Update SRC_URI for adduser as the previous
one is invalid.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update SRC_URI for snort as the previous
one is invalid.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Notable changes since 0.7.3:
* Fixed CVE-2018-10933 authentication bypass
* Removed support for deprecated SSHv1 protocol
* Added support for OpenSSL 1.1
* Added support for chacha20-poly1305 cipher
* Added ECDSA support with gcrypt backend
* Improved threading support (note: libssh_threads is now gone)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Obsolete patch dropped, upstream solved this differently:
Use realpath() instead of canonicalize_filename(),
fixing build with musl libc.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openipmi load swig/python/.libs/_OpenIPMI.so to create .pyc and .pyo
files. It fails when multilib is enable:
| ImportError: .../lib32-openipmi/2.0.25-r0/OpenIPMI-2.0.25/swig/python/.libs/_OpenIPMI.so:
| wrong ELF class: ELFCLASS32
Don't compile and install .pyc and .pyo files to fix the failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Many toybox commands get installed in places that are unexpected
in openembedded-core, causing conflicts. Fix up the paths I identified
that are causing conflicts.
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We don't offer /etc/radvd.conf but only radvd.conf.example which would
cause a startup error:
Starting radvd:
* /etc/radvd.conf does not exist or is empty.
Remove update-rc.d settings to make it doesn't start by default.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If you try to build a system with multiple BSPs, one of which is qemux86
or qemux86-64, the gstreamer package will change. This will trigger
anything using gstream to also be rebuilt.
For a package based system, the PR values will also be incremented each
time. The end result will be an ever growing set of PR values as well as
being unable to tell which configured version of the multimedia components
are really being deployed.
The solution here was to remove the rrecommend for consistency.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bugfix release for UDisks 2.7. Included fixes:
- Fix string format vulnerability
- Fix CVE-2018-17336
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Add UPSTREAM_CHECK_REGEX to ignore DEV releases
* Add RDEPENDS that were missing
* Enable ptest and add RDEPENDS for tests
* Add RRECOMMENDS for libnet-dns-sec-perl
* Upstream release notes:
"""
**** 1.18 Sep 21, 2018
Documentation revised to remove ambigous use of "answer" which
has been used to refer to both the answer section of a packet
and the entire reply packet received from a nameserver.
Fix rt.cpan.org #127018
Net::DNS::ZoneFile->parse() fails if include directory specified.
Fix rt.cpan.org #127012
DNS resolution broken when options ndots used in /etc/resolv.conf
"""
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Net::DNS::SEC is installed as an extension to an existing Net::DNS
installation providing packages to support DNSSEC as specified in
RFC4033, RFC4034, RFC4035 and related documents.
It also provides support for SIG0 which is useful for dynamic updates.
Implements cryptographic signature generation and verification functions
using RSA, DSA, ECDSA, and Edwards curve algorithms.
The extended features are made available by replacing Net::DNS by
Net::DNS::SEC in the use declaration.
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport two patches to fix the following CVE.
CVE: CVE-2018-18074
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch provides ICD loader library, ICD loader test binary
and some helper library for test.
Signed-off-by: Ankit Navik <ankit.tarot@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
*CVE
Sharutils (unshar command) version 4.15.2 contains a Buffer Overflow
vulnerability in Affected component on the file unshar.c at line 75,
function looks_like_c_code. Failure to perform checking of the buffer
containing input line. that can result in Could lead to code execution.
This attack appear to be exploitable via Victim have to run unshar command
on a specially crafted file..
Affects = 4.15.2
CVE: CVE-2018-1000097
Ref: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000097.html?_ga=2.104716162.363845622.1539703460-954328166.1533363715
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a recipe for the catch2 testing framework. There's a bug upstream
which makes it impossible to build with gcc7 so include a patch.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update LIC_FILES_CHKSUM for cpupower as
the COPYING file which is used for LIC_FILES_CHKSUM
has been changed in below commit:
commit bf02d491237eea10290bd379bf7fc8c37ac6c3b4
Author: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Date: Fri Mar 23 06:51:06 2018 -0300
COPYING: use the new text with points to the license files
Now that we have a new COPYING file with points to the
Linux license files, replace it with the old content.
This patch does:
1 file changed, 0 insertions(+), 0 deletions(-)
rename COPYING.new => COPYING (100%)
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Update SRC_URI
In https://1.as.dl.wireshark.org/src/, it only keep the latest
release. Switch to https://1.as.dl.wireshark.org/src/all-versions/
to make sure the old release can be found.
