| Age | Commit message (Collapse) | Author |
|---|
|
Upgrade from openssh_7.9p1.bb to openssh_8.0p1.bb.
-openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch
-openssh/CVE-2018-20685.patch
-openssh/CVE-2019-6109.patch
-openssh/CVE-2019-6111.patch
-Removed since these are included in 8.0p1.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
fix below error:
file /etc/xinetd.d/telnet conflicts between attempted installs of netkit-telnet-0.17-r0.i586 and inetutils-telnetd-1.9.4-r0.i586
file /usr/sbin/in.telnetd conflicts between attempted installs of netkit-telnet-0.17-r0.i586 and inetutils-telnetd-1.9.4-r0.i586
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
udev is an optional dependency of bluez5, so use PACKAGECONFIG to give
users the ability to build bluez5 without udev support.
Signed-off-by: David Frey <dpfrey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adds a PACKAGECONFIG option to enable the libdns_sd compatibility
library.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
musl > v1.1.21 changed the implementation of the freeaddrinfo() function
not allowing anymore to pass null pointers to it.
This was causing a segmentation fault in connman.
Signed-off-by: Nicola Lunghi <nick83ola@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes build with musl where TEMP_FAILURE_RETRY is not provided
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch worked around a problem in musl but caused
the following:
iplink_bridge.c: In function 'br_dump_bridge_id':
iplink_bridge.c:77:2: warning: implicit declaration of function 'ether_ntoa_r'; did you mean 'inet_ntoa'? [-Wimplicit-function-declaration]
ether_ntoa_r((const struct ether_addr *)id->addr, eaddr);
^~~~~~~~~~~~
In the meantime upstream has already implemented a different
workaround for musl, so this patch can just be dropped.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without this we see test failures due to the sudo binary being missing.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There's no point in building an NSS module for a C library
that doesn't support NSS.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove patch applied upstream.
Backport two fixes for build failures
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch fixes a following issue:
| omapip/isclib.c: In function 'dns_client_init':
| omapip/isclib.c:356:18: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient'
| if (dhcp_gbl_ctx.dnsclient == NULL) {
| ^
| omapip/isclib.c:363:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient'
| &dhcp_gbl_ctx.dnsclient,
| ^
| omapip/isclib.c:364:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local4'
| (dhcp_gbl_ctx.use_local4 ?
| ^
| omapip/isclib.c:365:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local4_sockaddr'
| &dhcp_gbl_ctx.local4_sockaddr
| ^
| omapip/isclib.c:367:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local6'
| (dhcp_gbl_ctx.use_local6 ?
| ^
| omapip/isclib.c:368:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local6_sockaddr'
| &dhcp_gbl_ctx.local6_sockaddr
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
IrDA support was removed in kernel 4.17.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
OpenSSL 1.0 has been replaced by 1.1, and it would be harder
to security-support after the upstream EOL at the end of 2019.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoid the warning:
WARNING: Nothing RPROVIDES 'nativesdk-rng-tools' (but virtual:nativesdk:/home/pokybuild/yocto-worker/build-appliance/build/meta/recipes-connectivity/openssh/openssh_7.9p1.bb RDEPENDS on or otherwise requires it)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since openssl 1.1.1 and openssh which uses it, sshd
startup is delayed. The delays range from few seconds
to minutes and even to hours. The delays are visible
in host keys generation and when sshd process is started
in response to incoming TCP connection but is failing
to provide SSH version string and clients or tests time out.
In all cases traces show that sshd is waiting for getentropy()
system call to return from Linux kernel, which returns only
after kernel side random number pool is initialized. The pool
is initialized via various entropy source which may be
missing on embedded development boards or via rngd from
rng-tools package from userspace. HW random number generation
and kernel support help but rngd is till needed to feed that data
back to the Linux kernel.
Example from an NXP imx8 board shows that kernel random number pool
initialization can take over 400 seconds without rngd,
and with rngd it is initialized at around 4 seconds after boot.
The completion of initialization is visible in kernel dmesg with line
"random: crng init done".
More details are available from:
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33
* http://www.man7.org/linux/man-pages/man2/getrandom.2.html
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Cc: Mark Hatle <mark.hatle@windriver.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Cc: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License checksums were changed due to modified copyright years.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove patches for issues fixed upstream.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix some missing or corrupted patch Upstream-Status values.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also backport a patch to fix issues introduced by fix for CVE-2019-6109.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
enabled
* import 2 fixes from LuneOS
* with l2tp PACKAGECONFIG enabled connman depends on MACHINE_ARCH xl2tpd:
=== Comparing signatures for task do_package_write_ipk.sigdata between hammerhead and mako ===
ERROR: connman different signature for task do_package_write_ipk.sigdata between hammerhead and mako
NOTE: Starting bitbake server...
