| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Seems udev-rules in /usr/lib are ignored: systemd-analayse reported >3min!
for system startup time!
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
seccomp is activated by default in vsftpd and
this has caused compatibility issues with some
kernel versions. This was fixed as one can see
as https://bugzilla.redhat.com/show_bug.cgi?id=845980,
but can still cause issues with newer kernels with
kernel 4.18+.
And there is even a patch 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch
in fedora[https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Everything/source/tree/Packages/v/vsftpd-3.0.3-28.fc29.src.rpm]
turning off seccomp sandbox for vsftpd by default
as below which means fedora doesn't limit the syscall
any more by default.
[snip]
- tunable_seccomp_sandbox = 1;
+ tunable_seccomp_sandbox = 0;
tunable_allow_writeable_chroot = 0;
tunable_accept_timeout = 60;
[snip]
Refresh 0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch
to allow one more syscall getdents64 in the
seccomp sandbox apart from the previous one in
below commit:
fbffcf3f3 vsftpd: allow sysinfo() in the seccomp sandbox
before this patch:
root@qemux86-64:~# tnftp 127.0.0.1
Connected to 127.0.0.1.
220 (vsFTPd 3.0.3)
Name (127.0.0.1:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
229 Entering Extended Passive Mode (|||8352|)
150 Here comes the directory listing.
500 OOPS: priv_sock_get_cmd
ftp>
after this patch:
root@qemux86-64:~# tnftp 127.0.0.1
Connected to 127.0.0.1.
220 (vsFTPd 3.0.3)
Name (127.0.0.1:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
229 Entering Extended Passive Mode (|||22610|)
150 Here comes the directory listing.
226 Directory send OK.
ftp>
Reference: https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon#vsftpd:_Error_500_with_kernel_4.18+
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Inherit ptest for net-snmp to create ${PN}-ptest. Update run-ptest as
well to avoid only could be run in the same directory.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.5.2, 1.5.3 and 1.5.4 include a number of fixes, notably for
vulnerability CVE-2018-12543 which allowed the server process to be
remotely crashed. For further information see:
https://mosquitto.org/blog/2018/11/version-154-released/
https://mosquitto.org/blog/2018/09/security-advisory-cve-2018-12543/
https://mosquitto.org/blog/2018/09/version-152-released/
A build option was added to use the system version of uthash rather than
the bundled version so we no longer need the patch to do this.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Readability.
The existing patterns allowed each pattern to be matched multiple times (with no
intevening spaces), but the "g" modifier achieves this anyway.
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
To avoid build host paths being written into binaries,
accept a null NETSNMP_CONFIGURE_OPTIONS from the environment.
Upstream-Status: Submitted https://sourceforge.net/p/net-snmp/patches/1384/
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't check for /etc/printcap on the build machine when cross-compiling.
Use AC_CHECK_FILE to set the cached variable ac_cv_file__etc_printcap instead.
When cross-compiling, this variable should be set in the environment to "yes" or
"no" as appropriate for the target platform.
I have taken the simple expedient of setting ac_cv_file__etc_printcap=no.
If this proves to be a problem, we can easily add a new variable, HAS_PRINTCAP.
Upstream-Status: Submitted https://sourceforge.net/p/net-snmp/patches/1385/
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
PKG_CONFIG_PATH and PKG_CONFIG_LIBDIR point into the net-snmp recipe-sysroot.
Careful not to trim trailing quotes from the CFLAGS
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This reverts commit 57d8e2c673d5f5686bbf411333f1d39c3e29690e.
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
previous change of checksum don't trigger archive to re-downloaded,
, which will cause checksum mismatch. add downloadfilename to
trigger re-download.
1. for user with PREMIRROR, another benefit is it can still compile
success event upstream checksum change frequently.
