
sshd.socket launches the templated sshd@.service, so by moving the
sshdgenkeys.service to sshd.socket, key generation can start in advance
of a connection.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit[27aec88 dhclient: not always skip
the nfsroot interface] which used to address the IP
address renew issue when boot a system in a nfsroot fs
and altogether boot with ip=dhcp.
But reported by some tester, the above commit introduces
below issue when run ltp test on a nfsroot system which
boot with ip=dhcp:
nfs: server 192.168.100.1 not responding, still trying
nfs: server 192.168.100.1 not responding, still trying
[snip]
So revert the above commit now to avoid blocking test.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add iproute2 RDEPENDS for dhcp-client as
/sbin/dhclient-systemd-wrapper which called
by dhclient.service depends on ip command which
provided by iproute2 package when systemd enabled
in DISTRO_FEATURES.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Don't skip the nfsroot interface when use dhcp
to get the address for nfsroot interface as the
nfsroot interface may need dhclient to renew
the lease.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the following manpage conflicts:
* check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man1/tftp.1
But that file is already provided by package * tftp-hpa-doc
* check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man8/tftpd.8
But that file is already provided by package * tftp-hpa-doc
* check_data_file_clashes: Package netkit-telnet-doc wants to install file /usr/share/man/man8/telnetd.8
But that file is already provided by package * inetutils-doc
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This also un-breaks python3 ptest which got broken
with 1.1.1e update.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes [YOCTO #13609]
avahi_0.7.bb defines 9 PACKAGES. However, avahi.inc generically sets
LICENSE to "GPLv2+ & LGPLv2.1+". The library specific
packages should be LGPLv2.1+ only.
Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes:
ERROR: nfs-utils-2.4.3-r0 do_package: QA Issue: nfs-utils:
Files/directories were installed but not shipped in any package:
/usr/lib/libnfsidmap/nsswitch.so
/usr/lib/libnfsidmap/static.so
Please set FILES such that these items are packaged. Alternatively if
they are unneeded, avoid installing them or delete them within do_install.
nfs-utils: 2 installed and not shipped files. [installed-vs-shipped]
Add rdep on python3-core for PACKAGECONFIG[nfsv4] to fix:
ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/clddb-tool
contained in package nfs-utils requires /usr/bin/python3, but no
providers found in RDEPENDS_nfs-utils? [file-rdeps]
Add rdep on libdevmapper for PACKAGECONFIG[nfsv41] to fix:
ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/blkmapd
contained in package nfs-utils requires libdevmapper.so.1.02()(64bit),
but no providers found in RDEPENDS_nfs-utils? [file-rdeps]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backported patch removed.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2020-0556-1.patch
CVE-2020-0556-2.patch
removed since they are included in 5.54
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It was discovered that BlueZ's HID and HOGP profiles implementations
don't specifically require bonding between the device and the host.
This creates an opportunity for an malicious device to connect to a
target host to either impersonate an existing HID device without
security or to cause an SDP or GATT service discovery to take place
which would allow HID reports to be injected to the input subsystem from
a non-bonded source.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* passing PERL=perl breaks c_rehash calls from dash (works fine with bash)
dash doesn't like
#!perl
shebang
PERL="/usr/bin/env perl"
unfortunately just passing PERL like this doesn't pass do_configure:
Creating Makefile
sh: 1: /usr/bin/env perl: not found
WARNING: exit code 1 from a shell command.
But passing it as:
HASHBANGPERL="/usr/bin/env perl" PERL=perl
seems to work.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In our build environment we use wrapper script
for perl in non-standard configuration with
extra variables set (provided by custom
buildtools-tarball).
In this case openssl fails to build because
by default it's Configure script detects and uses
perl executable directly (with absolute path)
obviously missing extra settings from wrapper
script.
Pass PERL=perl environment variable to Configure,
so it won't try to use perl executable directly
but will use what is provided from environment.
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Richard Purdie
Armin Kuster
Alex Kiernan
Changhyeok Bae
Khem Raj
Yi Zhao
Robert Yang
Taras Kondratiuk
Christian Eggers
Hannu Lounento
Andreas Müller
akuster
Jacob Kroon
Kai Kang
Alexander Kanavin
Lee Chee Yang
Wang Mingyu
Paul Barker
Adrian Bunk
Alejandro Hernandez
Jan Luebbe
Mingli Yu
Ovidiu Panait
Matthew
Anuj Mittal
Martin Jansa
Denys Dmytriyenko
Ruslan Bilovol