[oe] [meta-oe][PATCH] libteam: add ptest
From: Wenzong FanThe scripts/team_basic_test.py will be called as testcase. RedHat specific tests have been disabled since they are incampatible with OE. Signed-off-by: Wenzong Fan --- ...asic_test.py-disable-RedHat-specific-test.patch | 32 ++ meta-oe/recipes-support/libteam/libteam/run-ptest | 3 ++ meta-oe/recipes-support/libteam/libteam_1.27.bb| 8 +- 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/libteam/libteam/0001-team_basic_test.py-disable-RedHat-specific-test.patch create mode 100644 meta-oe/recipes-support/libteam/libteam/run-ptest diff --git a/meta-oe/recipes-support/libteam/libteam/0001-team_basic_test.py-disable-RedHat-specific-test.patch b/meta-oe/recipes-support/libteam/libteam/0001-team_basic_test.py-disable-RedHat-specific-test.patch new file mode 100644 index 000..468a55f --- /dev/null +++ b/meta-oe/recipes-support/libteam/libteam/0001-team_basic_test.py-disable-RedHat-specific-test.patch @@ -0,0 +1,32 @@ +From 00debe6bd4cf5a3133a8fbaab75f7447a39fa655 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan +Date: Thu, 12 Apr 2018 01:54:15 + +Subject: [PATCH] team_basic_test.py: disable RedHat specific test + +The test _run_teamd_initscripts() is for RedHat ifcfg scripts which are +incompatible with OE: + /etc/sysconfig/network-scripts/ifcfg-* + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Wenzong Fan +--- + scripts/team_basic_test.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/team_basic_test.py b/scripts/team_basic_test.py +index b05be9e..faabd18 100755 +--- a/scripts/team_basic_test.py b/scripts/team_basic_test.py +@@ -171,7 +171,7 @@ TEAM_PORT_CONFIG='{"prio": 10}' + try: + for mode_name in self._team_modes: + self._run_one_mode(mode_name) +-self._run_teamd_initscripts() ++#self._run_teamd_initscripts() + finally: + cmd_exec("modprobe -r team_mode_loadbalance team_mode_roundrobin team_mode_activebackup team_mode_broadcast team"); + +-- +2.13.3 + diff --git a/meta-oe/recipes-support/libteam/libteam/run-ptest b/meta-oe/recipes-support/libteam/libteam/run-ptest new file mode 100644 index 000..4ba5acf --- /dev/null +++ b/meta-oe/recipes-support/libteam/libteam/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +python $(dirname $0)/team_basic_test.py diff --git a/meta-oe/recipes-support/libteam/libteam_1.27.bb b/meta-oe/recipes-support/libteam/libteam_1.27.bb index 3222700..442592d 100644 --- a/meta-oe/recipes-support/libteam/libteam_1.27.bb +++ b/meta-oe/recipes-support/libteam/libteam_1.27.bb @@ -10,6 +10,8 @@ DEPENDS = "libnl libdaemon jansson" SRC_URI = "git://github.com/jpirko/libteam \ file://0001-include-sys-select.h-for-fd_set-definition.patch \ file://0002-teamd-Re-adjust-include-header-order.patch \ + file://0001-team_basic_test.py-disable-RedHat-specific-test.patch \ + file://run-ptest \ " SRCREV = "91a928a56a501daac5ce8b3c16bd9943661f1d16" @@ -18,7 +20,7 @@ SRC_URI[sha256sum] = "d65286379141db141bea33424ec0507bb0f827a0bf03d9c65004bb593e S = "${WORKDIR}/git" -inherit autotools pkgconfig +inherit autotools pkgconfig ptest FILES_${PN} = "${libdir}/libteam${SOLIBS} \ " @@ -33,4 +35,8 @@ FILES_${PN}-utils = "${bindir}/bond2team \ " RDEPENDS_${PN}-utils = "bash" +RDEPENDS_${PN}-ptest = "python" +do_install_ptest() { + install ${S}/scripts/team_basic_test.py ${D}${PTEST_PATH}/ +} -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-networking][PATCH] tcpdump: update to 4.9.2 to fix CVEs
From: Wenzong FanRefer to http://www.tcpdump.org/tcpdump-changes.txt: Fix buffer overflow vulnerabilities: CVE-2017-11543 (SLIP) CVE-2017-13011 (bittok2str_internal) Fix infinite loop vulnerabilities: CVE-2017-12989 (RESP) CVE-2017-12990 (ISAKMP) CVE-2017-12995 (DNS) CVE-2017-12997 (LLDP) Fix buffer over-read vulnerabilities: CVE-2017-11541 (safeputs) CVE-2017-11542 (PIMv1) CVE-2017-12893 (SMB/CIFS) CVE-2017-12894 (lookup_bytestring) CVE-2017-12895 (ICMP) CVE-2017-12896 (ISAKMP) CVE-2017-12897 (ISO CLNS) CVE-2017-12898 (NFS) CVE-2017-12899 (DECnet) CVE-2017-12900 (tok2strbuf) CVE-2017-12901 (EIGRP) CVE-2017-12902 (Zephyr) CVE-2017-12985 (IPv6) CVE-2017-12986 (IPv6 routing headers) CVE-2017-12987 (IEEE 802.11) CVE-2017-12988 (telnet) CVE-2017-12991 (BGP) CVE-2017-12992 (RIPng) CVE-2017-12993 (Juniper) CVE-2017-11542 (PIMv1) CVE-2017-11541 (safeputs) CVE-2017-12994 (BGP) CVE-2017-12996 (PIMv2) CVE-2017-12998 (ISO IS-IS) CVE-2017-12999 (ISO IS-IS) CVE-2017-13000 (IEEE 802.15.4) CVE-2017-13001 (NFS) CVE-2017-13002 (AODV) CVE-2017-13003 (LMP) CVE-2017-13004 (Juniper) CVE-2017-13005 (NFS) CVE-2017-13006 (L2TP) CVE-2017-13007 (Apple PKTAP) CVE-2017-13008 (IEEE 802.11) CVE-2017-13009 (IPv6 mobility) CVE-2017-13010 (BEEP) CVE-2017-13012 (ICMP) CVE-2017-13013 (ARP) CVE-2017-13014 (White Board) CVE-2017-13015 (EAP) CVE-2017-11543 (SLIP) CVE-2017-13016 (ISO ES-IS) CVE-2017-13017 (DHCPv6) CVE-2017-13018 (PGM) CVE-2017-13019 (PGM) CVE-2017-13020 (VTP) CVE-2017-13021 (ICMPv6) CVE-2017-13022 (IP) CVE-2017-13023 (IPv6 mobility) CVE-2017-13024 (IPv6 mobility) CVE-2017-13025 (IPv6 mobility) CVE-2017-13026 (ISO IS-IS) CVE-2017-13027 (LLDP) CVE-2017-13028 (BOOTP) CVE-2017-13029 (PPP) CVE-2017-13030 (PIM) CVE-2017-13031 (IPv6 fragmentation header) CVE-2017-13032 (RADIUS) CVE-2017-13033 (VTP) CVE-2017-13034 (PGM) CVE-2017-13035 (ISO IS-IS) CVE-2017-13036 (OSPFv3) CVE-2017-13037 (IP) CVE-2017-13038 (PPP) CVE-2017-13039 (ISAKMP) CVE-2017-13040 (MPTCP) CVE-2017-13041 (ICMPv6) CVE-2017-13042 (HNCP) CVE-2017-13043 (BGP) CVE-2017-13044 (HNCP) CVE-2017-13045 (VQP) CVE-2017-13046 (BGP) CVE-2017-13047 (ISO ES-IS) CVE-2017-13048 (RSVP) CVE-2017-13049 (Rx) CVE-2017-13050 (RPKI-Router) CVE-2017-13051 (RSVP) CVE-2017-13052 (CFM) CVE-2017-13053 (BGP) CVE-2017-13054 (LLDP) CVE-2017-13055 (ISO IS-IS) CVE-2017-13687 (Cisco HDLC) CVE-2017-13688 (OLSR) CVE-2017-13689 (IKEv1) CVE-2017-13690 (IKEv2) CVE-2017-13725 (IPv6 routing headers) Signed-off-by: Wenzong Fan --- .../recipes-support/tcpdump/{tcpdump_4.9.1.bb => tcpdump_4.9.2.bb}| 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/tcpdump/{tcpdump_4.9.1.bb => tcpdump_4.9.2.bb} (90%) diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.1.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb similarity index 90% rename from meta-networking/recipes-support/tcpdump/tcpdump_4.9.1.bb rename to meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb index 40106975e..d38540e34 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.1.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb @@ -12,8 +12,8 @@ SRC_URI = " \ file://run-ptest \ " -SRC_URI[md5sum] = "1e0293210b0dea5ef18e88e4150394b7" -SRC_URI[sha256sum] = "f9448cf4deb2049acf713655c736342662e652ef40dbe0a8f6f8d5b9ce5bd8f3" +SRC_URI[md5sum] = "9bbc1ee33dab61302411b02dd0515576" +SRC_URI[sha256sum] = "798b3536a29832ce0cbb07fafb1ce5097c95e308a6f592d14052e1ef1505fe79" export LIBS=" -lpcap" -- 2.13.0 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-networking][PATCH] tcpdump: fix CVE-2017-11541, 11542, 11543
From: Wenzong FanBackport patches for fixing: - CVE-2017-11541: https://nvd.nist.gov/vuln/detail/CVE-2017-11541 https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 - CVE-2017-11542: https://nvd.nist.gov/vuln/detail/CVE-2017-11542 https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae - CVE-2017-11543: https://nvd.nist.gov/vuln/detail/CVE-2017-11543 https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3 The tests/* changes dropped to workaround patch error: File tests/*.pcap: git binary diffs are not supported. Signed-off-by: Wenzong Fan --- ...541-In-safeputs-check-the-length-before-c.patch | 49 + ...1-CVE-2017-11542-PIMv1-Add-a-bounds-check.patch | 43 +++ ...543-Make-sure-the-SLIP-direction-octet-is.patch | 85 ++ .../recipes-support/tcpdump/tcpdump_4.9.1.bb | 3 + 4 files changed, 180 insertions(+) create mode 100644 meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11541-In-safeputs-check-the-length-before-c.patch create mode 100644 meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11542-PIMv1-Add-a-bounds-check.patch create mode 100644 meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11543-Make-sure-the-SLIP-direction-octet-is.patch diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11541-In-safeputs-check-the-length-before-c.patch b/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11541-In-safeputs-check-the-length-before-c.patch new file mode 100644 index 0..a83214b02 --- /dev/null +++ b/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11541-In-safeputs-check-the-length-before-c.patch @@ -0,0 +1,49 @@ +From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Tue, 7 Feb 2017 11:40:36 -0800 +Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before + checking for a NUL terminator. + +safeputs() doesn't do packet bounds checking of its own; it assumes that +the caller has checked the availability in the packet data of all maxlen +bytes of data. This means we should check that we're within the +specified limit before looking at the byte. + +This fixes a buffer over-read discovered by Kamil Frankowicz. + +Add a test using the capture file supplied by the reporter(s). + +CVE: CVE-2017-11541 + +Upstream-Status: Backport +https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 + +Drop the tests/* changes to workaroud patch error: +File tests/hoobr_safeputs.pcap: git binary diffs are not supported. + +Signed-off-by: Wenzong Fan +--- + tests/TESTLIST| 1 + + tests/hoobr_safeputs.out | 2 ++ + tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes + util-print.c | 2 +- + 4 files changed, 4 insertions(+), 1 deletion(-) + create mode 100644 tests/hoobr_safeputs.out + create mode 100644 tests/hoobr_safeputs.pcap + +diff --git a/util-print.c b/util-print.c +index 394e7d59..ec3e8de8 100644 +--- a/util-print.c b/util-print.c +@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo, + { + u_int idx = 0; + +- while (*s && idx < maxlen) { ++ while (idx < maxlen && *s) { + safeputchar(ndo, *s); + idx++; + s++; +-- +2.13.0 + diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11542-PIMv1-Add-a-bounds-check.patch b/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11542-PIMv1-Add-a-bounds-check.patch new file mode 100644 index 0..a177e7c0b --- /dev/null +++ b/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-11542-PIMv1-Add-a-bounds-check.patch @@ -0,0 +1,43 @@ +From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Tue, 7 Feb 2017 11:10:04 -0800 +Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check. + +This fixes a buffer over-read discovered by Kamil Frankowicz. + +Add a test using the capture file supplied by the reporter(s). + +CVE: CVE-2017-11542 + +Upstream-Status: Backport +https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae + +Drop the tests/* changes to workaroud patch error: +File tests/hoobr_pimv1.pcap: git binary diffs are not supported. + +Signed-off-by: Wenzong Fan +--- + print-pim.c| 1 + + tests/TESTLIST | 1 + + tests/hoobr_pimv1.out | 25 + + tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes + 4 files changed, 27 insertions(+) + create mode 100644 tests/hoobr_pimv1.out + create mode 100644 tests/hoobr_pimv1.pcap + +diff --git a/print-pim.c b/print-pim.c +index 25525953..ed880ae7 100644 +--- a/print-pim.c
[oe] [PATCH] python-networkx: add python-2to3 to RDEPENDS
From: Wenzong FanFix runtime error: File "/usr/lib/python2.7/site-packages/networkx/readwrite/gml.py", \ line 44, in from lib2to3.pgen2.parse import ParseError ImportError: No module named lib2to3.pgen2.parse Signed-off-by: Wenzong Fan --- meta-python/recipes-devtools/python/python-networkx_1.11.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python-networkx_1.11.bb b/meta-python/recipes-devtools/python/python-networkx_1.11.bb index 28a7baae0..bda8ae32e 100644 --- a/meta-python/recipes-devtools/python/python-networkx_1.11.bb +++ b/meta-python/recipes-devtools/python/python-networkx_1.11.bb @@ -6,3 +6,5 @@ SRC_URI[md5sum] = "6ef584a879e9163013e9a762e1cf7cd1" SRC_URI[sha256sum] = "0d0e70e10dfb47601cbb3425a00e03e2a2e97477be6f80638fef91d54dd1e4b8" inherit pypi setuptools + +RDEPENDS_${PN} += "python-2to3" -- 2.13.0 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] fontforge: update to 20170731 to fix CVEs
From: Wenzong FanFixed CVEs & Issues: CVE-2017-11577: #3088 CVE-2017-11576: #3091 CVE-2017-11575: #3096 CVE-2017-11574: #3090 CVE-2017-11572: #3092 CVE-2017-11571: #3087 CVE-2017-11569: #3093 CVE-2017-11568: #3089 Signed-off-by: Wenzong Fan --- .../fontforge/{fontforge_20161012.bb => fontforge_20170731.bb}| 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-graphics/fontforge/{fontforge_20161012.bb => fontforge_20170731.bb} (96%) diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20161012.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20170731.bb similarity index 96% rename from meta-oe/recipes-graphics/fontforge/fontforge_20161012.bb rename to meta-oe/recipes-graphics/fontforge/fontforge_20170731.bb index 1c3376d42..d9f086749 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20161012.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20170731.bb @@ -14,8 +14,8 @@ inherit autotools pkgconfig pythonnative distro_features_check gettext REQUIRED_DISTRO_FEATURES_append_class-target = " x11" SRC_URI = "git://github.com/${BPN}/${BPN}.git" -# tag 20161012 -SRCREV = "072edb0235cd163d6c3391da9cc3754c3c66f47a" +# tag 20170731 +SRCREV = "b9149c13e8f9464fc21473f1f676b36a2130775d" S = "${WORKDIR}/git" EXTRA_OECONF_append_class-native = " with_x=no" -- 2.13.0 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-networking][PATCH] tcpdump: update to 4.9.1 to fix CVE-2017-11108
From: Wenzong FanSummary for 4.9.1 tcpdump release CVE-2017-11108/Fix bounds checking for STP. Make assorted documentation updates and fix a few typos in tcpdump output. Fixup -C for file size >2GB (GH #488). Show AddressSanitizer presence in version output. Fix a bug in test scripts (exposed in GH #613). On FreeBSD adjust Capsicum capabilities for netmap. On Linux fix a use-after-free when the requested interface does not exist. Signed-off-by: Wenzong Fan --- .../recipes-support/tcpdump/{tcpdump_4.9.0.bb => tcpdump_4.9.1.bb}| 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/tcpdump/{tcpdump_4.9.0.bb => tcpdump_4.9.1.bb} (90%) diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.0.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.1.bb similarity index 90% rename from meta-networking/recipes-support/tcpdump/tcpdump_4.9.0.bb rename to meta-networking/recipes-support/tcpdump/tcpdump_4.9.1.bb index 43e388ccc..261c78427 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.0.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.1.bb @@ -13,8 +13,8 @@ SRC_URI = " \ file://run-ptest \ " -SRC_URI[md5sum] = "2b83364eef53b63ca3181b4eb56dab0c" -SRC_URI[sha256sum] = "eae98121cbb1c9adbedd9a777bf2eae9fa1c1c676424a54740311c8abcee5a5e" +SRC_URI[md5sum] = "1e0293210b0dea5ef18e88e4150394b7" +SRC_URI[sha256sum] = "f9448cf4deb2049acf713655c736342662e652ef40dbe0a8f6f8d5b9ce5bd8f3" export LIBS=" -lpcap" -- 2.13.0 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-python][PATCH v2] python-networkx: add package
From: Wenzong FanPython package for creating and manipulating graphs and networks. Signed-off-by: Wenzong Fan --- meta-python/recipes-devtools/python/python-networkx_1.11.bb | 8 1 file changed, 8 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python-networkx_1.11.bb diff --git a/meta-python/recipes-devtools/python/python-networkx_1.11.bb b/meta-python/recipes-devtools/python/python-networkx_1.11.bb new file mode 100644 index 000..28a7baa --- /dev/null +++ b/meta-python/recipes-devtools/python/python-networkx_1.11.bb @@ -0,0 +1,8 @@ +DESCRIPTION = "Python package for creating and manipulating graphs and networks" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=925586ea588eb990de840dc71ea3752f" + +SRC_URI[md5sum] = "6ef584a879e9163013e9a762e1cf7cd1" +SRC_URI[sha256sum] = "0d0e70e10dfb47601cbb3425a00e03e2a2e97477be6f80638fef91d54dd1e4b8" + +inherit pypi setuptools -- 2.7.4 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-python] python-networkx: add package
From: Wenzong FanPython package for creating and manipulating graphs and networks. Signed-off-by: Wenzong Fan --- meta-python/recipes-devtools/python/python-networkx_1.11.bb | 8 1 file changed, 8 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python-networkx_1.11.bb diff --git a/meta-python/recipes-devtools/python/python-networkx_1.11.bb b/meta-python/recipes-devtools/python/python-networkx_1.11.bb new file mode 100644 index 000..5bc062f --- /dev/null +++ b/meta-python/recipes-devtools/python/python-networkx_1.11.bb @@ -0,0 +1,8 @@ +DESCRIPTION = "Python package for creating and manipulating graphs and networks" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=925586ea588eb990de840dc71ea3752f" + +SRC_URI[md5sum] = "6ef584a879e9163013e9a762e1cf7cd1" +SRC_URI[sha256sum] = "0d0e70e10dfb47601cbb3425a00e03e2a2e97477be6f80638fef91d54dd1e4b8" + +inherit pypi setuptools -- 2.7.4 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] opencv: remove DEFAULT_PREFERENCE = "-1" for 3.1
From: Wenzong FanThe opencv 2.4 has been blacklisted, 3.1 should be the default choice for both opencv and lib32-opencv. Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/opencv/opencv_3.1.bb | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta-oe/recipes-support/opencv/opencv_3.1.bb b/meta-oe/recipes-support/opencv/opencv_3.1.bb index 1bbb965..a212f4f 100644 --- a/meta-oe/recipes-support/opencv/opencv_3.1.bb +++ b/meta-oe/recipes-support/opencv/opencv_3.1.bb @@ -8,8 +8,6 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0ea90d28b4de883d7af5e6711f14f7bf" ARM_INSTRUCTION_SET_armv4 = "arm" ARM_INSTRUCTION_SET_armv5 = "arm" -DEFAULT_PREFERENCE = "-1" - DEPENDS = "python-numpy libtool swig swig-native python bzip2 zlib glib-2.0 libwebp protobuf protobuf-native" SRCREV_opencv = "92387b1ef8fad15196dd5f7fb4931444a68bc93a" -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] rsnapshot: fix host path in rsnapshot.conf.default
From: Wenzong FanFix host path for commands: mount, umount: .../tmp/sysroots/x86_64-linux/bin/mount -> /bin/mount .../tmp/sysroots/x86_64-linux/bin/umount -> /bin/umount Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb index 1ebbb40..aefe362 100644 --- a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb +++ b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb @@ -40,6 +40,8 @@ EXTRA_OECONF += "--without-cp \ --without-logger \ --without-rsync \ ac_cv_path_PERL=${bindir}/perl \ + ac_cv_path_MOUNT=${base_bindir}/mount \ + ac_cv_path_UMOUNT=${base_bindir}/umount \ " # Create 't/include.ac' before starting the autoreconf to fix configure -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] opencv: checking existence of /usr/lib
From: Wenzong FanRemove install errors: mv: cannot stat '.../tmp/work/mips64-wrs-linux/opencv/3.1+gitAUTOINC +92387b1ef8-r0/image/usr/lib/*': No such file or directory Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/opencv/opencv_3.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/opencv/opencv_3.1.bb b/meta-oe/recipes-support/opencv/opencv_3.1.bb index 72bf5b4..1bbb965 100644 --- a/meta-oe/recipes-support/opencv/opencv_3.1.bb +++ b/meta-oe/recipes-support/opencv/opencv_3.1.bb @@ -138,7 +138,7 @@ do_install_append() { sed -i '/blobtrack/d' ${D}${includedir}/opencv/cvaux.h # Move Python files into correct library folder (for multilib build) -if [ "$libdir" != "/usr/lib" ]; then +if [ "$libdir" != "/usr/lib" -a -d ${D}/usr/lib ]; then mv ${D}/usr/lib/* ${D}/${libdir}/ rm -rf ${D}/usr/lib fi -- 2.9.3 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] libeigen: set tarball name as ${BP}.tar.bz2
From: Wenzong FanRename tarball name: 3.2.8.tar.bz2 -> libeigen-3.2.8.tar.bz2 Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/libeigen/libeigen_3.2.8.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/libeigen/libeigen_3.2.8.bb b/meta-oe/recipes-support/libeigen/libeigen_3.2.8.bb index 9e14ee1..dcca2e9 100644 --- a/meta-oe/recipes-support/libeigen/libeigen_3.2.8.bb +++ b/meta-oe/recipes-support/libeigen/libeigen_3.2.8.bb @@ -4,7 +4,7 @@ HOMEPAGE = "http://eigen.tuxfamily.org/; LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://COPYING.MPL2;md5=815ca599c9df247a0c7f619bab123dad" -SRC_URI = "http://bitbucket.org/eigen/eigen/get/${PV}.tar.bz2 \ +SRC_URI = "http://bitbucket.org/eigen/eigen/get/${PV}.tar.bz2;downloadfilename=${BP}.tar.bz2 \ file://0001-CMakeLists.txt-install-FindEigen3.cmake-script.patch" SRC_URI[md5sum] = "9e3bfaaab3db18253cfd87ea697b3ab1" SRC_URI[sha256sum] = "722a63d672b70f39c271c5e2a4a43ba14d12015674331790414fcb167c357e55" -- 2.9.3 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] opencv: fix QA issue
From: Wenzong FanReplace '/lib' with '${baselib}' to fix QA issue: ERROR: do_package_qa: QA Issue: non -staticdev package contains \ static .a library: opencv-apps path \ '.../opencv-apps/usr/share/OpenCV/3rdparty/lib64/libippicv.a' \ [staticdev] Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/opencv/opencv_3.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/opencv/opencv_3.1.bb b/meta-oe/recipes-support/opencv/opencv_3.1.bb index 2136b07..72bf5b4 100644 --- a/meta-oe/recipes-support/opencv/opencv_3.1.bb +++ b/meta-oe/recipes-support/opencv/opencv_3.1.bb @@ -116,7 +116,7 @@ PACKAGES_DYNAMIC += "^libopencv-.*" FILES_${PN} = "" FILES_${PN}-apps = "${bindir}/* ${datadir}/OpenCV" -FILES_${PN}-dev = "${includedir} ${libdir}/pkgconfig ${datadir}/OpenCV/*.cmake ${datadir}/OpenCV/3rdparty/lib/*.a" +FILES_${PN}-dev = "${includedir} ${libdir}/pkgconfig ${datadir}/OpenCV/*.cmake ${datadir}/OpenCV/3rdparty/${baselib}/*.a" FILES_${PN}-doc = "${datadir}/OpenCV/doc" FILES_${PN}-java = "${datadir}/OpenCV/java" FILES_${PN}-java-dbg = "${datadir}/OpenCV/java/.debug/" -- 2.9.3 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] openldap: use recommended backend mdb
From: Kai KangThe mdb backend to slapd(8) is the recommended primary backend for a normal slapd database. Add PACKAGECONFIG 'mdb' to enable it and build mdb as SLAPD_STATIC_BACKENDS. This fixes the errors while starting slapd: $systemctl start slapd Job for slapd.service failed because the control process exited \ with error code. See "systemctl status slapd.service" and \ "journalctl -xe" for details. $ systemctl status slapd ... /etc/openldap/slapd.conf: line 53: failed init (bdb) Unrecognized database type (bdb) slapd.service: Control process exited, code=exited status=1 ... Signed-off-by: Kai Kang Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/openldap/openldap_2.4.44.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.44.bb b/meta-oe/recipes-support/openldap/openldap_2.4.44.bb index 41f753e..4e95a77 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.4.44.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.4.44.bb @@ -53,7 +53,7 @@ EXTRA_OECONF += "--with-yielding-select=yes" EXTRA_OECONF += "--enable-dynamic" PACKAGECONFIG ??= "gnutls modules \ - ldap meta monitor null passwd shell proxycache dnssrv \ + mdb ldap meta monitor null passwd shell proxycache dnssrv \ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \ " #--with-tls with TLS/SSL support auto|openssl|gnutls [auto] @@ -97,7 +97,7 @@ PACKAGECONFIG[hdb] = "--enable-hdb=yes,--enable-hdb=no,db" PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no," #--enable-mdb enable mdb database backend no|yes|mod [yes] -PACKAGECONFIG[mdb] = "--enable-mdb=mod,--enable-mdb=no," +PACKAGECONFIG[mdb] = "--enable-mdb=yes,--enable-mdb=no," #--enable-meta enable metadirectory backend no|yes|mod no PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no," -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] rsnapshot: update to 1.4.2
From: Wenzong Fan* update rsnapshot from 1.3.1 to 1.4.2 * fix configure error: configure.ac:302: file 't/include.ac' does not exist Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb index d680511..1ebbb40 100644 --- a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb +++ b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb @@ -20,8 +20,8 @@ RDEPENDS_${PN} = "rsync \ perl-module-overloading \ " -SRCREV = "1047cbb57937c29233388e2fcd847fecd3babe74" -PV = "1.3.1+git${SRCPV}" +SRCREV = "27209563f924a22f510698ea225f53ea52f07cb4" +PV = "1.4.2+git${SRCPV}" SRC_URI = "git://github.com/DrHyde/${BPN};branch=master;protocol=git \ file://configure-fix-cmd_rsync.patch \ @@ -41,3 +41,11 @@ EXTRA_OECONF += "--without-cp \ --without-rsync \ ac_cv_path_PERL=${bindir}/perl \ " + +# Create 't/include.ac' before starting the autoreconf to fix configure +# error: configure.ac:302: file 't/include.ac' does not exist +do_configure_prepend(){ + saved_dir=`pwd` + cd ${S}; ./autogen.sh + cd ${saved_dir} +} -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] libsmi: rdepends on wget and set WGET as target path
