- Start daemons by default like the initscripts do, but only if
/etc/exports exists.
- Inform systemd.bbclass about nfs-utils-client package.
(From OE-Core rev: 94602d8ced3a8fd033de93b47320c94db6de8755)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This variable doesn't exist anywhere else in meta/ so presumably this is
historical legacy.
(From OE-Core rev: 6da14a9713dd37935d8918e40faeccd37b084ee4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 9a04243d307a5bf86a127cf504bec78ee963671c)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 2b59c5f90c7d8325ab8893c629b42fb333f3b583)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In particular, this fixes a crash on shutdown.
From upstream's ChangeLog:
ver 1.19:
Fix issue with DHCP parsing and Huawei modems.
Fix issue with detecting Huawei E3372 modem.
Fix issue with handling serving cell info.
Fix issue with handling SIM SC facility lock.
Fix issue with Android RIL PIN retry logic.
Fix issue with Android RIL and RAT handling.
Add support for Android RIL cell broadcast.
Add support for SoFIA 3GR thermal management.
(From OE-Core rev: a09810ef738ea1d2d643deeb255c8e6dd01ef306)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add patches to fix error:
/
| ERROR: oe_runmake failed
| config.status: creating pcap-config.tmp
| mv pcap-config.tmp pcap-config
| chmod a+x pcap-config
| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile':
| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t
| {aka struct _compiler_state}' has no member named 'ai'
| cstate.ai = NULL;
| ^
| ../libpcap-1.8.1/gencode.c: In function 'gen_gateway':
| ../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared
| (first use in this function)
| bpf_error(cstate, "direction applied to 'gateway'");
| ^~~~~~
| ../libpcap-1.8.1/gencode.c:4914:13: note: each undeclared identifier is
| reported only once for each function it appears in
\
Patches were submitted to upstream [1]
[1] https://github.com/the-tcpdump-group/libpcap/pull/541
(From OE-Core rev: 9f1fe76727e98e58fc9e46ea2b49cf5c0cb48e6c)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mount nfs directory would fail if no specific nfsvers:
mount -t nfs IP:/foo/bar/ /mnt/
mount.nfs: an incorrect mount option was specified
mount.nfs currently expects mount(2) to fail with EPROTONOSUPPORT if
the kernel doesn't understand the requested NFS version.
Unfortunately if the requested minor is not known to the kernel
it returns -EINVAL.
Backport patch from nfs-utils-1.3.4 to fix this issue.
(From OE-Core rev: 332596628697d28ae6e8c2271c9658aaf5e54796)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is a carry propagating bug in the Broadwell-specific Montgomery
multiplication procedure that handles input lengths divisible by, but
longer than 256 bits.
External References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055https://www.openssl.org/news/secadv/20161110.txt
Patch from:
57c4b9f6a2
(From OE-Core rev: 07cfa9e2bceb07f3baf40681f8c57f4d3da0aee5)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use SHA256 as default digest for OpenSSL instead of MD5.
CVE: CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant,
which makes it easier for context-dependent attackers to
conduct spoofing attacks, as demonstrated by attacks on the
use of MD5 in the signature algorithm of an X.509 certificate.
Upstream-Status: Backport
Backport from OpenSSL 2.0 to OpenSSL 1.0.2
Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(From OE-Core rev: f924428cf0c22a0b62769f8f31f11f173f25014f)
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport patch to fix CVE-2016-8858 of openssh.
Ref:
https://bugzilla.redhat.com/show_bug.cgi?id=1384860
(From OE-Core rev: 134a05616839d002970b2e7124ea38348d10209b)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This script claims to be a /bin/sh script, but it uses
a bashism:
from checkbashisms:
possible bashism in meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh line 151 (should be 'b = a'):
if [ "x/" == "x$( echo ${FILE} | cut -c1 -)" ]
This causes build issues on systems that don't have
/bin/sh symlinked to bash:
Updating certificates in ${WORKDIR}/rootfs/etc/ssl/certs...
