QA error fix:
ERROR: QA Issue: ntp: Files/directories were installed but not shipped in any package:
/usr/libexec
CVES addressed:
Bug 2948 / CVE-2015-8158
Bug 2945 / CVE-2015-8138: origin: Zero Origin Timestamp Bypass
Bug 2942 / CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode
Bug 2940 / CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list
Bug 2939 / CVE-2015-7977: reslist NULL pointer dereference
Bug 2938 / CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames
Bug 2937 / CVE-2015-7975: nextvar() missing length check
Bug 2936 / CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers
Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on authenticated broadcast mode
Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay attacks
Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin
NTP-4.2.8p5
NtpBug2956: Small-step/Big-step CVE-2015-5300
Bug #2829 Clean up pipe_fds in ntpd.c
Bug #2887 stratum -1 config results as showing value 99.
Bug #2932 Update leapsecond file info in miscopt.html.
Bug #2934 tests/ntpd/t-ntp_scanner.c has a magic constant wired in.
Bug #2944 errno is not preserved properly in ntpdate after sendto call.
Bug #2952 peer associations were broken by the fix for NtpBug2901 CVE-2015-7704
Bug #2954 Version 4.2.8p4 crashes on startup on some OSes.
Bug #2957 'unsigned int' vs 'size_t' format clash.
Bug #2958 ntpq: fatal error messages need a final newline.
Bug #2962 truncation of size_t/ptrdiff_t on 64bit targets.
Bug #2965 Local clock didn't work since 4.2.8p4.
Bug #2967 ntpdate command suffers an assertion failure
Bug #2969 Seg fault from ntpq/mrulist when looking at server with lots of clients.
Bug #2971 ntpq bails on ^C: select fails: Interrupted system call
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
While building an image I was getting an error during rootfs creation
that ctdb was conflicting with base-files as both were creating
'/var/run':
warning: Removing ctdb-2.5.1-r0@core2_64 due to file /var/run \
conflicting with base-files-3.0.14-r89@genericx86_64
This is normally a volatile directory so we have no need
to include this in the ctdb package, so revert the actions of the
Makefile by deleting the directory.
Although /run and $localstatedir/run are linked to be consistent we
update the .service file to use the latter. To ensure the 'ctdb'
subdir exists we patch the use of RuntimeDirectory= in to the .service
file. This will compensate for our removal of this directory creation
from the Makefile.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixed:
cim-schema-exper-2.39.0: cim-schema-exper: /cim-schema-exper/usr/share/mof/cimv2.39.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
cim-schema-final-2.40.0: cim-schema-final: /cim-schema-final/usr/share/mof/cimv2.40.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
lib32-cim-schema-exper-2.39.0: lib32-cim-schema-exper: /lib32-cim-schema-exper/usr/share/mof/cimv2.39.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
lib32-cim-schema-final-2.40.0: lib32-cim-schema-final: /lib32-cim-schema-final/usr/share/mof/cimv2.40.0/Network/CIM_IPAddressRange.mof is owned by uid 15220, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
It uses cp -a to install the files, so fix the owner to root:root
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixed when build with multilib:
lib32-nbd-3.11: lib32-nbd: Files/directories were installed but not shipped in any package:
/usr/sbin/nbd-client
/usr/bin/nbd-trdump
/usr/bin/nbd-server
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-nbd: 3 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Wireshark official site keeps in /src only latest
versions of sources, moving them to /src/all-versions
after some time.
Update the SRC_URI string so wireshark can be built
even after few month after release.
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libldb is autodetected from sysroot:
WARN: ctdb: ctdb rdepends on libtdb, but it isn't a build dependency?
hand applied changes.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta-networking/recipes-support/ctdb/ctdb_2.5.1.bb
* cifs.idmap links with keyutils as log.do_package shows:
DEBUG: cifs-utils: Dependency libkeyutils.so.1 requires package keyutils (used by files: /home2/mjansa/build/build-starfish-jethro/BUILD/work/h15-starfish-linux-gnueabi/cifs-utils/6.4-r0/packages-split/cifs-utils/usr/sbin/cifs.idmap)
* that causes following QA issue when keyutils are autodetected from
sysroot:
WARNING: QA Issue: cifs-utils rdepends on keyutils, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* otherwise there are unpackaged files:
ERROR: QA Issue: cifs-utils: Files/directories were installed but not shipped in any package:
/usr/lib/security
/usr/lib/security/pam_cifscreds.so
/usr/lib/security/.debug
/usr/lib/security/.debug/pam_cifscreds.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
cifs-utils: 4 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fixes strongswan configure script for systemd >= 209,
where it merged libsystemd-journal and libsystemd-daemon
into libsystemd.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
- Add aesni, charon, gmp, openssl, scep, stroke, swanctl, and
systemd-charon.
- Organize the packageconfig list alphabetically.
- Update the default PACKAGECONFIG to match current defaults.
- If swanctl is enabled, use strongswan-swanctl.service instead of
strongswan.service.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes:
cifs-utils-6.4: cifs-utils rdepends on samba, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
A more common place is required for gnulib because of other recipes (e.g
fontforge) will depend on it
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
When ntp could be correctly built with openssh and libcrypto, we would meet
the following QA issue.
WARNING: QA Issue: package ntp contains bad RPATH ... [rpath]
Fix this problem by adding '--disable-rpath' to EXTRA_OECONF.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Add the "status" command in initscript to check the status of ypbind.
remove ypbind-yocto.init as ypbind.init, which is the initscript, make
its name similar to other recipes
Signed-off-by: Zhu Yanjun <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsmi is autodetected in configure, but in most cases disabled because of
cross-compilation so keep it explicitly disabled
* resolves following difference in builds with and without libsmi built
before tcpdump:
4.7.4-r0-with/temp/log.do_configure:checking smi.h usability... yes
4.7.4-r0-with/temp/log.do_configure:checking smi.h presence... yes
4.7.4-r0-with/temp/log.do_configure:checking for smi.h... yes
4.7.4-r0-with/temp/log.do_configure:checking for smiInit in -lsmi... yes
4.7.4-r0-with/temp/log.do_configure:checking whether to enable libsmi... not when cross-compiling
4.7.4-r0-without/temp/log.do_configure:checking smi.h usability... no
4.7.4-r0-without/temp/log.do_configure:checking smi.h presence... no
4.7.4-r0-without/temp/log.do_configure:checking for smi.h... no
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
- Cim-schema-exper(Experimental-MOFs) is dependence of openlmi.
- Cim-schema_2.40.0.bb is renamed to cim-schema-final_2.40.0.bb.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
*Modify SRC_URI.
*Modify chksum of file COPYING and LICENSE,since year changed,
and the LICENSE explanation for file base64.c, md5.c and types.h
was deleted.But the LICENSE has not been changed.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When doing a multilib build, /usr/lib is still created but not collected
into FILES_${PN} by default, resulting in a QA error. Adding both
${libdir} and ${nonarch_libdir} catches all scenarios.
It also turns out that the previous do_install_append would throw an error
in a multilib build since systemd always installs to .../lib/... but
${libdir] would point at .../lib64/...
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
replace to run "make install" with directly calling install command,
since "make install" asks "bin" user and group, and maybe fail when
system has not;
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Armin Kuster
Martin Jansa
Christopher Larson
Armin Kuster
Joe Slater
Mark Asselstine
Robert Yang
Ruslan Bilovol
Chris Patterson
Roy Li
Jian Liu
Yue Tao
Wenzong Fan
Andreas Müller
Qi.Chen@windriver.com
leimaohui
Kai Kang
Li xin
Zhu Yanjun
Joe MacDonald