Commit Graph

825 Commits

Author SHA1 Message Date
Peter Kjellerstedt 94cc8b862a libldb: Do not require the "pam" distro feature to be enabled
It was only added because samba was a dependency, but was not removed
again when the dependency on samba was removed in commit 6207331f.

This effectively reverts commit a190c2e3.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0d2b80bd78)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-15 13:30:34 -07:00
Adrian Bunk af706c5d83 wireshark: Upgrade 3.0.6 -> 3.0.8
Upgrade on the 3.0 stable branch,
including fixes for CVE-2019-19553 and CVE-2020-7045.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-15 13:30:34 -07:00
Yi Zhao f64c2d691e libldb: upgrade 1.5.5 -> 1.5.6
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2b3fd53487)
[Samba's update via ee5aa6911b  required
 libldb upgrade to 1.5.6 Yocto # 13750]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-29 21:14:26 -08:00
Zhixiong Chi 688e19d04d dnsmasq: CVE-2019-14834
Backport the CVE patch from the upstream to fix the memory leak.

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c8ca82feb5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-19 08:55:36 -08:00
Khem Raj e855ecc6d3 ruli: Fix install step and build samples too
do_install never executed as a result it was empty install
Create ruli-bin package for utilities, so libraries can be packages
granularily

Drop the makefile patch which is no longer needed, set the make
variables to get the needed bits set

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f4e6224b34)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-05 14:44:11 -08:00
Zheng Ruoqin fdfa4cde19 wireshark: upgrade 3.0.3 -> 3.0.6
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[Bug fix only update
includes:
CVE-2019-16319
]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-11-24 12:28:29 -08:00
Peiran Hong 01b55a8a55 tcpdump: Delete unused patch
Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since it is not used in the tcpdump recipe anymore.

Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-09 23:27:15 -07:00
Zang Ruochen 10bba9fe7d fetchmail: upgrade 6.3.26 -> 6.4.1
-License-Update: Copyright year updated to 2019.

-fetchmail/02_remove_SSLv3.patch
Removed since this is included in 6.4.1.

Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-09 00:35:31 -07:00
Peiran Hong 71535e2f0e tcpdump: upgrade 4.9.2 -> 4.9.3
This upgrade adds some new features and fixes numerous bugs including
the following CVEs:
CVE: CVE-2017-16808 (AoE)
CVE: CVE-2018-14468 (FrameRelay)
CVE: CVE-2018-14469 (IKEv1)
CVE: CVE-2018-14470 (BABEL)
CVE: CVE-2018-14466 (AFS/RX)
CVE: CVE-2018-14461 (LDP)
CVE: CVE-2018-14462 (ICMP)
CVE: CVE-2018-14465 (RSVP)
CVE: CVE-2018-14881 (BGP)
CVE: CVE-2018-14464 (LMP)
CVE: CVE-2018-14463 (VRRP)
CVE: CVE-2018-14467 (BGP)
CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
CVE: CVE-2018-10105 (SMB - too unreliably reproduced,
                           SMB printing disabled)
CVE: CVE-2018-14880 (OSPF6)
CVE: CVE-2018-16451 (SMB)
CVE: CVE-2018-14882 (RPL)
CVE: CVE-2018-16227 (802.11)
CVE: CVE-2018-16229 (DCCP)
CVE: CVE-2018-16301 (was fixed in libpcap)
CVE: CVE-2018-16230 (BGP)
CVE: CVE-2018-16452 (SMB)
CVE: CVE-2018-16300 (BGP)
CVE: CVE-2018-16228 (HNCP)
CVE: CVE-2019-15166 (LMP)
CVE: CVE-2019-15167 (VRRP)
CVE: CVE-2018-14879 (tcpdump -V)

Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since the fix is included in the upgrade.

Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch",
"unnecessary-to-check-libpcap.patch", and "add-ptest.path" since
the upgrade renamed configure.in to configure.ac and made changes
to the file.

Added PACKAGECONFIG for smb. It is disabled by default in
the upgraded version in both the package's configure script and this
bitbake recipe since it is insecure.

Modified the parsing of ptest result to align with the new output
format.

