linux/poky.git/meta/recipes-connectivity, branch dunfell-next

bluez5: fix builds that require ell support

2020-09-02T15:04:37+00:00

Shortly after the recipe was updated to add ell as a mesh dependency the way ell was integrated into bluez5 was changed. BlueZ requires ell only for mesh and for btpclient (external test programs). It will be ignored unless either mesh or btpclient are selected. ell can be supplied externally, or it can be copied into the bluez build directory from an existing sibling source directory. Since bitbake builds do not provide a sibling source directory tell bluez to look for it as an external library in the conditions where it's required. (From OE-Core rev: a29eac72da3579edd9eebc3358498146000a491a) Signed-off-by: Peter A. Bigot Signed-off-by: Richard Purdie (cherry picked from commit f22b4eba98b3707d7f6daa4277414cecb3e5ee6b) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

bind: update to 9.11.22 ESV

2020-09-02T15:04:37+00:00

Source: isc.org MR: 105232, 105246, 105260 Type: Security Fix Disposition: Backport from https://www.isc.org/bind/ ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366 Description: Bug fix only update Three CVE fixes CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 For more information see: https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.pdf (From OE-Core rev: 08e362ebd65816106afbc594cbbc552b9a6c32c6) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie (cherry picked from commit 1c85f26b1bd3475699d54f18c6b5b4924bcd8eb2) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

bind: upgrade 9.11.19 -> 9.11.21

2020-08-07T20:20:21+00:00

Bug and CVE fixes only Detailed list of changes at: https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11_21/CHANGES (From OE-Core rev: dc916547041b8d7636e5234f7e3150036bbbde4a) Signed-off-by: Yi Zhao Signed-off-by: Richard Purdie (cherry picked from commit c6749532f94f435e6771d66d3fa225e676753478) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

openssl: openssl-bin requires openssl-conf to run

2020-07-31T21:02:52+00:00

Fixed: $ dnf install openssl-bin $ openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes -batch Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory (From OE-Core rev: 2a4980cd8bfd829bab1ba081588eb0bdbd285b97) Signed-off-by: Robert Yang Signed-off-by: Richard Purdie (cherry picked from commit e93cd3b83a255294c9ab728adc7e237eb1321dab) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

avahi: Fix typo in recipe

2020-07-22T21:46:37+00:00

According to the PACKAGES variable, LICENSE_avahi-client is misspelled. Additionally, the libavahi-client package actually only includes LGPLv2.1+ software (as opposed to the global LICENSE variable). (From OE-Core rev: 683fb53c94e63e4f5acf4c2efd04977cc10bed49) Signed-off-by: Christian Eggers Signed-off-by: Richard Purdie (cherry picked from commit d8837b4735b5e96ae0f5542319e711dbda8c3849) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-conf

2020-07-16T21:28:40+00:00

Some openssl command line operations like creating an X.509 CSR require the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes -keyout my.key Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory 140289168594176:error:02001002:system library:fopen:No such file or directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r') 140289168594176:error:2006D080:BIO routines:BIO_new_file:no such file:../openssl-1.1.1g/crypto/bio/bss_file.c:76: which is the case e.g. in core-image-minimal with just the package openssl-bin added to the image by declaring IMAGE_INSTALL_append = " openssl-bin" e.g. in local.conf. The file did not exist in the aforementioned image / configuration because it was packaged to the main openssl package FILES_${PN} =+ "${libdir}/ssl-1.1/*" (there is no other FILES specification that would match the file either) and path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm [...] /usr/lib/ssl-1.1/openssl.cnf [...] Hence move /usr/lib/ssl-1.1/openssl.cnf (and openssl.cnf.dist as it seems closely related) to the ${PN}-conf package to have it installed with ${PN}-bin, which already (indirectly) depends on ${PN}-conf. Note that the openssl recipe has the comment Add the openssl.cnf file to the openssl-conf package. Make the libcrypto package RRECOMMENDS on this package. This will enable the configuration file to be installed for both the openssl-bin package and the libcrypto package since the openssl-bin package depends on the libcrypto package. but openssl-conf only contained /etc/ssl/openssl.cnf path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm /etc /etc/ssl /etc/ssl/openssl.cnf /usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to ../../../etc/ssl/openssl.cnf. Other files and directories in /usr/lib/ssl-1.1/ were considered as well because they seem to be configuration files and / or related to (symlinks pointing to) /etc. They were not moved though, because based on our use case and testing moving the openssl.cnf symlink is sufficient for fixing the immediate problem and we lack knowledge about the other files in order to make a decision to change their packaging. (From OE-Core rev: e5405189e6d1b3b3b236aa8fe7a577c72f6af8d8) Signed-off-by: Hannu Lounento Signed-off-by: Richard Purdie (cherry picked from commit c1632d7041fe0c18ec61abfa79a9c025af43c033) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

wpa-supplicant: Security fix CVE-2020-12695

2020-07-02T15:12:37+00:00

Source: http://w1.fi/security/ Disposition: Backport from http://w1.fi/security/2020-1/ Affects <= 2.9 wpa-supplicant (From OE-Core rev: 720d29cbfce34375402c6a4c17e440ffbb2659bf) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie (cherry picked from commit e9c696397ae1b4344b8329a13076f265980ee74d) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

bind: update to 9.11.19

2020-06-26T17:26:49+00:00

Bug fix only updates. suitable for Stable branch updates where applicable. Drop CVE patches included in update LIC_FILES_CHKSUM update copyright year to 2020 Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES (From OE-Core rev: c672d2b6c98607f1fda917f4a3189a53712e8fc2) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie (cherry picked from commit a6ba66cf5e754cdcd41f01d233fbef7b94a10225) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

wpa-supplicant: remove service templates from SYSTEMD_SERVICE

2020-06-26T17:26:48+00:00

Remove service templates wpa_supplicant-nl80211@.service and wpa_supplicant-wired@.service from SYSTEMD_SERVICE that they should NOT be started/stopped by calling 'systemctl' in postinst and prerm scripts. (From OE-Core rev: 7910a0d6f332253608767a9576a0d521dd87efd7) Signed-off-by: Kai Kang Signed-off-by: Richard Purdie (cherry picked from commit fe9b8e50461ab00ab3ad8b065ebd32f0eea2a255) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie

iproute2: Remove -fcommon

2020-06-23T10:40:46+00:00

This was fixed in upstream version 5.5.0. (From OE-Core rev: 433d3856151e095afb640a567241bebaf2e84b87) Signed-off-by: Adrian Bunk Signed-off-by: Richard Purdie (cherry picked from commit 9a9f67b7c50a8c28a75fc48c8abcb8a7bb35f0e6) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie