Age | Commit message (Collapse) | Author | Files |
|
Update bugtracker web address
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Move connmans xuser-related D-Bus policy to a separate file that
xuser-account installs: This way connman does not need to depend on
xuser-account. Add policies for bluez and ofono in the same file.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Bluez D-Bus policy is much too open and affects not just bluez but
all system services: Use upstream policy configuration instead.
This change has a chance of affecting other D-Bus services: the bug
that is fixed here may have hidden problems in other policies.
[YOCTO #8414]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #8365]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The gettext 0.16.1 doesn't install any m4 files to sysroot, please see
the following commit:
commit 9e10db5bdfe77c0ef2aff2f1cf89958b62c294a1
Author: Christopher Larson <kergoth@gmail.com>
Date: Mon Mar 17 18:10:54 2014 +0000
gettext-0.16.1: kill target m4 macros from sysroot
This is aim for using gettext-native's macros(gettext-native-0.19.4),
but when we set:
PREFERRED_VERSION_gettext = "0.16.1"
And build the recipes like pcmanfm, we would get errors when
do_configure:
configure:5164: error: possibly undefined macro: AM_NLS
This is because autotools_copy_aclocals doesn't copy the native macros
for target unless they're direct dependencies.
Add gettext-native to DEPENDS will fix the problem.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove dependencies for test targets. Otherwise, during ptest
execution, "make" tries to rebuild those executables and fails
there.
[YOCTO #8059]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If you currently do a DISTRO_FEATURES_remove = "x11" with OE-Core, you
see failures due to dependency problems. The work in resolving this was
partially completed a while back. This adds in the markup mainly for
gtk/gtk3+ recipes and means "bitbake world" will work successfully.
Rather than code the gtk/gtk+ specific distro features into each recipe,
a shared variable is used.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previously, the iproute2's configure script is actually run in the
do_compile stage. There's a Makefile rule 'all: Config' which makes
the configure process run to generate the Config file.
However, this makes it hard to fix the dependency problems. We need
to generate the Config file in the do_configure stage.
Add do_configure_append to separate the configure process from the
compile process.
Besides, explicitly disable ATM support for iproute2, otherwise we'll
sometimes meet errors like below when building.
ld: cannot find -latm
collect2: error: ld returned 1 exit status
Makefile:154: recipe for target 'q_atm.so' failed
make[1]: *** [q_atm.so] Error 1
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There are already "allow" rules for root and conditionally xuser to
send messages to connman: there should be no reason for a default
allow policy.
Also, conditionally add a policy to allow xuser to send to the
connman vpn service (similar to main service).
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This means dragging in xuser-account even when it's not used but
that's a lesser evil than the recipe depending on machine specific
settings.
This also prevents a warning on connman service startup when
ROOTLESS_X is not set:
Unknown username "xuser" in message bus
[YOCTO #8005]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Map nios2 architecture to linux-generic32 target.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
gen.c uses 512 as the path length which is a little short when build in
deep dir, and cause "too long" error, use PATH_MAX if defined.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bugfixes.
build-create-dirs-before-putting-files-in-them.patch
patch removed, patch included upstream.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This will help one to disable the targets via bbappends if needed
e.g. musl can not compile irdaping since it uses includes
net/if_packet.h, which (on GLIBC) only defines struct sockaddr_pkt but
not in other libc e.g. musl that makes irdaping specific to glibc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix the building path is long, when building bind, we would meet the following
error.
".../long/path/to/bind/9.10.2-P3-r0/bind-9.10.2-P3/lib/dns" too long
This is because the in gen.c, DIRNAMESIZE is limited to 256. But in OE, the
path length limit is more than 400. So we change it to 512.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
fixes two secruity issues:
CVE-2015-5722 and CVE-2015-5986.
see release notes for more information.
ftp://ftp.isc.org/isc/bind9/9.10.2-P4/RELEASE-NOTES.bind-9.10.2-P4.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Makefile for mount and osd_login utilities forces
/sbin as asbindir, however on a merged /usr system this directory
might not exist. Instead sed in the system sbindir.
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When building with a merged /usr dir the udev directory
lives at /usr/lib/udev - update the FILES pattern to also
pick up udev files installed two levels below the / to
ensure a merged /usr works.
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libelf is now a build dependency.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a bugfix release.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We want the dep on pkgconfig-native, not pkgconfig, and the convention is to
inherit pkgconfig when running pkg-config at build time.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
iw uses cfg80211/nl80211, which is the way of the future. wireless-tools uses
WEXT, which uses ioctl, which is in deep maintenance mode. See
http://wireless.kernel.org/en/developers/Documentation/Wireless-Extensions.
