mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-04-20 11:38:34 +00:00
Code Issues Projects Releases Wiki Activity
34,445 Commits 63 Branches 0 Tags
7ee2cfbaf94129695a8ed96690482dca2ba27ee9
Commit Graph

577 Commits

Author SHA1 Message Date
Khem Raj
09d3af94b0 netdata: Enable network during do_compile only when go support is enabled 
Makes the hammer a bit smaller, since we do not enable go by default
in packageconfig's it helps with yocto check layer with default config.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-05-14 08:37:28 -07:00
Khem Raj
90e2f77ce1 cockpit: Fix a build race generating fail-html.c 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-05-09 16:23:04 -07:00
Khem Raj
6b720074c4 cockpit: Upgrade to 337 
Get rid of remoeved configure options

ERROR: QA Issue: cockpit: configure was passed unrecognised options: --disable-pcp --enable-old-bridge --with-cockpit-ws-instance-user --disable-ssh --disable-polkit --with-cockpit-ws-instance-group --with-cockpit-group --with-cockpit-user [unknown-configure-option]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-05-09 00:10:51 -07:00
Yoann Congal
273c29232e hiawatha: use -std=gnu17 for compilation 
hiawatha does not build under -std=gnu23 which is the default of
gcc15. Forcing -std=gnu17 fixes these build errors:
| .../tmp/work/core2-64-poky-linux/hiawatha/11.2/hiawatha-11.2/src/hiawatha.c:814:25: error: passing argument 2 of 'signal' from incompatible pointer type [-Wincompatible-pointer-types]
|   814 |         signal(SIGHUP,  HUP_handler);
|       |                         ^~~~~~~~~~~
|       |                         |
|       |                         void (*)(void)
| .../tmp/work/core2-64-poky-linux/hiawatha/11.2/recipe-sysroot/usr/include/signal.h:88:57: note: expected '__sighandler_t' {aka 'void (*)(int)'} but argument is of type 'void (*)(void)'
|    88 | extern __sighandler_t signal (int __sig, __sighandler_t __handler)
|       |                                          ~~~~~~~~~~~~~~~^~~~~~~~~
| .../tmp/work/core2-64-poky-linux/hiawatha/11.2/hiawatha-11.2/src/hiawatha.c:294:6: note: 'HUP_handler' declared here
|   294 | void HUP_handler() {
|       |      ^~~~~~~~~~~
| .../tmp/work/core2-64-poky-linux/hiawatha/11.2/recipe-sysroot/usr/include/signal.h:72:16: note: '__sighandler_t' declared here
|    72 | typedef void (*__sighandler_t) (int);
|       |                ^~~~~~~~~~~~~~

Note: Upstream project has no published way to upstream patches.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-05-08 18:29:34 -07:00
Yoann Congal
18a627a46c hiawatha: update HOMEPAGE 
As noted in 11.7 changelog: https://hiawatha.leisink.net/changelog
> All references to http://www.hiawatha-webserver.org/ changed to
> https://hiawatha.leisink.net/.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-05-08 18:29:33 -07:00
Yoann Congal
0277e7b974 meta-webserver/README: add example git send-email line 
As the other layers of meta-openembedded, this line makes it easy to
send a patch by copy-pasting and reduce slightly the probability of
error.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-05-08 18:29:33 -07:00
Khem Raj
f00a3f153a apache2: Scrub -ffile-prefix-map in build.nice file 
Fixes
QA Issue: File /usr/libexec/apache2/build/config.nice in package apache2-dev contains reference to TMPDIR [buildpaths]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-04-22 09:10:56 -07:00
Jason Schonberg
0573c4c996 monkey: Update project website 
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-04-16 08:04:41 -07:00
Khem Raj
b019b4bd68 layers: Add whinlatter (5.3) to compatible layer series 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-04-11 20:51:29 -07:00
Khem Raj
f4a96810ba Drop styhead from LAYERSERIES_COMPAT 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-03-31 07:41:47 -07:00
Jason Schonberg
b14543cd26 hiawatha: upgrade 11.1 -> 11.2 
Changelog: https://hiawatha.leisink.net/changelog

    mbed TLS updated to 3.2.1.
    Small improvements.

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-03-20 15:17:23 -07:00
Jason Schonberg
cb0a43ea78 hiawatha: upgrade 11.0 -> 11.1 
Changelog: https://hiawatha.leisink.net/changelog

      mbed TLS updated to 3.1.0.
      Small bugfixes.