From: Wenzong Fan* /usr/bin/smicache requires wget: + WGET=/usr/bin/wget * Set the WGET as target path to avoid host contamination. Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb index b049067..b537ce6 100644 --- a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb +++ b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb @@ -12,9 +12,11 @@ SRC_URI = "https://www.ibr.cs.tu-bs.de/projects/${BPN}/download/${BP}.tar.gz \ SRC_URI[md5sum] = "4bf47483c06c9f07d1b10fbc74eddf11" SRC_URI[sha256sum] = "f21accdadb1bb328ea3f8a13fc34d715baac6e2db66065898346322c725754d3" +RDEPENDS_${PN} += "wget" + inherit autotools -EXTRA_OECONF = "ac_cv_path_SH=${base_bindir}/sh" +EXTRA_OECONF = "ac_cv_path_SH=${base_bindir}/sh ac_cv_path_WGET=${bindir}/wget" do_install_append () { install -d ${D}${sysconfdir} -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] mariadb: replace the CC with CC_VERSION and CXX with CXX_VERSION
From: Yue Taomysqlbug.sh is a bug report script. It makes a report with the build information, including gcc version. The CC is the local path of gcc, which is useless for bug report, and the path may expose private information, so change it to CC_VERSION. Signed-off-by: Yue Tao Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/mysql/mariadb.inc | 1 + .../mysql/mariadb/change-cc-to-cc-version.patch| 26 ++ 2 files changed, 27 insertions(+) create mode 100644 meta-oe/recipes-support/mysql/mariadb/change-cc-to-cc-version.patch diff --git a/meta-oe/recipes-support/mysql/mariadb.inc b/meta-oe/recipes-support/mysql/mariadb.inc index 73905b6..9d91aec 100644 --- a/meta-oe/recipes-support/mysql/mariadb.inc +++ b/meta-oe/recipes-support/mysql/mariadb.inc @@ -15,6 +15,7 @@ SRC_URI = "http://archive.mariadb.org/mariadb-${PV}/source/mariadb-${PV}.tar.gz file://mysql-systemd-start \ file://configure.cmake-fix-valgrind.patch \ file://fix-a-building-failure.patch \ + file://change-cc-to-cc-version.patch \ " SRC_URI[md5sum] = "5cfb169934170a429589e05f0f5aba9c" diff --git a/meta-oe/recipes-support/mysql/mariadb/change-cc-to-cc-version.patch b/meta-oe/recipes-support/mysql/mariadb/change-cc-to-cc-version.patch new file mode 100644 index 000..02bda24 --- /dev/null +++ b/meta-oe/recipes-support/mysql/mariadb/change-cc-to-cc-version.patch @@ -0,0 +1,26 @@ +mariadb: replace the CC with CC_VERSION and CXX with CXX_VERSION + +mysqlbug.sh is a bug report script. It makes a report with the build information, +including gcc version. The CC is the local path of gcc, which is useless for bug +report, and the path may expose private information, so change it to CC_VERSION. + +Upstream-Status: Pending + +Signed-off-by: Yue Tao +Signed-off-by: Wenzong Fan + +diff --git a/scripts/mysqlbug.sh.old b/scripts/mysqlbug.sh +index e9df210..d4b8d53 100644 +--- a/scripts/mysqlbug.sh.old b/scripts/mysqlbug.sh +@@ -24,8 +24,8 @@ VERSION="@VERSION@@MYSQL_SERVER_SUFFIX@" + COMPILATION_COMMENT="@COMPILATION_COMMENT@" + BUGmysql="maria-develop...@lists.launchpad.net" + # This is set by configure +-COMP_CALL_INFO="CC='@SAVE_CC@' CFLAGS='@SAVE_CFLAGS@' CXX='@SAVE_CXX@' CXXFLAGS='@SAVE_CXXFLAGS@' LDFLAGS='@SAVE_LDFLAGS@' ASFLAGS='@SAVE_ASFLAGS@'" +-COMP_RUN_INFO="CC='@CC@' CFLAGS='@CFLAGS@' CXX='@CXX@' CXXFLAGS='@CXXFLAGS@' LDFLAGS='@LDFLAGS@' ASFLAGS='@ASFLAGS@'" ++COMP_CALL_INFO="CC='@CC_VERSION@' CFLAGS='@SAVE_CFLAGS@' CXX='@CXX_VERSION@' CXXFLAGS='@SAVE_CXXFLAGS@' LDFLAGS='@SAVE_LDFLAGS@' ASFLAGS='@SAVE_ASFLAGS@'" ++COMP_RUN_INFO="CC='@CC_VERSION@' CFLAGS='@CFLAGS@' CXX='@CXX_VERSION@' CXXFLAGS='@CXXFLAGS@' LDFLAGS='@LDFLAGS@' ASFLAGS='@ASFLAGS@'" + CONFIGURE_LINE="@CONF_COMMAND@" + + LIBC_INFO="" -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-webserver][PATCH] webmin: Set PERLLIB to runtime path
From: Yue TaoThis fixes: # on target $ grep PERLLIB /etc/webmin/start PERLLIB=/path/to/builddir/.../webmin/1.801-r0/image/usr/libexec/webmin Signed-off-by: Yue Tao Signed-off-by: Wenzong Fan --- meta-webserver/recipes-webadmin/webmin/files/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-webserver/recipes-webadmin/webmin/files/setup.sh b/meta-webserver/recipes-webadmin/webmin/files/setup.sh index 8d24f92..64e6c9d 100755 --- a/meta-webserver/recipes-webadmin/webmin/files/setup.sh +++ b/meta-webserver/recipes-webadmin/webmin/files/setup.sh @@ -18,7 +18,7 @@ ver=`cat "$wadir/version"` cd "$wadir" # Work out perl library path -PERLLIB=$wadir +PERLLIB=$wadir_runtime # Validate source directory allmods=`cd "$wadir"; echo */module.info | sed -e 's/\/module.info//g'` -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] rsyslog: upgrade to 7.6.7
From: Wenzong Fan* fix CVEs CVE-2014-3634, CVE-2014-3683 * rebase the patch use-pkgconfig-to-check-libgcrypt.patch * backport fixes for build error: lexer.l:34:14: error: expected identifier or '(' before '__extension__' * replace the old configure option '--enable-cached-man-pages' with '--disable-generate-man-pages' Signed-off-by: Wenzong Fan --- ...include-config.h-before-any-other-headers.patch | 51 ++ .../rsyslog/use-pkgconfig-to-check-libgcrypt.patch | 25 +-- .../rsyslog/{rsyslog_7.6.1.bb => rsyslog_7.6.7.bb} | 7 +-- 3 files changed, 66 insertions(+), 17 deletions(-) create mode 100644 meta-oe/recipes-extended/rsyslog/rsyslog/bugfix-include-config.h-before-any-other-headers.patch rename meta-oe/recipes-extended/rsyslog/{rsyslog_7.6.1.bb => rsyslog_7.6.7.bb} (96%) diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/bugfix-include-config.h-before-any-other-headers.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/bugfix-include-config.h-before-any-other-headers.patch new file mode 100644 index 000..1048b42 --- /dev/null +++ b/meta-oe/recipes-extended/rsyslog/rsyslog/bugfix-include-config.h-before-any-other-headers.patch @@ -0,0 +1,51 @@ +Backport below commit for fixing: + +lexer.l:34:14: error: expected identifier or '(' before '__extension__' + +From 876bdd1c85353f7e254f4b4c3e228484860cea57 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Mon, 17 Nov 2014 20:53:22 +0100 +Subject: [PATCH] bugfix: include config.h before any other headers + +For some reason, flex used to prepend several standard headers before +config.h. This prevented some conditional extension in these headers +from being defined. + +The explicit prototype for strdup() shouldn't be required anymore as +it should be provided by string.h. + +Upstream-Status: Backport +--- + grammar/lexer.l | 7 +-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grammar/lexer.l b/grammar/lexer.l +index 359cf9f..c834ef7 100644 +--- a/grammar/lexer.l b/grammar/lexer.l +@@ -28,10 +28,12 @@ + * limitations under the License. + */ + +-%{ ++%top{ + #include "config.h" ++} ++ ++%{ + #include "parserif.h" +-extern char *strdup(__const char*); /* somehow we may not get this from string.h... */ + %} + + %option noyywrap nodefault case-insensitive yylineno +@@ -67,6 +69,7 @@ extern char *strdup(__const char*); /* somehow we may not get this from string.h + #include + #include + #include ++#include + #include + #include + #include "rainerscript.h" +-- +2.7.4 + diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch index ebc1070..46eddd6 100644 --- a/meta-oe/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch +++ b/meta-oe/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch @@ -9,34 +9,31 @@ libgcrypt does no longer provide libgcrypt-config, and provide *.pc, so we should use pkgconfig to check Signed-off-by: Roy Li +Signed-off-by: Wenzong Fan --- - configure.ac | 19 +-- - 1 file changed, 1 insertion(+), 18 deletions(-) + configure.ac | 15 +-- + 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/configure.ac b/configure.ac -index 017116e..1b880f8 100644 +index 0f31869..d35db42 100644 --- a/configure.ac +++ b/configure.ac -@@ -784,24 +784,7 @@ AC_ARG_ENABLE(libgcrypt, +@@ -777,20 +777,7 @@ AC_ARG_ENABLE(libgcrypt, [enable_libgcrypt=yes] ) if test "x$enable_libgcrypt" = "xyes"; then --AC_CHECK_PROG( -- [HAVE_LIBGCRYPT_CONFIG], --[libgcrypt-config], --[yes],,, --) --if test "x${HAVE_LIBGCRYPT_CONFIG}" != "xyes"; then +- AC_PATH_PROG([LIBGCRYPT_CONFIG],[libgcrypt-config],[no]) +-if test "x${LIBGCRYPT_CONFIG}" = "xno"; then - AC_MSG_FAILURE([libgcrypt-config not found in PATH]) -fi -AC_CHECK_LIB( - [gcrypt], - [gcry_cipher_open], -- [LIBGCRYPT_CFLAGS="`libgcrypt-config --cflags`" -- LIBGCRYPT_LIBS="`libgcrypt-config --libs`" +- [LIBGCRYPT_CFLAGS="`${LIBGCRYPT_CONFIG} --cflags`" +- LIBGCRYPT_LIBS="`${LIBGCRYPT_CONFIG} --libs`" - ], - [AC_MSG_FAILURE([libgcrypt is missing])], -- [`libgcrypt-config --libs --cflags`] +- [`${LIBGCRYPT_CONFIG} --libs --cflags`] - ) - AC_DEFINE([ENABLE_LIBGCRYPT], [1], [Indicator that LIBGCRYPT is present]) + PKG_CHECK_MODULES(LIBGCRYPT, libgcrypt) @@ -44,5 +41,5 @@ index 017116e..1b880f8 100644 AM_CONDITIONAL(ENABLE_LIBGCRYPT, test x$enable_libgcrypt = xyes) AC_SUBST(LIBGCRYPT_CFLAGS) -- -1.7.9.5 +2.8.1 diff
[oe] [meta-oe][PATCH] openldap: fix CVE-2015-3276
From: Li Wangthe patch comes from: https://bugzilla.redhat.com/show_bug.cgi?id=1238322 https://bugzilla.redhat.com/attachment.cgi?id=1055640 The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. Signed-off-by: Li Wang Signed-off-by: Wenzong Fan --- .../openldap/openldap/openldap-CVE-2015-3276.patch | 59 ++ .../recipes-support/openldap/openldap_2.4.44.bb| 1 + 2 files changed, 60 insertions(+) create mode 100644 meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch b/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch new file mode 100644 index 000..de9ca52 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch @@ -0,0 +1,59 @@ +openldap CVE-2015-3276 + +the patch comes from: +https://bugzilla.redhat.com/show_bug.cgi?id=1238322 +https://bugzilla.redhat.com/attachment.cgi?id=1055640 + +The nss_parse_ciphers function in libraries/libldap/tls_m.c in +OpenLDAP does not properly parse OpenSSL-style multi-keyword mode +cipher strings, which might cause a weaker than intended cipher to +be used and allow remote attackers to have unspecified impact via +unknown vectors. + +Signed-off-by: Li Wang +--- + libraries/libldap/tls_m.c | 27 --- + 1 file changed, 16 insertions(+), 11 deletions(-) + +diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c +index 9b101f9..e6f3051 100644 +--- a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c +@@ -621,18 +621,23 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum]) +*/ + if (mask || strength || protocol) { + for (i=0; i
[oe] [meta-networking][PATCH] mbedtls: upgrade to 1.3.17
From: Wenzong Fan* fix CVE: CVE-2015-8036 Signed-off-by: Wenzong Fan --- .../mbedtls/{mbedtls_1.3.10.bb => mbedtls_1.3.17.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_1.3.10.bb => mbedtls_1.3.17.bb} (91%) diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_1.3.10.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_1.3.17.bb similarity index 91% rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_1.3.10.bb rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_1.3.17.bb index d5c7afe..fcfec69 100644 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_1.3.10.bb +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_1.3.17.bb @@ -25,8 +25,8 @@ SECTION = "libdevel" SRC_URI = "https://tls.mbed.org/download/mbedtls-${PV}-gpl.tgz; -SRC_URI[md5sum] = "19ebbc96feceb430ad958dfe89cb633f" -SRC_URI[sha256sum] = "746fd88e0c6623691fc56c4eed52e40a57b2da0ac80f6dd8995094aa6adb407e" +SRC_URI[md5sum] = "a6ed92fc377ef60f7c24d42b900e0dad" +SRC_URI[sha256sum] = "f5beb43e850283915e3e0f8d37495eade3bfb5beedfb61e7b8da70d4c68edb82" DEPENDS = "openssl" RDEPENDS_${PN} += "libcrypto" -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] krb5: upgrade to 1.13.6
From: Wenzong Fan* fix CVEs: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 * update LIC_FILES_CHKSUM, only Copyright changed in NOTICE file: -Copyright (C) 1985-2015 by the Massachusetts Institute of Technology. +Copyright (C) 1985-2016 by the Massachusetts Institute of Technology. * remove useless functions: krb5_do_unpack(), do_unpack() * remove patches that included by new release: - 0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch - Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch - Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch - Fix-build_principal-memory-bug-CVE-2015-2697.patch - Fix-IAKERB-context-export-import-CVE-2015-2698.patch - krb5-CVE-2016-3119.patch - krb5-CVE-2016-3120.patch Signed-off-by: Wenzong Fan --- ...-around-uninitialized-warning-in-cc_kcm.c.patch | 37 -- ...AKERB-context-aliasing-bugs-CVE-2015-2696.patch | 739 - ...AKERB-context-export-import-CVE-2015-2698.patch | 134 ...PNEGO-context-aliasing-bugs-CVE-2015-2695.patch | 572 ...-build_principal-memory-bug-CVE-2015-2697.patch | 58 -- .../krb5/krb5/krb5-CVE-2016-3119.patch | 36 - .../krb5/krb5/krb5-CVE-2016-3120.patch | 63 -- .../krb5/{krb5_1.13.2.bb => krb5_1.13.6.bb}| 25 +- 8 files changed, 4 insertions(+), 1660 deletions(-) delete mode 100644 meta-oe/recipes-connectivity/krb5/krb5/0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch delete mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch delete mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-export-import-CVE-2015-2698.patch delete mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch delete mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-build_principal-memory-bug-CVE-2015-2697.patch delete mode 100644 meta-oe/recipes-connectivity/krb5/krb5/krb5-CVE-2016-3119.patch delete mode 100644 meta-oe/recipes-connectivity/krb5/krb5/krb5-CVE-2016-3120.patch rename meta-oe/recipes-connectivity/krb5/{krb5_1.13.2.bb => krb5_1.13.6.bb} (79%) diff --git a/meta-oe/recipes-connectivity/krb5/krb5/0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch b/meta-oe/recipes-connectivity/krb5/krb5/0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch deleted file mode 100644 index c6731a9..000 --- a/meta-oe/recipes-connectivity/krb5/krb5/0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f1b681a44d28946e6d8fc0080f3efe94228d7dfe Mon Sep 17 00:00:00 2001 -From: Tom Yu -Date: Wed, 6 Jan 2016 15:24:16 -0500 -Subject: [PATCH] Work around uninitialized warning in cc_kcm.c - -Some versions of clang erroneously detect use of an uninitialized -variable reply_len in kcmio_call() when building on non-Mac platforms. -Initialize it to work around this warning. - -(cherry picked from commit 40b007c0d8e2a12c6f4205ac111dee731c9d970c) - -ticket: 8335 -version_fixed: 1.13.4 -tags: -pullup -status: resolved - -Upstream-Status: backport - src/lib/krb5/ccache/cc_kcm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/krb5/ccache/cc_kcm.c b/src/lib/krb5/ccache/cc_kcm.c -index b763ea4..6337b57 100644 a/src/lib/krb5/ccache/cc_kcm.c -+++ b/src/lib/krb5/ccache/cc_kcm.c -@@ -377,7 +377,7 @@ static krb5_error_code - kcmio_call(krb5_context context, struct kcmio *io, struct kcmreq *req) - { - krb5_error_code ret; --size_t reply_len; -+size_t reply_len = 0; - - if (k5_buf_status(>reqbuf) != 0) - return ENOMEM; --- -2.8.2 - diff --git a/meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch b/meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch deleted file mode 100644 index b771b41..000 --- a/meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch +++ /dev/null @@ -1,739 +0,0 @@ -From f6e57c402688f4bc386d1a39512657a30f0bafd3 Mon Sep 17 00:00:00 2001 -From: Nicolas Williams -Date: Mon, 14 Sep 2015 12:28:36 -0400 -Subject: [PATCH 2/4] Fix IAKERB context aliasing bugs [CVE-2015-2696] - -The IAKERB mechanism currently replaces its context handle with the -krb5 mechanism handle upon establishment, under the assumption that -most GSS functions are only called after context establishment. This -assumption is incorrect, and can lead to aliasing violations for some -programs. Maintain the IAKERB context structure after context -establishment and add new IAKERB entry points to refer to it with that -type. Add initiate and established flags to the IAKERB context -structure for use in gss_inquire_context() prior to context -establishment. - -CVE-2015-2696: - -In MIT krb5 1.9 and later, applications which call -gss_inquire_context() on a
[oe] [PATCH][meta-networking] traceroute: update to 2.1.0
From: Wenzong FanSigned-off-by: Wenzong Fan --- .../traceroute/{traceroute_2.0.21.bb => traceroute_2.1.0.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/traceroute/{traceroute_2.0.21.bb => traceroute_2.1.0.bb} (91%) diff --git a/meta-networking/recipes-support/traceroute/traceroute_2.0.21.bb b/meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb similarity index 91% rename from meta-networking/recipes-support/traceroute/traceroute_2.0.21.bb rename to meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb index 09da1ef..48a0c12 100644 --- a/meta-networking/recipes-support/traceroute/traceroute_2.0.21.bb +++ b/meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb @@ -17,8 +17,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/traceroute/traceroute/${BP}/${BP}.tar.gz \ file://filter-out-the-patches-from-subdirs.patch \ " -SRC_URI[md5sum] = "79289adabd6f3ebf9160fc0815ab3150" -SRC_URI[sha256sum] = "f7ac93ef30b13a587292b8d6a7e2538a65bc978a3a576eab238c392b884e96e0" +SRC_URI[md5sum] = "84d329d67abc3fb83fc8cb12aeaddaba" +SRC_URI[sha256sum] = "3669d22a34d3f38ed50caba18cd525ba55c5c00d5465f2d20d7472e5d81603b6" EXTRA_OEMAKE = "VPATH=${STAGING_LIBDIR}" -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1 v2] krb5: add systemd support
From: Wenzong FanSigned-off-by: Wenzong Fan --- .../krb5/krb5/krb5-admin-server.service| 14 +++ .../krb5/krb5/krb5-kdc.service | 13 ++ meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 29 +++--- 3 files changed, 47 insertions(+), 9 deletions(-) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service diff --git a/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service b/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service new file mode 100644 index 000..1b42716 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service @@ -0,0 +1,14 @@ +[Unit] +Description=MIT Kerberos KDC administrative daemon +After=syslog.target network.target +ConditionPathExists=/etc/krb5.conf + +[Service] +Type=forking +ExecStartPre=/bin/sh -c "test ! -f /var/log/kadmind.log || test ! -x /sbin/restorecon || /sbin/restorecon -F /var/log/kadmind.log" +ExecStart=/usr/sbin/kadmind +SuccessExitStatus=1 2 SIGKILL +TimeoutStopSec=30 + +[Install] +WantedBy=multi-user.target diff --git a/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service b/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service new file mode 100644 index 000..d5e5a95 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service @@ -0,0 +1,13 @@ +[Unit] +Description=MIT Kerberos KDC +After=syslog.target network.target +ConditionPathExists=/etc/krb5.conf + +[Service] +Type=forking +ExecStart=/usr/sbin/krb5kdc +SuccessExitStatus=1 2 SIGKILL +TimeoutStopSec=30 + +[Install] +WantedBy=multi-user.target diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb index 0c566cb..500e194 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb @@ -17,7 +17,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=f64248328d2d9928e1f04158b5243e7f" DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native" -inherit autotools-brokensep binconfig perlnative +inherit autotools-brokensep binconfig perlnative systemd SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar \ @@ -32,6 +32,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar file://etc/init.d/krb5-admin-server \ file://etc/default/krb5-kdc \ file://etc/default/krb5-admin-server \ + file://krb5-kdc.service \ + file://krb5-admin-server.service \ file://krb5-CVE-2016-3119.patch;striplevel=2 \ file://0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch;striplevel=2 \ " @@ -40,6 +42,9 @@ SRC_URI[sha256sum] = "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3 S = "${WORKDIR}/${BP}/src" +SYSTEMD_SERVICE_${PN} = "krb5-admin-server.service krb5-kdc.service" +SYSTEMD_AUTO_ENABLE = "disable" + PACKAGECONFIG ??= "openssl" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" PACKAGECONFIG[openssl] = "--with-pkinit-crypto-impl=openssl,,openssl" @@ -79,20 +84,26 @@ do_configure() { } do_install_append() { -mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default -install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d -install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default - rm -rf ${D}/${localstatedir}/run -mkdir -p ${D}/${sysconfdir}/default/volatiles -echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \ - > ${D}${sysconfdir}/default/volatiles/87_krb5 + +if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then +mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default +install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d +install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default + +mkdir -p ${D}/${sysconfdir}/default/volatiles +echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \ + > ${D}${sysconfdir}/default/volatiles/87_krb5 +fi if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/tmpfiles.d echo "d /run/krb5kdc - - - -" \ > ${D}${sysconfdir}/tmpfiles.d/krb5.conf -fi +install -d ${D}${systemd_system_unitdir} +install -m 0644 ${WORKDIR}/krb5-admin-server.service ${D}${systemd_system_unitdir} +install -m 0644 ${WORKDIR}/krb5-kdc.service ${D}${systemd_system_unitdir} +fi } pkg_postinst_${PN} () { -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org
[oe] [PATCH 0/1 v2] krb5: add systemd support
From: Wenzong FanV2 changes: * replace base_contains with bb.utils.contains * replace ${systemd_unitdir}/system with ${systemd_system_unitdir} The changes tested on master branch. The following changes since commit 9cd117a5dc5f26133a855d1cc3bf9604ae178685: chrony: Versatile implementation of NTP (2016-06-16 13:28:16 -0400) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/krb5-systemd http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/krb5-systemd Wenzong Fan (1): krb5: add systemd support .../krb5/krb5/krb5-admin-server.service| 14 +++ .../krb5/krb5/krb5-kdc.service | 13 ++ meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 29 +++--- 3 files changed, 47 insertions(+), 9 deletions(-) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] krb5: add systemd support
From: Wenzong FanSigned-off-by: Wenzong Fan --- .../krb5/krb5/krb5-admin-server.service| 14 +++ .../krb5/krb5/krb5-kdc.service | 13 ++ meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 29 +++--- 3 files changed, 47 insertions(+), 9 deletions(-) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service diff --git a/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service b/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service new file mode 100644 index 000..1b42716 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service @@ -0,0 +1,14 @@ +[Unit] +Description=MIT Kerberos KDC administrative daemon +After=syslog.target network.target +ConditionPathExists=/etc/krb5.conf + +[Service] +Type=forking +ExecStartPre=/bin/sh -c "test ! -f /var/log/kadmind.log || test ! -x /sbin/restorecon || /sbin/restorecon -F /var/log/kadmind.log" +ExecStart=/usr/sbin/kadmind +SuccessExitStatus=1 2 SIGKILL +TimeoutStopSec=30 + +[Install] +WantedBy=multi-user.target diff --git a/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service b/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service new file mode 100644 index 000..d5e5a95 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service @@ -0,0 +1,13 @@ +[Unit] +Description=MIT Kerberos KDC +After=syslog.target network.target +ConditionPathExists=/etc/krb5.conf + +[Service] +Type=forking +ExecStart=/usr/sbin/krb5kdc +SuccessExitStatus=1 2 SIGKILL +TimeoutStopSec=30 + +[Install] +WantedBy=multi-user.target diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb index 0c566cb..d60e332 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb @@ -17,7 +17,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=f64248328d2d9928e1f04158b5243e7f" DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native" -inherit autotools-brokensep binconfig perlnative +inherit autotools-brokensep binconfig perlnative systemd SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar \ @@ -32,6 +32,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar file://etc/init.d/krb5-admin-server \ file://etc/default/krb5-kdc \ file://etc/default/krb5-admin-server \ + file://krb5-kdc.service \ + file://krb5-admin-server.service \ file://krb5-CVE-2016-3119.patch;striplevel=2 \ file://0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch;striplevel=2 \ " @@ -40,6 +42,9 @@ SRC_URI[sha256sum] = "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3 S = "${WORKDIR}/${BP}/src" +SYSTEMD_SERVICE_${PN} = "krb5-admin-server.service krb5-kdc.service" +SYSTEMD_AUTO_ENABLE = "disable" + PACKAGECONFIG ??= "openssl" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" PACKAGECONFIG[openssl] = "--with-pkinit-crypto-impl=openssl,,openssl" @@ -79,20 +84,26 @@ do_configure() { } do_install_append() { -mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default -install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d -install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default - rm -rf ${D}/${localstatedir}/run -mkdir -p ${D}/${sysconfdir}/default/volatiles -echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \ - > ${D}${sysconfdir}/default/volatiles/87_krb5 + +if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then +mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default +install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d +install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default + +mkdir -p ${D}/${sysconfdir}/default/volatiles +echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \ + > ${D}${sysconfdir}/default/volatiles/87_krb5 +fi if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/tmpfiles.d echo "d /run/krb5kdc - - - -" \ > ${D}${sysconfdir}/tmpfiles.d/krb5.conf -fi +install -d ${D}${systemd_unitdir}/system +install -m 0644 ${WORKDIR}/krb5-admin-server.service ${D}${systemd_unitdir}/system +install -m 0644 ${WORKDIR}/krb5-kdc.service ${D}${systemd_unitdir}/system +fi } pkg_postinst_${PN} () { -- 2.8.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org