With core-image-minimal on qemux86-64/kvm:
Recipe         | Passed      | Failed   | Skipped   | Time(s)
Before         | 408         | 0        | 2         | 4
After          | 431         | 11       | 2         | 10

11 test failed after the upgrade since libpcap is not upgraded
alongside with tcpdump.

Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-08 00:52:33 -07:00
Callaghan, Dan b08e503eb7 strongswan: install dev headers
These are needed for other packages which want to link against
libstrongswan or other libraries included with Strongswan.
By default, no headers are installed.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-04 19:11:55 -07:00
George McCollister b750c405c7 wireshark: fix qt5 build
Add qttools-native to PACKAGECONFIG[qt5] DEPENDS to resolve missing
Qt5LinguistTools build error.

Add qtmultimedia to PACKAGECONFIG[qt5] DEPENDS to resolve missing
Qt5Multimedia build error.

Add qtsvg to PACKAGECONFIG[qt5] DEPENDS to resolve missing Qt5Svg build
error.

Inherit cmake_qt5 when qt5 is in PACKAGECONFIG to resolve
get_target_property() called with non-existent target "Qt5::qmake"
build error.

Automatically add qt5 to PACKAGECONFIG when meta-qt5 is in the build
since adding qt5 via a .bbappend won't satisfy the conditional inherit
cmake_qt5. The poppler recipe does exactly this.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-04 19:11:55 -07:00
Martin Jansa e6d76b05a7 Revert "spice: Drop broken native"
This reverts commit 5f32fd6b08.

* fixed by restricting -Wno-error=address-of-packed-member only for
  target, spice-native is still useful for qemu-native when spice
  PACKAGECONFIG is enabled

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-01 08:51:19 -07:00
Martin Jansa d002adaf59 spice: ignore all warnings not just address-of-packed-member
* with older native gcc on host this will break spice-native with:
  cc1: error: -Werror=address-of-packed-member: no option -Waddress-of-packed-member
  because older gcc doesn't recognize address-of-packed-member warning
  to work around this ignore them all

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-01 08:51:19 -07:00
Khem Raj b3dd5f95ce openipmi: Mark libOpenIPMI.so.0 as private lib in openipmi-perl
libOpenIPMI.so.0 is SONAME for openIPMI.so in openipmi-perl package
which means the shlibs code will automatically add it as a provider for
this shared library but actual public library is provided by openipmi
package, and it results in

ERROR: openipmi-2.0.27-r0 do_package: openipmi: Multiple shlib providers for libOpenIPMI.so.0: openipmi-perl, openipmi (used by files: /mnt/jenkins/workspace/Yocto-world-musl/build/tmp/work/aarch64-yoe-linux/openipmi/2.0.27-r0/packages-split/openipmi/usr/bin/openipmi_eventd)

The library in perl package is actually not required to compete to
provide for public interfaces

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-30 16:54:50 -07:00
Robert Yang 5f32fd6b08 spice: Drop broken native
$ bitbake spice-native
checking whether the C compiler works... no
configure: error: in `/path/to/spice-native/0.14.2+gitAUTOINC+7cbd70b931_4fc4c2db36-r0/build':
configure: error: C compiler cannot create executables

It's a broken native recipe which means no ones need it any more, so remove it.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-25 09:48:19 -07:00
S. Lockwood-Childs a61ef2c75f wireshark: remove restriction to ARM ISA
The restriction to ARM instruction set came in the original
wireshark recipe, which was 2 major versions ago (and also
a few toolchains ago). Wireshark 3.x seems to be building
fine allowing thumb instructions, at least on cortexa9t2hf.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-19 11:55:25 -07:00
Yuan Chao 44729148e0 libtevent: upgrade 0.10.0 -> 0.10.1
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-19 00:09:43 -07:00
Changqing Li 81a322ff2e ntp: fix package split wrongly when enabled usrmerge
* when usrmerge is enabled, ${libdir} is /usr/lib, and
${systemd_unitdir} is /usr/lib/systemd, sine PACKAGE
ntpdate is after ntp in variable PACKAGES, so file
${systemd_unitdir}/system/ntpdate.service will be populated
into PACKAGE ntp, but actually we have add it into FILES_ntpdate

when usrmerge is disabled, ${libdir} is empty, and usrmerge is
enabled, files under ${libdir} have been covered by other FILES
config, so fix by remove ${libdir}

* libexecdir is empty, so remove it FILES_${PN}

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-16 18:24:48 -07:00
Peiran Hong 62fc26075a tcpdump: Fix CVE-2017-16808
Backport selected parts of three upstream commits to fix
CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read.

