Age | Commit message (Collapse) | Author |
|
IrDA support was removed in kernel 4.17.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
OpenSSL 1.0 has been replaced by 1.1, and it would be harder
to security-support after the upstream EOL at the end of 2019.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoid the warning:
WARNING: Nothing RPROVIDES 'nativesdk-rng-tools' (but virtual:nativesdk:/home/pokybuild/yocto-worker/build-appliance/build/meta/recipes-connectivity/openssh/openssh_7.9p1.bb RDEPENDS on or otherwise requires it)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since openssl 1.1.1 and openssh which uses it, sshd
startup is delayed. The delays range from few seconds
to minutes and even to hours. The delays are visible
in host keys generation and when sshd process is started
in response to incoming TCP connection but is failing
to provide SSH version string and clients or tests time out.
In all cases traces show that sshd is waiting for getentropy()
system call to return from Linux kernel, which returns only
after kernel side random number pool is initialized. The pool
is initialized via various entropy source which may be
missing on embedded development boards or via rngd from
rng-tools package from userspace. HW random number generation
and kernel support help but rngd is till needed to feed that data
back to the Linux kernel.
Example from an NXP imx8 board shows that kernel random number pool
initialization can take over 400 seconds without rngd,
and with rngd it is initialized at around 4 seconds after boot.
The completion of initialization is visible in kernel dmesg with line
"random: crng init done".
More details are available from:
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33
* http://www.man7.org/linux/man-pages/man2/getrandom.2.html
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Cc: Mark Hatle <mark.hatle@windriver.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Cc: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License checksums were changed due to modified copyright years.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove patches for issues fixed upstream.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix some missing or corrupted patch Upstream-Status values.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also backport a patch to fix issues introduced by fix for CVE-2019-6109.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
enabled
* import 2 fixes from LuneOS
* with l2tp PACKAGECONFIG enabled connman depends on MACHINE_ARCH xl2tpd:
=== Comparing signatures for task do_package_write_ipk.sigdata between hammerhead and mako ===
ERROR: connman different signature for task do_package_write_ipk.sigdata between hammerhead and mako
NOTE: Starting bitbake server...
Hash for dependent task xl2tpd/xl2tpd_git.bb.do_packagedata changed from 6312d5711b5c2c1a85ee235d09bf37a8ec00f7ad9e7248c087bb83ef1d5bd078 to c0d3ef52b37bda945d8b2a015980ddb8fe7b4b3dca3d82d71a84176cc5125142
Unable to find matching sigdata for /OE/build/luneos-master/webos-ports/meta-openembedded/meta-networking/recipes-protocols/xl2tpd/xl2tpd_git.bb.do_packagedata with hashes 6312d5711b5c2c1a85ee235d09bf37a8ec00f7ad9e7248c087bb83ef1d5bd078 or c0d3ef52b37bda945d8b2a015980ddb8fe7b4b3dca3d82d71a84176cc5125142
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upstream patch
This also fixes a dhcp breakage noticed by Enrico Scholz.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed patch has been upstreamed.
Changelog:
- Fix issue with handling invalid gateway addresses.
- Fix issue with handling updates of default gateway.
- Fix issue with DHCP servers that require broadcast flag.
- Add support for option to use gateways as time servers.
- Add support for option to select default technology.
- Add support for Address Conflict Detection (ACD).
- Add support for IPv6 iptables management.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bugfix-only compared to 9.11.5, mostly CVE fixes.
COPYRIGHT checksum changed due to 2018 -> 2019.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to run sed with the -u option to ensure the output is unbuffered else
ptest-runner may timeout thinkig things were idle. Busybox doesn't have the -u
option so we need to RDEPEND on sed (which is a good thing to do if we use it
anyway).
Alex Kanavin should get credit for discovering the problem.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2017-6519.