<builddir>/tmp/sysroots/x86_64-linux/usr/bin/c_rehash: 151: [: x/: unexpected operator
...
Fix this by using POSIX shell syntax for the comparison.
(From OE-Core rev: 0526524c74d4c9019fb014a2984119987f6ce9d3)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Option --enable-canusb was removed on commit:
93ca5ff703
- Autotools class was improved and we can now stop aclocal from running at all.
- File configure.in was renamed to configure.ac, rework libpcap-pkgconfig-support
patch and do_configure_prepend task to use configure.ac file.
(From OE-Core rev: 62771b5a426e4b7d38e4997dc3f252a547f481ce)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bug fixes, add support for new management tracing capability
and marking GATT D-Bus APIs as stable interfaces
(From OE-Core rev: 03f0b46520e6a6df7cde37fdb4c27ac6145dff4f)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The c_rehash utility is supposed to be run in the folder /etc/ssl/certs
of a rootfs where the package ca-certificates puts symlinks to
various CA certificates stored in /usr/share/ca-certificates/mozilla/.
These symlinks are absolute. This means that when c_rehash is run
at rootfs creation time it can't hash the actual files since they
actually reside in the build host's directory
$SYSROOT/usr/share/ca-certificates/mozilla/.
This problem doesn't reproduce when building on Debian or Ubuntu
hosts though, because these OSs have the certificates installed
in the same /usr/share/ca-certificates/mozilla/ folder.
Images built in other distros, e.g. Fedora, have problems with
connecting to https servers when using e.g. python's http lib.
The patch fixes c_rehash to check if it runs on a build host
by testing $SYSROOT and to translate the paths to certificates
accordingly.
(From OE-Core rev: 5199b990edf4d9784c19137d0ce9ef141cd85e46)
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Import a patch from upstream, which fixes a connman daemon freeze
under certain conditions (multiple active interfaces, no r/w storage).
(From OE-Core rev: bba18cdce6fb6c5ff2f7161198d46607a72747d6)
Signed-off-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's no way to ensure that files owned by the users aren't left
on the system at postrm time: Removing the user would mean those
files are now owned by a non-existing user, and later may be owned
by a completely unrelated new user.
[YOCTO #10442]
(From OE-Core rev: c1be2196e7ffb23b7b243ecd8aca1827cbdfa443)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
They come prebuilt and don't require any dependencies, so there is no
penalty in enabling them.
(From OE-Core rev: aeb8d38cf26794aeff8827161ae1241d8d031d6c)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Several recipes reference the LICENSE file in their LIC_FILES_CHKSUM
variable as ${COREBASE}/LICENSE. This forces distribution providers to
keep this file verbatim or to overload the affected recipes. The section
"Moving to the Yocto Project 1.6 Release" in the Yocto manual suggests
removing the LICENSE file where possible.
Remove LICENSE in cases where COPYING.MIT is also given and replace
LICENSE with COPYING.MIT if the former was the only entry. All modified
recipes specify LICENSE = "MIT" and none of the in-tree files specify a
different license either.
As the packages do not change (the license files are not contained in
them), do not increase PR.
(From OE-Core rev: 0059e0661826c857a07c862bcb46162671e0e330)
Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix a build error when using the linux-4.8 headers that results in:
In file included from pppoe.h:87:0,
from plugin.c:29:
../usr/include/netinet/in.h:211:8: note: originally defined here
struct in6_addr
^~~~~~~~
In file included from ../usr/include/linux/if_pppol2tp.h:20:0,
from ../usr/include/linux/if_pppox.h:26,
from plugin.c:52:
../usr/include/linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6'
struct sockaddr_in6 {
^~~~~~~~~~~~
(From OE-Core rev: 68e917aa778742da104c038a6e1ffa789fe95410)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The aim of the original commit was to make connman-gnome load the icons
at the exact size of the systray. There are two problems with this:
* There are not enough icon sizes provided to make the scaling
look good at most sizes (including current panel size)
* Both connman-gnome and mb-panel have bugs in the icon size update
code and using scaling to exact size makes these much more visible
(See bug 9995 for example).