Upstream-Status: Backport
[ several ]

Upstream commits fully backported:
46aead6  [CVE-2017-16808/AoE: Add a missing bounds check]

Upstream commits partially backported:
7068209  [Use nd_ types in 802.x and FDDI headers.]
84ef17a  [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using
pointers (1/n)]

46aead6 fixes the vulnerability and requires two macros defined in
7068209 and 84ef17a, which are committed after the release of 4.9.2.
Only the definition of the macros are taken from the two commits
as they impact a wide range of code and are difficult to integrate.

CVE: CVE-2017-16808

Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-13 19:15:20 -07:00
Khem Raj 3061ead8cf strongswan: Fix do_patch fuzz
Refresh the patch to apply cleanly

Fixes

Applying patch 0001-memory.h-Include-stdint.h-for-uintptr_t.patch
patching file src/libstrongswan/utils/utils/memory.h
Hunk #1 succeeded at 26 with fuzz 2 (offset 4 lines).

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-07 12:54:43 -07:00
Khem Raj eca729d98e drbd,netkit-rusers: Blacklist packages
These fail to build always

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-07 12:35:54 -07:00
Changqing Li e151a4fac5 drbd-utils: switch to add patch from change source in do_configure
it is not proper change source in do_configure, it will make
source not updated even local.conf have change the DISTRO_FEATURES

[YOCTO: #13493]

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-05 18:13:44 -07:00
Yuan Chao 517bd23da6 libtalloc: upgrade 2.2.0 -> 2.3.0
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-05 18:13:44 -07:00
Robert Yang e3485d0cf5 netcf: Fix do_configure failed when multilib
Fixed do_configure failed:
$ bitbake lib32-netcf

cp: cannot stat '/path/to/lib32-recipe-sysroot/usr/share/gnulib': No such file or directory

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-04 07:27:06 -07:00
Yuan Chao af6d79843b strongswan: upgrade 5.8.0 -> 5.8.1
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-02 20:39:01 -07:00
Robert Yang 2754eb92db netcf: Fix Manifest not found issue
Fixed:
$ bitbake netcf
WARNING: netcf-0.2.8+gitAUTOINC+2c5d425585-r0 do_package: Manifest /path/sstate-control/manifest-x86_64_x86_64-nativesdk-gnulib.packagedata not found in intel_x86_64 corei7-64 core2-64 x86_64 allarch x86_64_x86_64-nativesdk (variant '')?

This is because gnulib has no related tasks:
do_package[noexec] = "1"
do_packagedata[noexec] = "1"
deltask package_write_ipk
deltask package_write_deb
deltask package_write_rpm
deltask do_deploy_archives

Depends on gnulib:do_populate_sysroot explicitly to fix the problem.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-30 06:45:52 -07:00
Khem Raj 2c67dcf650 drbd: Upgrade to 9.0.19-1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-29 12:23:12 -07:00
Khem Raj dff93352c8 linux-atm: Fix build with kernel headers 5.2+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-29 12:23:12 -07:00
Bruce Ashfield 383e8bee87 dnsmasq: fix build against 5.2 headers
Upstream linux y2038 work has moved some definitions SIOCGSTAMP is
defined in linux/sockios.h, not asm/sockios.h now. So we need to
add that include to fix the build.

