Apply patches from the openssl-1.0.1e-51.el7_2.4.src.rpm package
downloaded from the Oracle server.
* Wed Feb 24 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-51.4
- fix CVE-2016-0702 - side channel attack on modular exponentiation
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn
* Tue Feb 16 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-51.3
- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method
The patches were taken from openssl-1.0.1e-51.el7_2.2.src.rpm and
apply all CVEs that were not applied yet. Document which patches
were not applied. There should be another openssl version soon as
the next round of fixes was announced for the 1st of March.
After the upgrade "opkg update with https feeds" and "openvpn against
netport" were tested. They seem to work.
Fixes: SYS#2448
Fix for no-ssl3 configuration option
This patch is a backport from OpenSSL_1.0.1j.
(From OE-Core rev: 97e7b7a96178cf32411309f3e9e3e3b138d2050b)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix for session tickets memory leak.
This patch is a backport from OpenSSL_1.0.1j.
(From OE-Core rev: 420a8dc7b84b03a9c0a56280132e15b6c9a8b4df)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix for SRTP Memory Leak
This patch is a backport from OpenSSL_1.0.1j.
(From OE-Core rev: 6c19ca0d5aa6094aa2cfede821d63c008951cfb7)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OpenSSL_1.0.1 SSLV3 POODLE VULNERABILITY (CVE-2014-3566)
This patch is a backport from OpenSSL_1.0.1j.
(From OE-Core rev: 47633059a8556c03c0eaff2dd310af87d33e2b28)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
(From OE-Core master rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)
(From OE-Core rev: 3cc799213e6528fc9fb4a0c40a01a1817484f499)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
(Patch borrowed from Fedora.)
(From OE-Core rev: fe4e278f1794dda2e1aded56360556fe933614ca)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
(From OE-Core rev: f19dbbc864b12b0f87248d3199296b41a0dcd5b0)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 6506f8993c84b966642ef857bb15cf96eada32e8)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c
(From OE-Core rev: 21fa437a37dad14145b6c8c8c16c95f1b074e09c)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: c707b3ea9e1fbff2c6a82670e4b1af2b4f53d5e2)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.
https://access.redhat.com/security/cve/CVE-2014-0198
(From OE-Core rev: 4c58fe468790822fe48e0a570779979c831d0f10)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't normally do this, but with the recent CVE fixes (most
importantly the one for the serious CVE-2014-0160 vulnerability) I am
bumping PR explicitly to make it a bit more obvious that the patch has
been applied.
(From OE-Core rev: 813fa9ed5e492e5dc08155d23d74127ca87304df)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More
information here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Patch borrowed from Debian; this is just a tweaked version of the
upstream commit (without patching the CHANGES file which otherwise
would fail to apply on top of this version).
(From OE-Core rev: c3acfdfe0c0c3579c5f469f10b87a2926214ba5d)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
(From OE-Core master rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd)
(From OE-Core rev: 33b6441429603b82cfca3d35e68e47e1ca021fd7)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
(From OE-Core master rev: 94352e694cd828aa84abd846149712535f48ab0f)
(From OE-Core rev: 1e934529e501110a7bfe1cb09fe89dd0078bd426)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
(From OE-Core master rev: 35ccce7002188c8270d2fead35f9763b22776877)
(From OE-Core rev: a5060594208de172cb31ad406b34b25decd061e4)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If we build a minimal image with iproute2 installed, the following
error will appear during rootfs.
error: Can't install iproute2-3.10.0-r0.0@i586: no package provides /bin/bash
The problem is that iproute2 has an implicit dependency on 'bash'.
This dependency is from per-file dependency checking.
Patch two scripts, ifcfg and rtpr, from iproute2 to remove the bash
specific syntax.
[YOCTO #5415]
(From OE-Core master rev: 1132c4210eddd59b22b2640935ab0bb8f48c0124)
(From OE-Core rev: ca55e7321f0c52fbe13d301d0dfe3adff5435639)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Linux < 3.9 doesn't have the SO_REUSEPORT option so instead of failing to start
when built with >=3.9 kernel headers but booted on <3.9 kernels, continue as if
SO_REUSEPORT wasn't available.
(From OE-Core rev: 85e89da55f778ad3713460cb0df1435d82e94510)
(From OE-Core rev: 704361888958ec790aa2855e22df2d2d87a5d982)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Exiting explicitly in pkg_postinst makes it impossible to use the
update-rc.d class in a .bbappend because the link creation is appended
to the pkg_postinst script.