The problems the original commit tried to fix can be worked around
with better packing in matchbox-panel-2.
(From OE-Core rev: 82a34a770ad36fb370fff4dca66956fb47f1140c)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Deals with a CVE issue
Drops a patch applied upstream and no longer needed.
(From OE-Core rev: ee590ac736ca2a378605fa1272a1c57a1dbc7a57)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
"make alltests" is sensitive to the timestamps of the installed
files. Depending on the order in which cp copies files, .o and/or
executables may end up with time stamps older than the source files.
Running tests then triggers recompilation attempts, which typically
will fail because dev tools and files are not installed.
"cp -a" is not enough because the files also have to be newer than
the installed header files. Setting the file time stamps to
the current time explicitly after copying solves the problem because
do_install_ptest_base is guaranteed to run after do_install.
(From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This update fixes several CVEs:
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)
Of these, only CVE-2016-6304 is considered of high
severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were
already fixed via local patches, which can be removed now.
See https://www.openssl.org/news/secadv/20160922.txt for details.
Some patches had to be refreshed and one compile error fix from
upstream's OpenSSL_1_0_2-stable was required. The server.pem
file is needed for test_dtls.
(From OE-Core rev: d6b69279b5d1370d9c4982d5b1842a471cfd2b0e)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bitbake.conf already sets it.
(From OE-Core rev: 73d138be52c7f7c55ec4ea1cda2d7c8ead85deec)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It doesn't have files in udev dir, and bitbake.conf already sets it.
(From OE-Core rev: 10dbf13c86ce7f10ff84547fee8c4c5f15fe91fb)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
(From OE-Core rev: d4d4ed5f31c687b2b2b716ff0fb8ca6c7aa29853)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
(From OE-Core rev: ed610b68f7e19644c89d7131e34c990a02403c62)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed when building on Debian-testing:
| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
(From OE-Core rev: c28065671b582c140d5971c73791d2ac8bdebe69)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pointer arithmatic results in implementation defined signed integer
type, so that 's - src' in strlcpy and others may trigger signed overflow.
In case of compilation by gcc or clang with -ftrapv option, the overflow
would lead to program abort.
Upstream-status: Submitted [https://bugzilla.mindrot.org/show_bug.cgi?id=2608]
(From OE-Core rev: 2ce02941300aa3e826df0c59fd8d4ce19950028e)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
MIPS64 target was being configured for linux-mips which defaults to
MIPS32. Doesn't cause any issue as far as I can see but it would be
wiser to use the correct target configuration.
Also add MIPS64le configuration which is missing.
(From OE-Core rev: 0afec72913bc31d315cba079da317e8b28755ded)
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- kernel-module-tun is needed so that ofono can create the
ppp network interface
- mobile-broadband-provider-info is needed as an explicit
dependency even though it is in DEPENDS, because it's
just an xml database, and the DEPENDS simply allows
ofono to figure out its location in the file system
(using pkg-config during configure). But there is no
shared library dependency or so for bitbake to figure
out this runtime dependency.
We make it a recommendation only, so that it can still
be removed from filesystem images in case people build
images that don't need the provider database (and e.g.
hard-code APNs for specific use-cases)
(From OE-Core rev: 1cb0eb9a013ad8a4092f610faeab2ee2720b9e66)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
(From OE-Core rev: b72d04985a6e0dba8ab44b6eb55b62914266645c)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
(From OE-Core rev: cfa74a2d4f158601a35b96e235484dac14cbf4d5)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove CVE-2015-8325.patch as it's included upstream. Rebase another
patch.
(From OE-Core rev: 4b695379dcf378e8d77deaf7e558e8cbd314683c)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Regarding the last commit about missing dependencies, another issue
was found. The problem was found, while ptest has been built with some
set extra settings. It means, when ptest is going to be built,
it is necessary to rebuild dependencies for test directory too.
