The OpenSSL recipe tried to workaround the -e make flag (overriding
variables from the environment). And when the -e flag was dropped as
the global default, it was specifically added for OpenSSL. This is
unnecessary, as only the value of ${AR} seems to be affected, and that
can be handled correctly by OpenSSL's build system if we just let it.
(From OE-Core rev: 537a404cfbb811fcb526cdb5f2e059257de6ef13)
Signed-off-by: Olof Johansson <olof.johansson@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch was added to fix a CVE, but wasn't actually added to SRC_URI:
CVE: CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant,
which makes it easier for context-dependent attackers to
conduct spoofing attacks, as demonstrated by attacks on the
use of MD5 in the signature algorithm of an X.509 certificate.
(From OE-Core rev: 8791800f84321b3f46772bc2d9e4f754e6213946)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Symlinking the openssl configuration file at install time results in
errors when overriding it using an external package which also provides
openssl-conf. This should be done as a postinstall task for such
packages.
(From OE-Core rev: 991620f3962a9917fa99abb5582f4b72ebd42a3d)
Signed-off-by: David Vincent <freesilicon@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wireless-tools is now hosted on
https://hewlettpackard.github.io/wireless-tools/Tools.html
(From OE-Core rev: 95957e3a5fc72406391441627fb19bc36c655072)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
4.9.0 -> 4.10.0
added the following patch to fix build with musl libc
1) 0001-libc-compat.h-add-musl-workaround.patch
(From OE-Core rev: 306c79e303bd09a2e35a037635e5943d8711ef3d)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Absolute path symlinks are a bit of a pain for sstate and the native versions
of these recipes currently contain broken symlinks as a result. There are
only a small number of problematic recipes, at least in OE-Core, namely the
three here.
Rather than trying to make sstate handle this magically, which turns out to
be a harder problem than you'd first realise, simply make the symlinks relative
early in the process and avoid all the problems.
The alternative is adding new complexity to sstate which we could really
do without as without the complexity, you can't always tell where the
absolute symlink is relative to (due to prefixes used for native sstate).
(From OE-Core rev: e478550c8cd889f12e336e268e9e3b30827bf840)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes
ERROR: iproute2-4.9.0-r0 do_package: QA Issue: iproute2: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/tc
(From OE-Core rev: eac08770b1ea3ca6640941dc8fd03fc3fa5ff869)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Missing dependency uncovered after recipe specific sysroots were enabled.
(From OE-Core rev: 3173505ba6014271e59fdde2450ecc0d3cd4c8c2)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add readline support to PACKAGECONFIG. If readline needs if left out
of compilation, the bluez utilities which depend on readline are not
included in build or packages.
The defaults in PACKAGECONFIG are the same as before, so there should be
no change to current users.
(From OE-Core rev: 3985eed70c194c3d9d0c6e94a65e2edfa3f29a8e)
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1. Drop CVE patch: fix-CVE-2016-8858.patch, because the version 7.4p1 have
been fixed it.
2. Rebase the remaining patchs on the version 7.4p1.
(From OE-Core rev: b648b382046bd94f0cf5fe0aa4b77ab250f126cd)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is needed for building the swtpm TPM simulator (recipe
in meta-security).
Native compilation disables tcp-wrappers by default to simplify
the build.
"nativesdk" is added just in case that someone also wants this
in an SDK.
(From OE-Core rev: a33a252462e2d7b90a1c89e42a96b9696eb08b23)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kernel headers break when musl defines IFF_LOWER_UP. While
waiting for more proper fix in musl, add a workaround to connman.
(From OE-Core rev: e6178138968717e1bdb7af7b5aed42fc74d956ab)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ppp.samba.org has disappeared from the Internet and isn't responding anymore, so
point the SRC_URI at the canonical samba.org download server instead.
(From OE-Core rev: 9b2f5a57bdff46973cc1625da78d04b666710209)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
aarch64 target was being configured for linux-generic64 but openssl has
linux-aarch64 target. Change to use linux-aarch64 as default.
(From OE-Core rev: 13e9a692510151383bc3243c3917154896b0e049)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstream project remove that option as it was quote:
It is completely ineffective.
[YOCTO #10843]
(From OE-Core rev: 52a12c6e5360f3f60b5610eb9ad6edaa076427c1)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removing unused includes fixes the build.
Fixes [YOCTO #10853].
(From OE-Core rev: c580d2938286d62d092496e699f12b03fa065546)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ppp no longer provides the duplicate if_pppox.h header so no need to patch that
out of the Makefile.