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-03-20 08:46:57 -07:00
Khem Raj
93bf51cd7e xdebug: Upgrade to 3.4.2 release 
License-Update: Update license to match the PHP 3.01 license [1]

[1] 5fc2d81806
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-03-14 13:40:59 -07:00
Alexis Cellier
5c32343131 sthttpd: Fix service unit file 
Update PID file path from /var/run to /run to avoid systemd warning:
    PIDFile= references a path below legacy directory /var/run/,
    updating /var/run/thttpd.pid → /run/thttpd.pid; please update
    the unit file accordingly.

Cc: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Alexis Cellier <alexis.cellier@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-02-27 13:10:00 -08:00
Paul Le Guen de Kerneizon
a495fd2a54 cockpit: remove deprecated packages 
This commit removes from the recipe the following deprecated packages:
- `cockpit-docker`: cockpit project no longer supports Docker since version 228
  [1]
- `cockpit-machines`: cockpit-machines is now provided in a dedicated
  repository [2], and code base has been removed since version 242 [3]

[1]: https://cockpit-project.org/blog/cockpit-228.html
[2]: https://github.com/cockpit-project/cockpit-machines
[3]: https://cockpit-project.org/blog/cockpit-242.html

Signed-off-by: Paul Le Guen de Kerneizon <paul.leguendekerneizon@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-02-25 09:48:06 -08:00
Changqing Li
569b675620 nginx: upgrade 1.27.3 to 1.27.4 
License-Update: copyright year refreshed

Resolves:
* CVE-2025-23419

CHANGES:
https://nginx.org/en/CHANGES

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-02-16 23:42:42 -08:00
Changqing Li
66498315ca nginx: upgrade 1.26.2 to 1.26.3 
Solves:
* CVE-2025-23419

CHANGES:
https://nginx.org/en/CHANGES-1.26

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-02-16 23:42:42 -08:00
Wang Mingyu
93772a0fc3 apache2: upgrade 2.4.62 -> 2.4.63 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-02-10 08:45:35 -08:00
Changqing Li
5f43b10862 phpmyadmin: upgrade 5.2.1 -> 5.2.2 
License-Update: License year updated

This upgrade include security fix for:
CVE-2025-24529
CVE-2025-24530

Release note:
https://www.phpmyadmin.net/news/2025/1/21/phpMyAdmin-522-is-released/

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-02-09 20:12:29 -08:00
Gyorgy Sarvari
10c13bf1fb mod-dnssd: update SRC_URI 
Upstream repository url changed.

Fixes unsuccessful fetch warning.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-02-03 11:25:21 -08:00
Jason Schonberg
9ba0679eee hiawatha: upgrade 10.12 -> 11.0 
The https://www.hiawatha-webserver.org/ site is defunct.  So move SRC_URI to use
https://hiawatha.leisink.net/ instead.  Update to 11.0 while we are here.

Changelog: https://hiawatha.leisink.net/changelog

    mbed TLS updated to 3.0.0.
    Dropped support for TLSv1.0 and TLSv1.1. Configuration option MinTLSversion removed.
    Dropped support for HTTP Public Key Pinning (HPKP). Configuration option PublicKeyPins removed.

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-01-24 18:20:08 -08:00
Yi Zhao
9198508373 cockpit: set pam module path to ${base_libdir}/security 
Set pam module path to ${base_libdir}/security as this is the default
path in libpam.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-01-06 07:22:29 -08:00
Peter Marko
59d3949e3e apache2: ignore CVE-1999-1237 
This vulnerability is for Apache-AuthenSmb module.
Fixed in 0.9, current version is 0.72.
In any case, not part of Apache2 sources.