(From OE-Core master rev: 758d53d3044f29f3c33ffee3ada88c9edc9f864f)
(From OE-Core rev: 7d7481667fcf4550513aec1eca20d87b4ddfd40e)
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adding perl to the RDEPENDS caused a performance hit to the overall build time since this was
the only package that depended on perl. The openssl-misc package is not installed by default
so use a PACKAGECONFIG which can be overridden to allow the perl scripts along with perl to
be installed.
(From OE-Core master rev: 421e927bd453259f4b3cdbd1676f6e12f97bf34f)
(From OE-Core rev: 16aac35467087e8cd72308505ac1f9d8d8eb8def)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
c_rehash utility is not being installed with openssl.It conveniently
generates hash and symbolic links based on it for CA certificates
stored locally for SSL based server authentication
(From OE-Core master rev: 3c2f9cf615c964e8303fd3e225ea7dd7b5485155)
(From OE-Core rev: fdf04f50dfa3bd8861cb08c80ae149dddce4aa58)
Signed-off-by: Yasir-Khan <yasir_khan@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bluez4 detects and uses libsndfile1 and the compilation can fail with
| sbc/sbctester.c:32:21: fatal error: sndfile.h: No such file or directory
| ...
| compilation terminated.
| make[1]: *** [sbc/sbctester.o] Error 1
in rebuilds (image with libsndfile1 was built, then some change ->
bluez4 do_configure runs with libsndfile1 -> libsndfile1 gets removed
-> bluez4 do_compile fails).
As there is no trivial way to disable its detection and to make it a
PACKAGECONFIG option, 'libsndfile1' was put into static DEPENDS.
(From OE-Core master rev: b9571256f8996d1eb4b9a09b3b5b862a13f1b414)
(From OE-Core rev: 2e747793922aa8dbfd7050e074994b9686e0c9f0)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* in case update-rc.d is already in RRECOMMENDS it fails with
ERROR: Nothing RPROVIDES 'update-rc.dlibnss-mdns' (but
meta/recipes-connectivity/avahi/avahi_0.6.31.bb
RDEPENDS on or otherwise requires it)
(From OE-Core master rev: 70dedb67c2b8b7302dc4c51e8c607e57f61f530a)
(From OE-Core rev: 8491f6b78591d611ae93fd6015b38c0eccedc9b2)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Without this option wifi support in connman will fail:
src/technology.c:technology_get() No matching drivers found for wifi
(From OE-Core rev: 403e365e433c54633bcc843b32487a766282226e)
(From OE-Core rev: 2e532f33c5e97751daa89c9f92c6de8513564be0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Scripts in nfs-utils need bash as their interpreter, so if nfs-utils
doesn't explicitly rdepend on bash, we would experience build failures
if we add nfs-utils to glibc-small images.
Add bash to RDEPENDS to solve this problem.
(From OE-Core rev: 06c566596a92a309ca228a209f14d03b69a611c9)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Using sysvinit testing service status, nfsserver status
allways display as [?] unknown.
This is because sysvinit package check whether service's
init script supporting status function or not by:
grep -qs "\Wstatus)" "$SERVICE"
So, this commit modified the indent for status etc, as
most service's init script does.
(From OE-Core master rev: a6b02fe439fa13c8482383fba2bfdcb0e9742141)
(From OE-Core rev: f9be1ec26cf1f313d7c22e26475296b0362c25ea)
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
sshd status command results in error prompt:
root@qemu0:~# /etc/init.d/sshd status
/usr/sbin/sshd (pid 1199) is running...
/etc/init.d/sshd: line 100: return: can only `return' from a
function or sourced script
"service --status-all" command also display wrong status for sshd.
This commit fix this error prompt and make service command display
right status for sshd.
(From OE-Core master rev: e7cf83ec3f39a7c41e38c6030b0d903fa7d37b2a)
(From OE-Core rev: 1b5409b5b060459f15c32c89b1983122b2126f84)
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch fixes below issues:
1. Make can't exit while compilation error occurs in subdir for plugins building.
2. If build ppp with newer kernel (3.10.10), it will pick 'if_pppox.h' from sysroot-dir and
'if_pppol2tp.h' from its own source dir, this cause below build errors:
bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:84:26:
error: field 'pppol2tp' has incomplete type
struct pppol2tpin6_addr pppol2tp;
^
bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:99:28:
error: field 'pppol2tp' has incomplete type
struct pppol2tpv3in6_addr pppol2tp;
^
The 'sysroot-dir/if_pppox.h' enabled ipv6 support but the 'source-dir/if_pppol2tp.h' lost
related structure definitions, we should use both header files from sysroots to fix this
build failure.