[oe] [PATCH][meta-networking] samba: add PACKAGECONFIG for valgrind
From: Wenzong Fan* Add configure options '--without-valgrind' * Disable valgrind by default since it doesn't build for all targets This fixes build errors: ../source3/include/includes.h:156:31: fatal error: \ valgrind/memcheck.h: No such file or directory compilation terminated. Signed-off-by: Wenzong Fan --- .../21-add-config-option-without-valgrind.patch| 63 ++ .../recipes-connectivity/samba/samba_4.1.12.bb | 2 + 2 files changed, 65 insertions(+) create mode 100644 meta-networking/recipes-connectivity/samba/samba-4.1.12/21-add-config-option-without-valgrind.patch diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/21-add-config-option-without-valgrind.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/21-add-config-option-without-valgrind.patch new file mode 100644 index 000..025ac27 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba-4.1.12/21-add-config-option-without-valgrind.patch @@ -0,0 +1,63 @@ +From 9a2d6315ff206b2a47100dfd85afe3af56576995 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan +Date: Thu, 10 Dec 2015 04:20:51 -0500 +Subject: [PATCH] Add config option without-valgrind + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan +--- + lib/replace/wscript | 4 +++- + source3/wscript | 5 - + wscript | 4 + 3 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/lib/replace/wscript b/lib/replace/wscript +index f0040b1..aca73af 100644 +--- a/lib/replace/wscript b/lib/replace/wscript +@@ -101,7 +101,9 @@ struct foo bar = { .y = 'X', .x = 1 }; + + conf.CHECK_CODE('', headers='rpc/rpc.h rpcsvc/yp_prot.h', define='HAVE_RPCSVC_YP_PROT_H') + +-conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h') ++if not Options.options.disable_valgrind: ++conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h') ++ + conf.CHECK_HEADERS('nss_common.h nsswitch.h ns_api.h') + conf.CHECK_HEADERS('sys/extattr.h sys/ea.h sys/proplist.h sys/cdefs.h') + conf.CHECK_HEADERS('utmp.h utmpx.h lastlog.h malloc.h') +diff --git a/source3/wscript b/source3/wscript +index bac3dd5..a5c51ea 100644 +--- a/source3/wscript b/source3/wscript +@@ -1016,7 +1016,10 @@ syscall(SYS_setgroups32, 0, NULL); + Logs.warn("--with-dnsupdate=yes but gssapi support not sufficient") + else: + conf.DEFINE('WITH_DNS_UPDATES', 1) +-conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h') ++ ++if not Options.options.disable_valgrind: ++conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h') ++ + if Options.options.developer: + if conf.CONFIG_SET('HAVE_VALGRIND_H') or conf.CONFIG_SET('HAVE_VALGRIND_VALGRIND_H'): + conf.DEFINE('VALGRIND', '1') +diff --git a/wscript b/wscript +index 7679c0f..681ac17 100644 +--- a/wscript b/wscript +@@ -72,6 +72,10 @@ def set_options(opt): +help=("Disable systemd integration"), +action='store_false', dest='enable_systemd') + ++opt.add_option('--without-valgrind', ++ help=("Disable use of the valgrind headers"), ++ action="store_true", dest='disable_valgrind', default=False) ++ + gr = opt.option_group('developer options') + + opt.tool_options('python') # options for disabling pyc or pyo compilation +-- +1.9.1 + diff --git a/meta-networking/recipes-connectivity/samba/samba_4.1.12.bb b/meta-networking/recipes-connectivity/samba/samba_4.1.12.bb index cb29ab9..5925a92 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.1.12.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.1.12.bb @@ -33,6 +33,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://18-avoid-get-config-by-native-ncurses.patch \ file://19-systemd-daemon-is-contained-by-libsystemd.patch \ file://20-do-not-import-target-module-while-cross-compile.patch \ + file://21-add-config-option-without-valgrind.patch \ " SRC_URI[md5sum] = "232016d7581a1ba11e991ec2674553c4" @@ -65,6 +66,7 @@ PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd" PACKAGECONFIG[dmapi] = "--with-dmapi,--without-dmapi,dmapi" PACKAGECONFIG[zeroconf] = "--enable-avahi,--disable-avahi,avahi" +PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind," SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2" SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org
[oe] [PATCH][meta-python] python-pygpgme: add ptest support
From: Wenzong Fan* add ptest support * runtime depends on gnupg Signed-off-by: Wenzong Fan --- .../recipes-devtools/python/python-pygpgme/run-ptest| 3 +++ meta-python/recipes-devtools/python/python-pygpgme_0.3.bb | 13 +++-- 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 meta-python/recipes-devtools/python/python-pygpgme/run-ptest diff --git a/meta-python/recipes-devtools/python/python-pygpgme/run-ptest b/meta-python/recipes-devtools/python/python-pygpgme/run-ptest new file mode 100644 index 000..ac867e2 --- /dev/null +++ b/meta-python/recipes-devtools/python/python-pygpgme/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +GPG_AGENT_INFO= python test_all.py -v diff --git a/meta-python/recipes-devtools/python/python-pygpgme_0.3.bb b/meta-python/recipes-devtools/python/python-pygpgme_0.3.bb index f06c344..39a7ada 100644 --- a/meta-python/recipes-devtools/python/python-pygpgme_0.3.bb +++ b/meta-python/recipes-devtools/python/python-pygpgme_0.3.bb @@ -7,12 +7,21 @@ SECTION = "devel/python" LICENSE = "LGPL-2.1" LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=6517bdc8f2416f27ab725d4702f7aac3" -SRC_URI = "https://pypi.python.org/packages/source/p/pygpgme/pygpgme-${PV}.tar.gz; +SRC_URI = "https://pypi.python.org/packages/source/p/pygpgme/pygpgme-${PV}.tar.gz \ + file://run-ptest \ + " + SRC_URI[md5sum] = "d38355af73f0352cde3d410b25f34fd0" SRC_URI[sha256sum] = "5fd887c407015296a8fd3f4b867fe0fcca3179de97ccde90449853a3dfb802e1" S = "${WORKDIR}/pygpgme-${PV}" DEPENDS += "gpgme" +RDEPENDS_${PN} += "gnupg" + +inherit setuptools ptest -inherit setuptools +do_install_ptest(){ +install ${S}/test_all.py ${D}${PTEST_PATH} +cp -r ${S}/tests ${D}${PTEST_PATH} +} -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/4][meta-oe] krb5: fix CVE-2015-2695
From: Wenzong Fanlib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d Signed-off-by: Wenzong Fan --- ...PNEGO-context-aliasing-bugs-CVE-2015-2695.patch | 572 + meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 1 + 2 files changed, 573 insertions(+) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch diff --git a/meta-oe/recipes-connectivity/krb5/krb5/Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch b/meta-oe/recipes-connectivity/krb5/krb5/Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch new file mode 100644 index 000..227e6c6 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch @@ -0,0 +1,572 @@ +From 884913e807414a1e06245918dea71243c5fdd0e6 Mon Sep 17 00:00:00 2001 +From: Nicolas Williams +Date: Mon, 14 Sep 2015 12:27:52 -0400 +Subject: [PATCH 1/4] Fix SPNEGO context aliasing bugs [CVE-2015-2695] + +The SPNEGO mechanism currently replaces its context handle with the +mechanism context handle upon establishment, under the assumption that +most GSS functions are only called after context establishment. This +assumption is incorrect, and can lead to aliasing violations for some +programs. Maintain the SPNEGO context structure after context +establishment and refer to it in all GSS methods. Add initiate and +opened flags to the SPNEGO context structure for use in +gss_inquire_context() prior to context establishment. + +CVE-2015-2695: + +In MIT krb5 1.5 and later, applications which call +gss_inquire_context() on a partially-established SPNEGO context can +cause the GSS-API library to read from a pointer using the wrong type, +generally causing a process crash. This bug may go unnoticed, because +the most common SPNEGO authentication scenario establishes the context +after just one call to gss_accept_sec_context(). Java server +applications using the native JGSS provider are vulnerable to this +bug. A carefully crafted SPNEGO packet might allow the +gss_inquire_context() call to succeed with attacker-determined +results, but applications should not make access control decisions +based on gss_inquire_context() results prior to context establishment. + +CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C + +[ghud...@mit.edu: several bugfixes, style changes, and edge-case +behavior changes; commit message and CVE description] + +ticket: 8244 +target_version: 1.14 +tags: pullup + +Backport upstream commit: +https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d + +Upstream-Status: Backport +--- + src/lib/gssapi/spnego/gssapiP_spnego.h | 2 + + src/lib/gssapi/spnego/spnego_mech.c| 254 - + 2 files changed, 192 insertions(+), 64 deletions(-) + +diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h +index bc23f56..8e05736 100644 +--- a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h +@@ -102,6 +102,8 @@ typedef struct { + int firstpass; + int mech_complete; + int nego_done; ++ int initiate; ++ int opened; + OM_uint32 ctx_flags; + gss_name_t internal_name; + gss_OID actual_mech; +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index f9248ab..3423f22 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +@@ -101,7 +101,7 @@ static OM_uint32 get_negotiable_mechs(OM_uint32 *, spnego_gss_cred_id_t, + gss_cred_usage_t, gss_OID_set *); + static void release_spnego_ctx(spnego_gss_ctx_id_t *); + static void check_spnego_options(spnego_gss_ctx_id_t); +-static spnego_gss_ctx_id_t create_spnego_ctx(void); ++static spnego_gss_ctx_id_t create_spnego_ctx(int); + static int put_mech_set(gss_OID_set mechSet, gss_buffer_t buf); + static int put_input_token(unsigned char **, gss_buffer_t, unsigned int); + static int put_mech_oid(unsigned char **, gss_OID_const, unsigned int); +@@ -439,7 +439,7 @@ check_spnego_options(spnego_gss_ctx_id_t spnego_ctx) + } + + static spnego_gss_ctx_id_t +-create_spnego_ctx(void) ++create_spnego_ctx(int initiate) + { + spnego_gss_ctx_id_t spnego_ctx = NULL; + spnego_ctx = (spnego_gss_ctx_id_t) +@@ -462,6 +462,8 @@ create_spnego_ctx(void) + spnego_ctx->mic_rcvd = 0; + spnego_ctx->mech_complete = 0; + spnego_ctx->nego_done = 0; ++ spnego_ctx->opened = 0; ++
[oe] [PATCH 4/4][meta-oe] krb5: fix CVE-2015-2698
From: Wenzong FanThe iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd Signed-off-by: Wenzong Fan --- ...AKERB-context-export-import-CVE-2015-2698.patch | 134 + meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 1 + 2 files changed, 135 insertions(+) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-export-import-CVE-2015-2698.patch diff --git a/meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-export-import-CVE-2015-2698.patch b/meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-export-import-CVE-2015-2698.patch new file mode 100644 index 000..2f45d30 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-export-import-CVE-2015-2698.patch @@ -0,0 +1,134 @@ +From aa769c8c6905d1abfac66d4d1b0fc73740ccbe7d Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Sat, 14 Nov 2015 02:47:04 -0500 +Subject: [PATCH 4/4] Fix IAKERB context export/import [CVE-2015-2698] + +The patches for CVE-2015-2696 contained a regression in the newly +added IAKERB iakerb_gss_export_sec_context() function, which could +cause it to corrupt memory. Fix the regression by properly +dereferencing the context_handle pointer before casting it. + +Also, the patches did not implement an IAKERB gss_import_sec_context() +function, under the erroneous belief that an exported IAKERB context +would be tagged as a krb5 context. Implement it now to allow IAKERB +contexts to be successfully exported and imported after establishment. + +CVE-2015-2698: + +In any MIT krb5 release with the patches for CVE-2015-2696 applied, an +application which calls gss_export_sec_context() may experience memory +corruption if the context was established using the IAKERB mechanism. +Historically, some vulnerabilities of this nature can be translated +into remote code execution, though the necessary exploits must be +tailored to the individual application and are usually quite +complicated. + +CVSSv2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C + +ticket: 8273 (new) +target_version: 1.14 +tags: pullup + +Backport upstream commit: +https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd + +Upstream-Status: Backport +--- + src/lib/gssapi/krb5/gssapiP_krb5.h | 5 + + src/lib/gssapi/krb5/gssapi_krb5.c | 2 +- + src/lib/gssapi/krb5/iakerb.c | 42 +++--- + 3 files changed, 41 insertions(+), 8 deletions(-) + +diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h +index 05dc321..ac53662 100644 +--- a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h +@@ -1396,6 +1396,11 @@ OM_uint32 KRB5_CALLCONV + iakerb_gss_export_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t interprocess_token); ++ ++OM_uint32 KRB5_CALLCONV ++iakerb_gss_import_sec_context(OM_uint32 *minor_status, ++ const gss_buffer_t interprocess_token, ++ gss_ctx_id_t *context_handle); + #endif /* LEAN_CLIENT */ + + OM_uint32 KRB5_CALLCONV +diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c +index 9a23656..d7ba279 100644 +--- a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c +@@ -945,7 +945,7 @@ static struct gss_config iakerb_mechanism = { + NULL, + #else + iakerb_gss_export_sec_context, +-NULL, ++iakerb_gss_import_sec_context, + #endif + krb5_gss_inquire_cred_by_mech, + krb5_gss_inquire_names_for_mech, +diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c +index 4662bd9..48beaee 100644 +--- a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c +@@ -1061,7 +1061,7 @@ iakerb_gss_export_sec_context(OM_uint32 *minor_status, + gss_buffer_t interprocess_token) + { + OM_uint32 maj; +-iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle; ++iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)*context_handle; + + /* We don't currently support exporting partially established contexts. */ + if (!ctx->established) +@@ -1076,13 +1076,41 @@ iakerb_gss_export_sec_context(OM_uint32 *minor_status, + return maj; + } + +-/* +- * Until we implement partial context exports, there are no SPNEGO exported +- *
[oe] [PATCH 3/4][meta-oe] krb5: fix CVE-2015-2697
From: Wenzong FanThe build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789 Signed-off-by: Wenzong Fan --- ...-build_principal-memory-bug-CVE-2015-2697.patch | 58 ++ meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-build_principal-memory-bug-CVE-2015-2697.patch diff --git a/meta-oe/recipes-connectivity/krb5/krb5/Fix-build_principal-memory-bug-CVE-2015-2697.patch b/meta-oe/recipes-connectivity/krb5/krb5/Fix-build_principal-memory-bug-CVE-2015-2697.patch new file mode 100644 index 000..9b0c18b --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/Fix-build_principal-memory-bug-CVE-2015-2697.patch @@ -0,0 +1,58 @@ +From 9cb63711e63042f22da914ba039c4537b22e8fb0 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Fri, 25 Sep 2015 12:51:47 -0400 +Subject: [PATCH 3/4] Fix build_principal memory bug [CVE-2015-2697] + +In build_principal_va(), use k5memdup0() instead of strdup() to make a +copy of the realm, to ensure that we allocate the correct number of +bytes and do not read past the end of the input string. This bug +affects krb5_build_principal(), krb5_build_principal_va(), and +krb5_build_principal_alloc_va(). krb5_build_principal_ext() is not +affected. + +CVE-2015-2697: + +In MIT krb5 1.7 and later, an authenticated attacker may be able to +cause a KDC to crash using a TGS request with a large realm field +beginning with a null byte. If the KDC attempts to find a referral to +answer the request, it constructs a principal name for lookup using +krb5_build_principal() with the requested realm. Due to a bug in this +function, the null byte causes only one byte be allocated for the +realm field of the constructed principal, far less than its length. +Subsequent operations on the lookup principal may cause a read beyond +the end of the mapped memory region, causing the KDC process to crash. + +CVSSv2: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C + +ticket: 8252 (new) +target_version: 1.14 +tags: pullup + +Backport upstream commit: +https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789 + +Upstream-Status: Backport +--- + src/lib/krb5/krb/bld_princ.c | 6 ++ + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c +index ab6fed8..8604268 100644 +--- a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c +@@ -40,10 +40,8 @@ build_principal_va(krb5_context context, krb5_principal princ, + data = malloc(size * sizeof(krb5_data)); + if (!data) { retval = ENOMEM; } + +-if (!retval) { +-r = strdup(realm); +-if (!r) { retval = ENOMEM; } +-} ++if (!retval) ++r = k5memdup0(realm, rlen, ); + + while (!retval && (component = va_arg(ap, char *))) { + if (count == size) { +-- +1.9.1 + diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb index 6c25d82..c6b873a 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb @@ -25,6 +25,7 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \ file://Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch;striplevel=2 \ file://Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch;striplevel=2 \ + file://Fix-build_principal-memory-bug-CVE-2015-2697.patch;striplevel=2 \ file://crosscompile_nm.patch \ file://etc/init.d/krb5-kdc \ file://etc/init.d/krb5-admin-server \ -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-webserver] phpmyadmin: fix CVE-2015-7873
From: Wenzong FanThe redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Backport upstream commit to fix it: https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 Signed-off-by: Wenzong Fan --- .../Port-content-spoofing-fix-CVE-2015-7873.patch | 48 ++ .../recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb | 1 + 2 files changed, 49 insertions(+) create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch new file mode 100644 index 000..1e6bcbd --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch @@ -0,0 +1,48 @@ +From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001 +From: Wenzong Fan +Date: Sat, 14 Nov 2015 02:01:54 -0500 +Subject: [PATCH] Port content spoofing fix + +Backport upstream commit for fixing CVE-2015-7873: + https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 + +Upstream-Status: Backport + +Signed-off-by: Marc Delisle +Signed-off-by: Wenzong Fan +--- + ChangeLog | 4 + url.php | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 4cb6708..96936c8 100644 +--- a/ChangeLog b/ChangeLog +@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog + - issue #11448 Clarify doc about the MemoryLimit directive + - issue #11489 Cannot copy a database under certain conditions + ++4.4.15.1 (2015-10-23) ++- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system ++- issue [security] Content spoofing on url.php ++ + 4.4.15.0 (not yet released) + - issue #11411 Undefined "replace" function on numeric scalar + - issue #11421 Stored-proc / routine - broken parameter parsing +diff --git a/url.php b/url.php +index eec78a5..9c4c884 100644 +--- a/url.php b/url.php +@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url']) + } + "; + // Display redirecting msg on screen. +-printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url'])); ++// Do not display the value of $_REQUEST['url'] to avoid showing injected content ++echo __('Taking you to the target site.'); + } + die(); +-- +1.9.1 + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb index e28b66a..9297d0c 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c" SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \ + file://Port-content-spoofing-fix-CVE-2015-7873.patch \ file://apache.conf" SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/4][meta-oe] krb5: fix CVEs
From: Wenzong FanFix CVEs: CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 The following changes since commit 721a2cabf352085d34dd14c22e71914d3429ca59: ntp: upgrade 4.2.8p3 -> 4.2.8p4 (2015-11-11 12:12:08 +0100) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/krb5-new http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/krb5-new Wenzong Fan (4): krb5: fix CVE-2015-2695 krb5: fix CVE-2015-2696 krb5: fix CVE-2015-2697 krb5: fix CVE-2015-2698 ...AKERB-context-aliasing-bugs-CVE-2015-2696.patch | 739 + ...AKERB-context-export-import-CVE-2015-2698.patch | 134 ...PNEGO-context-aliasing-bugs-CVE-2015-2695.patch | 572 ...-build_principal-memory-bug-CVE-2015-2697.patch | 58 ++ meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 4 + 5 files changed, 1507 insertions(+) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-IAKERB-context-export-import-CVE-2015-2698.patch create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/Fix-build_principal-memory-bug-CVE-2015-2697.patch -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-python] python-pygpgme: add python-pygpgme 0.3
From: Wenzong FanPyGPGME is a Python module that lets you sign, verify, encrypt and decrypt messages using the OpenPGP format. Signed-off-by: Wenzong Fan --- .../recipes-devtools/python/python-pygpgme_0.3.bb | 18 ++ 1 file changed, 18 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python-pygpgme_0.3.bb diff --git a/meta-python/recipes-devtools/python/python-pygpgme_0.3.bb b/meta-python/recipes-devtools/python/python-pygpgme_0.3.bb new file mode 100644 index 000..f06c344 --- /dev/null +++ b/meta-python/recipes-devtools/python/python-pygpgme_0.3.bb @@ -0,0 +1,18 @@ +SUMMARY = "A Python module for working with OpenPGP messages" +DESCRIPTION = "PyGPGME is a Python module that lets you sign, verify, \ + encrypt and decrypt messages using the OpenPGP format." +HOMEPAGE = "https://launchpad.net/pygpgme; +SECTION = "devel/python" + +LICENSE = "LGPL-2.1" +LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=6517bdc8f2416f27ab725d4702f7aac3" + +SRC_URI = "https://pypi.python.org/packages/source/p/pygpgme/pygpgme-${PV}.tar.gz; +SRC_URI[md5sum] = "d38355af73f0352cde3d410b25f34fd0" +SRC_URI[sha256sum] = "5fd887c407015296a8fd3f4b867fe0fcca3179de97ccde90449853a3dfb802e1" + +S = "${WORKDIR}/pygpgme-${PV}" + +DEPENDS += "gpgme" + +inherit setuptools -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] ypbind-mt: set path of ypdomainname in ypbind script
From: Jian LiuThe script ypbind will cause error if using ypdomainname command provided by busybox. So add RDEPENDCY on yp-tools and change the path of ypdomainname. Signed-off-by: Jian Liu Signed-off-by: Wenzong Fan --- meta-networking/recipes-support/nis/files/ypbind.init | 11 ++- meta-networking/recipes-support/nis/ypbind-mt_1.38.bb | 2 ++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/meta-networking/recipes-support/nis/files/ypbind.init b/meta-networking/recipes-support/nis/files/ypbind.init index 244dc78..669c19c 100644 --- a/meta-networking/recipes-support/nis/files/ypbind.init +++ b/meta-networking/recipes-support/nis/files/ypbind.init @@ -26,6 +26,7 @@ YPBIND_BIN=/usr/sbin/ypbind pidfile=/var/run/ypbind.pid +YPDOMAINNAME_bin=/usr/bin/ypdomainname [ -f /etc/default/ypbind ] && . /etc/default/ypbind @@ -34,14 +35,14 @@ case "$1" in echo -n "Starting ypbind" ## If the domainname is not set, skip starting of ypbind ## and return with "program not configured" -/bin/ypdomainname >/dev/null 2>&1 -if [ $? -ne 0 -o -z "`/bin/ypdomainname 2>/dev/null`" ]; then +$YPDOMAINNAME_bin >/dev/null 2>&1 +if [ $? -ne 0 -o -z "`$YPDOMAINNAME_bin 2>/dev/null`" ]; then if [ -f /etc/defaultdomain ]; then XDOMAINNAME=`cat /etc/defaultdomain` - /bin/ypdomainname "$XDOMAINNAME" + $YPDOMAINNAME_bin "$XDOMAINNAME" fi - /bin/ypdomainname >/dev/null 2>&1 - if [ $? -ne 0 -o -z "`/bin/ypdomainname 2>/dev/null`" ]; then + $YPDOMAINNAME_bin >/dev/null 2>&1 + if [ $? -ne 0 -o -z "`$YPDOMAINNAME_bin 2>/dev/null`" ]; then # Tell the user this has skipped echo -n " . . . . . . . . . . No domainname set" # service is not configured diff --git a/meta-networking/recipes-support/nis/ypbind-mt_1.38.bb b/meta-networking/recipes-support/nis/ypbind-mt_1.38.bb index 5702cd6..d113b82 100644 --- a/meta-networking/recipes-support/nis/ypbind-mt_1.38.bb +++ b/meta-networking/recipes-support/nis/ypbind-mt_1.38.bb @@ -21,6 +21,8 @@ DEPENDS = " \ yp-tools \ ${@base_contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \ " +RDEPENDS_${PN} += "yp-tools" + # ypbind-mt now provides all the functionality of ypbind # and is used in place of it. PROVIDES += "ypbind" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] netcat-openbsd: replace patch with quilt