[1] points to [2], which is archived under [3]

[1] https://nvd.nist.gov/vuln/detail/CVE-1999-1237
[2] http://www.securityfocus.com/archive/1/14384
[3] https://web.archive.org/web/20020618143426/http://online.securityfocus.com/archive/1/14384

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-12-24 08:23:09 -08:00
Peter Marko
de9eeb369e swagger-ui: mark CVE-2016-1000229 as fixed 
as per https://github.com/swagger-api/swagger-ui/issues/1865
NVD tracks this CVE as version-less.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-12-19 13:00:33 -08:00
Peter Marko
da2b5e8b93 apache2: ignore disputed CVE CVE-2007-0086 
This CVE is officially disputed by Redhat with official statement in
https://nvd.nist.gov/vuln/detail/CVE-2007-0086

Red Hat does not consider this issue to be a security vulnerability.
The pottential attacker has to send acknowledgement packets periodically
to make server generate traffic. Exactly the same effect could be
achieved by simply downloading the file. The statement that setting the
TCP window size to arbitrarily high value would permit the attacker to
disconnect and stop sending ACKs is false, because Red Hat Enterprise
Linux limits the size of the TCP send buffer to 4MB by default.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-12-19 13:00:33 -08:00
Peter Marko
36a7e409d8 monkey: ignore CVE-2013-1771 
This is gentoo specific CVE.
NVD tracks this as version-less CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-12-19 13:00:32 -08:00
Peter Marko
0e7733f1b8 apache2: remove old version references from CVEs 
These were not updated on recipe upgrade.
To make maintenance easier, remove exact versions.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-12-19 13:00:32 -08:00
Peter Marko
1b86a60f62 apache2: ignore CVE-1999-0678 and CVE-1999-1412 
These CVEs are specific to Debian and MAC OS X respectively.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-12-19 13:00:32 -08:00
Derek Straka
1f4b413ebe nginx: Upgrade mainline release version 1.27.1 -> 1.27.3 
License-Update: License file negative and empty space changes

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-12-10 13:43:54 -08:00
Khem Raj
f1e8d8a510 meta: Add SECURITY.md file to all layers 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-11-23 09:00:14 -08:00
Wang Mingyu
5c3ba1c1fc swagger-ui: upgrade 5.17.14 -> 5.18.2 
Changelog:
=============
- update Scarf.js to v1.4.0 to avoid breaking Vitest
- docker: return explicit Node.js installation
- analytics: use Scarf.js to provide anonymized installation analytics

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-11-19 16:59:15 -08:00
Jan Vermaete
fa7ee06bd6 netdata: WebUI choice between all (default), v0, v1 or v2 
Added a PACKAGECONFIG to select the version of the WebUI to be installed.
When not set, all versions (v0, v1 and v2) will be installed.  What is the
default of Netdata.

Enabling only the v1 version makes the package 25% smaller.

More info: https://github.com/netdata/netdata/issues/15640#issuecomment-1946041083

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-11-05 09:42:49 -08:00
Jan Vermaete
c00b1fcc7c netdata: Upgrade from 1.47.3 to 1.47.5 release 
* 0001-Add-check-for-64bit-builtin-atomics.patch applied upstream
* removed not longer used systemd service file
  The service of the netdata is used in previous commit(s)
* oelint_adv issues solved

Changlog: https://github.com/netdata/netdata/blob/master/CHANGELOG.md#v1475-2024-10-24

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-11-02 14:17:26 -07:00
Jan Vermaete
0f692c3ab7 swagger-ui: OpenAPI (aka swagger) website (v5.17.14) 
New recipe with the static version of the Swagger UI.

This is *not* a NPM version of the website (swagger-ui, swagger-ui-dist, swagger-ui-react).
But the static release.

  Plain old HTML/CSS/JS (Standalone)

  The folder /dist includes all the HTML, CSS and JS files needed to run SwaggerUI on a static website or CMS, without requiring NPM.

      Download the latest release.
      Copy the contents of the /dist folder to your server.
      Open swagger-initializer.js in your text editor and replace "https://petstore.swagger.io/v2/swagger.json" with the URL for your OpenAPI 3.0 spec.

  -- https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/installation.md#plain-old-htmlcssjs-standalone

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-30 12:34:00 -07:00
Tanguy Raufflet
8a34c94412 netdata: add RDEPENDS to the docker PACKAGECONFIG 
Add the runtime dependency Virtual/docker need when the package config
Docker is enabled. This avoids do_rootfs installs issues.

Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-24 05:52:19 -07:00
Tanguy Raufflet
9527f00467 netdata: add setuid to the xenstat plugin file 
As mentioned in the Netdata documentation [1], The xenstat plugin
requires elevated privileges to be executed. The xenstat.plugin
permissions are modified to only allow users belonging to the netdata
group to execute the plugin with root privileges.