Upstream-status: backport of http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3052ce208acf602f0163166dcefb7330d537cedb

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-29 09:06:54 -07:00
Gianfranco Costamagna f2487da394 ifmetric: add initial recipe based on Debian packaging and patches
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-29 09:06:54 -07:00
Yuan Chao 4f627e8e39 libtdb: upgrade 1.4.1 -> 1.4.2
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-27 12:11:16 -07:00
Yuan Chao 820b63d847 libtdb: upgrade 1.4.0 -> 1.4.1
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-20 21:11:27 -07:00
Martin Jansa 7cede6b863 ntop: fix missing return from non-void function
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-12 09:11:01 -07:00
Adrian Bunk 6cef109668 wireshark: Use an upstream URL that stays valid longer
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-05 17:55:36 -07:00
Fabian Klemp 910891d722 openvpn: respect pid file in init.d service start
openvpn only provides options to update a pid file but not to check it
for running processes. Consecutive issued start commands therefore lead
to multiple running processes with the same configurations, which is the
origin of all kinds of problems of which unnecessary resource usage is the least.

Using start-stop-daemon the pid file is inspected for running processes
before start.

Signed-off-by: Fabian Klemp <fabian.klemp@axino-group.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-30 19:15:24 -07:00
Khem Raj 09faeabebc ypbind-mt: Fix build with glibc 2.30
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-30 19:15:24 -07:00
Oleksandr Kravchuk af907bf362 chrony: update to 3.5
Also updated arm_eabi patch.

Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-28 17:11:17 -07:00
Changqing Li 89c3f72c35 libtdb: fix do_package_qa issue
fix below error:
 QA Issue: non dev/-dbg/nativesdk package contains symlink .so: lib32-python3-tdb path '
packages-split/lib32-python3-tdb/usr/lib/python3.7/site-packages/tdb.so' [dev-so]

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-22 14:16:50 -07:00
Oleksandr Kravchuk e90eda0998 htpdate: update to 1.2.1
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-22 09:31:46 -07:00
Oleksandr Kravchuk 720aa1ce3a uftp: update to 4.10
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-22 09:31:46 -07:00
Zang Ruochen 05250418cb wireshark: upgrade 3.0.2 -> 3.0.3
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-22 09:31:46 -07:00
Yi Zhao f20ba24fd0 libldb: upgrade 1.5.4 -> 1.5.5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-21 09:31:09 -07:00
Beniamin Sandu 3221fc4f28 unbound: create recipe for version 1.9.2
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-18 11:21:57 -07:00
Changqing Li 27d1d3dfa6 libtevent: fix do_package_qa issue
fix below error:
ERROR: lib32-libtevent-0.10.0-r0 do_package_qa: QA Issue: non -dev/-dbg/nativesdk- package contains symlink .so: lib32-python3-tevent path '/work/core2-32-wrsmllib32-linux/lib32-libtevent/0.10.0-r0/packages-split/lib32-python3-tevent/usr/lib/python3.7/site-packages/_tevent.so' [dev-so]

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-17 09:31:37 -07:00
Qi.Chen@windriver.com 2e033b8219 esmtp: use alternatives to manage /usr/lib/sendmail
There are several packages which all provide /usr/lib/sendmail
when lsb is enabled. So use alternative to manage it.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-15 08:00:06 -07:00
He Zhe 225a741952 drbd-utils: Fix netlink failure with nested attributes for kernel v5.2
Bump up SRCREV_drbd-utils to includes two more commits to fix the following
netlink failure with nested attributes.

$ drbdsetup new-resource r0
Invalid argument

92ade5989027 ("netlink: prepare for kernel v5.2")
859151b228d3 ("netlink: Add NLA_F_NESTED flag to nested attribute")

Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-13 23:28:06 -07:00
Oleksandr Kravchuk 646a6c4026 uftp: update to 4.9.11
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-13 23:28:06 -07:00
Slater, Joseph dfbcacc795 drbd-utils: enable reproducible_build awareness
Enable use of SOURCE_DATE_EPOCH from the reproducible_build bbclass.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-11 14:01:28 -07:00
Changqing Li 6207331f37 libldb: upgrade 1.4.1 -> 1.5.4
1. switch to python3
2. add cross-answer for lmdb check, so remove patch 0001-libldb-fix-config-error
3. fix cross-compile problem caused by waf
4. refresh patch

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-10 09:28:20 -07:00
Oleksandr Kravchuk e7b59b3582 ipvsadm: update to 1.30
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-10 09:24:33 -07:00