From: Yue TaoIf run bitbake -c patch -f netcat-openbsd twice, the patch conflict will happen, so replace the patch with quilt to avoid do_patch failed. Signed-off-by: Yue Tao Signed-off-by: Wenzong Fan --- meta-networking/recipes-support/netcat/netcat-openbsd_1.105.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-networking/recipes-support/netcat/netcat-openbsd_1.105.bb b/meta-networking/recipes-support/netcat/netcat-openbsd_1.105.bb index 12409d4..89a646f 100644 --- a/meta-networking/recipes-support/netcat/netcat-openbsd_1.105.bb +++ b/meta-networking/recipes-support/netcat/netcat-openbsd_1.105.bb @@ -20,7 +20,8 @@ do_configure[noexec] = "1" netcat_do_patch() { cd ${S} -while read line; do patch -p1 < ${WORKDIR}/debian/patches/$line; done < ${WORKDIR}/debian/patches/series +quilt pop -a || true +QUILT_PATCHES=${WORKDIR}/debian/patches QUILT_SERIES=${WORKDIR}/debian/patches/series quilt push -a } python do_patch() { -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] ntp: upgrade 4.2.8p3 -> 4.2.8p4
From: Wenzong Fan4.2.8p4 fixed following 13 low- and medium-severity vulnerabilities: * Bug 2941 CVE-2015-7871 * Bug 2922 CVE-2015-7855 * Bug 2921 CVE-2015-7854 * Bug 2920 CVE-2015-7853 * Bug 2919 CVE-2015-7852 * Bug 2918 CVE-2015-7851 * Bug 2917 CVE-2015-7850 * Bug 2916 CVE-2015-7849 * Bug 2913 CVE-2015-7848 * Bug 2909 CVE-2015-7701 * Bug 2902 CVE-2015-7703 * Bug 2901 CVE-2015-7704, CVE-2015-7705 * Bug 2899 CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 And three bugs: Bug 2382, 1774, 1593 Details at: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Signed-off-by: Wenzong Fan --- .../recipes-support/ntp/{ntp_4.2.8p3.bb => ntp_4.2.8p4.bb}| 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/ntp/{ntp_4.2.8p3.bb => ntp_4.2.8p4.bb} (97%) diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p3.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p4.bb similarity index 97% rename from meta-networking/recipes-support/ntp/ntp_4.2.8p3.bb rename to meta-networking/recipes-support/ntp/ntp_4.2.8p4.bb index 7ce993f..f9f900e 100644 --- a/meta-networking/recipes-support/ntp/ntp_4.2.8p3.bb +++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p4.bb @@ -23,8 +23,8 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g file://ntpd.list \ " -SRC_URI[md5sum] = "b98b0cbb72f6df04608e1dd5f313808b" -SRC_URI[sha256sum] = "818ca4f2ed6ca845b1c5ec43f5e6ad905eaa0fc0aab2d509ed6b962a37fbf38f" +SRC_URI[md5sum] = "6af96862b09324a8ef965ca76b759c8b" +SRC_URI[sha256sum] = "0d6961572548d2c4af96f58f763e22ac620f5afef717384ddc317a0e365cfdb9" inherit autotools update-rc.d useradd systemd pkgconfig -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH v2][meta-multimedia] gst-plugins-good: fix depends to libgudev
From: Wenzong FanDepends on libgudev directly base on oe-core commit: commit e11801d031896351364e7723db3392012f58b603 Author: Andreas Müller Date: Fri Oct 2 22:27:21 2015 +0200 udev: add PROVIDES = "libgudev" With the last update of systemd libgudev was splitted out of systemd. To make packages depending on libgudev happy, a recipe building libgudev was created in meta-oe and the dependencies were modified from udev to libgudev. This works fine for distros using systemd as init system, but distros not using build udev which provides libgudev. Signed-off-by: Andreas Müller Signed-off-by: Richard Purdie Signed-off-by: Wenzong Fan --- .../recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb index af18281..eaf3b1f 100644 --- a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb +++ b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb @@ -16,7 +16,7 @@ PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack" PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg" PACKAGECONFIG[wavpack] = "--enable-wavpack,--disable-wavpack,wavpack" PACKAGECONFIG[gdkpixbuf] = "--enable-gdk_pixbuf,--disable-gdk_pixbuf,gdk-pixbuf" -PACKAGECONFIG[v4l] = "--enable-gst_v4l2 --with-gudev,--disable-gst_v4l2 --without-gudev,udev" +PACKAGECONFIG[v4l] = "--enable-gst_v4l2 --with-gudev,--disable-gst_v4l2 --without-gudev,libgudev" # sub-feature of v4l, but control separately since libv4l is not part of oe-core PACKAGECONFIG[libv4l] = "--with-libv4l2,--without-libv4l2,libv4l" PACKAGECONFIG[bzip2] = "--enable-bz2,--disable-bz2,bzip2" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-multimedia] gst-plugins-good: fix depends to libgudev
From: Wenzong Fan* udev provides libgudev but it won't be built with systemd; * systemd provides udev but no libgudev, libgudev has been removed from systemd and it's a independent project now; libgudev only be built if systemd distro feature enabled. Signed-off-by: Wenzong Fan --- .../recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb| 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb index af18281..3f3478f 100644 --- a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb +++ b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-good_0.10.31.bb @@ -11,12 +11,15 @@ PACKAGECONFIG ?= "jpeg v4l \ ${@bb.utils.contains('DISTRO_FEATURES', 'pulseaudio', 'pulseaudio', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)} \ " + +GUDEV="${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'libgudev', 'udev', d)}" + PACKAGECONFIG[pulseaudio] = "--enable-pulse,--disable-pulse,pulseaudio" PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack" PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg" PACKAGECONFIG[wavpack] = "--enable-wavpack,--disable-wavpack,wavpack" PACKAGECONFIG[gdkpixbuf] = "--enable-gdk_pixbuf,--disable-gdk_pixbuf,gdk-pixbuf" -PACKAGECONFIG[v4l] = "--enable-gst_v4l2 --with-gudev,--disable-gst_v4l2 --without-gudev,udev" +PACKAGECONFIG[v4l] = "--enable-gst_v4l2 --with-gudev,--disable-gst_v4l2 --without-gudev,${GUDEV}" # sub-feature of v4l, but control separately since libv4l is not part of oe-core PACKAGECONFIG[libv4l] = "--with-libv4l2,--without-libv4l2,libv4l" PACKAGECONFIG[bzip2] = "--enable-bz2,--disable-bz2,bzip2" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-gnome] libgtop/metacity: add x11 to required DISTRO_FEATURES [ LIN8-343 ]
From: Wenzong FanThe recipes depend on virtual/libx11 indirectly, they only can be built with x11 in DISTRO_FEATURES. Signed-off-by: Wenzong Fan --- meta-gnome/recipes-gnome/libgtop/libgtop_2.30.0.bb| 5 - meta-gnome/recipes-gnome/metacity/metacity_2.34.13.bb | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/meta-gnome/recipes-gnome/libgtop/libgtop_2.30.0.bb b/meta-gnome/recipes-gnome/libgtop/libgtop_2.30.0.bb index 51c51d4..8568274 100644 --- a/meta-gnome/recipes-gnome/libgtop/libgtop_2.30.0.bb +++ b/meta-gnome/recipes-gnome/libgtop/libgtop_2.30.0.bb @@ -2,7 +2,10 @@ SUMMARY = "LibGTop2" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://copyright.txt;md5=dbc839bf158d19a20e661db14db7a58c" -inherit gnomebase lib_package gtk-doc +inherit gnomebase lib_package gtk-doc distro_features_check +# depends on libxau +REQUIRED_DISTRO_FEATURES = "x11" + SRC_URI[archive.md5sum] = "ee29a9ef60659ebf4b075ac281f71cb2" SRC_URI[archive.sha256sum] = "463bcbe5737b1b93f3345ee34abf601e8eb864f507c49ff1921c2737abafc1e5" diff --git a/meta-gnome/recipes-gnome/metacity/metacity_2.34.13.bb b/meta-gnome/recipes-gnome/metacity/metacity_2.34.13.bb index 9c48238..662c90d 100644 --- a/meta-gnome/recipes-gnome/metacity/metacity_2.34.13.bb +++ b/meta-gnome/recipes-gnome/metacity/metacity_2.34.13.bb @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ DEPENDS = "gsettings-desktop-schemas startup-notification gtk+ gconf gdk-pixbuf-native libcanberra gnome-doc-utils libgtop intltool-native" PR = "r1" -inherit gnomebase update-alternatives +inherit gnomebase update-alternatives distro_features_check +# depends on startup-notification which depends on virtual/libx11 +REQUIRED_DISTRO_FEATURES = "x11" GNOME_COMPRESS_TYPE = "xz" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 2/2][meta-oe] libcap-ng: remove package
From: Wenzong Fanlibcap-ng 0.7.7 has been added to oe-core: ad509d7644803ff9386affefe2ec1a3664027074 Signed-off-by: Wenzong Fan --- .../libcap-ng/libcap-ng/python.patch | 58 -- .../recipes-support/libcap-ng/libcap-ng_0.7.7.bb | 39 --- 2 files changed, 97 deletions(-) delete mode 100644 meta-oe/recipes-support/libcap-ng/libcap-ng/python.patch delete mode 100644 meta-oe/recipes-support/libcap-ng/libcap-ng_0.7.7.bb diff --git a/meta-oe/recipes-support/libcap-ng/libcap-ng/python.patch b/meta-oe/recipes-support/libcap-ng/libcap-ng/python.patch deleted file mode 100644 index 59591eb..000 --- a/meta-oe/recipes-support/libcap-ng/libcap-ng/python.patch +++ /dev/null @@ -1,58 +0,0 @@ -From b01bb2694f66cd981e6d61523433dc3eb5ed32f2 Mon Sep 17 00:00:00 2001 -From: Li xin -Date: Sat, 18 Jul 2015 23:03:30 +0900 -Subject: [PATCH] configure.ac - Avoid an incorrect check for python. - Makefile.am - avoid hard coded host include paths. - -Upstream-Status: pending - -Signed-off-by: Mark Hatle -Signed-off-by: Li Xin - bindings/python/Makefile.am | 3 ++- - configure.ac| 15 ++- - 2 files changed, 4 insertions(+), 14 deletions(-) - -diff --git a/bindings/python/Makefile.am b/bindings/python/Makefile.am -index 82b9bb8..f9fe7a8 100644 a/bindings/python/Makefile.am -+++ b/bindings/python/Makefile.am -@@ -23,7 +23,8 @@ SUBDIRS = test - CONFIG_CLEAN_FILES = *.loT *.rej *.orig - AM_CFLAGS = -fPIC -DPIC - PYLIBVER ?= python$(PYTHON_VERSION) --AM_CPPFLAGS = -I. -I$(top_builddir) -I@PYINCLUDEDIR@ -+PYINC ?= /usr/include/$(PYLIBVER) -+AM_CPPFLAGS = -I. -I$(top_builddir) -I$(PYINC) - LIBS = $(top_builddir)/src/libcap-ng.la - SWIG_FLAGS = -python - SWIG_INCLUDES = ${AM_CPPFLAGS} -diff --git a/configure.ac b/configure.ac -index 1d777d5..9d90f64 100644 a/configure.ac -+++ b/configure.ac -@@ -123,19 +123,8 @@ if test x$use_python = xno ; then - else - AC_MSG_RESULT(testing) - AM_PATH_PYTHON --PYINCLUDEDIR=`python${am_cv_python_version} -c "from distutils import sysconfig; print(sysconfig.get_config_var('INCLUDEPY'))"` --if test -f ${PYINCLUDEDIR}/Python.h ; then -- python_found="yes" -- AC_SUBST(PYINCLUDEDIR) -- AC_MSG_NOTICE(Python bindings will be built) --else -- python_found="no" -- if test x$use_python = xyes ; then -- AC_MSG_ERROR([Python explicitly required and python headers found]) -- else -- AC_MSG_WARN("Python headers not found - python bindings will not be made") -- fi --fi -+python_found="yes" -+AC_MSG_NOTICE(Python bindings will be built) - fi - AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes") - --- -1.8.4.2 - diff --git a/meta-oe/recipes-support/libcap-ng/libcap-ng_0.7.7.bb b/meta-oe/recipes-support/libcap-ng/libcap-ng_0.7.7.bb deleted file mode 100644 index a31d5dc..000 --- a/meta-oe/recipes-support/libcap-ng/libcap-ng_0.7.7.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "An alternate posix capabilities library" -DESCRIPTION = "The libcap-ng library is intended to make programming \ -with POSIX capabilities much easier than the traditional libcap library." -HOMEPAGE = "http://freecode.com/projects/libcap-ng; -SECTION = "base" -LICENSE = "GPLv2+ & LGPLv2.1+" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ - file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" - -SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \ - file://python.patch" - -inherit lib_package autotools pythonnative - -SRC_URI[md5sum] = "3d7d126b29e2869a0257c17c8b0d9b2e" -SRC_URI[sha256sum] = "615549ce39b333f6b78baee0c0b4ef18bc726c6bf1cca123dfd89dd963f6d06b" - -DEPENDS += "swig-native python" - -EXTRA_OECONF += "--without-python3" - -EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' PYINC='${STAGING_INCDIR}/${PYLIBVER}'" - -PACKAGES += "${PN}-python" - -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" - -BBCLASSEXTEND = "native" - -do_install_append() { - # Moving libcap-ng to base_libdir - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then - mkdir -p ${D}/${base_libdir}/ - mv -f ${D}${libdir}/libcap-ng.so.* ${D}${base_libdir}/ - relpath=${@os.path.relpath("${base_libdir}", "${libdir}")} - ln -sf ${relpath}/libcap-ng.so.0.0.0 ${D}${libdir}/libcap-ng.so - fi -} -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/2][meta-oe] remove packages: libcap-ng, swig
From: Wenzong FanThey have been moved to oe-core. The following changes since commit f4533380c8a5c1d229f69ee0c2ef9d187ef8: dracut: install modules to /usr/lib (2015-09-23 16:10:57 +0200) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/libcap-1 http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/libcap-1 Wenzong Fan (2): swig: remove package libcap-ng: remove package meta-oe/recipes-devtools/swig/swig.inc | 63 ...lf-exe-for-swig-swiglib-on-non-Win32-plat.patch | 69 -- ...nfigure-use-pkg-config-for-pcre-detection.patch | 64 meta-oe/recipes-devtools/swig/swig_3.0.6.bb| 8 --- .../libcap-ng/libcap-ng/python.patch | 58 -- .../recipes-support/libcap-ng/libcap-ng_0.7.7.bb | 39 6 files changed, 301 deletions(-) delete mode 100644 meta-oe/recipes-devtools/swig/swig.inc delete mode 100644 meta-oe/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch delete mode 100644 meta-oe/recipes-devtools/swig/swig/0001-configure-use-pkg-config-for-pcre-detection.patch delete mode 100644 meta-oe/recipes-devtools/swig/swig_3.0.6.bb delete mode 100644 meta-oe/recipes-support/libcap-ng/libcap-ng/python.patch delete mode 100644 meta-oe/recipes-support/libcap-ng/libcap-ng_0.7.7.bb -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/2][meta-oe] swig: remove package
From: Wenzong Fanswig 3.0.6 has been moved to oe-croe: 66923c6776da13bd4513a73c3f7c5e60d74eb0f3 Signed-off-by: Wenzong Fan --- meta-oe/recipes-devtools/swig/swig.inc | 63 ...lf-exe-for-swig-swiglib-on-non-Win32-plat.patch | 69 -- ...nfigure-use-pkg-config-for-pcre-detection.patch | 64 meta-oe/recipes-devtools/swig/swig_3.0.6.bb| 8 --- 4 files changed, 204 deletions(-) delete mode 100644 meta-oe/recipes-devtools/swig/swig.inc delete mode 100644 meta-oe/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch delete mode 100644 meta-oe/recipes-devtools/swig/swig/0001-configure-use-pkg-config-for-pcre-detection.patch delete mode 100644 meta-oe/recipes-devtools/swig/swig_3.0.6.bb diff --git a/meta-oe/recipes-devtools/swig/swig.inc b/meta-oe/recipes-devtools/swig/swig.inc deleted file mode 100644 index 9821fa5..000 --- a/meta-oe/recipes-devtools/swig/swig.inc +++ /dev/null @@ -1,63 +0,0 @@ -DESCRIPTION = "SWIG - Simplified Wrapper and Interface Generator" -HOMEPAGE = "http://swig.sourceforge.net/; -LICENSE = "BSD & GPLv3" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e7807a6282784a7dde4c846626b08fc6 \ -file://LICENSE-GPL;md5=d32239bcb673463ab874e80d47fae504 \ - file://LICENSE-UNIVERSITIES;md5=8ce9dcc8f7c994de4a408b205c72ba08" - -SECTION = "devel" - -DEPENDS = "libpcre python" - -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz" - -inherit autotools pythonnative - -EXTRA_OECONF = " \ ---with-python=${PYTHON} \ ---without-allegrocl \ ---without-android \ ---without-boost \ ---without-chicken \ ---without-clisp \ ---without-csharp \ ---without-d \ ---without-gcj \ ---without-go \ ---without-guile \ ---without-java \ ---without-lua \ ---without-mzscheme \ ---without-ocaml \ ---without-octave \ ---without-perl5 \ ---without-pike \ ---without-php \ ---without-python3 \ ---without-r \ ---without-ruby \ ---without-tcl \ -" - -BBCLASSEXTEND = "native nativesdk" - -do_configure() { -install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}/Tools/config -install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}/Tools/config -install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} -install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S} -oe_runconf -} - -do_install_append_class-nativesdk() { -cd ${D}${bindir} -ln -s swig swig2.0 -} - -def swiglib_relpath(d): -swiglib = d.getVar('datadir', True) + "/" + d.getVar('BPN', True) + "/" + d.getVar('PV', True) -return os.path.relpath(swiglib, d.getVar('bindir', True)) - -do_install_append_class-native() { -create_wrapper ${D}${bindir}/swig SWIG_LIB='`dirname $''realpath`'/${@swiglib_relpath(d)} -} diff --git a/meta-oe/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch b/meta-oe/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch deleted file mode 100644 index 81df3e2..000 --- a/meta-oe/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a4a0440a644c6c5e5da096efe3cf05ba309a284f Mon Sep 17 00:00:00 2001 -From: "NODA, Kai" -Date: Sun, 22 Apr 2012 17:01:02 +0900 -Subject: [PATCH] Use /proc/self/exe for "swig -swiglib" on non-Win32 - platforms. - -If it wasn't found, then fall back to a fixed string just as before. - -Upstream-Status: Submitted -http://sourceforge.net/mailarchive/message.php?msg_id=29179733 - - Source/Modules/main.cxx | 24 ++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/Source/Modules/main.cxx b/Source/Modules/main.cxx -index d2f5d3b..cbb0a12 100644 a/Source/Modules/main.cxx -+++ b/Source/Modules/main.cxx -@@ -26,6 +26,11 @@ char cvsroot_main_cxx[] = "$Id$"; - #include "cparse.h" - #include - #include// for INT_MAX -+#ifndef _WIN32 -+#include -+#include// for readlink -+#include // for stat -+#endif - - // Global variables - -@@ -902,9 +907,9 @@ int SWIG_main(int argc, char *argv[], Language *l) { - - // Check for SWIG_LIB environment variable - if ((c = getenv("SWIG_LIB")) == (char *) 0) { -+char *p; - #if defined(_WIN32) - char buf[MAX_PATH]; --char *p; - if (!(GetModuleFileName(0, buf, MAX_PATH) == 0 || (p = strrchr(buf, '\\')) == 0)) { - *(p + 1) = '\0'; - SwigLib = NewStringf("%sLib", buf); // Native windows installation path -@@ -914,7 +919,22 @@ int SWIG_main(int argc, char *argv[], Language *l) { - if (Len(SWIG_LIB_WIN_UNIX) > 0) - SwigLibWinUnix = NewString(SWIG_LIB_WIN_UNIX); // Unix installation path using a drive letter
[oe] [PATCH][meta-webserver] apache2: cleanup buildpaths for target stuffs
From: Wenzong FanThose buildpaths were generated from configure substitutions, they are required for cross-compiling, but obviously they should be cleaned up from target stuffs. Cleanup buildpaths from config_vars.mk and config.nice: * remove ${STAGING_DIR_HOST} from CC, CFLAGS ... * set APU_INCLUDEDIR, APU_CONFIG as empty * remove buildpath from configure line Signed-off-by: Wenzong Fan --- meta-webserver/recipes-httpd/apache2/apache2_2.4.16.bb | 9 + 1 file changed, 9 insertions(+) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.16.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.16.bb index a44babd..af5c72a 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.16.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.16.bb @@ -97,6 +97,15 @@ do_install_append() { sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service } +do_install_append_class-target() { +sed -i -e 's,${STAGING_DIR_HOST},,g' \ + -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \ + -e 's,APU_CONFIG = .*,APU_CONFIG = ,g' ${D}${datadir}/apache2/build/config_vars.mk + +sed -i -e 's,${STAGING_DIR_HOST},,g' \ + -e 's,".*/configure","configure",g' ${D}${datadir}/apache2/build/config.nice +} + SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" apache_sysroot_preprocess () { -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] gd: cleanup buildpaths from gdlib.pc
From: Wenzong Fan* gdlib.pc: -L/path/to/tmp/sysroots/qemux86-64/usr/lib64 -> -L/usr/lib64 Signed-off-by: Wenzong Fan --- meta-oe/recipes-support/gd/gd_2.1.1.bb | 5 + 1 file changed, 5 insertions(+) diff --git a/meta-oe/recipes-support/gd/gd_2.1.1.bb b/meta-oe/recipes-support/gd/gd_2.1.1.bb index 62008df..85c7e6a 100644 --- a/meta-oe/recipes-support/gd/gd_2.1.1.bb +++ b/meta-oe/recipes-support/gd/gd_2.1.1.bb @@ -32,6 +32,11 @@ EXTRA_OECONF += " --disable-rpath \ EXTRA_OEMAKE = 'LDFLAGS="${LDFLAGS}"' +do_install_append() { + # cleanup buildpaths from gdlib.pc + sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/gdlib.pc +} + PACKAGES += "${PN}-tools" FILES_${PN} = "${libdir}/lib*${SOLIBS}" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] squid: disable atomic operations for powerpc/mips
From: Wenzong FanDon't enable GNU atomic operations for all targets, it fails on powerpc and mips: AtomicWord.h: undefined reference to `__sync_fetch_and_add_8' collect2: error: ld returned 1 exit status Refer to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56300: There is no hardware support for 8 bytes atomic operations on 32-bit MIPS targets. The 32-bit PowerPC fails as well. Signed-off-by: Wenzong Fan --- meta-networking/recipes-daemons/squid/squid_3.5.7.bb | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb index 5d058dc..5b27d46 100644 --- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb +++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb @@ -34,8 +34,11 @@ inherit autotools useradd ptest USERADD_PACKAGES = "${PN}" USERADD_PARAM_${PN} = "--system --no-create-home --home-dir /var/run/squid --shell /bin/false --user-group squid" -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "${@base_contains('TARGET_ARCH', 'powerpc', 'noatomics', '', d)} \ + ${@base_contains('TARGET_ARCH', 'mips', 'noatomics', '', d)} \ + " PACKAGECONFIG[libnetfilter-conntrack] = "--with-netfilter-conntrack=${includedir}, --without-netfilter-conntrack, libnetfilter-conntrack" +PACKAGECONFIG[noatomics] = "squid_cv_gnu_atomics=no,squid_cv_gnu_atomics=yes,," BASIC_AUTH = "DB SASL LDAP NIS" DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" @@ -43,7 +46,6 @@ BASIC_AUTH += "${@base_contains('DISTRO_FEATURES', 'pam', 'PAM', '', d)}" EXTRA_OECONF += "--with-default-user=squid --enable-auth-basic='${BASIC_AUTH}'" export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" -CACHED_CONFIGUREVARS += "squid_cv_gnu_atomics=yes" TESTDIR = "test-suite" do_compile_ptest() { -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/2 v2] [meta-initramfs] dracut: RDEPEND on systemd optionally & install modules to /usr/lib
From: Wenzong FanV2 changes: * Move the "PACKAGECONFIG" next to "EXTRA_OECONF". The following changes since commit 1692d5c3020434404fc1ee6911a60b88287a5efb: netmap: add new package (2015-09-15 10:49:30 -0400) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/dracut http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/dracut Robert Yang (1): dracut: RDEPEND on systemd optionally Wenzong Fan (1): dracut: install modules to /usr/lib meta-initramfs/recipes-devtools/dracut/dracut_git.bb | 20 +--- 1 file changed, 13 insertions(+), 7 deletions(-) -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/2 v2][meta-initramfs] dracut: RDEPEND on systemd optionally
From: Robert YangUse PACKAGECONFIG to depend on systemd optionally. Signed-off-by: Robert Yang Signed-off-by: Wenzong Fan --- meta-initramfs/recipes-devtools/dracut/dracut_git.bb | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/meta-initramfs/recipes-devtools/dracut/dracut_git.bb b/meta-initramfs/recipes-devtools/dracut/dracut_git.bb index b7d88fd..3be78ed 100644 --- a/meta-initramfs/recipes-devtools/dracut/dracut_git.bb +++ b/meta-initramfs/recipes-devtools/dracut/dracut_git.bb @@ -13,9 +13,6 @@ SRC_URI = "git://git.kernel.org/pub/scm/boot/dracut/dracut.git" S = "${WORKDIR}/git" -inherit distro_features_check -REQUIRED_DISTRO_FEATURES = "systemd" - EXTRA_OECONF = "--prefix=${prefix} \ --libdir=${libdir} \ --datadir=${datadir} \ @@ -25,7 +22,11 @@ EXTRA_OECONF = "--prefix=${prefix} \ --bindir=${bindir} \ --includedir=${includedir} \ --localstatedir=${localstatedir} \ ---systemdsystemunitdir=${systemd_unitdir}/system" + " + +# RDEPEND on systemd optionally +PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,,,systemd" do_configure() { ./configure ${EXTRA_OECONF} @@ -44,7 +45,7 @@ FILES_${PN} += " ${libdir}/kernel \ " CONFFILES_${PN} += "${sysconfdir}/dracut.conf" -RDEPENDS_${PN} = "systemd findutils cpio util-linux-blkid util-linux-getopt bash ldd" +RDEPENDS_${PN} = "findutils cpio util-linux-blkid util-linux-getopt bash ldd" RDEPENDS_${PN}-bash-completion = "bash-completion" # This could be optimized a bit, but let's avoid non-booting systems :) -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 2/2 v2][meta-initramfs] dracut: install modules to /usr/lib
From: Wenzong FanThe dracut modules will be installed to /usr/lib64 while building 64bit targets with multilib enabled, this causes runtime errors: dracut: Cannot find /usr/lib/dracut/dracut-functions.sh. dracut: Are you running from a git checkout? dracut: Try passing -l as an argument to /usr/bin/dracut The dracut modules, 50-dracut.install and 51-dracut-rescue.install must be installed to /usr/lib as Fedora 20 does. Signed-off-by: Wenzong Fan --- meta-initramfs/recipes-devtools/dracut/dracut_git.bb | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta-initramfs/recipes-devtools/dracut/dracut_git.bb b/meta-initramfs/recipes-devtools/dracut/dracut_git.bb index 3be78ed..8733d54 100644 --- a/meta-initramfs/recipes-devtools/dracut/dracut_git.bb +++ b/meta-initramfs/recipes-devtools/dracut/dracut_git.bb @@ -14,7 +14,7 @@ SRC_URI = "git://git.kernel.org/pub/scm/boot/dracut/dracut.git" S = "${WORKDIR}/git" EXTRA_OECONF = "--prefix=${prefix} \ ---libdir=${libdir} \ +--libdir=${prefix}/lib \ --datadir=${datadir} \ --sysconfdir=${sysconfdir} \ --sbindir=${sbindir} \ @@ -28,6 +28,8 @@ EXTRA_OECONF = "--prefix=${prefix} \ PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,,,systemd" +EXTRA_OEMAKE += 'libdir=${prefix}/lib' + do_configure() { ./configure ${EXTRA_OECONF} } @@ -40,9 +42,12 @@ PACKAGES =+ "${PN}-bash-completion" FILES_${PN}-bash-completion = "${datadir}/bash-completion" -FILES_${PN} += " ${libdir}/kernel \ +FILES_${PN} += "${prefix}/lib/kernel \ +${prefix}/lib/dracut \ ${systemd_unitdir} \ " +FILES_${PN}-dbg += "${prefix}/lib/dracut/.debug" + CONFFILES_${PN} += "${sysconfdir}/dracut.conf" RDEPENDS_${PN} = "findutils cpio util-linux-blkid util-linux-getopt bash ldd" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] rsyslog: fix ptest