(From OE-Core rev: 030142d0410bec85aeacfff6be27d5fed41ce808)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It's simply been missing.
(From OE-Core rev: ebd1ea45e67211bd2ab0ec7affab409908126ef3)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We do that everywhere else, and otherwise anybody
extending SRC_URI through bbappend must know to
add a space at the end, which is an unusual
requirement.
(From OE-Core rev: 4e7c641b38296ff46ba56cc45e7b14c9e2aa4018)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
4.6.0 -> 4.7.0
(From OE-Core rev: 8c556252b6c60d2fdbb9cd6d601206501467d2db)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstreamable include fixes have been sent upstream. The patch set adds
AC_USE_SYSTEM_EXTENSIONS so we don't need to explictly define _GNU_SOURCE
anymore.
(From OE-Core rev: 6582e066fd9f9d4880e84cccbcdbb68606389309)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With binutils 2.27 on at least MIPS, connmand will crash on startup. This
appears to be due to the symbol visibilty scripts hiding symbols that stdio
looks up at runtime, resulting in it segfaulting.
This certainly appears to be a bug in binutils 2.27 although the problem has
been known about for some time:
https://sourceware.org/bugzilla/show_bug.cgi?id=17908
As the version scripts are only used to hide symbols from plugins we can safely
remove the scripts to work around the problem until binutils is fixed.
(From OE-Core rev: 0194531627735c1f5643ff1bd1bca27ca05c8e95)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Settings from EXTRA_OECONF like en/disable no-ssl3, are transferred
only into DEPFLAGS. It means that settings have no effect on output files.
DEPFLAGS will be transferred into output files with make depend command.
https://wiki.openssl.org/index.php/Compilation_and_Installation#Dependencies
(From OE-Core rev: e3c251427a305780d3257a011260bd978de273d5)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Modify dhcrelay.service to avoid it start failed.
(From OE-Core rev: f0ee1778c99a8b40c0fefa5f846aa34bf9701008)
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1.32 -> 1.33
(From OE-Core rev: 5bdc7dd6a17e217abed14d00d77c4447b2568d19)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The commit "054ea20 avahi-ui: Build with Gtk+3"
enabled gtk3 and disabled gtk2, which causes failure on
some package depends on gtk2, like gnome-disk-utility
in meta-openembedded/meta-gnome:
| checking for GTK2... yes
| checking for AVAHI_UI... no
| configure: error: Package requirements (avahi-ui >= 0.6.25) were not met:
|
| No package 'avahi-ui' found
The gtk2 and gtk3 feature for avahi-ui is not exclusive, so change
to use PACKAGECONFIG for them so we can easily enable/disable one
of them or both of them as needed.
(From OE-Core rev: bb44ef79c1ea9fb1d2e37978bcf964e62caaf4cd)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
5.40 -> 5.41
(From OE-Core rev: 633e73fb780da76e5025483310c3ca7eb5f78a26)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Take the dash compatible IPv6 link-local address test from the Debian
version of dhclient-script.
Note that although "echo -e" in the OE version of dhclient-script is
technically bash specific too, it is supported by Busybox echo when
Busybox is configured with CONFIG_FEATURE_FANCY_ECHO enabled (which
is the default in the OE Busybox defconfig) therefore leave as-is.
(From OE-Core rev: acd7b33d136fac52e1da7ce1bb3edd2a938b1b6f)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After openssl disabled DES, openssh fails to build
for some DES codes are not wrapped in conditional
compile statement "#ifndef OPENSSL_NO_DES" and "#endif".
(From OE-Core rev: cd9c62461e837967dd29a532d32990c23350acf8)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It sometimes fails to run avahi with error: "Could not receive return value
from daemon process". It has same root cause with
https://github.com/lxc/lxc/issues/25.
Backport patch to fix this issue.
