Age | Commit message (Collapse) | Author |
|
The pam_wheel PAM module is used to enforce the so-called wheel group.
By default it permits root access to the system if the applicant user is
a member of the wheel group.
Add PACKAGECONFIG to enable pam_wheel module for sudo.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By splitting the iptables modules into separate packages it is
possible to pick and choose the modules to install and thereby reduce
the total size of the installed modules.
Backwards compatibility is maintained by adding a recommendation of
iptables-modules, which is a meta package that depends on all the
generated packages.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There is no need to depend on the compatibility library libusb-compat, as CUPS
links directly to libusb1.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Large zip files can cause unzip to crash, take a patch from Fedora to fix it.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
libidn 1.x is deprecated, add the parallel-installable libidn2.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The following patches are removed because problems have been fixed in this version.
0001-shadow-CVE-2017-12424
fix-installation-failure-with-subids-disabled.patch
usermod-fix-compilation-failure-with-subids-disabled.patch
CVE-2017-2616.patch
check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
0001-Do-not-read-login.defs-before-doing-chroot.patch
The following patches are rebased.
0001-Disable-use-of-syslog-for-sysroot.patch
0001-useradd-copy-extended-attributes-of-home.patch
0001-useradd.c-create-parent-directories-when-necessary.patch
allow-for-setting-password-in-clear-text.patch
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The 'system services' packagegroup depends on a number of packages which are not
system services, so remove them from the list.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
${base_prefix} is set in bitbake.conf to empty. This makes lsb_release
always install under /bin which is a problem if usrmerge is in
DISTRO_FEATURES, because it needs to be installed under /usr/bin.
By using ${root_prefix} instead, we fix the usrmerge install path and
the following QA warning goes away while keeping the non-usrmerge path
identical.
WARNING: lsb-5.0-r0 do_package: QA Issue: lsb: Files/directories were
installed but not shipped in any package:
/bin
/bin/lsb_release
Please set FILES such that these items are packaged. Alternatively
if they are unneeded, avoid installing them or delete them within do_install.
lsb: 2 installed and not shipped files. [installed-vs-shipped]
Also if usrmerge is defined don't try to create the lib64 symlink
because base-files handles it to avoid the do_rootfs error
Collected errors:
* check_data_file_clashes: Package lsb wants to install file
tmp-glibc/work/x64-nilrt-linux/test-image/1.0-r0/rootfs/lib64
But that file is already provided by package * base-files
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This makes it possible to add extra options to the logrotate
application (via ${LOGROTATE_OPTIONS}), and it allows the Persistent
option in logrotate.timer to be configured via
${LOGROTATE_SYSTEMD_TIMER_PERSISTENT}.
It also changes the sed expressions to allow for
${LOGROTATE_SYSTEMD_TIMER_BASIS} to contain commas without having to
prefix them with backslahes, e.g.:
LOGROTATE_SYSTEMD_TIMER_BASIS = "*-*-* *:00,30:00"
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
License-Update: change license checksums to check the License files themselves (BSD3 and GPL2),
and the tool-to-license file (LICENSE). Changes to LICENSE will now be
detected.
Backport a patch to fix the build with musl.
Drop upstreamed patch.
Update libidn build-dependency to libidn2.
Patch in an install target and use that to install binaries, to avoid upstream
adding binaries that we don't ship. Also ship all binaries that are installed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Relicensed to just GPLv3+, update LICENSE and checksums.
The build dependency for flex should be flex-native.
libmath.h is missing from the tarball (it was present in 1.06) and the
generation rules are not cross-friendly, so delete the rules and copy in a
pre-generated libmath.h.
Remove fix-segment-fault.patch as the fixes are now upstream.
Add PACKAGECONFIG for readline and libedit, defaulting to readline.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In Linux,8 bits of the return code and 8 bits of the number of
the killing signal are mixed into a single value on the exit code,
so the exit status offset should be 8. But the autoconf checker
can not determine it while cross compiling, and then it is set to
the default value 0, which will cause generating the wrong exit
code if program exit with an error code.
Signed-off-by: Rui Wang <rui.wang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade psmisc from 23.0 to 23.1
Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade procps from 3.3.14 to 3.3.15.
Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade ethtool from 4.16 to 4.17
Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
on the host side we are glibc based therefore some native and nativesdk
recipes might need this package even when we target musl based systems
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We get fuzz warnings when applying these patches and devtool
reports it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add nativesdk for libnewt-python.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add nativesdk for libnewt.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add nativesdk for slang.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
popt is a library, so it makes no sense for this to be in a "command line"
packagegroup.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
A recipe that doesn't configure, doesn't compile, and just ships a single shell
script certainly does not need to build depend on popt and glib-2.0.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Alioth is dead and the minicom project on Salsa (the replacement for Alioth)
doesn't actually have any files in, so just use the Debian mirror instead.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Alioth is dead so we can't use it for SRC_URI anymore. There is a shadow
repository on GitHub which is the new upstream, but for some reason it is
missing the 4.2.1 tag and tarball that we use. Also 4.2.1 was never uploaded
into Debian itself, so we can't use their mirror network either.