From: Wenzong FanAfter rsyslog updated to 7.6.1, ptest fails to build & run since the serial-tests config patch was dropped: - rsyslog-use-serial-tests-config-needed-by-ptest.patch This patch involved serial test harness: + AM_INIT_AUTOMAKE([serial-tests]) Which is deprecated in favour of parallel test harness. Automake generated a parallel test harness by default. It features automatic collection of the test scripts output in .log files ... More details please refer to: http://www.gnu.org/software/automake/manual/html_node/Parallel-Test-Harness.html To enable the ptest with new changes, we should: * add target 'buildtest-TESTS' for building test components; * fix 'top_srcdir' and install required script 'test-driver'; * run testcases with target 'check-TESTS'. Signed-off-by: Wenzong Fan --- meta-oe/recipes-extended/rsyslog/rsyslog/run-ptest | 2 +- meta-oe/recipes-extended/rsyslog/rsyslog_7.6.1.bb | 8 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/run-ptest b/meta-oe/recipes-extended/rsyslog/rsyslog/run-ptest index 38a1d1b..3770a75 100644 --- a/meta-oe/recipes-extended/rsyslog/rsyslog/run-ptest +++ b/meta-oe/recipes-extended/rsyslog/rsyslog/run-ptest @@ -1,3 +1,3 @@ #!/bin/sh # -make -C tests -k runtest-TESTS +make -C tests -k check-TESTS diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_7.6.1.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_7.6.1.bb index 15b0f29..b7a8140 100644 --- a/meta-oe/recipes-extended/rsyslog/rsyslog_7.6.1.bb +++ b/meta-oe/recipes-extended/rsyslog/rsyslog_7.6.1.bb @@ -70,7 +70,7 @@ PACKAGECONFIG[valgrind] = "--enable-valgrind,--disable-valgrind,valgrind," TESTDIR = "tests" do_compile_ptest() { -sed -i 's/\(^buildtest-TESTS: \)/\1 $(check_PROGRAMS) /' ${TESTDIR}/Makefile +echo 'buildtest-TESTS: $(check_PROGRAMS)' >> ${TESTDIR}/Makefile oe_runmake -C ${TESTDIR} buildtest-TESTS } @@ -82,8 +82,9 @@ do_install_ptest() { # do NOT need to rebuild Makefile itself sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile -# fix the srcdir +# fix the srcdir, top_srcdir sed -i 's,^\(srcdir = \).*,\1${PTEST_PATH}/tests,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile +sed -i 's,^\(top_srcdir = \).*,\1${PTEST_PATH}/tests,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile # valgrind is not compatible with arm and mips, # so remove related test cases if there is no valgrind. @@ -91,6 +92,9 @@ do_install_ptest() { sed -i '/udp-msgreduc-/d' ${D}${PTEST_PATH}/${TESTDIR}/Makefile fi +# install test-driver +install -m 644 ${S}/test-driver ${D}${PTEST_PATH}/${TESTDIR} + # install necessary links install -d ${D}${PTEST_PATH}/tools ln -sf ${sbindir}/rsyslogd ${D}${PTEST_PATH}/tools/rsyslogd -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 2/2][meta-initramfs] dracut: install modules to /usr/lib
From: Wenzong FanThe dracut modules will be installed to /usr/lib64 while building 64bit targets with multilib enabled, this causes runtime errors: dracut: Cannot find /usr/lib/dracut/dracut-functions.sh. dracut: Are you running from a git checkout? dracut: Try passing -l as an argument to /usr/bin/dracut The dracut modules, 50-dracut.install and 51-dracut-rescue.install must be installed to /usr/lib as Fedora 20 does. Signed-off-by: Wenzong Fan --- meta-initramfs/recipes-devtools/dracut/dracut_git.bb | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta-initramfs/recipes-devtools/dracut/dracut_git.bb b/meta-initramfs/recipes-devtools/dracut/dracut_git.bb index 3a72251..8c02a4f 100644 --- a/meta-initramfs/recipes-devtools/dracut/dracut_git.bb +++ b/meta-initramfs/recipes-devtools/dracut/dracut_git.bb @@ -14,7 +14,7 @@ SRC_URI = "git://git.kernel.org/pub/scm/boot/dracut/dracut.git" S = "${WORKDIR}/git" EXTRA_OECONF = "--prefix=${prefix} \ ---libdir=${libdir} \ +--libdir=${prefix}/lib \ --datadir=${datadir} \ --sysconfdir=${sysconfdir} \ --sbindir=${sbindir} \ @@ -24,6 +24,8 @@ EXTRA_OECONF = "--prefix=${prefix} \ --localstatedir=${localstatedir} \ " +EXTRA_OEMAKE += 'libdir=${prefix}/lib' + do_configure() { ./configure ${EXTRA_OECONF} } @@ -36,9 +38,12 @@ PACKAGES =+ "${PN}-bash-completion" FILES_${PN}-bash-completion = "${datadir}/bash-completion" -FILES_${PN} += " ${libdir}/kernel \ +FILES_${PN} += "${prefix}/lib/kernel \ +${prefix}/lib/dracut \ ${systemd_unitdir} \ " +FILES_${PN}-dbg += "${prefix}/lib/dracut/.debug" + CONFFILES_${PN} += "${sysconfdir}/dracut.conf" RDEPENDS_${PN} = "findutils cpio util-linux-blkid util-linux-getopt bash ldd" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/2][meta-initramfs] dracut: RDEPEND on systemd optionally
From: Robert YangUse PACKAGECONFIG to depend on systemd optionally. Signed-off-by: Robert Yang Signed-off-by: Wenzong Fan --- meta-initramfs/recipes-devtools/dracut/dracut_git.bb | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/meta-initramfs/recipes-devtools/dracut/dracut_git.bb b/meta-initramfs/recipes-devtools/dracut/dracut_git.bb index b7d88fd..3a72251 100644 --- a/meta-initramfs/recipes-devtools/dracut/dracut_git.bb +++ b/meta-initramfs/recipes-devtools/dracut/dracut_git.bb @@ -13,9 +13,6 @@ SRC_URI = "git://git.kernel.org/pub/scm/boot/dracut/dracut.git" S = "${WORKDIR}/git" -inherit distro_features_check -REQUIRED_DISTRO_FEATURES = "systemd" - EXTRA_OECONF = "--prefix=${prefix} \ --libdir=${libdir} \ --datadir=${datadir} \ @@ -25,7 +22,7 @@ EXTRA_OECONF = "--prefix=${prefix} \ --bindir=${bindir} \ --includedir=${includedir} \ --localstatedir=${localstatedir} \ ---systemdsystemunitdir=${systemd_unitdir}/system" + " do_configure() { ./configure ${EXTRA_OECONF} @@ -44,9 +41,13 @@ FILES_${PN} += " ${libdir}/kernel \ " CONFFILES_${PN} += "${sysconfdir}/dracut.conf" -RDEPENDS_${PN} = "systemd findutils cpio util-linux-blkid util-linux-getopt bash ldd" +RDEPENDS_${PN} = "findutils cpio util-linux-blkid util-linux-getopt bash ldd" RDEPENDS_${PN}-bash-completion = "bash-completion" +# RDEPEND on systemd optionally +PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,,,systemd" + # This could be optimized a bit, but let's avoid non-booting systems :) RRECOMMENDS_${PN} = " \ kernel-modules \ -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/2][meta-initramfs] dracut: RDEPEND on systemd optionally & install modules to /usr/lib
From: Wenzong Fan* Get dracut RDEPEND on systemd optionally; * install modules to /usr/lib for fixing runtime issues. The following changes since commit d36e2d1066f50036080f978583a58fe79ecfac54: libunique: add a recipe from oe-core (2015-09-08 16:30:24 +0200) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/dracut http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/dracut Robert Yang (1): dracut: RDEPEND on systemd optionally Wenzong Fan (1): dracut: install modules to /usr/lib meta-initramfs/recipes-devtools/dracut/dracut_git.bb | 20 +--- 1 file changed, 13 insertions(+), 7 deletions(-) -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] imagemagick: add alternatives for binaries/docs
From: Wenzong FanThe binaries/docs that generated by imagemagick has suffix '.im6', use update-alternatives to add alternatives for them. Signed-off-by: Wenzong Fan --- .../imagemagick/imagemagick_6.9.2.bb | 45 +- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_6.9.2.bb b/meta-oe/recipes-support/imagemagick/imagemagick_6.9.2.bb index 2ef3e75..12604c0 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_6.9.2.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_6.9.2.bb @@ -16,7 +16,7 @@ SRC_URI[sha256sum] = "07a2de28f7f9ab888ef47c02eb7e10cc3e0dd0e9797c5d71d6e71d19f8 S = "${WORKDIR}/ImageMagick-${PV}-${PATCHSET}" -inherit autotools pkgconfig +inherit autotools pkgconfig update-alternatives # xml disabled because it's using xml2-config --prefix to determine prefix which returns just /usr with our libxml2 # if someone needs xml support then fix it first @@ -43,3 +43,46 @@ FILES_${PN}-dev += "${libdir}/ImageMagick-${PV}/modules-Q16/*/*.a" FILES_${PN}-dbg += "${libdir}/ImageMagick-${PV}/modules-Q16/*/.debug/*" BBCLASSEXTEND = "native" + +ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE_${PN} = "animate compare composite conjure convert display \ +identify import mogrify montage stream" + +ALTERNATIVE_TARGET[animate] = "${bindir}/animate.im6" +ALTERNATIVE_TARGET[compare] = "${bindir}/compare.im6" +ALTERNATIVE_TARGET[composite] = "${bindir}/composite.im6" +ALTERNATIVE_TARGET[conjure] = "${bindir}/conjure.im6" +ALTERNATIVE_TARGET[convert] = "${bindir}/convert.im6" +ALTERNATIVE_TARGET[display] = "${bindir}/display.im6" +ALTERNATIVE_TARGET[identify] = "${bindir}/identify.im6" +ALTERNATIVE_TARGET[import] = "${bindir}/import.im6" +ALTERNATIVE_TARGET[mogrify] = "${bindir}/mogrify.im6" +ALTERNATIVE_TARGET[montage] = "${bindir}/montage.im6" +ALTERNATIVE_TARGET[stream] = "${bindir}/stream.im6" + +ALTERNATIVE_${PN}-doc = "animate.1 compare.1 composite.1 conjure.1 \ +convert.1 display.1 identify.1 import.1 mogrify.1 montage.1 stream.1" + +ALTERNATIVE_LINK_NAME[animate.1] = "${mandir}/man1/animate.1" +ALTERNATIVE_TARGET[animate.1] = "${mandir}/man1/animate.im6.1" +ALTERNATIVE_LINK_NAME[compare.1] = "${mandir}/man1/compare.1" +ALTERNATIVE_TARGET[compare.1] = "${mandir}/man1/compare.im6.1" +ALTERNATIVE_LINK_NAME[composite.1] = "${mandir}/man1/composite.1" +ALTERNATIVE_TARGET[composite.1] = "${mandir}/man1/composite.im6.1" +ALTERNATIVE_LINK_NAME[conjure.1] = "${mandir}/man1/conjure.1" +ALTERNATIVE_TARGET[conjure.1] = "${mandir}/man1/conjure.im6.1" +ALTERNATIVE_LINK_NAME[convert.1] = "${mandir}/man1/convert.1" +ALTERNATIVE_TARGET[convert.1] = "${mandir}/man1/convert.im6.1" +ALTERNATIVE_LINK_NAME[display.1] = "${mandir}/man1/display.1" +ALTERNATIVE_TARGET[display.1] = "${mandir}/man1/display.im6.1" +ALTERNATIVE_LINK_NAME[identify.1] = "${mandir}/man1/identify.1" +ALTERNATIVE_TARGET[identify.1] = "${mandir}/man1/identify.im6.1" +ALTERNATIVE_LINK_NAME[import.1] = "${mandir}/man1/import.1" +ALTERNATIVE_TARGET[import.1] = "${mandir}/man1/import.im6.1" +ALTERNATIVE_LINK_NAME[mogrify.1] = "${mandir}/man1/mogrify.1" +ALTERNATIVE_TARGET[mogrify.1] = "${mandir}/man1/mogrify.im6.1" +ALTERNATIVE_LINK_NAME[montage.1] = "${mandir}/man1/montage.1" +ALTERNATIVE_TARGET[montage.1] = "${mandir}/man1/montage.im6.1" +ALTERNATIVE_LINK_NAME[stream.1] = "${mandir}/man1/stream.1" +ALTERNATIVE_TARGET[stream.1] = "${mandir}/man1/stream.im6.1" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] znc: provide SRCREV_FORMAT
From: Wenzong Fan wenzong@windriver.com Add SRCREV_FORMAT to provide a composite version number for get_srcrev() in fetch2 code. This fixes error: * FetchError: Fetcher failure: The SRCREV_FORMAT variable \ must be set when multiple SCMs are used. Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-networking/recipes-irc/znc/znc_git.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-networking/recipes-irc/znc/znc_git.bb b/meta-networking/recipes-irc/znc/znc_git.bb index d81c170..091db49 100644 --- a/meta-networking/recipes-irc/znc/znc_git.bb +++ b/meta-networking/recipes-irc/znc/znc_git.bb @@ -13,6 +13,8 @@ SRC_URI = git://github.com/znc/znc.git;name=znc \ SRCREV_znc = f47e8465efa4e1cd948b9caae93ac401b4355df8 SRCREV_Csocket = 07b4437396122650e5b8fb3d014e820a5decf4ee +SRCREV_FORMAT = znc_Csocket + S = ${WORKDIR}/git inherit autotools-brokensep pkgconfig -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH v2] libxml-libxml-perl: update from 2.0116 to 2.0121
From: Wenzong Fan wenzong@windriver.com update to 2.0121 and clean unused logic: - do_configure_prepend() { -rm -rf ${S}/.pc/* - } Signed-off-by: Wenzong Fan wenzong@windriver.com --- ...{libxml-libxml-perl_2.0116.bb = libxml-libxml-perl_2.0121.bb} | 8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) rename meta-perl/recipes-perl/libxml/{libxml-libxml-perl_2.0116.bb = libxml-libxml-perl_2.0121.bb} (87%) diff --git a/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0116.bb b/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0121.bb similarity index 87% rename from meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0116.bb rename to meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0121.bb index 2a6dbc2..8997a04 100644 --- a/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0116.bb +++ b/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0121.bb @@ -26,8 +26,8 @@ SRC_URI = http://search.cpan.org/CPAN/authors/id/S/SH/SHLOMIF/XML-LibXML-${PV}. LIC_FILES_CHKSUM = file://debian/copyright;md5=75e021e35a906347f46c9ff163653e2a \ file://LICENSE;md5=97871bde150daeb5e61ad95137ff2446 -SRC_URI[libxml.md5sum] = a53a743bf053a0cb4afb41513fb8a684 -SRC_URI[libxml.sha256sum] = b154f2dad3033b30d22ac81b8985b69ad35450b0c552db394cd03bb36845812a +SRC_URI[libxml.md5sum] = 1544ab9ac110f5da296015346561ce02 +SRC_URI[libxml.sha256sum] = ec431011cb37a04640fd2316f64d0405a274eece2c6f3847f7fbd336eb1c0dc9 S = ${WORKDIR}/XML-LibXML-${PV} @@ -40,8 +40,4 @@ BBCLASSEXTEND = native CFLAGS += -D_GNU_SOURCE BUILD_CFLAGS += -D_GNU_SOURCE -do_configure_prepend() { - rm -rf ${S}/.pc/* -} - FILES_${PN}-dbg =+ ${libdir}/perl/vendor_perl/*/auto/XML/LibXML/.debug/ -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-perl] libxml-libxml-perl: update from 2.0116 to 2.0121
From: Wenzong Fan wenzong@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../libxml/libxml-libxml-perl_2.0116.bb| 47 -- .../libxml/libxml-libxml-perl_2.0121.bb| 47 ++ 2 files changed, 47 insertions(+), 47 deletions(-) delete mode 100644 meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0116.bb create mode 100644 meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0121.bb diff --git a/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0116.bb b/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0116.bb deleted file mode 100644 index 2a6dbc2..000 --- a/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0116.bb +++ /dev/null @@ -1,47 +0,0 @@ -SUMMARY = Perl interface to the libxml2 library -DESCRIPTION = This module is an interface to libxml2, providing XML and HTML parsers \ -with DOM, SAX and XMLReader interfaces, a large subset of DOM Layer 3 \ -interface and a XML::XPath-like interface to XPath API of libxml2. \ -The module is split into several packages which are not described in this \ -section; unless stated otherwise, you only need to use XML::LibXML; in \ -your programs. - -HOMEPAGE = http://search.cpan.org/dist/XML-LibXML-1.99/; -SECTION = libs -LICENSE = Artistic-1.0|GPLv1+ -DEPENDS += libxml2 \ -libxml-sax-perl-native \ -zlib \ - -RDEPENDS_${PN} += libxml2 \ -libxml-sax-perl \ -libxml-sax-base-perl \ -zlib \ - - -SRC_URI = http://search.cpan.org/CPAN/authors/id/S/SH/SHLOMIF/XML-LibXML-${PV}.tar.gz;name=libxml \ - file://disable-libxml2-check.patch \ - file://fix-CATALOG-conditional-compile.patch \ - file://using-DOCB-conditional.patch \ - -LIC_FILES_CHKSUM = file://debian/copyright;md5=75e021e35a906347f46c9ff163653e2a \ - file://LICENSE;md5=97871bde150daeb5e61ad95137ff2446 -SRC_URI[libxml.md5sum] = a53a743bf053a0cb4afb41513fb8a684 -SRC_URI[libxml.sha256sum] = b154f2dad3033b30d22ac81b8985b69ad35450b0c552db394cd03bb36845812a - -S = ${WORKDIR}/XML-LibXML-${PV} - -inherit cpan - -EXTRA_CPANFLAGS = INC=-I${STAGING_INCDIR}/libxml2 LIBS=-L${STAGING_LIBDIR} - -BBCLASSEXTEND = native - -CFLAGS += -D_GNU_SOURCE -BUILD_CFLAGS += -D_GNU_SOURCE - -do_configure_prepend() { - rm -rf ${S}/.pc/* -} - -FILES_${PN}-dbg =+ ${libdir}/perl/vendor_perl/*/auto/XML/LibXML/.debug/ diff --git a/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0121.bb b/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0121.bb new file mode 100644 index 000..9066000 --- /dev/null +++ b/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0121.bb @@ -0,0 +1,47 @@ +SUMMARY = Perl interface to the libxml2 library +DESCRIPTION = This module is an interface to libxml2, providing XML and HTML parsers \ +with DOM, SAX and XMLReader interfaces, a large subset of DOM Layer 3 \ +interface and a XML::XPath-like interface to XPath API of libxml2. \ +The module is split into several packages which are not described in this \ +section; unless stated otherwise, you only need to use XML::LibXML; in \ +your programs. + +HOMEPAGE = http://search.cpan.org/dist/XML-LibXML-1.99/; +SECTION = libs +LICENSE = Artistic-1.0|GPLv1+ +DEPENDS += libxml2 \ +libxml-sax-perl-native \ +zlib \ + +RDEPENDS_${PN} += libxml2 \ +libxml-sax-perl \ +libxml-sax-base-perl \ +zlib \ + + +SRC_URI = http://search.cpan.org/CPAN/authors/id/S/SH/SHLOMIF/XML-LibXML-${PV}.tar.gz;name=libxml \ + file://disable-libxml2-check.patch \ + file://fix-CATALOG-conditional-compile.patch \ + file://using-DOCB-conditional.patch \ + +LIC_FILES_CHKSUM = file://debian/copyright;md5=75e021e35a906347f46c9ff163653e2a \ + file://LICENSE;md5=97871bde150daeb5e61ad95137ff2446 +SRC_URI[libxml.md5sum] = 1544ab9ac110f5da296015346561ce02 +SRC_URI[libxml.sha256sum] = ec431011cb37a04640fd2316f64d0405a274eece2c6f3847f7fbd336eb1c0dc9 + +S = ${WORKDIR}/XML-LibXML-${PV} + +inherit cpan + +EXTRA_CPANFLAGS = INC=-I${STAGING_INCDIR}/libxml2 LIBS=-L${STAGING_LIBDIR} + +BBCLASSEXTEND = native + +CFLAGS += -D_GNU_SOURCE +BUILD_CFLAGS += -D_GNU_SOURCE + +do_configure_prepend() { + rm -rf ${S}/.pc/* +} + +FILES_${PN}-dbg =+ ${libdir}/perl/vendor_perl/*/auto/XML/LibXML/.debug/ -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] mercurial-native: update from 3.0.1 to 3.4.1
From: Wenzong Fan wenzong@windriver.com Update mercurial to fix CVE-2014-9462: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462 Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../mercurial/mercurial-native_3.0.1.bb| 26 -- .../mercurial/mercurial-native_3.4.1.bb| 26 ++ 2 files changed, 26 insertions(+), 26 deletions(-) delete mode 100644 meta-oe/recipes-devtools/mercurial/mercurial-native_3.0.1.bb create mode 100644 meta-oe/recipes-devtools/mercurial/mercurial-native_3.4.1.bb diff --git a/meta-oe/recipes-devtools/mercurial/mercurial-native_3.0.1.bb b/meta-oe/recipes-devtools/mercurial/mercurial-native_3.0.1.bb deleted file mode 100644 index 9a5eebe..000 --- a/meta-oe/recipes-devtools/mercurial/mercurial-native_3.0.1.bb +++ /dev/null @@ -1,26 +0,0 @@ -SUMMARY = The Mercurial distributed SCM -HOMEPAGE = http://mercurial.selenic.com/; -SECTION = console/utils -LICENSE = GPLv2 -LIC_FILES_CHKSUM = file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 -DEPENDS = python-native - -SRC_URI = http://mercurial.selenic.com/release/mercurial-${PV}.tar.gz; -SRC_URI[md5sum] = 15de301a673b77f839325dba10ed4fc0 -SRC_URI[sha256sum] = 36e48b59a84ef5a222d06596971e955ac8217e56b076dfb94c8ce5a0c29fd705 - -S = ${WORKDIR}/mercurial-${PV} - -inherit native - -EXTRA_OEMAKE = STAGING_LIBDIR=${STAGING_LIBDIR} STAGING_INCDIR=${STAGING_INCDIR} \ -BUILD_SYS=${BUILD_SYS} HOST_SYS=${HOST_SYS} PREFIX=${prefix} - -do_configure_append () { -sed -i -e 's:PYTHON=python:PYTHON=${STAGING_BINDIR_NATIVE}/python-native/python:g' ${S}/Makefile -} - -do_install () { -oe_runmake -e install-bin DESTDIR=${D} PREFIX=${prefix} -} - diff --git a/meta-oe/recipes-devtools/mercurial/mercurial-native_3.4.1.bb b/meta-oe/recipes-devtools/mercurial/mercurial-native_3.4.1.bb new file mode 100644 index 000..303a032 --- /dev/null +++ b/meta-oe/recipes-devtools/mercurial/mercurial-native_3.4.1.bb @@ -0,0 +1,26 @@ +SUMMARY = The Mercurial distributed SCM +HOMEPAGE = http://mercurial.selenic.com/; +SECTION = console/utils +LICENSE = GPLv2 +LIC_FILES_CHKSUM = file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 +DEPENDS = python-native + +SRC_URI = http://mercurial.selenic.com/release/mercurial-${PV}.tar.gz; +SRC_URI[md5sum] = 65783a60aefb46a11296b587e9403537 +SRC_URI[sha256sum] = 7a8acf7329beda38ceea29c689212574d9a6bfffe24cf565015ea0066f7cee3f + +S = ${WORKDIR}/mercurial-${PV} + +inherit native + +EXTRA_OEMAKE = STAGING_LIBDIR=${STAGING_LIBDIR} STAGING_INCDIR=${STAGING_INCDIR} \ +BUILD_SYS=${BUILD_SYS} HOST_SYS=${HOST_SYS} PREFIX=${prefix} + +do_configure_append () { +sed -i -e 's:PYTHON=python:PYTHON=${STAGING_BINDIR_NATIVE}/python-native/python:g' ${S}/Makefile +} + +do_install () { +oe_runmake -e install-bin DESTDIR=${D} PREFIX=${prefix} +} + -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/2][meta-oe] libyaml: update from 0.1.5 to 0.1.6
From: Wenzong Fan wenzong@windriver.com removed patch: - libyaml-CVE-2014-2525.patch (included by 0.1.6) Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../libyaml/files/libyaml-CVE-2014-2525.patch | 42 -- meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb | 21 --- meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb | 20 +++ 3 files changed, 20 insertions(+), 63 deletions(-) delete mode 100644 meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch delete mode 100644 meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb create mode 100644 meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch deleted file mode 100644 index 2fdcba3..000 --- a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch +++ /dev/null @@ -1,42 +0,0 @@ -Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function -in LibYAML before 0.1.6 allows context-dependent attackers to execute -arbitrary code via a long sequence of percent-encoded characters in a -URI in a YAML file. - -Upstream-Status: Backport - -Signed-off-by: Kai Kang kai.k...@windriver.com -diff --git a/src/scanner.c.old b/src/scanner.c -index a2e8619..c6cde3b 100644 a/src/scanner.c.old -+++ b/src/scanner.c -@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive, - /* Check if it is a URI-escape sequence. */ - - if (CHECK(parser-buffer, '%')) { -+if (!STRING_EXTEND(parser, string)) -+goto error; -+ - if (!yaml_parser_scan_uri_escapes(parser, - directive, start_mark, string)) goto error; - } -diff --git a/src/yaml_private.h.old b/src/yaml_private.h -index ed5ea66..d72acb4 100644 a/src/yaml_private.h.old -+++ b/src/yaml_private.h -@@ -132,9 +132,12 @@ yaml_string_join( - (string).start = (string).pointer = (string).end = 0) - - #define STRING_EXTEND(context,string) \ --(((string).pointer+5 (string).end) \ -+string).pointer+5 (string).end) \ - || yaml_string_extend((string).start, \ --(string).pointer, (string).end)) -+(string).pointer, (string).end)) ? \ -+ 1 : \ -+((context)-error = YAML_MEMORY_ERROR, \ -+ 0)) - - #define CLEAR(context,string) \ - ((string).pointer = (string).start, \ diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb deleted file mode 100644 index 1279541..000 --- a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb +++ /dev/null @@ -1,21 +0,0 @@ -SUMMARY = LibYAML is a YAML 1.1 parser and emitter written in C. -DESCRIPTION = LibYAML is a C library for parsing and emitting data in YAML 1.1, \ -a human-readable data serialization format. -HOMEPAGE = http://pyyaml.org/wiki/LibYAML; -SECTION = libs/devel - -LICENSE = MIT -LIC_FILES_CHKSUM = file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17 - -SRC_URI = http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \ - file://libyaml-CVE-2014-2525.patch \ - - -SRC_URI[md5sum] = 24f6093c1e840ca5df2eb09291a1dbf1 -SRC_URI[sha256sum] = fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef - -S = ${WORKDIR}/yaml-${PV} - -inherit autotools - -BBCLASSEXTEND = native diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb new file mode 100644 index 000..8a624f7 --- /dev/null +++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb @@ -0,0 +1,20 @@ +SUMMARY = LibYAML is a YAML 1.1 parser and emitter written in C. +DESCRIPTION = LibYAML is a C library for parsing and emitting data in YAML 1.1, \ +a human-readable data serialization format. +HOMEPAGE = http://pyyaml.org/wiki/LibYAML; +SECTION = libs/devel + +LICENSE = MIT +LIC_FILES_CHKSUM = file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17 + +SRC_URI = http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \ + + +SRC_URI[md5sum] = 5fe00cda18ca5daeb43762b80c38e06e +SRC_URI[sha256sum] = 7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749 + +S = ${WORKDIR}/yaml-${PV} + +inherit autotools + +BBCLASSEXTEND = native -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 2/2][meta-oe] libyaml: Security Advisory - libyaml - CVE-2014-9130