(From OE-Core rev: 015574ac9335799e0a3da00cf882b103177c3744)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes
| /usr/bin/ld: libcrypto.a(sha1-x86_64.o): relocation R_X86_64_PC32 against undefined symbol `OPENSSL_ia32cap_P' can not be used when making a shared object; recompile with -fPIC
| /usr/bin/ld: final link failed: Bad value
(From OE-Core rev: 0a19e72081771fca8ed94fb2a2a8996fd3dce00c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1)Upgrade wpa-supplicant from 2.5 to 2.6.
2)Delete 5 patches below, since they are integrated upstream.
0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
3)License checksum changes are not related to license changes.
(From OE-Core rev: 878d411eb53e96bf78e902cc2345eccda8807bfc)
(From OE-Core rev: 8751dbde2736a4dbea83f6f581fe90f0c60def76)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Disable bits of remote capture support inherited from the WinPCAP merge
which cause applications to fails to build if they define HAVE_REMOTE.
(From OE-Core rev: 4e412234c37efec42b3962c11d44903c0c58c92e)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nfs-server failed to start after installation from a package feed.
(From OE-Core rev: c4d276f9f639a1a534789de12a4783ae931e6aa4)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This conflicts with KERNEL_MODULE_AUTOLOAD += "nfsd".
(From OE-Core rev: 759b7536756ac6fb6ad431ab8e48a03283f9ec29)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Contains just enough to mount and unmount nfs volumes, i.e.
the same as nfs-utils-client before commit 39bb7e3 ("nfs-utils:
separate package as Debain style").
Drop nfs-utils-client's dependency on bash. It contains two shell
scripts, /etc/init.d/nfscommon and /usr/sbin/start-statd, both
using /bin/sh.
(From OE-Core rev: e21bba827e06f4d6574bbb2b0f453dd0bb627d2c)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Start daemons by default like the initscripts do, but only if
/etc/exports exists.
- Inform systemd.bbclass about nfs-utils-client package.
(From OE-Core rev: 94602d8ced3a8fd033de93b47320c94db6de8755)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This variable doesn't exist anywhere else in meta/ so presumably this is
historical legacy.
(From OE-Core rev: 6da14a9713dd37935d8918e40faeccd37b084ee4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 9a04243d307a5bf86a127cf504bec78ee963671c)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 2b59c5f90c7d8325ab8893c629b42fb333f3b583)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In particular, this fixes a crash on shutdown.
From upstream's ChangeLog:
ver 1.19:
Fix issue with DHCP parsing and Huawei modems.
Fix issue with detecting Huawei E3372 modem.
Fix issue with handling serving cell info.
Fix issue with handling SIM SC facility lock.
Fix issue with Android RIL PIN retry logic.
Fix issue with Android RIL and RAT handling.
Add support for Android RIL cell broadcast.
Add support for SoFIA 3GR thermal management.
(From OE-Core rev: a09810ef738ea1d2d643deeb255c8e6dd01ef306)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add patches to fix error:
/
| ERROR: oe_runmake failed
| config.status: creating pcap-config.tmp
| mv pcap-config.tmp pcap-config
| chmod a+x pcap-config
| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile':
| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t
| {aka struct _compiler_state}' has no member named 'ai'
| cstate.ai = NULL;
| ^
| ../libpcap-1.8.1/gencode.c: In function 'gen_gateway':
| ../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared
| (first use in this function)
| bpf_error(cstate, "direction applied to 'gateway'");
| ^~~~~~
| ../libpcap-1.8.1/gencode.c:4914:13: note: each undeclared identifier is
| reported only once for each function it appears in
\
Patches were submitted to upstream [1]
[1] https://github.com/the-tcpdump-group/libpcap/pull/541
(From OE-Core rev: 9f1fe76727e98e58fc9e46ea2b49cf5c0cb48e6c)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mount nfs directory would fail if no specific nfsvers:
mount -t nfs IP:/foo/bar/ /mnt/
mount.nfs: an incorrect mount option was specified
mount.nfs currently expects mount(2) to fail with EPROTONOSUPPORT if
the kernel doesn't understand the requested NFS version.
Unfortunately if the requested minor is not known to the kernel
it returns -EINVAL.
Backport patch from nfs-utils-1.3.4 to fix this issue.
(From OE-Core rev: 332596628697d28ae6e8c2271c9658aaf5e54796)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is a carry propagating bug in the Broadwell-specific Montgomery
multiplication procedure that handles input lengths divisible by, but
longer than 256 bits.