Also https://wireless.wiki.kernel.org/en/users/Documentation/iw indicates "The
old tool iwconfing, which uses Wireless Extensions interface, is deprecated
and it's strongly recommended to switch to iw and nl80211."
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bind doesn't ship shared libraries only static libraries, so the default
dependency on PN from PN-dev is pointless and means that an image with bind-dev
installed (via dhcp-dev's automatic dependency) ends up with named installed and
started on boot which is rarely intended.
If and when we ship bind's shared libraries we should ensure that the libraries
go into a separate package.
Also remove an old comment about --enable-exportlib which isn't supported by
configure anymore.
[ YOCTO #8216 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ptests were failing and many more were being silently skipped because
required binaries were not being built.
Build the binaries in regress/ and set SUDO environment variable in
run-ptests: after this all tests in regress/ are now run. Continue to
skip building binaries in regress/unittests/: unittest runtime is
excessive.
On a NUC running intel-corei7-64 core-image-sato, new results are:
PASS: 55, SKIP: 3, FAIL: 0
[YOCTO #8153]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
7.0p1 includes the fix for CVE-2015-5600, and release note is in:
http://www.openssh.com/txt/release-7.0
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
6.9p1 is primarily a bugfix release.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The original commit "wpa-supplicant: Fix CVE-2015-4142" included the
patch file but didn't apply it into the recipe, so the backport has
not been effective.
Reported-by: Adam Moore <adam.moore@savantsystems.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
9.10.2-p3 includes the fix for CVE-2015-5477:
BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote
attackers to cause a denial of service (REQUIRE assertion failure
and daemon exit) via TKEY queries.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-4145, CVE-2015-4146
wpa-supplicant: backport patch to fix CVE-2015-4141,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146
Backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146.
This patch is originally from:
For CVE-2015-4141:
http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
For CVE-2015-4143:
http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
For CVE-2015-4144 and CVE-2015-4145:
http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
For CVE-2015-4146:
http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Modify the dhcp.inc with using the variable ${PN} instead of direct
packagename, so that the content will not be override after expanding
while we build the lib32-dhcp package with FILES_${PN}-xxxx_append.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upgrade to fix CVE-2015-4620:
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x
before 9.10.2-P2, when configured as a recursive resolver with DNSSEC
validation, allows remote attackers to cause a denial of service (REQUIRE
assertion failure and daemon exit) by constructing crafted zone data and
then making a query for a name in that zone.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The .inc file contains so much version-dependent logic (for example behaviour of
libexecdir and location of installed daemon) that there's not really any point
in having the two split.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Overriding libexecdir was required when neard did funky things in the Makefile,
but it doesn't anymore.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* add leading space so that it works even with some .bbappend adding
additional files to SRC_URI without trailing space
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Mostly a bug fix release.
Fixes in several different areas, including OPP,
ATT and advertising (instance number handling in particular).
Fix for handling a sudden disconnect when a connection setup
process hasn’t yet completed.
New feature: ability to select between letting the stack
handle ATT security elevation or doing the respective
error handling in higher layers.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This upgrade fixes CVE-2015-1793
Removed openssl-fix-link.patch. The linking issue has been fixed in openssl.
Signed-off-by: Jan Wetter <jan.wetter@mikrom.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add /etc/modules-load.d/nfsd.conf so that the system loads nfsd at start-up.
Add proc-fs-nfsd.mount systemd unit file because it's needed for nfs server
to start correctly.
After this change, in a systemd based image, we can use `systemctl start
nfs-server' to start the nfs server and things would work correctly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
service files dhcpd6.service
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
wpa-supplicant: backport patch to fix CVE-2015-4142
Backport patch to fix CVE-2015-4142. This patch is originally from:
http://w1.fi/security/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
make start-statd command to use nfscommon configure, too.
Signed-off-by: Henrik Riomar <henrik.riomar@ericsson.com>
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
call "exportfs -r" to reexport all directories when start the nfsserver.
This change does follow debian and nfs-utils stardard.
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176
remove a backport patch
update the c_rehash-compat.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Mostly a bug fix release,
with the the following improvements:
- support for handling BNEP setup response;
- support for setting GATT database security flags;
- support for setting discovery filters interface;
- support for user controlled advertising interface.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use $libexecdir and $libdir as appropriate so the files are packaged correctly
when libexecdir != $libdir/$BPN.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|