CVE: CVE-2017-6519
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix this CVE (Bluetooth discoverability may be enabled with no agents to handle
requests) by backporting a number of patches from upstream.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: copyright years updated
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We had a c_rehash shell re-implementation being used for the native
package however the ca-certificates now uses the openssl rehash
internal application so there is no use for the c_rehash anymore.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The tc command is provided both by busybox and iproute2.
Signed-off-by: Lars Persson <larper@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is long since past time for rsh and company to be retired from the
world. Disable building these now.
Suggested-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- We cannot build rsh, rshd, rlogind and rcp on musl. This is handled
gracefully in the configure scripts and spelled out with EXTRA_OECONF.
Expand this to include rexec to cover all of the related functionality.
- Rework adding in the xinetd.d files for these services to only do so
when we even have the services being built. This leads to no rsh/rshd
sub-packages on musl at all.
- If we use the normal alternatives mechanism to allow for this or
netkit-rsh to provide rsh/rshd functionality we end up with QA issues
on musl as we have unused ALTERNATIVES logic. Switch to making use of
RPROVIDES / RCONFLICTS logic instead and make it match the netkit-rsh
packaging names.
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are no alternative provides of these packages anymore. To avoid
QA issues when building with musl, don't put these under an alternative
at all.
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In order to have more robust stand-alone network tools in oe-core, bring
in inetutils from meta-openembedded/meta-networking. This imports the
recipes as of git commit:
commit 408204073e6bdcd8ac586e05d5b75213417673f2
Author: Martin Jansa <martin.jansa@gmail.com>
Date: Thu Aug 16 20:39:15 2018 +0000
inetutils: fix build with glibc-2.28
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nslookup was undeprecated 15 years ago,
and installing bind-utils should replace the busybox version.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream already fixed this properly by using pkg-config.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The old bsd cryptodev engine was removed in
https://github.com/openssl/openssl/pull/3699
and the new one added in:
https://github.com/openssl/openssl/pull/3744
It can be enabled by configuring with "enable-devcryptoeng".
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The fix is heavily based on Khem's previous fix for bn.h/BN_LLONG breakage:
https://git.openembedded.org/openembedded-core/commit/?id=f787b0bb9b0626ddbf2ac94cb206c76716a3773d
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is only needed by 95-test_external_pyca_data which is
actually skipped on the target.
[YOCTO #13204]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
openssl-ptest was recording now results, despite most tests passing. Fix
so that the successes/skips/failures are reported correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Perl and its dependencies have a decent footprint impact. On my
xz compressed filesystem:
634880: /usr/lib/libperl.so.5.24.4
Put c_rehash in the openssl-misc package so the dependency can be
avoided where it isn't needed.
Change-Id: Iae9bccabfb1c8cfa1401ca6785abc39713d3fdf0
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some tools were built with CC_FOR_BUILD which points to the target
compiler. The current patch avoided issues by deleting some of the
binaries during install.
This patch replaces the CC_FOR_BUILD with CC so the tools are built with
the target compiler. This means the binaries no longer need to be
deleted.
I stumbled upon this by trying to globally add "--ffile-prefix-map", which
is not supported by my host GCC, to get rid of some "buildpaths" QA Warnings.
Cc: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Gcc option '-fmacro-prefix-map' is added to DEBUG_PREFIX_MAP. It has a
patch to deal option '-fdebug-prefix-map' already. Update the patch
0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch to fix
buildpaths qa issue for '-fmacro-prefix-map' too.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a client tool that is usually not used one the same
machine as the DNS server.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE patches is already applied in v2.7
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
I goofed up the scissor line on the last attempt. Not sure how much it matters,
but here it is correct this time.
Here it is, updated to work with wpa-supplicant_2.6.bb.
-- >8 --
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
When building root filesystems with any of the wpa_supplicant systemd
template service files enabled (current default is to have them disabled) the
systemd-native-fake script would not process the line:
Alias=multi-user.target.wants/wpa_supplicant@%i.service
appropriately due the the use of "%i."
According to the systemd documentation "WantedBy=foo.service in a service
bar.service is mostly equivalent to Alias=foo.service.wants/bar.service in
the same file." However, this is not really the intended purpose of install
Aliases.