External References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055https://www.openssl.org/news/secadv/20161110.txt
Patch from:
57c4b9f6a2
(From OE-Core rev: 07cfa9e2bceb07f3baf40681f8c57f4d3da0aee5)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use SHA256 as default digest for OpenSSL instead of MD5.
CVE: CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant,
which makes it easier for context-dependent attackers to
conduct spoofing attacks, as demonstrated by attacks on the
use of MD5 in the signature algorithm of an X.509 certificate.
Upstream-Status: Backport
Backport from OpenSSL 2.0 to OpenSSL 1.0.2
Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(From OE-Core rev: f924428cf0c22a0b62769f8f31f11f173f25014f)
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport patch to fix CVE-2016-8858 of openssh.
Ref:
https://bugzilla.redhat.com/show_bug.cgi?id=1384860
(From OE-Core rev: 134a05616839d002970b2e7124ea38348d10209b)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This script claims to be a /bin/sh script, but it uses
a bashism:
from checkbashisms:
possible bashism in meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh line 151 (should be 'b = a'):
if [ "x/" == "x$( echo ${FILE} | cut -c1 -)" ]
This causes build issues on systems that don't have
/bin/sh symlinked to bash:
Updating certificates in ${WORKDIR}/rootfs/etc/ssl/certs...
<builddir>/tmp/sysroots/x86_64-linux/usr/bin/c_rehash: 151: [: x/: unexpected operator
...
Fix this by using POSIX shell syntax for the comparison.
(From OE-Core rev: 0526524c74d4c9019fb014a2984119987f6ce9d3)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Option --enable-canusb was removed on commit:
93ca5ff703
- Autotools class was improved and we can now stop aclocal from running at all.
- File configure.in was renamed to configure.ac, rework libpcap-pkgconfig-support
patch and do_configure_prepend task to use configure.ac file.
(From OE-Core rev: 62771b5a426e4b7d38e4997dc3f252a547f481ce)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bug fixes, add support for new management tracing capability
and marking GATT D-Bus APIs as stable interfaces
(From OE-Core rev: 03f0b46520e6a6df7cde37fdb4c27ac6145dff4f)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The c_rehash utility is supposed to be run in the folder /etc/ssl/certs
of a rootfs where the package ca-certificates puts symlinks to
various CA certificates stored in /usr/share/ca-certificates/mozilla/.
These symlinks are absolute. This means that when c_rehash is run
at rootfs creation time it can't hash the actual files since they
actually reside in the build host's directory
$SYSROOT/usr/share/ca-certificates/mozilla/.
This problem doesn't reproduce when building on Debian or Ubuntu
hosts though, because these OSs have the certificates installed
in the same /usr/share/ca-certificates/mozilla/ folder.
Images built in other distros, e.g. Fedora, have problems with
connecting to https servers when using e.g. python's http lib.
The patch fixes c_rehash to check if it runs on a build host
by testing $SYSROOT and to translate the paths to certificates
accordingly.
(From OE-Core rev: 5199b990edf4d9784c19137d0ce9ef141cd85e46)
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Import a patch from upstream, which fixes a connman daemon freeze
under certain conditions (multiple active interfaces, no r/w storage).
(From OE-Core rev: bba18cdce6fb6c5ff2f7161198d46607a72747d6)
Signed-off-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's no way to ensure that files owned by the users aren't left
on the system at postrm time: Removing the user would mean those
files are now owned by a non-existing user, and later may be owned
by a completely unrelated new user.
[YOCTO #10442]
(From OE-Core rev: c1be2196e7ffb23b7b243ecd8aca1827cbdfa443)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
They come prebuilt and don't require any dependencies, so there is no
penalty in enabling them.
(From OE-Core rev: aeb8d38cf26794aeff8827161ae1241d8d031d6c)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Several recipes reference the LICENSE file in their LIC_FILES_CHKSUM
variable as ${COREBASE}/LICENSE. This forces distribution providers to
keep this file verbatim or to overload the affected recipes. The section
"Moving to the Yocto Project 1.6 Release" in the Yocto manual suggests
removing the LICENSE file where possible.
Remove LICENSE in cases where COPYING.MIT is also given and replace
LICENSE with COPYING.MIT if the former was the only entry. All modified
recipes specify LICENSE = "MIT" and none of the in-tree files specify a
different license either.
As the packages do not change (the license files are not contained in
them), do not increase PR.
(From OE-Core rev: 0059e0661826c857a07c862bcb46162671e0e330)
Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