(From OE-Core rev: a901956968127b2eb5911d7b91f44fca46e30b25)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0.15 -> 0.16
(From OE-Core rev: a6c88ff6c22a832762d3357967e885064feb577b)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enforce the correct tag names across all of oe-core for consistency.
(From OE-Core rev: 606a43dc38a00cc243f933722db657aea4129f8e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the Gtk3 patch to make the StatusIcon load pixbufs at (more)
correct sizes -- Gtk3 does not seem to reliably position the icon
otherwise.
(From OE-Core rev: 708cd88608d2407db3d679cb6489dcdad58af5b7)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The openssl-c_rehash.sh script reports duplicate files and files which
don't contain a certificate or CRL by echoing a WARNING to stdout.
This warning gets picked up by the log checker during rootfs and results
in several warnings getting reported to the console during an image build.
To prevent the log from being overrun by warnings related to certificates
change these messages in openssl-c_rehash.sh to be prefixed with NOTE not
WARNING.
(From OE-Core rev: 88c25318db9f8091719b317bacd636b03d50a411)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
restart in the init script uses the check_config() function which doesn't have
the $SSHD_OPTS passed through. This causes it to check the wrong config (and
fail when read-only-rootfs is enabled.
(From OE-Core rev: cb6f78072deb8b8c22baf5c31c3bd19d7e0af236)
Signed-off-by: Matthew Campbell <mcampbell@izotope.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add patch to install GtkBuilder ui files for GTK+3.
(From OE-Core rev: 054ea20b05ab8131d6438835669758f69dee3263)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream is not really active anymore: patch the Gtk+3 upgrade
in for now (long term solution is to change to another UI).
(From OE-Core rev: 5e6e2d9e53dae0d2637698abbefa8036dbdfe363)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
They are not compatible with python 3, and require python-dbus
and python-gobject (which are provided only for Python 3).
(From OE-Core rev: 1e248522d1141e0e48562add75373c9930c2c0be)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
They require python-dbus and python-gobject
(which are only provided for Python 3), and have not
been ported to Python 3.
(From OE-Core rev: 6334de28bfd5252343deef326e4edca785254b85)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
4.3 -> 4.7
Refreshed the patch for new version:
1) 0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
(From OE-Core rev: 0c6fc9a01ba58adc221f04cc79ece7efc16c0ee7)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update libcrypto.a symlink to the proper location.
[YOCTO #9523]
(From OE-Core rev: 3d6884a99a170a2d1925ed347431518fff3cf367)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It's not used by anything and hasn't been ported to Python 3.
(From OE-Core rev: 36e9ed899506f5864d8981a751b3b4068d1510db)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This dependency was floating, which results in non-deterministic builds. Add
a configure argument and associated PACKAGECONFIG to fix this.
The libxml dep is only needed when bind was built with a dep on libxml due to
its httpstats feature. So, when you enable the httpstats config in bind, and
want to build dhcp, be sure to also enable the bind-httpstats config in dhcp.
(From OE-Core rev: 16c30d85a8bae3cbebb80c082ccd34e2ab0d2540)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1. Refreshed musl build fix patch for 4.6.0
2. Use the bash-completion class to package the completion files.
(From OE-Core rev: d3d4bb2d467039d30f372e814e216377dab1057b)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Debian and other generic distributions has moved the certificates for
sysconfdir (/etc/ssl) and made the libdir content to link for it.
This provides several advantages specially for read-only
rootfs. Another benefit is that it ensures foreign implementations
(e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
the certificates) to find the content correctly.
(From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Within the sysvinit script the path to bluetoothd is wrong. Because of this
the init scripts silently terminates without any message
(From OE-Core rev: 63cde9b8101ed39376529f3205d32729341d5802)
Signed-off-by: Christian Ege <k4230r6@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The homepage variable is out of date and the summary does not mention
ssh, making the recipe difficult to find.