From: Yue Tao yue@windriver.com https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9130 The patch comes from: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 Removed invalid simple key assertion (thank to Jonathan Gray) Signed-off-by: Yue Tao yue@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../libyaml/files/libyaml-CVE-2014-9130.patch | 32 ++ meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch new file mode 100644 index 000..3c4a00e --- /dev/null +++ b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch @@ -0,0 +1,32 @@ +# HG changeset patch +# User Kirill Simonov x...@resolvent.net +# Date 1417197312 21600 +# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2 +# Parent 053f53a381ff6adbbc93a31ab7fdee06a16c8a33 +Removed invalid simple key assertion (thank to Jonathan Gray). + +The patch comes from + +https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 + +Upstream-Status: Backport + +Signed-off-by: Yue Tao yue@windriver.com + +diff -r 053f53a381ff -r 2b9156756423 src/scanner.c +--- a/src/scanner.cWed Mar 26 13:55:54 2014 -0500 b/src/scanner.cFri Nov 28 11:55:12 2014 -0600 +@@ -1106,13 +1106,6 @@ + parser-indent == (ptrdiff_t)parser-mark.column); + + /* +- * A simple key is required only when it is the first token in the current +- * line. Therefore it is always allowed. But we add a check anyway. +- */ +- +-assert(parser-simple_key_allowed || !required);/* Impossible. */ +- +-/* + * If the current position may start a simple key, save it. + */ + diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb index 8a624f7..b015577 100644 --- a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb +++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb @@ -8,6 +8,7 @@ LICENSE = MIT LIC_FILES_CHKSUM = file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17 SRC_URI = http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \ + file://libyaml-CVE-2014-9130.patch \ SRC_URI[md5sum] = 5fe00cda18ca5daeb43762b80c38e06e -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/2][meta-networking] vsftpd / init: add LSB init infos
From: Wenzong Fan wenzong@windriver.com Keep compatibility with chkconfig tool. Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-networking/recipes-daemons/vsftpd/files/init | 9 + 1 file changed, 9 insertions(+) diff --git a/meta-networking/recipes-daemons/vsftpd/files/init b/meta-networking/recipes-daemons/vsftpd/files/init index d0ec010..72adf0d 100755 --- a/meta-networking/recipes-daemons/vsftpd/files/init +++ b/meta-networking/recipes-daemons/vsftpd/files/init @@ -1,4 +1,13 @@ #!/bin/sh +### BEGIN INIT INFO +# Provides: vsftpd +# Default-Start: 2345 +# Default-Stop: 016 +# Short-Description: Very Secure Ftp Daemon +# Description: vsftpd is a Very Secure FTP daemon. It was written completely from +# scratch +### END INIT INFO + DAEMON=/usr/sbin/vsftpd NAME=vsftpd DESC=FTP Server -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] samba: disable services for sysvinit
From: Wenzong Fan wenzong@windriver.com The smb, nmb, winbind services have been disabled for systemd system by default, disable them for sysvinit as well. Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-oe/recipes-connectivity/samba/samba.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-connectivity/samba/samba.inc b/meta-oe/recipes-connectivity/samba/samba.inc index abfd5ca..99216ce 100644 --- a/meta-oe/recipes-connectivity/samba/samba.inc +++ b/meta-oe/recipes-connectivity/samba/samba.inc @@ -69,7 +69,7 @@ INITSCRIPT_NAME_winbind = winbind # No dependencies, goes in at level 20 (NOTE: take care with the # level, later levels put the shutdown later too - see the links # in rc6.d, the shutdown must precede network shutdown). -INITSCRIPT_PARAMS = defaults +INITSCRIPT_PARAMS = disable CONFFILES_${PN} = ${sysconfdir}/samba/smb.conf do_configure_prepend () { -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for initiatorname.iscsi
From: Wenzong Fan wenzong@windriver.com * /etc/iscsi/initiatorname.iscsi: etc_runtime_t - etc_t This config file was created by postinstall or initscript, fix SELinux label for it to remove: avc: denied { read } for pid=6094 comm=iscsid \ name=initiatorname.iscsi dev=sda3 ino=1057846 \ scontext=system_u:system_r:iscsid_t:s0-s15:c0.c1023 \ tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../recipes-daemons/iscsi-initiator-utils/files/initd.debian | 4 1 file changed, 4 insertions(+) diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian index 99a7638..43fb348 100644 --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian @@ -39,6 +39,10 @@ start() { InitiatorName=$INITIATORNAME EOF fi + + # Fix label for /etc/iscsi/initiatorname.iscsi if SELinux was enabled + test ! -x /sbin/restorecon || /sbin/restorecon -F /etc/iscsi/initiatorname.iscsi + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON RETVAL=$? starttargets -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH v2][meta-oe] collectd: add PACKAGECONFIG for libvirt, libesmtp
From: Wenzong Fan wenzong@windriver.com Add PACKAGECONFIG for libvirt, libesmtp to fix below warnings: WARN: collectd: collectd rdepends on libvirt, but it isn't a build dependency? WARN: collectd: collectd rdepends on libcrypto, but it isn't a build dependency? WARN: collectd: collectd rdepends on libesmtp, but it isn't a build dependency? WARN: collectd: collectd rdepends on libssl, but it isn't a build dependency? Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-oe/recipes-extended/collectd/collectd_5.4.1.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-oe/recipes-extended/collectd/collectd_5.4.1.bb b/meta-oe/recipes-extended/collectd/collectd_5.4.1.bb index 46752c8..92b231c 100644 --- a/meta-oe/recipes-extended/collectd/collectd_5.4.1.bb +++ b/meta-oe/recipes-extended/collectd/collectd_5.4.1.bb @@ -35,8 +35,10 @@ PACKAGECONFIG[sensors] = --enable-sensors --with-libsensors=yes, \ --disable-sensors --with-libsensors=no,lmsensors PACKAGECONFIG[amqp] = --enable-amqp --with-librabbitmq=yes, \ --disable-amqp --with-librabbitmq=no,rabbitmq-c -# protobuf-c that is currently only available in meta-virtualization layer +# protobuf-c, libvirt that are currently only available in meta-virtualization layer PACKAGECONFIG[pinba] = --enable-pinba,--disable-pinba,protobuf-c-native protobuf-c +PACKAGECONFIG[libvirt] = --enable-libvirt,--disable-libvirt,libvirt +PACKAGECONFIG[libesmtp] = --with-libesmtp,--without-libesmtp,libesmtp EXTRA_OECONF = \ ${FPLAYOUT} \ -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-webserver] phpmyadmin: don't install patches
From: Wenzong Fan wenzong@windriver.com Don't install local patch files to target. Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb |2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb index 49ca7da..7cc3604 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb @@ -21,6 +21,8 @@ inherit allarch do_install() { install -d ${D}${datadir}/${BPN} cp -a * ${D}${datadir}/${BPN} +# Don't install patches to target +rm -rf ${D}${datadir}/${BPN}/patches install -d ${D}${sysconfdir}/apache2/conf.d install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf -- 1.7.10.4 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] collectd: add PACKAGECONFIG for libvirt
From: Wenzong Fan wenzong@windriver.com Add PACKAGECONFIG for 'libvirt', otherwise there would be warnings like below: WARN: collectd: collectd rdepends on libvirt, but it isn't a build dependency? Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-oe/recipes-extended/collectd/collectd_5.4.1.bb |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-oe/recipes-extended/collectd/collectd_5.4.1.bb b/meta-oe/recipes-extended/collectd/collectd_5.4.1.bb index 46752c8..6e82bbc 100644 --- a/meta-oe/recipes-extended/collectd/collectd_5.4.1.bb +++ b/meta-oe/recipes-extended/collectd/collectd_5.4.1.bb @@ -35,8 +35,9 @@ PACKAGECONFIG[sensors] = --enable-sensors --with-libsensors=yes, \ --disable-sensors --with-libsensors=no,lmsensors PACKAGECONFIG[amqp] = --enable-amqp --with-librabbitmq=yes, \ --disable-amqp --with-librabbitmq=no,rabbitmq-c -# protobuf-c that is currently only available in meta-virtualization layer +# protobuf-c, libvirt that are currently only available in meta-virtualization layer PACKAGECONFIG[pinba] = --enable-pinba,--disable-pinba,protobuf-c-native protobuf-c +PACKAGECONFIG[libvirt] = --enable-libvirt,--disable-libvirt,libvirt EXTRA_OECONF = \ ${FPLAYOUT} \ -- 1.7.10.4 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] ltrace: add PACKAGECONFIG for selinux
From: Wenzong Fan wenzong@windriver.com Add PACKAGECONFIG for 'selinux', otherwise there would be warnings like below: WARN: ltrace: ltrace rdepends on libselinux, but it isn't a build dependency? Signed-off-by: Wenzong Fan wenzong@windriver.com --- ...onfigure-allow-to-disable-selinux-support.patch | 36 meta-oe/recipes-devtools/ltrace/ltrace_git.bb |3 ++ 2 files changed, 39 insertions(+) create mode 100644 meta-oe/recipes-devtools/ltrace/ltrace/configure-allow-to-disable-selinux-support.patch diff --git a/meta-oe/recipes-devtools/ltrace/ltrace/configure-allow-to-disable-selinux-support.patch b/meta-oe/recipes-devtools/ltrace/ltrace/configure-allow-to-disable-selinux-support.patch new file mode 100644 index 000..4f89d8f --- /dev/null +++ b/meta-oe/recipes-devtools/ltrace/ltrace/configure-allow-to-disable-selinux-support.patch @@ -0,0 +1,36 @@ +From 887a403e38f590ebf1d04ce600d94cb7a351744c Mon Sep 17 00:00:00 2001 +From: Wenzong Fan wenzong@windriver.com +Date: Mon, 1 Dec 2014 00:57:42 -0500 +Subject: [PATCH] ltrace: allow to enable/disable selinux support + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan wenzong@windriver.com +--- + configure.ac | 10 -- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 6fe5e3b..189885a 100644 +--- a/configure.ac b/configure.ac +@@ -125,8 +125,14 @@ AC_SUBST(libstdcxx_LIBS) + + + dnl Check security_get_boolean_active availability. +-AC_CHECK_HEADERS(selinux/selinux.h) +-AC_CHECK_LIB(selinux, security_get_boolean_active) ++AC_ARG_ENABLE([selinux], ++AS_HELP_STRING([--enable-selinux],[enable SELinux support [default=auto]]), ++[], [enable_selinux=auto]) ++ ++if test x$enable_selinux != xno; then ++AC_CHECK_HEADERS(selinux/selinux.h) ++AC_CHECK_LIB(selinux, security_get_boolean_active) ++fi + + dnl Whether (and which) elfutils libdw.so to use for unwinding. + AC_ARG_WITH(elfutils, +-- +1.7.9.5 + diff --git a/meta-oe/recipes-devtools/ltrace/ltrace_git.bb b/meta-oe/recipes-devtools/ltrace/ltrace_git.bb index 507747a..6984848 100644 --- a/meta-oe/recipes-devtools/ltrace/ltrace_git.bb +++ b/meta-oe/recipes-devtools/ltrace/ltrace_git.bb @@ -17,12 +17,15 @@ DEPENDS = elfutils RDEPENDS_${PN} = elfutils SRC_URI = git://anonscm.debian.org/collab-maint/ltrace.git \ file://ltrace-0.7.2-unused-typedef.patch \ + file://configure-allow-to-disable-selinux-support.patch \ S = ${WORKDIR}/git inherit autotools +PACKAGECONFIG ?= ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} PACKAGECONFIG[unwind] = --with-libunwind,--without-libunwind,libunwind +PACKAGECONFIG[selinux] = --enable-selinux,--disable-selinux,libselinux,libselinux do_configure_prepend () { ( cd ${S}; ./autogen.sh ) -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-webserver] apache2: add PACKAGECONFIG for selinux
From: Wenzong Fan wenzong@windriver.com Add PACKAGECONFIG for 'selinux', otherwise there would be warnings like below: WARN: apache2: apache2 rdepends on libselinux, but it isn't a build dependency? Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../recipes-httpd/apache2/apache2_2.4.10.bb|4 ++ ...onfigure-allow-to-disable-selinux-support.patch | 40 2 files changed, 44 insertions(+) create mode 100644 meta-webserver/recipes-httpd/apache2/files/configure-allow-to-disable-selinux-support.patch diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb index d79d40b..55d507f 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb @@ -17,6 +17,7 @@ SRC_URI = http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ file://npn-patch-2.4.7.patch \ file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ + file://configure-allow-to-disable-selinux-support.patch \ file://init \ file://apache2-volatile.conf \ file://apache2.service \ @@ -58,6 +59,9 @@ EXTRA_OECONF = --enable-ssl \ --enable-mpms-shared \ ac_cv_have_threadsafe_pollset=no +PACKAGECONFIG ?= ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} +PACKAGECONFIG[selinux] = --enable-selinux,--disable-selinux,libselinux,libselinux + do_install_append() { install -d ${D}/${sysconfdir}/init.d cat ${WORKDIR}/init | \ diff --git a/meta-webserver/recipes-httpd/apache2/files/configure-allow-to-disable-selinux-support.patch b/meta-webserver/recipes-httpd/apache2/files/configure-allow-to-disable-selinux-support.patch new file mode 100644 index 000..5b5c297 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/configure-allow-to-disable-selinux-support.patch @@ -0,0 +1,40 @@ +From d23dd33e373340f6fddf11904839d1a118824401 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan wenzong@windriver.com +Date: Mon, 1 Dec 2014 02:08:27 -0500 +Subject: [PATCH] apache2: allow to disable selinux support + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan wenzong@windriver.com +--- + configure.in | 14 ++ + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/configure.in b/configure.in +index df94ee5..8c3ab21 100644 +--- a/configure.in b/configure.in +@@ -466,10 +466,16 @@ getloadavg + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + +-AC_CHECK_LIB(selinux, is_selinux_enabled, [ +- AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) +- APR_ADDTO(AP_LIBS, [-lselinux]) +-]) ++# SELinux support ++AC_ARG_ENABLE(selinux,APACHE_HELP_STRING(--enable-selinux,Enable SELinux support [default=auto]), ++[],[enable_selinux=auto]) ++ ++if test x$enable_selinux != xno; then ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++APR_ADDTO(AP_LIBS, [-lselinux]) ++]) ++fi + + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE +-- +1.7.9.5 + -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] sethdlc: fix host contamination
From: Wenzong Fan wenzong@windriver.com * Clean INCLUDES to fix the host contamination errors: In file included from /usr/src/linux/include/linux/posix_types.h:47:0, from /usr/src/linux/include/linux/types.h:17, from /usr/src/linux/include/linux/if.h:22, from sethdlc.c:23: /usr/src/linux/include/asm-generic/posix_types.h:91:3: \ error: conflicting types for '__kernel_fsid_t' } __kernel_fsid_t; ^ .../tmp/sysroots/qemumips/usr/include/asm/posix_types.h:26:3: \ note: previous declaration of '__kernel_fsid_t' was here } __kernel_fsid_t; ^ * Correct LIC_FILES_CHKSUM to checkout license infos from sethdl.c instead of Makefile. Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../files/sethdlc-fix-host-contamination.patch | 42 .../recipes-connectivity/sethdlc/sethdlc.bb|3 +- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-connectivity/sethdlc/files/sethdlc-fix-host-contamination.patch diff --git a/meta-networking/recipes-connectivity/sethdlc/files/sethdlc-fix-host-contamination.patch b/meta-networking/recipes-connectivity/sethdlc/files/sethdlc-fix-host-contamination.patch new file mode 100644 index 000..f25a02c --- /dev/null +++ b/meta-networking/recipes-connectivity/sethdlc/files/sethdlc-fix-host-contamination.patch @@ -0,0 +1,42 @@ +From 9a9137c3df5309ac359737d6ebd67fb4ff5f3cf2 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan wenzong@windriver.com +Date: Mon, 24 Nov 2014 22:05:18 -0500 +Subject: [PATCH] sethdlc: fix host contamination + +Clean INCLUDES to fix the host contamination errors: + + In file included from /usr/src/linux/include/linux/posix_types.h:47:0, + from /usr/src/linux/include/linux/types.h:17, + from /usr/src/linux/include/linux/if.h:22, + from sethdlc.c:23: + /usr/src/linux/include/asm-generic/posix_types.h:91:3: \ +error: conflicting types for '__kernel_fsid_t' + } __kernel_fsid_t; + ^ + .../tmp/sysroots/qemumips/usr/include/asm/posix_types.h:26:3: \ +note: previous declaration of '__kernel_fsid_t' was here + } __kernel_fsid_t; + ^ + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan wenzong@windriver.com +--- + Makefile |2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 0492f2b..97dec22 100644 +--- a/Makefile b/Makefile +@@ -1,6 +1,6 @@ + CC = gcc + CFLAGS = -O2 -Wall -W -Wno-long-long -pipe +-INCLUDES = -I/usr/src/linux/include -I/usr/src/linux-2.6/include ++INCLUDES = + + all: sethdlc + +-- +1.7.9.5 + diff --git a/meta-networking/recipes-connectivity/sethdlc/sethdlc.bb b/meta-networking/recipes-connectivity/sethdlc/sethdlc.bb index cf74827..5e8d9d9 100644 --- a/meta-networking/recipes-connectivity/sethdlc/sethdlc.bb +++ b/meta-networking/recipes-connectivity/sethdlc/sethdlc.bb @@ -1,10 +1,11 @@ DESCRIPTION = set Linux HDLC packet radio modem driver port information HOMEPAGE = https://www.kernel.org/pub/linux/utils/net/hdlc; LICENSE = GPLv2 GPLv2+ -LIC_FILES_CHKSUM = file://Makefile;md5=19aada31930b2be84bf7138420d77263 +LIC_FILES_CHKSUM = file://sethdlc.c;endline=10;md5=90f936879e9f8b755a138aeb348782eb SRC_URI = https://www.kernel.org/pub/linux/utils/net/hdlc/${BPN}-1.18.tar.gz \ + file://sethdlc-fix-host-contamination.patch \ SRC_URI[md5sum] = 9016878156a5eadb06c0bae71cc5c9ab SRC_URI[sha256sum] = 21b1e2e1cb0e288b0ec8fcfd9fed449914e0f8e6fc273706bd5b3d4f6ab6b04e -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1][meta-oe] krb5: fix CVE-2014-5351
From: Wenzong Fan wenzong@windriver.com The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authentic- ated users to forge tickets by leveraging administrative access. This back-ported patch fixes CVE-2014-5351. The following changes since commit c78eca1ea7452a62f86b740ec59f1cd39e399d73: postfix: create or update aliases.db when using systemd (2014-11-10 15:18:55 -0500) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/cve-krb5 http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/cve-krb5 Wenzong Fan (1): krb5: fix CVE-2014-5351 ...rn-only-new-keys-in-randkey-CVE-2014-5351.patch | 92 meta-oe/recipes-connectivity/krb5/krb5_1.12.2.bb |1 + 2 files changed, 93 insertions(+) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1][meta-oe] krb5: fix CVE-2014-5351
From: Wenzong Fan wenzong@windriver.com The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authentic- ated users to forge tickets by leveraging administrative access. This back-ported patch fixes CVE-2014-5351. Signed-off-by: Wenzong Fan wenzong@windriver.com --- ...rn-only-new-keys-in-randkey-CVE-2014-5351.patch | 92 meta-oe/recipes-connectivity/krb5/krb5_1.12.2.bb |1 + 2 files changed, 93 insertions(+) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch diff --git a/meta-oe/recipes-connectivity/krb5/krb5/0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch b/meta-oe/recipes-connectivity/krb5/krb5/0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch new file mode 100644 index 000..0852661 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch @@ -0,0 +1,92 @@ +From af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca Mon Sep 17 00:00:00 2001 +From: Greg Hudson ghud...@mit.edu +Date: Thu, 21 Aug 2014 13:52:07 -0400 +Subject: [PATCH] Return only new keys in randkey [CVE-2014-5351] + +In kadmind's randkey operation, if a client specifies the keepold +flag, do not include the preserved old keys in the response. + +CVE-2014-5351: + +An authenticated remote attacker can retrieve the current keys for a +service principal when generating a new set of keys for that +principal. The attacker needs to be authenticated as a user who has +the elevated privilege for randomizing the keys of other principals. + +Normally, when a Kerberos administrator randomizes the keys of a +service principal, kadmind returns only the new keys. This prevents +an administrator who lacks legitimate privileged access to a service +from forging tickets to authenticate to that service. If the +keepold flag to the kadmin randkey RPC operation is true, kadmind +retains the old keys in the KDC database as intended, but also +unexpectedly returns the old keys to the client, which exposes the +service to ticket forgery attacks from the administrator. + +A mitigating factor is that legitimate clients of the affected service +will start failing to authenticate to the service once they begin to +receive service tickets encrypted in the new keys. The affected +service will be unable to decrypt the newly issued tickets, possibly +alerting the legitimate administrator of the affected service. + +CVSSv2: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C + +[t...@mit.edu: CVE description and CVSS score] + +ticket: 8018 (new) +target_version: 1.13 +tags: pullup + +Upstream-Status: Backport +--- + src/lib/kadm5/srv/svr_principal.c | 21 ++--- + 1 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/lib/kadm5/srv/svr_principal.c b/lib/kadm5/srv/svr_principal.c +index 5d358bd..d4e74cc 100644 +--- a/lib/kadm5/srv/svr_principal.c b/lib/kadm5/srv/svr_principal.c +@@ -344,6 +344,20 @@ check_1_6_dummy(kadm5_principal_ent_t entry, long mask, + *passptr = NULL; + } + ++/* Return the number of keys with the newest kvno. Assumes that all key data ++ * with the newest kvno are at the front of the key data array. */ ++static int ++count_new_keys(int n_key_data, krb5_key_data *key_data) ++{ ++int n; ++ ++for (n = 1; n n_key_data; n++) { ++if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno) ++return n; ++} ++return n_key_data; ++} ++ + kadm5_ret_t + kadm5_create_principal(void *server_handle, +kadm5_principal_ent_t entry, long mask, +@@ -1593,7 +1607,7 @@ kadm5_randkey_principal_3(void *server_handle, + osa_princ_ent_rec adb; + krb5_int32 now; + kadm5_policy_ent_recpol; +-int ret, last_pwd; ++int ret, last_pwd, n_new_keys; + krb5_booleanhave_pol = FALSE; + kadm5_server_handle_t handle = server_handle; + krb5_keyblock *act_mkey; +@@ -1686,8 +1700,9 @@ kadm5_randkey_principal_3(void *server_handle, + kdb-fail_auth_count = 0; + + if (keyblocks) { +-ret = decrypt_key_data(handle-context, +- kdb-n_key_data, kdb-key_data, ++/* Return only the new keys added by krb5_dbe_crk. */ ++n_new_keys = count_new_keys(kdb-n_key_data, kdb-key_data); ++ret = decrypt_key_data(handle-context, n_new_keys, kdb-key_data, +keyblocks, n_keys); + if (ret) + goto done; +-- +1.7.4.1 + diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.12.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.12.2.bb index f3f16b9..c492496 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.12.2.bb +++
[oe] [PATCH 0/1][meta-networking] ntp: add status for initscript
From: Wenzong Fan wenzong@windriver.com Get /etc/init.d/ntpd support options 'status'. The following changes since commit 71d2fe7c9e2681fede255d7f5b430d63a122ab18: vim: add ncurses-terminfo-base as a runtime dependency (2014-10-18 10:47:43 +0200) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/ntpd-status http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/ntpd-status Wenzong Fan (1): ntp: add status for initscript meta-networking/recipes-support/ntp/files/ntpd |9 - 1 file changed, 8 insertions(+), 1 deletion(-) -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1][meta-networking] ntp: add status for initscript
From: Wenzong Fan wenzong@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-networking/recipes-support/ntp/files/ntpd |9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/meta-networking/recipes-support/ntp/files/ntpd b/meta-networking/recipes-support/ntp/files/ntpd index 3cd1c6c..d1b9c49 100755 --- a/meta-networking/recipes-support/ntp/files/ntpd +++ b/meta-networking/recipes-support/ntp/files/ntpd @@ -20,6 +20,9 @@ test -x $DAEMON -a -r /etc/ntp.conf || exit 0 # rcS contains TICKADJ test -r /etc/default/rcS . /etc/default/rcS +# Source function library. +. /etc/init.d/functions + # Functions to do individual actions settick(){ # If TICKADJ is set we *must* adjust it before we start, because the @@ -68,8 +71,12 @@ case $1 in stopdaemon startdaemon ;; + status) + status /usr/sbin/ntpd; + exit $? + ;; *) - echo Usage: ntpd { start | stop | restart | reload } 2 + echo Usage: ntpd { start | stop | status | restart | reload } 2 exit 1 ;; esac -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1][meta-oe] rsnapshot: fix rsnapshot.conf.default
