CVE-2015-1611 and CVE-2015-1612 are not referred to our implementation
of openflow as specified by the NVD database, ignore them.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
CVE-2016-4049 is not affecting our version, so we can ignore it.
This is caused because the CPE in the NVD database doesn't specify
a vulnerable version range.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0 that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
There is a parallel build error in separate build directory:
| /home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/recipe-sysroot-native/usr/lib/clippy ../git/python/clidef.py -o isisd/isis_cli_clippy.c ../git/isisd/isis_cli.c
| Traceback (most recent call last):
| File "../git/python/clidef.py", line 466, in <module>
| clippy.wrdiff(
| File "/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/git/python/clippy/__init__.py", line 78, in wrdiff
| with open(newname, "w") as out:
| FileNotFoundError: [Errno 2] No such file or directory: 'isisd/isis_cli_clippy.c.new-372541'
| make[1]: Leaving directory '/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/build'
| make[1]: *** [Makefile:17386: isisd/isis_cli_clippy.c] Error 1
This is beacuse clidef.py only creates new file but doesn't check if
parent directory exists. Inherit autotools-brokensep can fix this issue
as these parent directories always exist in source directory.
Also set ac_cv_path_PERL to '/usr/bin/env perl' to avoid path too long.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 09a97158f8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
FRRouting (FRR) is a free and open source Internet routing protocol
suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS,
PIM, LDP, BFD, Babel, PBR, OpenFabric and VRRP, with alpha support for
EIGRP and NHRP.
FRRouting is a fork of Quagga. The main git lives on
https://github.com/frrouting/frr.git
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rebuilding net-snmp may cause autotools_preconfigure() to run `make
clean`, which in turn can cause `configure`to be run. However, since
CACHED_CONFIGUREVARS is not set under those circumstances, `configure`
will run with an incorrect configuration and the build will fail with:
checking for /etc/printcap... configure: error: cannot check for
file existence when cross compiling
Avoid the problem by setting CLEANBROKEN = "1".
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These site files are only there for single recipe, move the data to
recipe and use SITEINFO_ENDIANNESS to choose right option and pass it
to configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently, viewing the help text with snmpd -h results in snmpd being
started in the background.
$ snmpd -h
Usage: snmpd [OPTIONS] [LISTENING ADDRESSES]
[snip]
$ ps -ef | grep snmpd
root 1477 1 0 05:46 ? 00:00:00 snmpd -h
Backport a patch to fix this issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: netsnmp-agent.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Due to the sed commands in do_install_append() that removed
${STAGING_DIR_HOST} and it being empty when building for native, it was
impossible to add support for building this as native using a bbappend.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove the explicit dependency on libnl as the libnl PACKAGECONFIG
depends on it as necessary.
* Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF
directly.
* Sort the PACKAGECONFIGs.
* Some whitespace clean up.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
this is another option for reproducibility which can be used by
compilers, and here consider processing it as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The systemd can not open the pid file because it is locked by quagga
daemon.
Fixes:
$ systemctl status ospf6d.service
Feb 25 05:53:26 intel-x86-64 systemd[1]: Starting OSPF routing daemon for IPv6...
Feb 25 05:53:26 intel-x86-64 systemd[1]: ospf6d.service: Can't open PID file /run/quagga/ospf6d.pid (yet?) after start: Operation not permitted
Feb 25 05:53:26 intel-x86-64 systemd[1]: Started OSPF routing daemon for IPv6.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The openssl already added in DEPENDS and the openssl related library
will be in recipe-sysroot. So it's meanlingless to add the configure
option "--with-openssl=${STAGING_EXECPREFIXDIR}" as the below help message.
$ cd /prj/net-snmp-5.9/
$ ./configure --help
[snip]
--with-openssl=PATH Look for openssl in PATH/lib,
or PATH may be "internal" to build with
minimal copied OpenSSL code for USM only
[snip]
And there is also a side effect after add the above openssl configuration
as the build path is added for NSC_LDFLAGS in /usr/bin/net-snmp-config.
NSC_LDFLAGS="-L/prj/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib64 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now"
To improve reproducibility for netsnmp as below.
$ sed -i -e 's@${STAGING_DIR_HOST}@@g' -i ${D}${bindir}/net-snmp-config
The NSC_LDFLAGS in net-snmp-config will be changed to below:
NSC_LDFLAGS="-L/usr/lib64 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now"
But it will result in other packages which depend on net-snmp such as
corosync, quagga and etc uses the build host library and introduce
below do_configure error.
ERROR: QA Issue: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities.
Rerun configure task after fixing this. [configure-unsafe]
So remove the useless configuration to fix the issue.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
New autconf detects that NSC_LDFLAGS are hardcoded to use -L/usr/lib
therefore edit these variables during build so that they have
cross-compile friendly values when net-snmp-config is used during build
of dependent packages
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a patch to fix the gap between 32bit and 64bit system when
the configure option "--with-openssl=${STAGING_EXECPREFIXDIR}"
passed in.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Support for smux is always enabled by the recipe, but it can be a
security risk since it makes the snmpd daemon listen on TCP port 199.
This makes it contrallable via PACKAGECONFIG, so that it can be easily
disabled from the distro or local config. The mechanism makes it easy
to add control for other MIB modules via PACKAGECONFIG later if need
be.
For compatibility smux is added to the default PACKAGECONFIG, so there
is no change in the default build configuration.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The LICENSE file in source tree says:
The majority of the source code in the mDNSResponder project is licensed
under the terms of the Apache License, Version 2.0, available from:
<http://www.apache.org/licenses/LICENSE-2.0>
To accommodate license compatibility with the widest possible range
of client code licenses, the shared library code, which is linked
at runtime into the same address space as the client using it, is
licensed under the terms of the "Three-Clause BSD License".
The Linux Name Service Switch code, contributed by National ICT
Australia Ltd (NICTA) is licensed under the terms of the NICTA Public
Software Licence (which is substantially similar to the "Three-Clause
BSD License", with some additional language pertaining to Australian law).
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh Makefile patch (build.patch) to properly cross compile
mdns. Then try refresh patches which still apply. Following patches
don't apply anymore due to refactoring done on mdns side so thus
dropping patches:
* 0005-Handle-noisy-netlink-sockets.patch
* 0007-Indicate-loopback-interface-to-mDNS-core.patch
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang11 and gcc10 have switched to using -fno-common by default this
hoowever still needs to use -fcommon until fixed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Source: net-snmp.org
MR: 104509
Type: Security Fix
Disposition: Backport from https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
ChangeID: 206d822029d48d904864f23fd1b1af69dffc26c8
Description:
Fixes CVE-2019-20892 which affect net-snmp <= 5.8pre1
Had to fix up some file do to later code restructioning.
"int refcnt;" addition was done in include/net-snmp/library/snmpusm.h
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Davide Gardenal
Yi Zhao
Peter Kjellerstedt
Khem Raj
Oleksandr Kravchuk
Ross Burton
Richard Purdie
Peter Kjellerstedt
Alexander Kanavin
Martin Jansa
Tony Battersby
Li Wang
zhengruoqin
zangrc
Mingli Yu
Sana Kazi
Diego Santa Cruz
Zheng Ruoqin
Qi.Chen@windriver.com
Mikko Rapeli
Ovidiu Panait
Mingde (Matthew) Zeng
Armin Kuster