2. but for user don't use PREMIRROR, if upstream checksum changed,
still might have checksum mismatch problem.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes:
ERROR: networkmanager-1.14.4-r0 do_package: QA Issue: networkmanager: Files/directories were installed but not shipped in any package:
/usr/lib64/NetworkManager/1.14.4/libnm-settings-plugin-ifupdown.la
/usr/lib64/NetworkManager/1.14.4/libnm-device-plugin-adsl.la
/usr/lib64/NetworkManager/1.14.4/libnm-device-plugin-wifi.la
/usr/lib64/NetworkManager/1.14.4/libnm-device-plugin-ovs.la
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
networkmanager: 4 installed and not shipped files. [installed-vs-shipped]
As with similar changes in the past, if the distro makes use of
'remove-libtool' this issue is not seen but we should add .la files to
the -dev package when they do exist.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
At configure time, the ntp build goes looking on the build machine for a posix
shell, using `which` to find it. Under OE, it settles on hosttools/bash,
resulting in this build host path being written into several binaries.
This did not affect the Debian reproducibility project, presumably because it
consistently found bash at /bin/bash.
Don't go looking, just use a fixed path to /bin/sh instead.
Upstream-Status: Submitted http://bugs.ntp.org/show_bug.cgi?id=3551
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a SOURCE_DATE_EPOCH is set in the environment, use that date in the build
version string, otherwise use the current build date.
See https://reproducible-builds.org/docs/source-date-epoch/
Should GNU date options fail, try BSD date options as a fall-back.
This patch can potentially be pushed upstream for use on Mac OSX or OpenBSD,
though it has not been tested on OSX or any BSD platform.
Upstream-Status: Submitted http://bugs.ntp.org/show_bug.cgi?id=3550
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
GeoLite Database checksum changed again recently, so
update it.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Drop all the backports as they're upstream
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes three issues:
1. The recipe used "libcurlpp" for its package base name. It defined
PACKAGES and corresponding package contents manually, but the
non-standard naming led to an error message when trying to depend on
it (nothing provides curlpp needed by curlpp-dev).
See also
https://lists.yoctoproject.org/pipermail/poky/2018-February/011236.html.
Fixed by removing PACKAGES and corresponding FILES_*, relying on
automatic packaging now.
2. Upstream ships a license file (MIT), which is referenced by the
recipe now (instead of the stock COPYING.MIT file).
3. There was a do_install_append() function which patched the
installed curlpp.pc file. Since it seemed to be of no use, it was
removed.
Signed-off-by: Robert Tiemann <rtie@gmx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Remove redundant header includes
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* License checksum: copyright year changed
* packageconfig glib: with this version (udev-)glib support hase to be enabled
explicitly. Split this out to meta-gnome where network-manager-applet lives.
* packageconfig netconfig: This was nonsense: netconfig is a SUSE tool [1]
which is not found in layer index. The error was detected now because
configuration checks for presence of netconfig.
* --disable-ifnet and --disable-ifcfg-suse are gone
* musl patches were aligned but have no resources to test them
[1] https://github.com/openSUSE/sysconfig
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When build lib32-netkit-telnet that multilib is enabled, it shows qa
warnings of alternative target:
| WARNING: lib32-netkit-telnet-0.17-r0 do_package: netkit-telnet:
| alternative target (/usr/bin/telnet or /usr/bin/telnet.netkit-telnet)
| does not exist, skipping...