(From OE-Core master rev: b536824ea64b8d6729b830738bce637fc815e832)
(From OE-Core rev: 16968759d39534fb9a703903c6de65535d57777b)
Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some further structure definitions are needed in include/linux/if_pppol2tp.h for
IPv6 support, else we would get the error as below:
In file included from plugin.c:53:0:
bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:84:26:
error: field 'pppol2tp' has incomplete type
struct pppol2tpin6_addr pppol2tp;
^
bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:99:28:
error: field 'pppol2tp' has incomplete type
struct pppol2tpv3in6_addr pppol2tp;
^
make[2]: *** [plugin.o] Error 1
(From OE-Core master rev: 73d08c4bf12e2cc4f291cb018d00b26a5a573be4)
(From OE-Core rev: 398bae0d288f488020108c7d95bd376249e6ecbf)
Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add the openssl-conf package to the list of packages to
be created. This package contains the openssl.cnf file
which is used by both the openssl executable in the
openssl package and the libcrypto library.
* This is to avoid messages like:
WARNING: can't open config file: /usr/lib/ssl/openssl.cnf
* When running "openssl req" to request and generate a certificate
the command will fail without the openssl.cnf file being
installed on the target system.
* Made this package an RRECOMMENDS for libcrypto since:
* libcrypto is a RDEPENDS for the openssl package
* Users can specify a configuration file at another
location so it is not stricly required and many
commands will work without it (with warnings)
(From OE-Core master rev: 5c3ec044838e23539f9fe4cc74da4db2e5b59166)
(From OE-Core rev: bf6ef555caf92b2a013f15d258bf40997247a150)
Signed-off-by: Chase Maupin <Chase.Maupin@ti.com>
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nfsserver restart without killing kernel threads worked when portmap
was the rpc publishing process and portmap was restarted.
When rpcbind replaces portmap, nfsserver restart in this way does not
work after an rpcbind restart.
Steps to reproduce:
1). Make ext3 filesystem image on local host.
cd /root
dd if=/dev/zero of=test bs=1024K count=50
mkfs.ext3 -F test
2). runqemu qemux86-64
mkdir /mnt/wrtest
mount -t ext3 -o loop test /mnt/wrtest
echo "/mnt/wrtest *(sync,rw,no_subtree_check,no_root_squash)" > /etc/exports
/etc/init.d/rpcbind restart
/etc/init.d/nfsserver restart
showmount -e localhost
mkdir wrtest
mount -t nfs localhost:/mnt/wrtest wrtest
mount: mounting localhost:/mnt/wrtest on wrtest failed: Connection refused
Modifying the nfsserver script to kill and restart kernel threads on
restart makes the problem go away and is consistent with current
RHEL/SUSE and Ubuntu/Debian mechanisms of handling the nfs server.
(From OE-Core master rev: 1a96b8d7dfc490fc61bbd470a8b09065750cd563)
(From OE-Core rev: d1b5e944656807c9db9cbe5d08d7b4bd8daeb826)
Signed-off-by: Rich Dubielzig <rich.dubielzig@windriver.com>
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An incorrect process name in the nfsserver initscript prevented
rpc.statd from being shut down.
root@qemux86-64:~# /etc/init.d/nfsserver start
creating NFS state directory: done
starting 8 nfsd kernel threads: done
starting mountd: done
starting statd: done
root@qemux86-64:~# ps | grep rpc.statd
650 root 10532 S /usr/sbin/rpc.statd
654 root 4720 S grep rpc.statd
root@qemux86-64:~# /etc/init.d/nfsserver stop
stopping statd: done
stopping mountd: done
stopping nfsd: done
root@qemux86-64:~# ps | grep rpc.statd
650 root 10532 S /usr/sbin/rpc.statd
662 root 4720 S grep rpc.statd
As this daemon drops a pid file,simply use that instead.
Also add some initialization checks so the daemons are not
left partially started in the absence of kernel nfsd support.
