openembedded-core.git/meta/recipes-devtools/apt/apt.inc, branch uninative-1.5 Mirror of openembedded-core apt: Fix build in musl it was break due to upgrade to 1.2.12 2016-08-07T21:17:01+00:00 Aníbal Limón anibal.limon@linux.intel.com 2016-08-05T21:42:48+00:00 a088018e6e36073c0723b160f8b087a5243836ee methods/connect.cc: Musl doesn't support AI_IDN flag in netdb.h header so define it manually. apt-pkg/contrib/srvrec.h: Add explicity include of sys/types.h to avoid errors in types u_int_SIZE. Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> 
methods/connect.cc: Musl doesn't support AI_IDN flag in netdb.h
header so define it manually.
apt-pkg/contrib/srvrec.h: Add explicity include of sys/types.h
to avoid errors in types u_int_SIZE.

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
apt: Upgrade to 1.2.12 2016-08-04T14:05:46+00:00 Aníbal Limón anibal.limon@linux.intel.com 2016-07-29T19:53:01+00:00 369a7f7232aa8406b63376f7888896fe90f9ce40 Test was made building core-image-sato with package_deb on qemux86 and qemuarm then run for two of them testimage and install packages with apt-get using PACKAGE_FEED_URI's configuration. Now apt support drop priviligies for install packages using a sandbox with _apt user, the useradd class was inherit and configured to install _apt user and group. Rebased patches: - 0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch - 0001-fix-the-gcc-version-check.patch - 0001-remove-Wsuggest-attribute-from-CFLAGS.patch - disable-test.patch - no-curl.patch Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Test was made building core-image-sato with package_deb on qemux86 and
qemuarm then run for two of them testimage and install packages with
apt-get using PACKAGE_FEED_URI's configuration.

Now apt support drop priviligies for install packages using a sandbox
with _apt user, the useradd class was inherit and configured to install
_apt user and group.

Rebased patches:

	- 0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch
        - 0001-fix-the-gcc-version-check.patch
	- 0001-remove-Wsuggest-attribute-from-CFLAGS.patch
	- disable-test.patch
	- no-curl.patch

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
apt: Add support for building for musl targets 2016-01-22T23:42:48+00:00 Khem Raj raj.khem@gmail.com 2016-01-02T21:41:17+00:00 ded03dab901647a7388d219a3a228d4f4f4298e8 Turn bzip2 support into a PACKAGECONFIG zlibs is a must have and therefore add it to DEPENDS will make the build consistent Signed-off-by: Khem Raj <raj.khem@gmail.com> 
Turn bzip2 support into a PACKAGECONFIG
zlibs is a must have and therefore add it to DEPENDS will make the build
consistent

Signed-off-by: Khem Raj <raj.khem@gmail.com>
meta: more removals of redunant FILES_${PN}-dbg 2015-12-16T11:56:10+00:00 Ross Burton ross.burton@intel.com 2015-12-15T16:32:43+00:00 a3b000643898d7402b9e57c02e8d10e677cc9722 In some recipes overly-split -dbg packages were merged into PN-dbg. Unless there's a very good reason, recipes should have a single -dev and -dbg package. Signed-off-by: Ross Burton <ross.burton@intel.com> 
In some recipes overly-split -dbg packages were merged into PN-dbg.  Unless
there's a very good reason, recipes should have a single -dev and -dbg package.

Signed-off-by: Ross Burton <ross.burton@intel.com>
package_regex.inc: split Debian-related entries into their own recipes 2015-12-08T10:20:09+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2015-11-12T13:00:18+00:00 2a5e1848c11bd9a3c64cf8fcc0cb334c738bc5c5 Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
apt: update to 1.0.10.1 2015-08-11T16:04:11+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2015-08-05T11:29:58+00:00 37c8700560b6da569cdf9d7c306a9aa31dcdf06f Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
apt: remove invalid ac_cv_glibc_ver 2015-07-16T14:08:40+00:00 Robert Yang liezhi.yang@windriver.com 2015-07-13T10:04:31+00:00 3234c79940f67ca48e8ee7961c87d80cc27939e5 There is no ac_cv_glibc_ver in configure, can't find it in config.log after remove, either. (From OE-Core rev: 945e2bf6845b052eeb5101033c4770d766142bb1) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
There is no ac_cv_glibc_ver in configure, can't find it
in config.log after remove, either.

(From OE-Core rev: 945e2bf6845b052eeb5101033c4770d766142bb1)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
apt: upgrade to 1.0.9.9 2015-05-27T16:45:20+00:00 Roy Li rongqing.li@windriver.com 2015-05-27T07:58:49+00:00 7dd4a53a99277b46696dea5558fa321a2267af0a 1. Upgrade to fix the several CVEs: CVE-2014-0488, CVE-2014-0490 2. Remove apt-0.9.9.4-CVE-2014-0478.patch, which was backport. 3. Romve no-ko-translation.patch, apt-1.0.9.9 has ko translation 4. Update use-host.patch no-curl.patch db_linking_hack.patch and noconfigure.patch 5. Not build the test cases since it requires gtest 6. install libapt-private.so.* to libdir, otherwise this file is not installed into sysroot for native, and apt-get will use host's, and lead to fail 7. Revert apt commit[a2a75ff45]"always run 'dpkg --configure -a' at the end of our dpkg callings" for native package, otherwise the postscript for these installed packages will be run, and fail since the rootfs dir is not considered 8. Add lzma dependency by PACKAGECONFIG for target, and add xz dependency for native 9. Support to compile apt-native on centos6 Signed-off-by: Roy Li <rongqing.li@windriver.com> Acked-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
1. Upgrade to fix the several CVEs: CVE-2014-0488, CVE-2014-0490
2. Remove apt-0.9.9.4-CVE-2014-0478.patch, which was backport.
3. Romve no-ko-translation.patch, apt-1.0.9.9 has ko translation
4. Update use-host.patch no-curl.patch db_linking_hack.patch and
noconfigure.patch
5. Not build the test cases since it requires gtest
6. install libapt-private.so.* to libdir, otherwise this file is
not installed into sysroot for native, and apt-get will use host's,
and lead to fail
7. Revert apt commit[a2a75ff45]"always run 'dpkg --configure -a'
at the end of our dpkg callings" for native package, otherwise
the postscript for these installed packages will be run, and fail
since the rootfs dir is not considered
8. Add lzma dependency by PACKAGECONFIG for target, and add xz
dependency for native
9. Support to compile apt-native on centos6

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Acked-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
apt: fix SRC_URI 2015-03-16T17:38:39+00:00 Robert Yang liezhi.yang@windriver.com 2015-03-06T03:29:32+00:00 490d20e1a7e6e3a0cae24af37bcb0192a3916409 Fixed: WARNING: Failed to fetch URL ftp://ftp.debian.org/debian/pool/main/a/apt/apt_0.9.9.4.tar.gz, attempting MIRRORS if available Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
Fixed:
WARNING: Failed to fetch URL ftp://ftp.debian.org/debian/pool/main/a/apt/apt_0.9.9.4.tar.gz, attempting MIRRORS if available

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
apt: fix for CVE-2014-0478 2014-09-29T16:49:10+00:00 Chong Lu Chong.Lu@windriver.com 2014-09-26T01:49:19+00:00 3dd692fcf2b0c11731b3f30abdf2b1878458a898 APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478 Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Chong Lu <Chong.Lu@windriver.com> 
APT before 1.0.4 does not properly validate source packages, which allows
man-in-the-middle attackers to download and install Trojan horse packages
by removing the Release signature.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478

Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>