For now point SRC_URI at the Yocto Project source mirror and set
UPSTREAM_CHECK_URI so that we get nagged to upgrade to 4.6.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Both busybox and coreutils provide mktemp, and the only difference between those
(and standalone mktemp) is that coreutils supports --suffix.
Also mktemp.org has disappeared, so it's fair to assume that the standalone
mktemp (last released in 2010) is dead.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
the '-delete' action no longer complains about disappeared files
when the '-ignore_readdir_race' option is given, too. That action
will also returns true in such a case now.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1.1.2 -> 1.1.3
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
4.8.20 -> 4.8.21
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1.5.1 -> 1.5.2
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The current init script is installed from source with redhat style.
It does not get configuration from /etc/default/watchdog. We should use
debian style init script.
Write our own script just like what wd_keepalive does.
Also, in the init script, we check the existence of /dev/watchdog to
determine whether to start the daemon or not.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to make sure logs are not lost. As long as there's no
strong and vaild reason, we should make daemons start after syslog.
As a side effect, we could check the logs to see if there are
some potential problem. In OE, the 'parselogs' test case could
do it automatically.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
systemd has internal support for watchdog. See the RuntimeWatchdogSec
in /etc/systemd/system.conf.
We'd better just disable this service by default. If users want to use
watchdog, consider using the systemd one.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch modifies watchdog.conf file. But this file is deliberately
deleted in do_install. The current mechanism in OE is to use another
recipe watchdog-conf to handle watchdog configuration. So the patch
is really useless.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adding CVE-2017-5669 test fix patch which is accepted upstream in LTP repo.
Ref:
cve-2017-5669: shmat() for 0 (or <PAGESIZE with RND flag) has to fail with REMAPs
https://github.com/linux-test-project/ltp/pull/324
Upstream-Status: Accepted [https://github.com/linux-test-project/ltp/pull/324]
Signed-off-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
SystemD 237 implements a stricted PIDfile handling that breaks several
daemons [1].
Change the way we start xinetd, mimicing other distros [2].
Fixes:
root@qt5122:~# journalctl -u xinetd
-- Logs begin at Fri 2018-05-25 14:33:29 UTC, end at Mon 2018-06-11 07:33:08 UTC. --
May 25 14:33:31 qt5122 systemd[1]: Starting Xinetd A Powerful Replacement For Inetd...
May 25 14:33:31 qt5122 systemd[1]: xinetd.service: Permission denied while opening PID file or unsafe symlink chain: /var/run/xinetd.pid
Jun 11 07:27:24 qt5122 systemd[1]: xinetd.service: Start operation timed out. Terminating.
Jun 11 07:27:24 qt5122 systemd[1]: xinetd.service: Failed with result 'timeout'.
Jun 11 07:27:24 qt5122 systemd[1]: Failed to start Xinetd A Powerful Replacement For Inetd.
Jun 11 07:31:38 qt5122 systemd[1]: Starting Xinetd A Powerful Replacement For Inetd...
Jun 11 07:31:38 qt5122 systemd[1]: xinetd.service: Permission denied while opening PID file or unsafe symlink chain: /var/run/xinetd.pid
Jun 11 07:33:08 qt5122 systemd[1]: xinetd.service: Start operation timed out. Terminating.
Jun 11 07:33:08 qt5122 systemd[1]: xinetd.service: Failed with result 'timeout'.
Jun 11 07:33:08 qt5122 systemd[1]: Failed to start Xinetd A Powerful Replacement For Inetd.
[1]: https://github.com/systemd/systemd/issues/8085
[2]: https://github.com/felixonmars/archlinux-community/commit/e49040636737fdb09031e75ec4d73a580f80676b
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Inherit manpages to update manual file index caches after installation
for man-pages.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
"The cpio_safer_name_suffix function in util.c in cpio 2.11 allows
remote attackers to cause a denial of service (out-of-bounds write)
via a crafted cpio file."
https://nvd.nist.gov/vuln/detail/CVE-2016-2037
Note that there appear to be two versions of this fix. The original
patch posted to the bug-cpio mailing list [1] is used by Debian [2],
but apparently causes regression [3]. The patch accepted to the
upstream git repo [4] seems to be the most complete fix.
[1] https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
[2] https://security-tracker.debian.org/tracker/CVE-2016-2037
[3] https://www.mail-archive.com/bug-cpio@gnu.org/msg00584.html
[4] http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Merge contents of cpio_v2.inc into the only recipe which uses it.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|