[1] https://learn.netdata.cloud/docs/collecting-metrics/containers-and-vms/xen-xcp-ng

Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-24 05:52:19 -07:00
Tanguy Raufflet
6f6aa30602 netdata: modify apps.plugin permissions 
Modification of the group for the apps.plugin file (from root to
netdata) and removal of execution authorization for the “others”.

This modification improves security by limiting the netdata group to
execute the plugin as root.

Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-24 05:52:19 -07:00
Valeria Petrov
ac5855c74d apache2: do not depend on zlib header and libs from host 
This commit modifies the PACKAGECONFIG entry for zlib to ensure that the
mod_deflate module is enabled with the appropriate zlib configuration.
By adding the --with-zlib=${STAGING_LIBDIR}/../ option, we direct the
configure script to use the zlib library from the staging directory
instead of relying on the host system's zlib installation.

Without that configure will search the host for zlib headers and lib.

This change resolves build failures related to zlib dependency when
mod_deflate is enabled and ensures a consistent build environment across
different host configurations.

Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-09 15:47:23 -07:00
Khem Raj
fb566b0d09 netdata: Upgrade to 1.47.3 release 
Update the atomics patch to v2 of upstream submission

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-04 22:45:35 -07:00
Enguerrand de Ribaucourt
d5a24aa9ba netdata: add go plugin PACKAGECONFIG 
Many netdata plugins are written in go, add a PACKAGECONFIG to enable
them.

Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-02 19:54:53 -07:00
Enguerrand de Ribaucourt
5c497aa92e netdata: refresh netdata.conf 
Our provided netdata.conf contained a lot of keys which are no longer
supported by netdata. Netdata allows to regenerate the configuration
file and present all possible keys with their default values. This
refreshed file will be more easy to configure by our users.

To generate this file, I basically ran the documented command and
replaced the file paths with our variables when applicable.

Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-02 19:54:53 -07:00
Enguerrand de Ribaucourt
d801dfaa24 netdata: use builtin packaging service files 
Netdata now provides its own systemd service files. They provide better
hardening than the one we were defining in the recipe.

Unfortunately, the CMakeLists.txt file wants to install them into /lib
rather than /usr/lib. I added mv commands to put them in the expected
location depending on usrmerge.

Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-02 19:54:53 -07:00
Enguerrand de Ribaucourt
5ac897fae9 netdata: add docker PACKAGECONFIG 
Some netdata plugins like cgroups or docker require permissions to
access the docker socket in order to label data properly.

Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-02 19:54:53 -07:00
Khem Raj
d909e0d1e3 layer.conf: Update to walnascar (5.2) layer/release series 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-10-01 09:23:12 -07:00
Niko Mauno
5cff9e8672 cherokee: Remove obsolete recipe 
This recipe depends on meta-python2, master branch of which has not
been updated sine February 2022, see
https://git.openembedded.org/meta-python2/log/?h=master

Also, https://cherokee-project.com/doc/basics_requirements.html states

  The main Python releases targeted by our developers are 2.4, 2.5 and 2.6.
  Anything other than that is not guaranteed to work at the moment.

Also, master branch of cherokee has not been updated since January
2023, see https://github.com/cherokee/webserver/commits/master/

Thus, remove the obsolete recipe and the associated packagegroup
reference.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-09-30 07:34:28 -07:00
Peter Marko
12a36136fe nginx: Upgrade mainline 1.25.3 -> 1.27.1 
Solves:
* CVE-2024-7347
* CVE-2024-24989
* CVE-2024-24990
* CVE-2024-31079
* CVE-2024-32760
* CVE-2024-34161
* CVE-2024-35200

License-Update: copyright year refreshed

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-09-17 15:46:33 -07:00
Peter Marko
d6504f150b nginx: Upgrade stable 1.26.0 -> 1.26.2 
Solves:
* CVE-2024-7347
* CVE-2024-31079
* CVE-2024-32760
* CVE-2024-34161
* CVE-2024-35200

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-09-17 15:46:33 -07:00
Khem Raj
a2010f12fd netdata: Add checks for 64-bit atomic builtins 
This helps in passing correct flags to h2o module compilation

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-09-17 07:50:23 -07:00
Jan Vermaete
e9c9bfb1bc netdata: version bump 1.47.0 -> 1.47.1 
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-09-14 08:43:55 -07:00
Khem Raj
37b2dac8de netdata: Upgrade to 1.47.0 
Disable go plugins as we need some work to enable them.
Convert to cmake build system

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2024-09-09 18:22:57 -07:00