Hash for dependent task xl2tpd/xl2tpd_git.bb.do_packagedata changed from 6312d5711b5c2c1a85ee235d09bf37a8ec00f7ad9e7248c087bb83ef1d5bd078 to c0d3ef52b37bda945d8b2a015980ddb8fe7b4b3dca3d82d71a84176cc5125142
Unable to find matching sigdata for /OE/build/luneos-master/webos-ports/meta-openembedded/meta-networking/recipes-protocols/xl2tpd/xl2tpd_git.bb.do_packagedata with hashes 6312d5711b5c2c1a85ee235d09bf37a8ec00f7ad9e7248c087bb83ef1d5bd078 or c0d3ef52b37bda945d8b2a015980ddb8fe7b4b3dca3d82d71a84176cc5125142
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upstream patch
This also fixes a dhcp breakage noticed by Enrico Scholz.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed patch has been upstreamed.
Changelog:
- Fix issue with handling invalid gateway addresses.
- Fix issue with handling updates of default gateway.
- Fix issue with DHCP servers that require broadcast flag.
- Add support for option to use gateways as time servers.
- Add support for option to select default technology.
- Add support for Address Conflict Detection (ACD).
- Add support for IPv6 iptables management.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bugfix-only compared to 9.11.5, mostly CVE fixes.
COPYRIGHT checksum changed due to 2018 -> 2019.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to run sed with the -u option to ensure the output is unbuffered else
ptest-runner may timeout thinkig things were idle. Busybox doesn't have the -u
option so we need to RDEPEND on sed (which is a good thing to do if we use it
anyway).
Alex Kanavin should get credit for discovering the problem.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2017-6519.
CVE: CVE-2017-6519
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix this CVE (Bluetooth discoverability may be enabled with no agents to handle
requests) by backporting a number of patches from upstream.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: copyright years updated
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We had a c_rehash shell re-implementation being used for the native
package however the ca-certificates now uses the openssl rehash
internal application so there is no use for the c_rehash anymore.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The tc command is provided both by busybox and iproute2.
Signed-off-by: Lars Persson <larper@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is long since past time for rsh and company to be retired from the
world. Disable building these now.
Suggested-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- We cannot build rsh, rshd, rlogind and rcp on musl. This is handled
gracefully in the configure scripts and spelled out with EXTRA_OECONF.
Expand this to include rexec to cover all of the related functionality.
- Rework adding in the xinetd.d files for these services to only do so
when we even have the services being built. This leads to no rsh/rshd
sub-packages on musl at all.
- If we use the normal alternatives mechanism to allow for this or
netkit-rsh to provide rsh/rshd functionality we end up with QA issues
on musl as we have unused ALTERNATIVES logic. Switch to making use of
RPROVIDES / RCONFLICTS logic instead and make it match the netkit-rsh
packaging names.
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are no alternative provides of these packages anymore. To avoid
QA issues when building with musl, don't put these under an alternative
at all.
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In order to have more robust stand-alone network tools in oe-core, bring
in inetutils from meta-openembedded/meta-networking. This imports the
recipes as of git commit:
commit 408204073e6bdcd8ac586e05d5b75213417673f2
Author: Martin Jansa <martin.jansa@gmail.com>
Date: Thu Aug 16 20:39:15 2018 +0000
inetutils: fix build with glibc-2.28
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nslookup was undeprecated 15 years ago,
and installing bind-utils should replace the busybox version.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream already fixed this properly by using pkg-config.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The old bsd cryptodev engine was removed in
https://github.com/openssl/openssl/pull/3699
and the new one added in:
https://github.com/openssl/openssl/pull/3744
It can be enabled by configuring with "enable-devcryptoeng".
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The fix is heavily based on Khem's previous fix for bn.h/BN_LLONG breakage:
https://git.openembedded.org/openembedded-core/commit/?id=f787b0bb9b0626ddbf2ac94cb206c76716a3773d
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is only needed by 95-test_external_pyca_data which is
actually skipped on the target.
[YOCTO #13204]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
openssl-ptest was recording now results, despite most tests passing. Fix
so that the successes/skips/failures are reported correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Zang Ruochen
Changqing Li
David Frey
Alexander Kanavin
Joshua Watt
Nicola Lunghi
Khem Raj
Adrian Bunk
Richard Purdie
Ming Liu
Mikko Rapeli
Oleksandr Kravchuk
Anuj Mittal
Martin Jansa
Changhyeok Bae
Kai Kang
Chen Qi
Ross Burton
Otavio Salvador
Lars Persson
Tom Rini
Ovidiu Panait
Denys Dmytriyenko