[ YOCTO #9610 ]
(From OE-Core rev: ce84dc09172b98ce1162e536db17148a67ba2be1)
Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream in 5.33 btmgmt was moved from experimental to common READLINE section,
in commit e4f0c5582f1fe3451d5588243adba9de1ed68b80, but this was never updated
in the recipe.
(From OE-Core rev: 28777e593d3dd3a5d0ee2effcdca6a971e2887f9)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
PAM environment vars must be ignored when UseLogin=yes
(From OE-Core rev: 0a06be81cb650def54a4c2059bd728c75954306f)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove patches that are in the release.
(From OE-Core rev: 5e24780ac0fea9012f28f6e3f1040c431d3a742e)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The OpenBSD FTP server isn't accepting connections from wget, which breaks
fetches. Luckily they also have a HTTP server on the same host.
[ YOCTO #9628 ]
(From OE-Core rev: 8b10f0af3c434145b460fd5d7a9f394dc1284260)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removed following upstreamed/backported patches:
a) 0001-Detect-backtrace-API-availability-before-using-it.patch
b) 0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch
Rearranged musl related patches.
(From OE-Core rev: 5d1b1d9cc20ee69832e8d95579dcfa99419dfed5)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176
https://www.openssl.org/news/secadv/20160503.txt
fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
(From OE-Core rev: c693f34f54257a8eca9fe8c5a9eee5647b7eeb0c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
5.37 -> 5.39
(From OE-Core rev: 53048d65402211e0caa9a7c8b90e3d9711a5262a)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A patch is needed to fix a race in out-of-tree builds, and the install-ptest
logic can be simplified.
(From OE-Core rev: 471fdafb340e90a4ab2e31854f69d5204e9380bf)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is required for dbus-binding-tool.
(From OE-Core rev: 513515fef1a5dac197b260613af8205bea96bcfc)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before
4.3.4 does not restrict the number of concurrent TCP sessions,
which allows remote attackers to cause a denial of service
(INSIST assertion failure or request-processing outage)
by establishing many sessions.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2774
(From OE-Core rev: 2fc84114c6323bf1e3d3598af52dd1523168c9fc)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Duplicate EDNS COOKIE options in a response could trigger an
assertion failure: Fix with a backport.
bind as built with the oe-core recipe is not at risk: Only servers
which are built with DNS cookie support (--enable-sit) are vulnerable
to denial of service.
Fixes [YOCTO #9438]
(From OE-Core rev: da38a9840b32e80464e2938395db5c9167729f7e)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
do_install_append function installs init scripts but to enable this
service we need to inherit update-rc.d class and set INITSCRIPT name
and params.
(From OE-Core rev: 854523f173ba9784f1e2a00804c0f5ef16e8cf85)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
musl calls them __c_ispeed and __c_ospeed
and we can not use get/set APIs because the get APIs
will return the value from iflags and not from *speed
element from termios struct
(From OE-Core rev: b4744ffb94f76f2be138f2f9bd04153034bf62df)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andreas Oberritter
Huang Qiyu
Mariano Lopez
Ross Burton
Maxin B. John
André Draszik
Fabio Berton
Yi Zhao
T.O. Radzy Radzykewycz
Kai Kang
Dmitry Rozhkov
Lukasz Nowak
Jussi Kukkonen
Alexander Kanavin
Olaf Mandel
Zheng Ruoqin
Jackie Huang
Richard Purdie
Patrick Ohly
Robert Yang
Zhixiong Chi
Yuanjie Huang
Zubair Lutfullah Kakakhel
André Draszik
Andrej Valek
Stefan Müller-Klieser
Dai Caiyun
Andre McCurdy
mingli.yu@windriver.com
Armin Kuster
Zhenhua Luo
Joshua Lock
Matthew Campbell
Hongxu Jia
Chen Qi
Dmitriy Falko
Christopher Larson
Otavio Salvador
Christian Ege
Stephano Cetola
Nicolas Dechesne
Catalin Enache
Sona Sarmadi
Khem Raj