(From OE-Core master rev: 37e70a28e9cfc773bd70f09d7129295ce891ae18)
(From OE-Core rev: 5f22bad97a3bacb87cefb54ffd785d359c58aec0)
Signed-off-by: Andy Ross <andy.ross@windriver.com>
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In case of QEMU machines, a global public DNS is provisioned,
as the network is not configured via DHCP.
Google's public global DNS server 8.8.8.8 is used.
Partial fix for [YOCTO #4587] (qemu machines case).
(From OE-Core rev: 05ebf5bbacc58315f1b33ffb80148d568f88855d)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There might be an error when parallel build:
[snip]
Traceback (most recent call last):
File "/path/to/tools/glib-gtypes-generator.py", line 304, in <module>
GTypesGenerator(dom, argv[1], argv[2])()
File "/path/to/tools/glib-gtypes-generator.py", line 295, in __call__
file_set_contents(self.output + '.h', ''.join(self.header))
File "/path/to/tools/libtpcodegen.py", line 42, in file_set_contents
os.rename(filename + '.tmp', filename)
OSError: [Errno 2] No such file or directory
[snip]
This is a race issue, the _gen/gtypes.h and _gen/gtypes-body.h may
write(remove/rename) _gen/gtypes.tmp at the same time, then there would
be the error.
There was a similar bug in telepathy-glib which was already fixed, we use the
similar patch to fix it here.
[YOCTO #5184]
(From OE-Core rev: b0f81f460cf96798d79d72da7a3246c321caf654)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When we split S and B for avahi in OE-Core commit
6112a07f4e9865f7ae0e5a953669c1adf789f9f0, files left over in the workdir
from a previous build seem to break re-execution of do_configure. Bump
PR to give a fresh workdir and avoid this problem.
(From OE-Core rev: bdcddb4fa7ceb3408d687d4c39b0f631d3b31f96)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It fixes the following failure:
"fatal: Missing privilege separation directory: /var/run/sshd"
when sshd is started through xinetd.
(From OE-Core rev: a343c32891aa46a7f7d5f0cc6d1266a387900dad)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The commit c734873022 missed the case
where the NFS is using DHCP.
[YOCTO #5176]
(From OE-Core rev: 29be8e79a200d33555d2887578975e33b8417795)
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We can't build both recipes in the world build as there is a collision of package name
and PR values. Specificly the libasound-module-bluez which is the same in both goes
backwards from r5 (bluez4) -> r0 (bluez5) and the subpackage_metadata check fails:
ERROR: Recipe lib32-bluez5 is trying to change PR from 'r0' to 'r5'. This will cause do_package_write_* failures since the incorrect data will be used and they will be unable to find the right workdir.
[YOCTO #5165]
(From OE-Core rev: 3653500c7e5d365ddc2868d985c6001d40123672)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Don't hard-code full package names in SYSTEMD_SERVICE_*, because in multilib
they'll be changed.
[ YOCTO #4803 ]
(From OE-Core rev: 013cc8b6397c29e8f0d7adf63d8e06caab778da2)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bluez5 ships some tools that can be used to test its
functionality.
The installation can be tested using "make check" and
this should be included in a ptest package.
[YB #5028]
(From OE-Core rev: 8c3cbaf3fa5eafa55f209100211bd5c124b8cfaa)
Signed-off-by: Mihai Prica <mihai.prica@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bluez5 doesn't install libbluetooth by default. This is required
by connman, ofono or other packages.
(From OE-Core rev: bf7415366646db7661795620fa1ab2e78b12d947)
Signed-off-by: Mihai Prica <mihai.prica@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Running systemd-tmpfiles --update without specifying a configuration
file results in all tmpfiles.d configuration files being processed.
/usr/lib/tmpfiles.d/systemd.conf creates /run/nologin on boot to
prevent non-root users from logging in while the system is booting.
If systemd-tmpfiles --update is run after the system has started,
it will still create /run/nologin which would prevent non-root users
from logging in with the message "System is booting up.".
(From OE-Core rev: 24f9280c35001ff6c1d5a263fab41ae21a8056f3)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Holger Hans Peter Freyther
Sona Sarmadi
Yue Tao
Paul Eggleton
Maxin B. John
Chen Qi
Ross Burton
Alexandre Belloni
Saul Wold
mykhani
Enrico Scholz
Martin Jansa
Steve Sakoman
Qiang Chen
Lu Chong
Cristian Iorga
Roy Li
Robert Yang
Ming Liu
Jukka Rissanen
Muhammad Shakeel
Mihai Prica
Jonathan Liu