All lines of the form:
Alias=multi-user.target.wants/*%i.service
Were replaced with the following lines:
WantedBy=multi-user.target
Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After adding #pragma once to wrapper header ( opensslconf.h ) this
latent issue got to bite us, where it expect bn.h to be including
openssl.h to define BN_* defines, which is fragile. This patch removes
the contraints for nested includes for bn.h
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To avoid issue like below if run "bitbake lib32-core-image-minimal"
with series userspace packages(LAMP,krb5...) added.
Add multilib_script support for openssl's c_rehash which is a perl script.
Error: Transaction check error:
file /usr/bin/c_rehash conflicts between attempted installs of
lib32-openssl-bin-1.1.1-r0.armv7at2hf_neon and openssl-bin-1.1.1-r0.aarch64
Signed-off-by: Xulin Sun <xulin.sun@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit 85b76e52d206 "connman: update to 1.36" dropped
0001-inet-Add-prefixlen-to-iproute_default_function.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Oleksandr Kravchuk <dev@sashko.rv.ua>
Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit 7cb42ae87ef9 "dhcp: update 4.4.1" dropped
0008-tweak-to-support-external-bind.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit "c37207d0aca5 bind: update to ESV version 9.11.3" dropped
0001-build-use-pkg-config-to-find-libxml2.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix handling of escape characters in regexs and hence fix python
Deprecation warnings which will be problematic in python 3.8.
Note that some show up as:
"""
meta/classes/package.bbclass:1293: DeprecationWarning: invalid escape sequence \.
"""
where the problem isn't on 1293 in package.bbclass but in some _prepend to a
package.bbclass function in a different file like mesa.inc, often from
do_package_split() calls.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update the bluez5 init script to resolve an issue where the status
subcommand would exit without printing any message if bluez was not
running. The early exit was caused by the fact that the init script has
"set -e". When "pidof ${DAEMON} >/dev/null" is executed, the script
terminates immediately if bluez isn't running because pidof returns a
non-zero result. The fixed version does not suffer from this issue and
makes use of the "status" function from the functions library.
Signed-off-by: David Frey <dpfrey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They work well now.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
* Redefine the reference path of libnfs.a to
../support/nfs/.libs/libnfs.a to fix below
error when run "make -C tests statdb_dump".
| make: *** No rule to make target '../support/nfs/libnfs.a', needed by 'statdb_dump'. Stop.
| make: *** No rule to make target '../../support/nfs/libnfs.a', needed by 'nsm_client'. Stop.
* The function generic_make_pathname is introduced in
nfs-utils 2.3.1.
Add the source file which defines function generic_make_pathname to
libnsm_a_SOURCES of libnsm.a to fix the undefined reference
when run "make -C tests statdb_dump"
| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname':
| /usr/src/debug/nfs-utils/2.3.1-r0/nfs-utils-2.3.1/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
| /usr/src/debug/nfs-utils/2.3.1-r0/nfs-utils-2.3.1/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
| /usr/src/debug/nfs-utils/2.3.1-r0/nfs-utils-2.3.1/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames':
| /usr/src/debug/nfs-utils/2.3.1-r0/nfs-utils-2.3.1/support/nsm/file.c:280: undefined reference to `generic_setup_basedir'
| collect2: error: ld returned 1 exit status
* After the logic of commit[dbb643e Removed missing-prototypes warnings.]
introduced, there comes below error when run
"make -C tests/nsm_client nsm_client"
| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes]
It is because rpcgen doesn't generate -Wmissing-prototypes
free code for nlm_sm_inter_svc.c with below logic
in tests/nsm_client/Makefile.am
[snip]
GENFILES_SVC = nlm_sm_inter_svc.c
[snip]
$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN)
test -f $@ && rm -rf $@ || true
$(RPCGEN) -m -o $@ $<
So add the patch to not fatalize -Wmissing-prototypes.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|