Upgrade on the 3.0 stable branch,
including fixes for CVE-2019-19553 and CVE-2020-7045.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Config file specification is missing in start) case. It is present already in restart) case.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 257ea010b7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
clang does delegate the atomic<double> calls to libatomic on x86 where
as gcc tries to use intrinsics, its debatable who is right, but it does
seem that clang is safe in case pointer is unaligned
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f7a7a2aafe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
do_install never executed as a result it was empty install
Create ruli-bin package for utilities, so libraries can be packages
granularily
Drop the makefile patch which is no longer needed, set the make
variables to get the needed bits set
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f4e6224b34)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This helps in avoiding packaging errors seen with distros enabling
multilib
Fixes
ERROR: grpc-1.24.3-r0 do_package: QA Issue: grpc: Files/directories were installed but not shipped in any package:
/usr/lib/libgrpc++.so.1.24.3
...
/usr/lib/cmake
/usr/lib/cmake/grpc
/usr/lib/cmake/grpc/gRPCConfigVersion.cmake
/usr/lib/cmake/grpc/gRPCConfig.cmake
/usr/lib/cmake/grpc/gRPCTargets-noconfig.cmake
/usr/lib/cmake/grpc/gRPCTargets.cmake
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or de
lete them within do_install.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e18d8c9570)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The 84-nm-drivers.rules is not required for systemd-udevd versions
v210 and later. The file has been split into a separate file so
distributions with a new enough systemd version can drop it. See
also:
https://github.com/NetworkManager/NetworkManager/commit/1e0375826252abf9aab2aef273a2a24cd08c9f42
I noticed this while investigating into a warning show during
bootup:
/usr/lib/udev/rules.d/84-nm-drivers.rules:10 Invalid value "/bin/sh -c
'ethtool -i $1 | sed -n s/^driver:\ //p' -- $env{INTERFACE}" for PROGRAM
(char 24: invalid substitution type), ignoring, but please fix it.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 82ecc0e69f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Multiple quagga service files are causing the following type of message to
appear during boot:
/lib/systemd/system/zebra.service:10: PIDFile= references a path below legacy
directory /var/run/, updating /var/run/quagga/zebra.pid → /run/quagga/zebra.pid;
please update the unit file accordingly.
Update the service files included as part of the recipe to use /run instead of
/var/run as the PIDFile path.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Security fixes:
CVE-2019-10218: Client code can return filenames containing path
separators.
CVE-2019-14833: Samba AD DC check password script does not receive the
full password.
CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
server via dirsync.
See: https://www.samba.org/samba/history/samba-4.10.10.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| chmod: cannot access '.../image/etc/sudoers.d': No such file or directory
| sed: can't read .../image/usr/bin/samba-tool: No such file or directory
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Use the systemd class to correctly plug the package into the systemd
infrastructure.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We already depend on systemd in DISTRO_FEATURES so adding it to
RDEPENDS is redundant. We also rdepend on two python packages, so
there's no need to explicitly depend on python3.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use distro_features_check to check for systemd in DISTRO_FEATURES
instead of a hand-crafted python function.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since it is not used in the tcpdump recipe anymore.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: Copyright year updated to 2019.
-fetchmail/02_remove_SSLv3.patch
Removed since this is included in 6.4.1.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I have no idea if this is the right thing to do, but without the patch I
can't actually buil OE because none of these layers are compatible
with the change in openembedded-core to move to zeus.
Fixes: a5c9709b8d ("layer.conf: Update for zeus series") # openembedded-core
Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
freeradius fails to build for armv5:
| *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
| *** libfreeradius-server.so is not portable!
|
| *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
| *** libfreeradius-eap.so is not portable!
path -Wl,/yow-lpggp31/tgamblin/freeradius.build/tmp-glibc/work/armv5e-oe-linux-gnueabi/freeradius/3.0.19-r0/git/build/lib/local//.libs
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_compare_exchange_8'
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_load_8'
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_store_8'
| collect2: error: ld returned 1 exit status
| scripts/boiler.mk:630: recipe for target 'build/bin/local/radeapclient' failed
Explicitly link libatomic to fix the issue.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
upb dependency needs to fed as source, since it lacks the CMake based
external module builds like some other deps
Forward port the cross lib installation patch
Drop gettid patch as it was a backport which is in this revision
Link with libatomic on mips
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade adds some new features and fixes numerous bugs including
the following CVEs:
CVE: CVE-2017-16808 (AoE)
CVE: CVE-2018-14468 (FrameRelay)
CVE: CVE-2018-14469 (IKEv1)
CVE: CVE-2018-14470 (BABEL)
CVE: CVE-2018-14466 (AFS/RX)
CVE: CVE-2018-14461 (LDP)
CVE: CVE-2018-14462 (ICMP)
CVE: CVE-2018-14465 (RSVP)
CVE: CVE-2018-14881 (BGP)
CVE: CVE-2018-14464 (LMP)
CVE: CVE-2018-14463 (VRRP)
CVE: CVE-2018-14467 (BGP)
CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
CVE: CVE-2018-10105 (SMB - too unreliably reproduced,
SMB printing disabled)
CVE: CVE-2018-14880 (OSPF6)
CVE: CVE-2018-16451 (SMB)
CVE: CVE-2018-14882 (RPL)
CVE: CVE-2018-16227 (802.11)
CVE: CVE-2018-16229 (DCCP)
CVE: CVE-2018-16301 (was fixed in libpcap)
CVE: CVE-2018-16230 (BGP)
CVE: CVE-2018-16452 (SMB)
CVE: CVE-2018-16300 (BGP)
CVE: CVE-2018-16228 (HNCP)
CVE: CVE-2019-15166 (LMP)
CVE: CVE-2019-15167 (VRRP)
CVE: CVE-2018-14879 (tcpdump -V)
Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since the fix is included in the upgrade.
Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch",
"unnecessary-to-check-libpcap.patch", and "add-ptest.path" since
the upgrade renamed configure.in to configure.ac and made changes
to the file.
Added PACKAGECONFIG for smb. It is disabled by default in
the upgraded version in both the package's configure script and this
bitbake recipe since it is insecure.
Modified the parsing of ptest result to align with the new output
format.
With core-image-minimal on qemux86-64/kvm:
Recipe | Passed | Failed | Skipped | Time(s)
Before | 408 | 0 | 2 | 4
After | 431 | 11 | 2 | 10
11 test failed after the upgrade since libpcap is not upgraded
alongside with tcpdump.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
According to configure.ac, make install might fail when run with multiple jobs:
$ tail -15 log.do_configure
...
When running "make install" do not use any form of parallel or job
server options (such as GNU make's -j option). Doing so may cause
errors.
...
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These are needed for other packages which want to link against
libstrongswan or other libraries included with Strongswan.
By default, no headers are installed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add qttools-native to PACKAGECONFIG[qt5] DEPENDS to resolve missing
Qt5LinguistTools build error.
Add qtmultimedia to PACKAGECONFIG[qt5] DEPENDS to resolve missing
Qt5Multimedia build error.
Add qtsvg to PACKAGECONFIG[qt5] DEPENDS to resolve missing Qt5Svg build
error.
Inherit cmake_qt5 when qt5 is in PACKAGECONFIG to resolve
get_target_property() called with non-existent target "Qt5::qmake"
build error.
Automatically add qt5 to PACKAGECONFIG when meta-qt5 is in the build
since adding qt5 via a .bbappend won't satisfy the conditional inherit
cmake_qt5. The poppler recipe does exactly this.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts commit 5f32fd6b08.
* fixed by restricting -Wno-error=address-of-packed-member only for
target, spice-native is still useful for qemu-native when spice
PACKAGECONFIG is enabled
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* with older native gcc on host this will break spice-native with:
cc1: error: -Werror=address-of-packed-member: no option -Waddress-of-packed-member
because older gcc doesn't recognize address-of-packed-member warning
to work around this ignore them all
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
some plugins are installed into libdir/opensaf but we were making a copy
into libdir as well, this patch changes that so the packaged files are
appearing only once
create_empty_library should be using cross compiler with linker flags,
existig code in this area is not cross compile friendly
skip dev-so QA test since some .so are stubs which are packages in PN
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove perl-lib since it had been removed by oe-core:
commit 68552c353255188de3d5b42135360a30e7eac535
Author: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Sun Dec 2 12:46:37 2018 +0100
perl: remove the previous version of the recipe
Now the files are in perl pacakge.
* Fix perl paths when perl is enabled.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libOpenIPMI.so.0 is SONAME for openIPMI.so in openipmi-perl package
which means the shlibs code will automatically add it as a provider for
this shared library but actual public library is provided by openipmi
package, and it results in
ERROR: openipmi-2.0.27-r0 do_package: openipmi: Multiple shlib providers for libOpenIPMI.so.0: openipmi-perl, openipmi (used by files: /mnt/jenkins/workspace/Yocto-world-musl/build/tmp/work/aarch64-yoe-linux/openipmi/2.0.27-r0/packages-split/openipmi/usr/bin/openipmi_eventd)
The library in perl package is actually not required to compete to
provide for public interfaces
Signed-off-by: Khem Raj <raj.khem@gmail.com>
$ bitbake spice-native
checking whether the C compiler works... no
configure: error: in `/path/to/spice-native/0.14.2+gitAUTOINC+7cbd70b931_4fc4c2db36-r0/build':
configure: error: C compiler cannot create executables
It's a broken native recipe which means no ones need it any more, so remove it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The restriction to ARM instruction set came in the original
wireshark recipe, which was 2 major versions ago (and also
a few toolchains ago). Wireshark 3.x seems to be building
fine allowing thumb instructions, at least on cortexa9t2hf.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adrian Bunk
Mike Krupicka
Khem Raj
Yi Zhao
Zhixiong Chi
Stefan Agner
Denys Dmytriyenko
Trevor Gamblin
Zheng Ruoqin
Andreas Oberritter
Armin Kuster
Bartosz Golaszewski
Paul Eggleton
Peiran Hong
Zang Ruochen
Palmer Dabbelt
Ovidiu Panait
Callaghan, Dan
George McCollister
Martin Jansa
Robert Yang
Otavio Salvador
Changqing Li
Leon Anavi
S. Lockwood-Childs
Yuan Chao