| WARNING: lib32-netkit-telnet-0.17-r0 do_package: netkit-telnet: NOT
| adding alternative provide /usr/bin/telnet:
| /usr/bin/telnet.netkit-telnet does not exist
| WARNING: lib32-netkit-telnet-0.17-r0 do_package: netkit-telnet: alt_link
| == alt_target: /usr/bin/telnet == /usr/bin/telnet
Set ALTERNATIVE_TARGET to fix the issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Tests try to download third party code and bypass the bitbake fetcher to
do that. This will not work in environments with no internet access.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
They are the same as the default version.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
update SRC_URI since previous is not valid now
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
update SRC_URI since previous is not valid now
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
tar on previous link checksum changed, so changed SRC_URI to
get previous tar
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Geolite database update periodically, md5sum and sha256sum
have changed, update them
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Update SRC_URI for snort as the previous
one is invalid.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
openipmi load swig/python/.libs/_OpenIPMI.so to create .pyc and .pyo
files. It fails when multilib is enable:
| ImportError: .../lib32-openipmi/2.0.25-r0/OpenIPMI-2.0.25/swig/python/.libs/_OpenIPMI.so:
| wrong ELF class: ELFCLASS32
Don't compile and install .pyc and .pyo files to fix the failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We don't offer /etc/radvd.conf but only radvd.conf.example which would
cause a startup error:
Starting radvd:
* /etc/radvd.conf does not exist or is empty.
Remove update-rc.d settings to make it doesn't start by default.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update SRC_URI
In https://1.as.dl.wireshark.org/src/, it only keep the latest
release. Switch to https://1.as.dl.wireshark.org/src/all-versions/
to make sure the old release can be found.
* Drop patch fix-fatal-no-names-found-git-error.patch
Actually this piece of code should not be invoked when build from
tarball. But in previous releases the code will be performed when
building native package if host with rpmbuild and git installed, which
will cause a configure error. This issue has been fixed in 2.6.4:
commit 4fbc017e80d6d11f8c26cad12d883fd6da9d3504
CMake: Fix build from tarball under certain conditions
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The recipe wants to install a script under init.d but does not
want to it be started by default. It did so by inheriting update-rc.d
and setting INITSCRIPT_PARAMS to "remove". This is not correct.
We could just not inherit 'update-rc.d' to achieve such effect.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
it has a build dependancy on python-cython and python-pyparsing with are in
meta-python
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building native package, the do_compile function tries to check
libnsl.so and libresolv.so on host machine and add -lnsl and -lresolv to
SYSLIBS if they exist. But finally it will link the libnsl.so from
${STAGING_LIBDIR_NATIVE}. Actually there is no need to check them since
the libnsl2 is specified in DEPENDS and libresolv.so is from c libarary.
So add -lnsl and -lresolv to SYSLIBS directly.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
during radiusd start up, it will check several CVEs of libssl,
if allow_vulnerable_openssl set to no and one of the CVEs is
matched, radiusd will not startup.
in tls.c, two CVEs's version number is wrong, and after upgrade openssl
to 1.1.1, one CVE matched, so startup failed. correct the version numner
to make radiusd startup successfully.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building grpc for nativesdk the project tries to execute the
nativesdk grpc_cpp_plugin instead of the host one. Apply the patch
fixing the cross-compilation for nativesdk build and modify its
contents to reflect its new purpose.
Also: add grpc-native to dependencies.
Signed-off-by: Hiram Lew <lew@avast.com>
Signed-off-by: Jan Kaisrlik <jan.kaisrlik@avast.com>
Signed-off-by: Lukas Karas <karas@avast.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
grpc won't build as nativesdk package since it depends on nativesdk-c-ares.
Signed-off-by: Hiram Lew <lew@avast.com>
Signed-off-by: Jan Kaisrlik <jan.kaisrlik@avast.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
LIC_FILES_CHKSUM changed do to "Update copyright to include 2018 plus company name change"
includes: CVE-2018-9336
see: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Babel is a loop-avoiding distance-vector routing protocol for
IPv6 and IPv4 with fast convergence properties.
Signed-off-by: Yi-Soo An <yisooan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Set UDEV_RULE_DIR so we follow usrmerge paths, fixing:
ERROR: QA Issue: crda package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge]
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The patch:
0001-Check-for-glibc-before-setting-CANT_USE_SEND_RECV_MS.patch
has ben integrated upstream.
update the upstream check regex
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
add INITSCRIPT
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since `36983fe umip: move to meta-networking' applied,
it was moved to invalid location.
Fix prior partial move to meta-networking
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