* Drop patch fix-fatal-no-names-found-git-error.patch
Actually this piece of code should not be invoked when build from
tarball. But in previous releases the code will be performed when
building native package if host with rpmbuild and git installed, which
will cause a configure error. This issue has been fixed in 2.6.4:
commit 4fbc017e80d6d11f8c26cad12d883fd6da9d3504
CMake: Fix build from tarball under certain conditions
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When using multilib the path for libraries might be something other than
/usr/lib. zlog defaults LIBRARY_PATH to 'lib' so we need to set this
appropriately so that cases where this isn't 'lib' it works properly.
Signed-off-by: Dan Dedrick <ddedrick@lexmark.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The recipe wants to install a script under init.d but does not
want to it be started by default. It did so by inheriting update-rc.d
and setting INITSCRIPT_PARAMS to "remove". This is not correct.
We could just not inherit 'update-rc.d' to achieve such effect.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fix the soversion used by libglog as explained bellow:
The preferred default should IMHO be the same as with 0.3.4 version
which was shared library, but that's easy to add with small bbappend
having:
EXTRA_OECMAKE += "-DBUILD_SHARED_LIBS=ON"
but unfortunately the SONAME in the library changed from:
objdump -x usr/lib/libglog.so.0.0.0 | grep SONAME
SONAME libglog.so.0
in 0.3.4 to:
objdump -x usr/lib/libglog.so.0.3.5 | grep SONAME
SONAME libglog.so.0.3.5
Which breaks all our prebuilt binaries which now correctly complain that
there isn't libglog.so.0 provider in dependencies:
QA Issue: /usr/lib/libfoo.so.1.2.3 contained in package libfoo requires
libglog.so.0, but no providers found in RDEPENDS_libfoo
Which is quite unfortunate for minor upgrade. Did they really change the
ABI (and expect to change it in all future minor upgrades) or is this
change just unexpected side-effect of using cmake instead of autotools?
It looks the later, because if I build 0.3.5 version with autotools I
get:
objdump -x usr/lib/libglog.so.0.0.0 | grep SONAME
SONAME libglog.so.0
and there is patch for SOVERSION here as well:
https://github.com/google/or-tools/blob/master/patches/glog.patch
applied in master:
https://github.com/google/glog/blob/master/CMakeLists.txt#L4936b6e38a7d5 (diff-af3b638bc2a3e6c650974192a53c7291)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
valijson is a header only c++ library for JSON
schema validation.
Signed-off-by: James Feist <james.feist@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it has a build dependancy on python-cython and python-pyparsing with are in
meta-python
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When building native package, the do_compile function tries to check
libnsl.so and libresolv.so on host machine and add -lnsl and -lresolv to
SYSLIBS if they exist. But finally it will link the libnsl.so from
${STAGING_LIBDIR_NATIVE}. Actually there is no need to check them since
the libnsl2 is specified in DEPENDS and libresolv.so is from c libarary.
So add -lnsl and -lresolv to SYSLIBS directly.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nlohmann-json has examples in their repo that refer to
the header as json.hpp directly, as such many packages
that require nlohmann-json expect json.hpp and not
nlohmann/json.hpp as the cmake file installs. Create symlink
so that access is available by either option. Also update
to release 3.3.0.
Signed-off-by: James Feist <james.feist@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Dropped the patches for version 13 as they are now included in the
upstream dbus-broker codebase.
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
during radiusd start up, it will check several CVEs of libssl,
if allow_vulnerable_openssl set to no and one of the CVEs is
matched, radiusd will not startup.
in tls.c, two CVEs's version number is wrong, and after upgrade openssl
to 1.1.1, one CVE matched, so startup failed. correct the version numner
to make radiusd startup successfully.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When building grpc for nativesdk the project tries to execute the
nativesdk grpc_cpp_plugin instead of the host one. Apply the patch
fixing the cross-compilation for nativesdk build and modify its
contents to reflect its new purpose.
Also: add grpc-native to dependencies.
Signed-off-by: Hiram Lew <lew@avast.com>
Signed-off-by: Jan Kaisrlik <jan.kaisrlik@avast.com>
Signed-off-by: Lukas Karas <karas@avast.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There were some shared binaries built together with the static ones and this
was leading to the infamous:
i586-oe-linux-musl-ld.bfd: discarded output section: `.got.plt'
Fix this by purging the Kbuild files.
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
LIC_FILES_CHKSUM changed do to "Update copyright to include 2018 plus company name change"
includes: CVE-2018-9336
see: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Babel is a loop-avoiding distance-vector routing protocol for
IPv6 and IPv4 with fast convergence properties.
Signed-off-by: Yi-Soo An <yisooan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