From: Wenzong Fan wenzong@windriver.com This change is used for fixing cmd path in rsnapshot.conf.default. The options --without-* disable checking command * on host and get the default path used, otherwise the host path will be injected into target configs. The runtime dependencies to ssh, logger, cp, du are optional and could be customized in rsnapshot.conf, so it's not needed that using PACKAGECONFIG to define the runtime dependencies. Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../rsnapshot/configure-fix-cmd_rsync.patch| 44 meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb | 12 +- 2 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 meta-oe/recipes-support/rsnapshot/rsnapshot/configure-fix-cmd_rsync.patch diff --git a/meta-oe/recipes-support/rsnapshot/rsnapshot/configure-fix-cmd_rsync.patch b/meta-oe/recipes-support/rsnapshot/rsnapshot/configure-fix-cmd_rsync.patch new file mode 100644 index 000..7b2361b --- /dev/null +++ b/meta-oe/recipes-support/rsnapshot/rsnapshot/configure-fix-cmd_rsync.patch @@ -0,0 +1,44 @@ +From 26ad431e19788898fb4ed19ff91392e8b20f1bab Mon Sep 17 00:00:00 2001 +From: Wenzong Fan wenzong@windriver.com +Date: Thu, 16 Oct 2014 04:06:55 -0400 +Subject: [PATCH] fix cmd_rsync + +Don't break configure if rsync is not installed on host. + +rsync is a runtime dependency and this change is only used for +generating rsnapshot.conf.default. It allows cmd_rsync to use +default path if options --without-rsync is specfied. + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan wenzong@windriver.com +--- + configure.ac |5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index bc9df9e..2a33d29 100644 +--- a/configure.ac b/configure.ac +@@ -55,7 +55,7 @@ AC_ARG_WITH(rsync, + AC_MSG_ERROR(rsync not found) + fi + else +- AC_MSG_ERROR(rsync is required) ++ RSYNC=no + fi + ] + ) +@@ -67,7 +67,8 @@ if test $RSYNC = ; then + fi + dnl bail out if we can't find it + if test $RSYNC = no; then +- AC_MSG_ERROR(rsync is required) ++ RSYNC=/usr/bin/rsync ++ AC_SUBST(CMD_RSYNC, cmd_rsync $RSYNC) + fi + + +-- +1.7.9.5 + diff --git a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb index afd3678..3f919b5 100644 --- a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb +++ b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb @@ -24,11 +24,19 @@ SRCREV = 1047cbb57937c29233388e2fcd847fecd3babe74 PV = 1.3.1+git${SRCPV} SRC_URI = git://github.com/DrHyde/${BPN};branch=master;protocol=git \ + file://configure-fix-cmd_rsync.patch \ S = ${WORKDIR}/git inherit autotools -PACKAGECONFIG ??= logger -PACKAGECONFIG[logger] = --with-logger=${bindir}/logger,--without-logger,,util-linux +# Fix rsnapshot.conf.default: +# don't inject the host path into target configs. +EXTRA_OECONF += --without-cp \ + --without-rm \ + --without-du \ + --without-ssh \ + --without-logger \ + --without-rsync \ + -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1][meta-oe] rsnapshot: fix rsnapshot.conf.default
From: Wenzong Fan wenzong@windriver.com This change is used for fixing cmd path in rsnapshot.conf.default. The options --without-* disable checking command * on host and get the default path used, otherwise the host path will be injected into target configs. The runtime dependencies to ssh, logger, cp, du are optional and could be customized in rsnapshot.conf, so it's not needed that using PACKAGECONFIG to define the runtime dependencies. The following changes since commit fa04f43dee6994bb63374995a6444e72d65bc658: libgphoto2: add bash to RDEPENDS (2014-10-16 07:01:01 +0200) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/fix-rsnapshot http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/fix-rsnapshot Wenzong Fan (1): rsnapshot: fix rsnapshot.conf.default .../rsnapshot/configure-fix-cmd_rsync.patch| 44 meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb | 12 +- 2 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 meta-oe/recipes-support/rsnapshot/rsnapshot/configure-fix-cmd_rsync.patch -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1 v3][meta-networking] ntp: fix path to drift file
From: Wenzong Fan wenzong@windriver.com The default path of ntp drift file is /etc/ntp.drift, ntp daemon maybe fails to create this file since the user ntp is not always permitted to write /etc. Refer to other distributions such as RedHat, Debian, just moving the file to /var/lib/ntp which the home dir of user ntp. Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-networking/recipes-support/ntp/files/ntp.conf |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-networking/recipes-support/ntp/files/ntp.conf b/meta-networking/recipes-support/ntp/files/ntp.conf index 875b7eb..676e186 100644 --- a/meta-networking/recipes-support/ntp/files/ntp.conf +++ b/meta-networking/recipes-support/ntp/files/ntp.conf @@ -1,7 +1,7 @@ # This is the most basic ntp configuration file # The driftfile must remain in a place specific to this # machine - it records the machine specific clock error -driftfile /etc/ntp.drift +driftfile /var/lib/ntp/drift # This should be a server that is close (in IP terms) # to the machine. Add other servers as required. # Unless you un-comment the line below ntpd will sync -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1 v3][meta-networking] ntp: fix path to drift file
From: Wenzong Fan wenzong@windriver.com v3 changes: * Update the drift file path in recipes-support/ntp/files/ntp.conf; * Drop the logic for creating /var/lib/ntp, This addressed by Peter A. Bigot's patch: [oe] [meta-networking][PATCH] ntp: create and package ntp home directory The following changes since commit a4bdcbdbca05bbb4a452e06982038f0a38bcb91f: openldap: use PN for PACKAGES_DYNAMIC (2014-10-10 12:47:35 +0200) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/ntp-fix http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/ntp-fix Wenzong Fan (1): ntp: fix path to drift file meta-networking/recipes-support/ntp/files/ntp.conf |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1 v2][meta-networking] ntp: fix path to drift file
From: Wenzong Fan wenzong@windriver.com v2 changes: Update the commit logs: --- * fix the path to drift file: The default path of ntp drift file is /etc/ntp.drift, ntp daemon maybe fails to create this file since the user ntp is not always permitted to write /etc. Refer to other distributions such as RedHat, Debian, just moving the file to /var/lib/ntp which the home dir of user ntp. * add tmpfile support: Make sure the /var/lib/ntp is always created by sysvinit/systemd. The following changes since commit a4bdcbdbca05bbb4a452e06982038f0a38bcb91f: openldap: use PN for PACKAGES_DYNAMIC (2014-10-10 12:47:35 +0200) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/ntp-fix http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/ntp-fix Wenzong Fan (1): ntp: fix path to drift file meta-networking/recipes-support/ntp/ntp.inc | 15 +++ 1 file changed, 15 insertions(+) -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1 v2][meta-networking] ntp: fix path to drift file
From: Wenzong Fan wenzong@windriver.com * fix the path to drift file: The default path of ntp drift file is /etc/ntp.drift, ntp daemon maybe fails to create this file since the user ntp is not always permitted to write /etc. Refer to other distributions such as RedHat, Debian, just moving the file to /var/lib/ntp which the home dir of user ntp. * add tmpfile support: Make sure the /var/lib/ntp is always created by sysvinit/systemd. Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-networking/recipes-support/ntp/ntp.inc | 15 +++ 1 file changed, 15 insertions(+) diff --git a/meta-networking/recipes-support/ntp/ntp.inc b/meta-networking/recipes-support/ntp/ntp.inc index f55a39a..f685274 100644 --- a/meta-networking/recipes-support/ntp/ntp.inc +++ b/meta-networking/recipes-support/ntp/ntp.inc @@ -53,6 +53,7 @@ PACKAGECONFIG[debug] = --enable-debugging,--disable-debugging do_install_append() { install -d ${D}${sysconfdir}/init.d install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} +sed -i 's!/etc/ntp.drift!/var/lib/ntp/drift!g' ${D}${sysconfdir}/ntp.conf install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d install -d ${D}${bindir} install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync @@ -72,6 +73,18 @@ do_install_append() { install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ +# Create tmpfiles +if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then +install -d ${D}/${sysconfdir}/default/volatiles +echo d ntp ntp 0755 /var/lib/ntp none \ + ${D}/${sysconfdir}/default/volatiles/99_ntpd +fi +if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then +install -d ${D}${sysconfdir}/tmpfiles.d +echo d /var/lib/ntp 0755 ntp ntp - \ + ${D}${sysconfdir}/tmpfiles.d/99-ntpd.conf +fi + install -d ${D}/${sysconfdir}/network/if-up.d ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d @@ -112,6 +125,8 @@ RSUGGESTS_${PN} = iana-etc FILES_${PN} = ${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \ ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ +${sysconfdir}/default/volatiles \ +${sysconfdir}/tmpfiles.d \ FILES_${PN}-tickadj = ${sbindir}/tickadj FILES_${PN}-utils = ${sbindir} -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1][meta-networking] ntp: fix path to driftfile
From: Wenzong Fan wenzong@windriver.com Default path to driftfile is /etc/ntp.drift, that doesn't work since ntp daemon is always started with ntp user. It should be created at the home directory of ntp which is /var/lib/ntp/. Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-networking/recipes-support/ntp/ntp.inc | 15 +++ 1 file changed, 15 insertions(+) diff --git a/meta-networking/recipes-support/ntp/ntp.inc b/meta-networking/recipes-support/ntp/ntp.inc index f55a39a..f685274 100644 --- a/meta-networking/recipes-support/ntp/ntp.inc +++ b/meta-networking/recipes-support/ntp/ntp.inc @@ -53,6 +53,7 @@ PACKAGECONFIG[debug] = --enable-debugging,--disable-debugging do_install_append() { install -d ${D}${sysconfdir}/init.d install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} +sed -i 's!/etc/ntp.drift!/var/lib/ntp/drift!g' ${D}${sysconfdir}/ntp.conf install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d install -d ${D}${bindir} install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync @@ -72,6 +73,18 @@ do_install_append() { install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ +# Create tmpfiles +if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then +install -d ${D}/${sysconfdir}/default/volatiles +echo d ntp ntp 0755 /var/lib/ntp none \ + ${D}/${sysconfdir}/default/volatiles/99_ntpd +fi +if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then +install -d ${D}${sysconfdir}/tmpfiles.d +echo d /var/lib/ntp 0755 ntp ntp - \ + ${D}${sysconfdir}/tmpfiles.d/99-ntpd.conf +fi + install -d ${D}/${sysconfdir}/network/if-up.d ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d @@ -112,6 +125,8 @@ RSUGGESTS_${PN} = iana-etc FILES_${PN} = ${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \ ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ +${sysconfdir}/default/volatiles \ +${sysconfdir}/tmpfiles.d \ FILES_${PN}-tickadj = ${sbindir}/tickadj FILES_${PN}-utils = ${sbindir} -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1][meta-networking] ntp: fix path to driftfile
From: Wenzong Fan wenzong@windriver.com Default path to driftfile is /etc/ntp.drift, that doesn't work since ntp daemon is always started with ntp user. It should be created at the home directory of ntp which is /var/lib/ntp/. The following changes since commit 17ff23b4a4a0e5ed7efde107fb00296f1ebd5fdd: xf86-video-geode: fix build with new glibc-2.20 (2014-10-06 01:07:53 +0200) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/ntp http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/ntp Wenzong Fan (1): ntp: fix path to driftfile meta-networking/recipes-support/ntp/ntp.inc | 15 +++ 1 file changed, 15 insertions(+) -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1][meta-oe] rsnapshot: add new package
From: Wenzong Fan wenzong@windriver.com rsnapshot is a filesystem snapshot utility based on rsync. rsnapshot makes it easy to make periodic snapshots of local machines, and remote machines over ssh. The code makes extensive use of hard links whenever possible, to greatly reduce the disk space required. Homepage: http://www.rsnapshot.org/ The following changes since commit 0d01e1b72333f49c29d1a27ad844c4cd9f90341c: smartmontools: add systemd service file (2014-09-26 05:42:54 +0200) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/rsnapshot http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/rsnapshot Wenzong Fan (1): rsnapshot: add new package meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb | 34 1 file changed, 34 insertions(+) create mode 100644 meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1][meta-oe] rsnapshot: add new package
From: Wenzong Fan wenzong@windriver.com rsnapshot is a filesystem snapshot utility based on rsync. rsnapshot makes it easy to make periodic snapshots of local machines, and remote machines over ssh. The code makes extensive use of hard links whenever possible, to greatly reduce the disk space required. Homepage: http://www.rsnapshot.org/ Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb | 34 1 file changed, 34 insertions(+) create mode 100644 meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb diff --git a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb new file mode 100644 index 000..afd3678 --- /dev/null +++ b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb @@ -0,0 +1,34 @@ +SUMMARY = A filesystem snapshot utility based on rsync +HOMEPAGE = http://www.rsnapshot.org; +BUGTRACKER = https://sourceforge.net/projects/rsnapshot/; +SECTION = console/network + +LICENSE = GPLv2 +LIC_FILES_CHKSUM = file://COPYING;md5=892f569a555ba9c07a568a7c0c4fa63a + +RDEPENDS_${PN} = rsync \ + perl \ + perl-module-dirhandle \ + perl-module-cwd \ + perl-module-getopt-std \ + perl-module-file-path \ + perl-module-file-stat \ + perl-module-posix \ + perl-module-fcntl \ + perl-module-io-file \ + perl-module-constant \ + perl-module-overloading \ + + +SRCREV = 1047cbb57937c29233388e2fcd847fecd3babe74 +PV = 1.3.1+git${SRCPV} + +SRC_URI = git://github.com/DrHyde/${BPN};branch=master;protocol=git \ + + +S = ${WORKDIR}/git + +inherit autotools + +PACKAGECONFIG ??= logger +PACKAGECONFIG[logger] = --with-logger=${bindir}/logger,--without-logger,,util-linux -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1][meta-oe] imagemagick: do not install magick-baseconfig.h repeatedly
From: Wenzong Fan wenzong@windriver.com Both targets install-data-local install-includeHEADERS will install header file magick-baseconfig.h to the same location, and they might be run in the same time while enabling parallel build: * target dependencies: + install-data-am: ... install-data-local ... install-includeHEADERS * make install error: /usr/bin/install: cannot create regular file \ `.../usr/include/ImageMagick-6/magick/magick-baseconfig.h': \ File exists \ make[3]: *** [install-magickincarchHEADERS] Error 1 * reproduce the error: $ /usr/bin/install test /tmp /usr/bin/install test /tmp [1] 4052 /usr/bin/install: cannot create regular file `/tmp/test': File exists [1]+ Exit 1 /usr/bin/install test /tmp Just disable the one from install-data-local to remove this race issue. Signed-off-by: Wenzong Fan wenzong@windriver.com --- ...ot-install-magick-baseconfig.h-repeatedly.patch | 49 .../imagemagick/imagemagick_6.8.8.bb |1 + 2 files changed, 50 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/do-not-install-magick-baseconfig.h-repeatedly.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/do-not-install-magick-baseconfig.h-repeatedly.patch b/meta-oe/recipes-support/imagemagick/imagemagick/do-not-install-magick-baseconfig.h-repeatedly.patch new file mode 100644 index 000..114fb5e --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/do-not-install-magick-baseconfig.h-repeatedly.patch @@ -0,0 +1,49 @@ +From bbdd42384d0b5f3ccb11465f63d90097579a1897 Mon Sep 17 00:00:00 2001 +From: Konrad Scherer konrad.sche...@windriver.com +Date: Tue, 10 Jun 2014 15:43:16 +0800 +Subject: [PATCH] imagemagick: do not install magick-baseconfig.h repeatedly + +Both targets install-data-local install-includeHEADERS will install +header file magick-baseconfig.h to the same location, and they might +be run in the same time while enabling parallel build: + +* target dependencies: + + install-data-am: ... install-data-local ... install-includeHEADERS + +* make install error: + /usr/bin/install: cannot create regular file \ + `.../usr/include/ImageMagick-6/magick/magick-baseconfig.h': \ + File exists \ + make[3]: *** [install-magickincarchHEADERS] Error 1 + +* reproduce the error: + $ /usr/bin/install test /tmp /usr/bin/install test /tmp + [1] 4052 + /usr/bin/install: cannot create regular file `/tmp/test': File exists + [1]+ Exit 1 /usr/bin/install test /tmp + +Just disable the one from install-data-local to remove this race issue. + +Upstream-Status: pending + +Signed-off-by: Wenzong Fan wenzong@windriver.com +--- + magick/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/Makefile.am b/magick/Makefile.am +index 2f72461..e45466c 100644 +--- a/magick/Makefile.am b/magick/Makefile.am +@@ -468,7 +468,7 @@ MAGICK_EXTRA_DIST = \ + magick/xwdfile.h_vms + + # Install magick-baseconfig.h +-MAGICK_INSTALL_DATA_LOCAL_TARGETS = magick-install-data-local ++MAGICK_INSTALL_DATA_LOCAL_TARGETS = + magick-install-data-local: + $(mkinstalldirs) $(DESTDIR)$(magickincarchdir) + $(INSTALL_HEADER) magick/magick-baseconfig.h $(DESTDIR)$(magickincarchdir)/magick-baseconfig.h +-- +1.8.2.1 + diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_6.8.8.bb b/meta-oe/recipes-support/imagemagick/imagemagick_6.8.8.bb index 31207da..847ab34 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_6.8.8.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_6.8.8.bb @@ -8,6 +8,7 @@ DEPENDS = lcms bzip2 jpeg libpng librsvg tiff zlib fftw freetype PATCHSET = 10 SRC_URI = http://www.imagemagick.org/download/legacy/ImageMagick-${PV}-${PATCHSET}.tar.bz2 \ file://remove.dist-lzip.patch \ + file://do-not-install-magick-baseconfig.h-repeatedly.patch \ SRC_URI[md5sum] = a3a0fa301965d6fde68fccd066f62b0b SRC_URI[sha256sum] = 8c0982b2bc0c1cea8ac9627b4e1e5d37f8171ef8282ee09aef32529cf68e1820 -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1][meta-oe] imagemagick: do not install magick-baseconfig.h repeatedly
From: Wenzong Fan wenzong@windriver.com Both targets install-data-local install-includeHEADERS will install header file magick-baseconfig.h to the same location, and they might be run in the same time while enabling parallel build: * target dependencies: + install-data-am: ... install-data-local ... install-includeHEADERS * make install error: /usr/bin/install: cannot create regular file \ `.../usr/include/ImageMagick-6/magick/magick-baseconfig.h': \ File exists \ make[3]: *** [install-magickincarchHEADERS] Error 1 * reproduce the error: $ /usr/bin/install test /tmp /usr/bin/install test /tmp [1] 4052 /usr/bin/install: cannot create regular file `/tmp/test': File exists [1]+ Exit 1 /usr/bin/install test /tmp Just disable the one from install-data-local to remove this race issue. The following changes since commit 28e26a9b0ad37d0c92ba42b2727215eef1edf5a2: tcpslice: add recipe under tcpdump (2014-09-09 10:32:51 -0400) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/imagemagick http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/imagemagick Wenzong Fan (1): imagemagick: do not install magick-baseconfig.h repeatedly ...ot-install-magick-baseconfig.h-repeatedly.patch | 49 .../imagemagick/imagemagick_6.8.8.bb |1 + 2 files changed, 50 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/do-not-install-magick-baseconfig.h-repeatedly.patch -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 2/2][meta-oe] talloc: fixes for sstate cache reuse
From: Robert Yang liezhi.y...@windriver.com Fixes for sstate cache reuse between different build dirs. The ${SWIGLIBDIR##${STAGING_DIR_NATIVE}} had confused bitbake, bitbake would add the SWIGLIBDIR##${STAGING_DIR_NATIVE} to the deps of do_install, which caused the sstate cached can't be re-used. Use another way for SWIGLIBDIR to fix the problem. Signed-off-by: Robert Yang liezhi.y...@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-oe/recipes-support/talloc/talloc_2.0.1.bb | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/talloc/talloc_2.0.1.bb b/meta-oe/recipes-support/talloc/talloc_2.0.1.bb index 9cf3e43..7bbfbc2 100644 --- a/meta-oe/recipes-support/talloc/talloc_2.0.1.bb +++ b/meta-oe/recipes-support/talloc/talloc_2.0.1.bb @@ -23,7 +23,15 @@ DEPENDS += swig-native do_install_prepend() { # Hack the way swig interface for talloc is installed # This hack is accompanied by install-swig-interface-in-SWINGLIBDIR.patch -type swig /dev/null 21 SWIGLIBDIR=`swig -swiglib` SWIGLIBDIR=`readlink -f ${SWIGLIBDIR}` SWIGLIBDIR=${SWIGLIBDIR##${STAGING_DIR_NATIVE}} export SWIGLIBDIR || echo No swig found +if which swig /dev/null; then +SWIGLIBDIR=$(echo $(readlink -f $(swig -swiglib)) | \ +sed -e 's#^${STAGING_DIR_NATIVE}##') +fi +if [ -n $SWIGLIBDIR ]; then +export SWIGLIBDIR +else +echo No swig found +fi } do_install_append() { -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/2][meta-oe] talloc: fixes for sstate cache reuse swig dependencies
From: Wenzong Fan wenzong@windriver.com Patch 2/2: Fixes for sstate cache reuse between different build dirs. The ${SWIGLIBDIR##${STAGING_DIR_NATIVE}} had confused bitbake, bitbake would add the SWIGLIBDIR##${STAGING_DIR_NATIVE} to the deps of do_install, which caused the sstate cached can't be re-used. Use another way for SWIGLIBDIR to fix the problem. Patch 1/2: * talloc: fix swig dependencies This patch had been sent before, to avoid merge conflict just put them to the same contrib branch. The following changes since commit 28e26a9b0ad37d0c92ba42b2727215eef1edf5a2: tcpslice: add recipe under tcpdump (2014-09-09 10:32:51 -0400) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/fix-talloc http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/fix-talloc Robert Yang (1): talloc: fixes for sstate cache reuse Wenzong Fan (1): talloc: fix swig dependencies .../install-swig-interface-in-SWINGLIBDIR.patch|2 +- meta-oe/recipes-support/talloc/talloc_2.0.1.bb | 13 +++-- 2 files changed, 12 insertions(+), 3 deletions(-) -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/2][meta-oe] talloc: fix swig dependencies
From: Wenzong Fan wenzong@windriver.com * depens on swig-native to make sure that the talloc.i always be installed; * remove relative path that from `swig -swiglib`: ${D}/usr/bin/../share - ${D}/usr/share This prevents 'install' from creraing empty dir: ${D}${bindir}; * fix the path to talloc.i for separate build. Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../install-swig-interface-in-SWINGLIBDIR.patch|2 +- meta-oe/recipes-support/talloc/talloc_2.0.1.bb |5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/meta-oe/recipes-support/talloc/talloc/install-swig-interface-in-SWINGLIBDIR.patch b/meta-oe/recipes-support/talloc/talloc/install-swig-interface-in-SWINGLIBDIR.patch index e1339a0..635c60e 100644 --- a/meta-oe/recipes-support/talloc/talloc/install-swig-interface-in-SWINGLIBDIR.patch +++ b/meta-oe/recipes-support/talloc/talloc/install-swig-interface-in-SWINGLIBDIR.patch @@ -17,7 +17,7 @@ Index: talloc-2.0.1/talloc.mk - which swig /dev/null 21 ${INSTALLCMD} -d $(DESTDIR)`swig -swiglib` || true - which swig /dev/null 21 ${INSTALLCMD} -m 644 talloc.i $(DESTDIR)`swig -swiglib` || true + which swig /dev/null 21 ${INSTALLCMD} -d $(DESTDIR)/$(SWIGLIBDIR) || true -+ which swig /dev/null 21 ${INSTALLCMD} -m 644 talloc.i $(DESTDIR)/$(SWIGLIBDIR) || true ++ which swig /dev/null 21 ${INSTALLCMD} -m 644 $(srcdir)/$(tallocdir)/talloc.i $(DESTDIR)/$(SWIGLIBDIR) || true doc:: talloc.3 talloc.3.html diff --git a/meta-oe/recipes-support/talloc/talloc_2.0.1.bb b/meta-oe/recipes-support/talloc/talloc_2.0.1.bb index 48c0915..9cf3e43 100644 --- a/meta-oe/recipes-support/talloc/talloc_2.0.1.bb +++ b/meta-oe/recipes-support/talloc/talloc_2.0.1.bb @@ -18,10 +18,12 @@ PR = r2 EXTRA_AUTORECONF = --exclude=autopoint --exclude=aclocal +DEPENDS += swig-native + do_install_prepend() { # Hack the way swig interface for talloc is installed # This hack is accompanied by install-swig-interface-in-SWINGLIBDIR.patch -type swig /dev/null 21 SWIGLIBDIR=`swig -swiglib` SWIGLIBDIR=${SWIGLIBDIR##${STAGING_DIR_NATIVE}} export SWIGLIBDIR || echo No swig found +type swig /dev/null 21 SWIGLIBDIR=`swig -swiglib` SWIGLIBDIR=`readlink -f ${SWIGLIBDIR}` SWIGLIBDIR=${SWIGLIBDIR##${STAGING_DIR_NATIVE}} export SWIGLIBDIR || echo No swig found } do_install_append() { @@ -29,7 +31,6 @@ do_install_append() { ln -s libtalloc.so.2.0.1 ${D}${libdir}/libtalloc.so.2.0 ln -s libtalloc.so.2.0 ${D}${libdir}/libtalloc.so.2 ln -s libtalloc.so.2 ${D}${libdir}/libtalloc.so -rmdir ${D}${bindir} } PACKAGES += ${PN}-swig -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1][meta-oe] talloc: fix swig dependencies
From: Wenzong Fan wenzong@windriver.com Changes include: * depens on swig-native to make sure that the talloc.i always be installed; * remove relative path that from `swig -swiglib`: ${D}/usr/bin/../share - ${D}/usr/share This prevents 'install' from creraing empty dir: ${D}${bindir}; * fix the path to talloc.i for separate build. The following changes since commit 28e26a9b0ad37d0c92ba42b2727215eef1edf5a2: tcpslice: add recipe under tcpdump (2014-09-09 10:32:51 -0400) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/talloc-swig http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/talloc-swig Wenzong Fan (1): talloc: fix swig dependencies .../install-swig-interface-in-SWINGLIBDIR.patch|2 +- meta-oe/recipes-support/talloc/talloc_2.0.1.bb |5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1][meta-oe] talloc: fix swig dependencies
From: Wenzong Fan wenzong@windriver.com * depens on swig-native to make sure that the talloc.i always be installed; * remove relative path that from `swig -swiglib`: ${D}/usr/bin/../share - ${D}/usr/share This prevents 'install' from creraing empty dir: ${D}${bindir}; * fix the path to talloc.i for separate build. Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../install-swig-interface-in-SWINGLIBDIR.patch|2 +- meta-oe/recipes-support/talloc/talloc_2.0.1.bb |5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/meta-oe/recipes-support/talloc/talloc/install-swig-interface-in-SWINGLIBDIR.patch b/meta-oe/recipes-support/talloc/talloc/install-swig-interface-in-SWINGLIBDIR.patch index e1339a0..635c60e 100644 --- a/meta-oe/recipes-support/talloc/talloc/install-swig-interface-in-SWINGLIBDIR.patch +++ b/meta-oe/recipes-support/talloc/talloc/install-swig-interface-in-SWINGLIBDIR.patch @@ -17,7 +17,7 @@ Index: talloc-2.0.1/talloc.mk - which swig /dev/null 21 ${INSTALLCMD} -d $(DESTDIR)`swig -swiglib` || true - which swig /dev/null 21 ${INSTALLCMD} -m 644 talloc.i $(DESTDIR)`swig -swiglib` || true + which swig /dev/null 21 ${INSTALLCMD} -d $(DESTDIR)/$(SWIGLIBDIR) || true -+ which swig /dev/null 21 ${INSTALLCMD} -m 644 talloc.i $(DESTDIR)/$(SWIGLIBDIR) || true ++ which swig /dev/null 21 ${INSTALLCMD} -m 644 $(srcdir)/$(tallocdir)/talloc.i $(DESTDIR)/$(SWIGLIBDIR) || true doc:: talloc.3 talloc.3.html diff --git a/meta-oe/recipes-support/talloc/talloc_2.0.1.bb b/meta-oe/recipes-support/talloc/talloc_2.0.1.bb index 48c0915..9cf3e43 100644 --- a/meta-oe/recipes-support/talloc/talloc_2.0.1.bb +++ b/meta-oe/recipes-support/talloc/talloc_2.0.1.bb @@ -18,10 +18,12 @@ PR = r2 EXTRA_AUTORECONF = --exclude=autopoint --exclude=aclocal +DEPENDS += swig-native + do_install_prepend() { # Hack the way swig interface for talloc is installed # This hack is accompanied by install-swig-interface-in-SWINGLIBDIR.patch -type swig /dev/null 21 SWIGLIBDIR=`swig -swiglib` SWIGLIBDIR=${SWIGLIBDIR##${STAGING_DIR_NATIVE}} export SWIGLIBDIR || echo No swig found +type swig /dev/null 21 SWIGLIBDIR=`swig -swiglib` SWIGLIBDIR=`readlink -f ${SWIGLIBDIR}` SWIGLIBDIR=${SWIGLIBDIR##${STAGING_DIR_NATIVE}} export SWIGLIBDIR || echo No swig found } do_install_append() { @@ -29,7 +31,6 @@ do_install_append() { ln -s libtalloc.so.2.0.1 ${D}${libdir}/libtalloc.so.2.0 ln -s libtalloc.so.2.0 ${D}${libdir}/libtalloc.so.2 ln -s libtalloc.so.2 ${D}${libdir}/libtalloc.so -rmdir ${D}${bindir} } PACKAGES += ${PN}-swig -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 0/1][meta-oe] talloc: ignore exit status of rmdir
From: Wenzong Fan wenzong@windriver.com * fix do_insall errors: rmdir: failed to remove `.../talloc/2.0.1-r2/image/usr/bin': \ No such file or directory The following changes since commit 46824934fa4ac6a61bebe2c92faa31c0a8e85392: meta-networking: Update layer dependency information (2014-09-08 16:34:25 -0400) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/fix-talloc http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/fix-talloc Wenzong Fan (1): talloc: ignore exit status of rmdir meta-oe/recipes-support/talloc/talloc_2.0.1.bb |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH 1/1][meta-oe] talloc: ignore exit status of rmdir
From: Wenzong Fan wenzong@windriver.com * fix do_insall errors: rmdir: failed to remove `.../talloc/2.0.1-r2/image/usr/bin': \ No such file or directory Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-oe/recipes-support/talloc/talloc_2.0.1.bb |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/talloc/talloc_2.0.1.bb b/meta-oe/recipes-support/talloc/talloc_2.0.1.bb index 48c0915..ed3e2c1 100644 --- a/meta-oe/recipes-support/talloc/talloc_2.0.1.bb +++ b/meta-oe/recipes-support/talloc/talloc_2.0.1.bb @@ -29,7 +29,7 @@ do_install_append() { ln -s libtalloc.so.2.0.1 ${D}${libdir}/libtalloc.so.2.0 ln -s libtalloc.so.2.0 ${D}${libdir}/libtalloc.so.2 ln -s libtalloc.so.2 ${D}${libdir}/libtalloc.so -rmdir ${D}${bindir} +rmdir ${D}${bindir} || true } PACKAGES += ${PN}-swig -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe][PATCH] postgresql: Use pkg-config for libxml2 dependency
From: Wenzong Fan wenzong@windriver.com Use pkg-config for the libxml2 dependency, not the -config script. Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../use-pkg-config-for-libxml2-dependency.patch| 44 .../recipes-support/postgresql/postgresql_9.2.4.bb |1 + 2 files changed, 45 insertions(+) create mode 100644 meta-oe/recipes-support/postgresql/postgresql-9.2.4/use-pkg-config-for-libxml2-dependency.patch diff --git a/meta-oe/recipes-support/postgresql/postgresql-9.2.4/use-pkg-config-for-libxml2-dependency.patch b/meta-oe/recipes-support/postgresql/postgresql-9.2.4/use-pkg-config-for-libxml2-dependency.patch new file mode 100644 index 000..d26701f --- /dev/null +++ b/meta-oe/recipes-support/postgresql/postgresql-9.2.4/use-pkg-config-for-libxml2-dependency.patch @@ -0,0 +1,44 @@ +From 744bbd99a779deac244cebc30f21db9b77946eab Mon Sep 17 00:00:00 2001 +From: Wenzong Fan wenzong@windriver.com +Date: Thu, 19 Jun 2014 22:34:21 -0400 +Subject: [PATCH] postgresql: Use pkg-config for libxml2 dependency + +Use pkg-config for the libxml2 dependency, not the -config script. + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan wenzong@windriver.com +--- + configure.in | 16 + 1 file changed, 4 insertions(+), 12 deletions(-) + +diff --git a/configure.in b/configure.in +index 3bf9728..d768e9f 100644 +--- a/configure.in b/configure.in +@@ -709,18 +709,10 @@ PGAC_ARG_BOOL(with, libxml, no, [build with XML support], + [AC_DEFINE([USE_LIBXML], 1, [Define to 1 to build with XML support. (--with-libxml)])]) + + if test $with_libxml = yes ; then +- AC_CHECK_PROGS(XML2_CONFIG, xml2-config) +- if test -n $XML2_CONFIG; then +-for pgac_option in `$XML2_CONFIG --cflags`; do +- case $pgac_option in +--I*|-D*) CPPFLAGS=$CPPFLAGS $pgac_option;; +- esac +-done +-for pgac_option in `$XML2_CONFIG --libs`; do +- case $pgac_option in +--L*) LDFLAGS=$LDFLAGS $pgac_option;; +- esac +-done ++ PKG_CHECK_MODULES(PKG_XML2, [libxml-2.0],,) ++ if test x$PKG_XML2_CFLAGS != x; then ++CPPFLAGS=$CPPFLAGS $PKG_XML2_CFLAGS ++LDFLAGS=$LDFLAGS $PKG_XML2_LIBS + fi + fi + +-- +1.7.9.5 + diff --git a/meta-oe/recipes-support/postgresql/postgresql_9.2.4.bb b/meta-oe/recipes-support/postgresql/postgresql_9.2.4.bb index 49ca53f..e45638d 100644 --- a/meta-oe/recipes-support/postgresql/postgresql_9.2.4.bb +++ b/meta-oe/recipes-support/postgresql/postgresql_9.2.4.bb @@ -7,6 +7,7 @@ PR = ${INC_PR}.0 SRC_URI += \ file://remove.autoconf.version.check.patch \ file://ecpg-parallel-make-fix.patch \ +file://use-pkg-config-for-libxml2-dependency.patch \ SRC_URI[md5sum] = 6ee5bb53b97da7c6ad9cb0825d3300dd -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-networking][PATCH 2/2] ntp: fix hardcode to /usr/bin/perl
From: Wenzong Fan wenzong@windriver.com This patch properly uses the path variables and fixes ntptrace and ntp-wait, just in case perl is not installed with the hardcode path. Signed-off-by: Rahat Mahbub rahat.mah...@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- meta-networking/recipes-support/ntp/ntp.inc |4 1 file changed, 4 insertions(+) diff --git a/meta-networking/recipes-support/ntp/ntp.inc b/meta-networking/recipes-support/ntp/ntp.inc index 9c3e0d1..d4adfd8 100644 --- a/meta-networking/recipes-support/ntp/ntp.inc +++ b/meta-networking/recipes-support/ntp/ntp.inc @@ -58,6 +58,10 @@ do_install_append() { sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync +sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace +sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace +sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait +sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait install -d ${D}/${sysconfdir}/default install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-networking][PATCH 1/2] vsftpd: fix install warning
From: Wenzong Fan wenzong@windriver.com WARNING: QA Issue: vsftpd: Files/directories were installed but not shipped /run /run/vsftpd /run/vsftpd/empty Signed-off-by: Li Wang li.w...@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../recipes-daemons/vsftpd/vsftpd_3.0.0.bb |9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb index 0698a63..2cf9ac3 100644 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb @@ -70,7 +70,6 @@ do_install() { sed -i s:/lib/security:${base_libdir}/security: ${D}${sysconfdir}/pam.d/vsftpd sed -i s:ftpusers:vsftpd.ftpusers: ${D}${sysconfdir}/pam.d/vsftpd fi -install -d ${D}${localstatedir}/run/vsftpd/empty } INITSCRIPT_PACKAGES = ${PN} @@ -82,3 +81,11 @@ USERADD_PARAM_${PN} = --system --home-dir /var/lib/ftp --no-create-home -g ftp --shell /bin/false ftp GROUPADD_PARAM_${PN} = -r ftp +pkg_postinst_${PN}() { + if [ -n $D ]; then + exit 0 + fi + if [ -e /etc/init.d/populate-volatile.sh ]; then + /etc/init.d/populate-volatile.sh update + fi +} -- 1.7.9.5 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-selinux][PATCH 00/10] selinux userspace: uprev packages to release 20131030
From: Wenzong Fan wenzong@windriver.com Changes: 1) Uprev selinux packages to release 20131030; 2) Fix build dependency to libsemanage; 3) Fix QA issues to policycoreutils; 4) Update LIC_FILES_CHKSUM for selinux packagegroups. Some Tests: 1) build test: - add meta-selinux path to conf/bblayers.conf; - add DISTRO_FEATURES_append= pam selinux to conf/local.conf; - build selinux image: $ bitbake core-image-selinux - add below configs to conf/local.conf and run image build: PREFERRED_VERSION_checkpolicy = 2.2+gitAUTOINC+edc2e99687 PREFERRED_VERSION_libselinux = 2.2+gitAUTOINC+edc2e99687 PREFERRED_VERSION_libsemanage = 2.2+gitAUTOINC+edc2e99687 PREFERRED_VERSION_libsepol = 2.2+gitAUTOINC+edc2e99687 PREFERRED_VERSION_policycoreutils = 2.2.5+gitAUTOINC+edc2e99687 PREFERRED_VERSION_sepolgen = 1.2.1+gitAUTOINC+edc2e99687 All builds successfully. 2) basic verification on target: $ runqemu qemux86 core-image-selinux ext3 nographic qemuparams=-m 1024 qemux86 login: root root@qemux86:~# id -Z root:sysadm_r:sysadm_t:s0-s15:c0.c1023 root@qemux86:~# sestatus SELinux status: enabled SELinuxfs mount:/sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: mls Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219: policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/selinux-uprev http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/selinux-uprev Wenzong Fan (10): selinux userspace: uprev packages to release 20131030 checkpolicy: migrate SRC_URI to 2.2 libselinux: migrate SRC_URI and patches to 2.2 libsemanage: migrate SRC_URI to 2.2 libsepol: migrate SRC_URI to 2.2 policycoreutils: migrate SRC_URI and patches to 2.2.5 sepolgen: migrate SRC_URI to 1.2.1 libsemanage: add audit dependency policycoreutils: fix QA issues selinux packagegroups: update LIC_FILES_CHKSUM recipes-security/audit/audit_2.3.2.bb |8 - .../packagegroups/packagegroup-core-selinux.bb |2 +- .../packagegroups/packagegroup-selinux-minimal.bb |2 +- .../packagegroup-selinux-policycoreutils.bb|2 +- recipes-security/selinux/checkpolicy_2.1.12.bb |9 -- recipes-security/selinux/checkpolicy_2.2.bb|9 ++ recipes-security/selinux/checkpolicy_git.bb|2 +- .../libselinux-fix-init-load-policy.patch | 27 .../libselinux/libselinux-pcre-link-order.patch| 31 -- .../{libselinux_2.1.13.bb = libselinux_2.2.bb}|8 ++--- recipes-security/selinux/libselinux_git.bb | 10 -- recipes-security/selinux/libsemanage.inc |2 +- .../libsemanage/libsemanage-fix-path-nologin.patch |9 +++--- .../{libsemanage_2.1.10.bb = libsemanage_2.2.bb} |6 ++-- recipes-security/selinux/libsemanage_git.bb|3 +- recipes-security/selinux/libsepol.inc |5 ++- ...ibsepol-Change-ranlib-for-cross-compiling.patch | 31 -- recipes-security/selinux/libsepol_2.1.9.bb | 11 --- recipes-security/selinux/libsepol_2.2.bb |9 ++ recipes-security/selinux/libsepol_git.bb |4 +-- recipes-security/selinux/policycoreutils.inc | 12 --- ...policycoreutils-fix-sepolicy-install-path.patch | 18 +-- .../policycoreutils-fix-strict-prototypes.patch| 34 .../policycoreutils-make-O_CLOEXEC-optional.patch | 28 ...oreutils_2.1.14.bb = policycoreutils_2.2.5.bb} |9 +++--- recipes-security/selinux/policycoreutils_git.bb|8 +++-- recipes-security/selinux/selinux_20130423.inc | 12 --- recipes-security/selinux/selinux_20131030.inc | 12 +++ recipes-security/selinux/selinux_git.inc |4 +-- recipes-security/selinux/sepolgen_1.1.9.bb |9 -- recipes-security/selinux/sepolgen_1.2.1.bb |9 ++ recipes-security/selinux/sepolgen_git.bb |2 +- 32 files changed, 117 insertions(+), 230 deletions(-) delete mode 100644 recipes-security/selinux/checkpolicy_2.1.12.bb create mode 100644 recipes-security/selinux/checkpolicy_2.2.bb delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch rename recipes-security/selinux/{libselinux_2.1.13.bb = libselinux_2.2.bb} (58%) rename recipes-security/selinux/{libsemanage_2.1.10.bb = libsemanage_2.2.bb} (70%) delete mode 100644
[oe] [meta-selinux][PATCH 01/10] selinux userspace: uprev packages to release 20131030
From: Wenzong Fan wenzong@windriver.com Upreved packages: - checkpolicy to 2.2 - libselinux to 2.2 - libsemanage to 2.2 - libsepol to 2.2 - policycoreutils to 2.2.5 - sepolgen to 1.2.1 Migrate patches in next commits. Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../{checkpolicy_2.1.12.bb = checkpolicy_2.2.bb} |0 .../{libselinux_2.1.13.bb = libselinux_2.2.bb}|0 .../{libsemanage_2.1.10.bb = libsemanage_2.2.bb} |0 .../selinux/{libsepol_2.1.9.bb = libsepol_2.2.bb} |0 ...oreutils_2.1.14.bb = policycoreutils_2.2.5.bb} |0 recipes-security/selinux/selinux_20130423.inc | 12 recipes-security/selinux/selinux_20131030.inc | 12 recipes-security/selinux/selinux_git.inc |4 +--- .../{sepolgen_1.1.9.bb = sepolgen_1.2.1.bb} |0 9 files changed, 13 insertions(+), 15 deletions(-) rename recipes-security/selinux/{checkpolicy_2.1.12.bb = checkpolicy_2.2.bb} (100%) rename recipes-security/selinux/{libselinux_2.1.13.bb = libselinux_2.2.bb} (100%) rename recipes-security/selinux/{libsemanage_2.1.10.bb = libsemanage_2.2.bb} (100%) rename recipes-security/selinux/{libsepol_2.1.9.bb = libsepol_2.2.bb} (100%) rename recipes-security/selinux/{policycoreutils_2.1.14.bb = policycoreutils_2.2.5.bb} (100%) delete mode 100644 recipes-security/selinux/selinux_20130423.inc create mode 100644 recipes-security/selinux/selinux_20131030.inc rename recipes-security/selinux/{sepolgen_1.1.9.bb = sepolgen_1.2.1.bb} (100%) diff --git a/recipes-security/selinux/checkpolicy_2.1.12.bb b/recipes-security/selinux/checkpolicy_2.2.bb similarity index 100% rename from recipes-security/selinux/checkpolicy_2.1.12.bb rename to recipes-security/selinux/checkpolicy_2.2.bb diff --git a/recipes-security/selinux/libselinux_2.1.13.bb b/recipes-security/selinux/libselinux_2.2.bb similarity index 100% rename from recipes-security/selinux/libselinux_2.1.13.bb rename to recipes-security/selinux/libselinux_2.2.bb diff --git a/recipes-security/selinux/libsemanage_2.1.10.bb b/recipes-security/selinux/libsemanage_2.2.bb similarity index 100% rename from recipes-security/selinux/libsemanage_2.1.10.bb rename to recipes-security/selinux/libsemanage_2.2.bb diff --git a/recipes-security/selinux/libsepol_2.1.9.bb b/recipes-security/selinux/libsepol_2.2.bb similarity index 100% rename from recipes-security/selinux/libsepol_2.1.9.bb rename to recipes-security/selinux/libsepol_2.2.bb diff --git a/recipes-security/selinux/policycoreutils_2.1.14.bb b/recipes-security/selinux/policycoreutils_2.2.5.bb similarity index 100% rename from recipes-security/selinux/policycoreutils_2.1.14.bb rename to recipes-security/selinux/policycoreutils_2.2.5.bb diff --git a/recipes-security/selinux/selinux_20130423.inc b/recipes-security/selinux/selinux_20130423.inc deleted file mode 100644 index d692a57..000 --- a/recipes-security/selinux/selinux_20130423.inc +++ /dev/null @@ -1,12 +0,0 @@ -SELINUX_RELEASE = 20130423 - -SRC_URI = http://userspace.selinuxproject.org/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz; - -PREFERRED_VERSION_checkpolicy = 2.1.12 -PREFERRED_VERSION_libselinux = 2.1.13 -PREFERRED_VERSION_libsemanage = 2.1.10 -PREFERRED_VERSION_libsepol = 2.1.9 -PREFERRED_VERSION_policycoreutils = 2.1.14 -PREFERRED_VERSION_sepolgen = 1.1.9 - -include selinux_common.inc diff --git a/recipes-security/selinux/selinux_20131030.inc b/recipes-security/selinux/selinux_20131030.inc new file mode 100644 index 000..807a37c --- /dev/null +++ b/recipes-security/selinux/selinux_20131030.inc @@ -0,0 +1,12 @@ +SELINUX_RELEASE = 20131030 + +SRC_URI = http://userspace.selinuxproject.org/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz; + +PREFERRED_VERSION_checkpolicy = 2.2 +PREFERRED_VERSION_libselinux = 2.2 +PREFERRED_VERSION_libsemanage = 2.2 +PREFERRED_VERSION_libsepol = 2.2 +PREFERRED_VERSION_policycoreutils = 2.2.5 +PREFERRED_VERSION_sepolgen = 1.2.1 + +include selinux_common.inc diff --git a/recipes-security/selinux/selinux_git.inc b/recipes-security/selinux/selinux_git.inc index 37ea8e8..bb64d0d 100644 --- a/recipes-security/selinux/selinux_git.inc +++ b/recipes-security/selinux/selinux_git.inc @@ -1,8 +1,6 @@ -SRCREV = 3f52a123af40bae33bde2a1f2ecfb2320b61f9ad +SRCREV = edc2e99687b050d5be21a78a66d038aa1fc068d9 SRC_URI = git://oss.tresys.com/git/selinux.git;protocol=http -SRC_URI[md5sum] = 4ec64a0d24aaa77c80b86e74d271e464 -SRC_URI[sha256sum] = 9c8a8643c9a4dd0eb76fcda1420d636b750b84b27656c6f8bc6886a829d7e520 S = ${WORKDIR}/git/${BPN} diff --git a/recipes-security/selinux/sepolgen_1.1.9.bb b/recipes-security/selinux/sepolgen_1.2.1.bb similarity index 100% rename from recipes-security/selinux/sepolgen_1.1.9.bb rename to recipes-security/selinux/sepolgen_1.2.1.bb -- 1.7.9.5 ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org
[oe] [meta-selinux][PATCH 06/10] policycoreutils: migrate SRC_URI and patches to 2.2.5
From: Wenzong Fan wenzong@windriver.com This patch is removed since it is merged by new version: - policycoreutils-fix-strict-prototypes.patch These two patches are updated: - policycoreutils-fix-sepolicy-install-path.patch - policycoreutils-make-O_CLOEXEC-optional.patch Signed-off-by: Wenzong Fan wenzong@windriver.com --- recipes-security/selinux/policycoreutils.inc |2 +- ...policycoreutils-fix-sepolicy-install-path.patch | 18 +-- .../policycoreutils-fix-strict-prototypes.patch| 34 .../policycoreutils-make-O_CLOEXEC-optional.patch | 28 recipes-security/selinux/policycoreutils_2.2.5.bb |9 +++--- recipes-security/selinux/policycoreutils_git.bb|8 +++-- 6 files changed, 32 insertions(+), 67 deletions(-) delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index a474cb0..430b03f 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -1,4 +1,4 @@ -PRINC = 3 +PRINC = 1 SUMMARY = SELinux policy core utilities DESCRIPTION = policycoreutils contains the policy core utilities that are required \ diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch index aaf2e66..617908a 100644 --- a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch +++ b/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch @@ -1,35 +1,33 @@ -From 086f715e2a0dd05c07f0428f424017cc96acc387 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang xin.ouy...@windriver.com -Date: Thu, 22 Aug 2013 16:40:26 +0800 Subject: [PATCH] policycoreutils: fix install path for new pymodule sepolicy Signed-off-by: Xin Ouyang xin.ouy...@windriver.com +Signed-off-by: Wenzong Fan wenzong@windriver.com --- sepolicy/Makefile |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sepolicy/Makefile b/sepolicy/Makefile -index 11b534f..9e46b74 100644 +index 2b8716c..70f4bdd 100644 --- a/sepolicy/Makefile +++ b/sepolicy/Makefile -@@ -11,6 +11,8 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/ +@@ -12,6 +12,8 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions SHAREDIR ?= $(PREFIX)/share/sandbox - override CFLAGS = $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE=policycoreutils -Wall -Werror -Wextra -W -DSHARED -shared + override CFLAGS = -I$(PREFIX)/include -DPACKAGE=policycoreutils -Wall -Werror -Wextra -W -DSHARED -shared +PYLIBVER ?= $(shell python -c 'import sys;print python%d.%d % sys.version_info[0:2]') + - BASHCOMPLETIONS=sepolicy-bash-completion.sh + BASHCOMPLETIONS=sepolicy-bash-completion.sh all: python-build -@@ -23,7 +25,7 @@ clean: - -rm -rf build *~ \#* *pyc .#* +@@ -30,7 +32,7 @@ test: + @python test_sepolicy.py -v install: - $(PYTHON) setup.py install `test -n $(DESTDIR) echo --root $(DESTDIR)` + $(PYTHON) setup.py install --install-lib $(LIBDIR)/$(PYLIBVER)/site-packages [ -d $(BINDIR) ] || mkdir -p $(BINDIR) install -m 755 sepolicy.py $(BINDIR)/sepolicy - -mkdir -p $(MANDIR)/man8 + (cd $(BINDIR); ln -sf sepolicy sepolgen) -- 1.7.9.5 diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch deleted file mode 100644 index 9bb353a..000 --- a/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 5944e9908fc12d69d19a1d24128cbc6d1a423c3d Mon Sep 17 00:00:00 2001 -From: Xin Ouyang xin.ouy...@windriver.com -Date: Tue, 18 Jun 2013 12:29:00 +0800 -Subject: [PATCH] policycoreutils: fix build strict-prototypes failure - -| policy.c:90:6: error: function declaration isn't a prototype -[-Werror=strict-prototypes] -| cc1: all warnings being treated as errors -| error: command 'i586-poky-linux-gcc' failed with exit status 1 -| make[1]: *** [python-build] Error 1 - -Upstream-Status: pending - -Signed-off-by: Xin Ouyang xin.ouy...@windriver.com - sepolicy/policy.c |2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sepolicy/policy.c b/sepolicy/policy.c -index 4eca22d..e454e75 100644 a/sepolicy/policy.c -+++ b/sepolicy/policy.c -@@ -87,7 +87,7 @@ static PyMethodDef methods[] = { - {NULL, NULL, 0, NULL} /* sentinel */ - }; - --void init_policy() { -+void init_policy(void) { - PyObject *m; - m = Py_InitModule(_policy, methods); - init_info(m); --- -1.7.9.5 - diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
[oe] [meta-selinux][PATCH 03/10] libselinux: migrate SRC_URI and patches to 2.2
From: Wenzong Fan wenzong@windriver.com These two patches are removed since they are merged by new version: - libselinux-fix-init-load-policy.patch - libselinux-pcre-link-order.patch Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../libselinux-fix-init-load-policy.patch | 27 - .../libselinux/libselinux-pcre-link-order.patch| 31 recipes-security/selinux/libselinux_2.2.bb |8 ++--- recipes-security/selinux/libselinux_git.bb | 10 +-- 4 files changed, 10 insertions(+), 66 deletions(-) delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch diff --git a/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch b/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch deleted file mode 100644 index 67e32d6..000 --- a/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch +++ /dev/null @@ -1,27 +0,0 @@ -From ac70ca3b336b52b01cdc38157d25bf7e85098ee1 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang xin.ouy...@windriver.com -Date: Thu, 12 Apr 2012 16:10:10 +0800 -Subject: [PATCH] libselinux: fix init load policy - -selinux_init_load_policy() would fail if we use the new mount point -for selinuxfs(/sys/fs/selinux) while sysfs(/sys) is still not -mounted. - src/load_policy.c |1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/src/load_policy.c b/src/load_policy.c -index f569664..60e7efd 100644 a/src/load_policy.c -+++ b/src/load_policy.c -@@ -370,6 +370,7 @@ int selinux_init_load_policy(int *enforce) -* mount it if present for use in the calls below. -*/ - const char *mntpoint = NULL; -+ rc = mount(sysfs, /sys, sysfs, 0, 0); - if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) { - mntpoint = SELINUXMNT; - } else { --- -1.7.5.4 - diff --git a/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch b/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch deleted file mode 100644 index f011f1a..000 --- a/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch +++ /dev/null @@ -1,31 +0,0 @@ -Subject: [PATCH] libselinux: Put -lpcre in LDADD for correct linking order - -Upstream-Status: pending - -Signed-off-by: Xin Ouyang xin.ouy...@windriver.com - src/Makefile |4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/Makefile b/src/Makefile -index c4f5d4c..8f5aec5 100644 a/src/Makefile -+++ b/src/Makefile -@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby) - RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) - LIBBASE=$(shell basename $(LIBDIR)) - --LDFLAGS ?= -lpcre -lpthread -+LDADD ?= -lpcre -lpthread - - VERSION = $(shell cat ../VERSION) - LIBVERSION = 1 -@@ -116,7 +116,7 @@ $(LIBA): $(OBJS) - $(RANLIB) $@ - - $(LIBSO): $(LOBJS) -- $(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro -+ $(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro $(LDADD) - ln -sf $@ $(TARGET) - - $(LIBPC): $(LIBPC).in ../VERSION diff --git a/recipes-security/selinux/libselinux_2.2.bb b/recipes-security/selinux/libselinux_2.2.bb index caed650..23bb9cb 100644 --- a/recipes-security/selinux/libselinux_2.2.bb +++ b/recipes-security/selinux/libselinux_2.2.bb @@ -1,16 +1,14 @@ PR = r0 -include selinux_20130423.inc +include selinux_20131030.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0 -SRC_URI[md5sum] = 32bf7b5182977a8a9248a1eeefe49a22 -SRC_URI[sha256sum] = 57aad47c06b7ec18a76e8d9870539277a84cb40109cfdcf70ed3260bdb04447a +SRC_URI[md5sum] = d82beab880749a017f2737e6687fec30 +SRC_URI[sha256sum] = e9dc64216543a7283d786f623ac28e8867f8794138e7deba474a3aa8d02dce33 SRC_URI += \ -file://libselinux-fix-init-load-policy.patch \ -file://libselinux-pcre-link-order.patch \ file://libselinux-drop-Wno-unused-but-set-variable.patch \ file://libselinux-make-O_CLOEXEC-optional.patch \ file://libselinux-make-SOCK_CLOEXEC-optional.patch \ diff --git a/recipes-security/selinux/libselinux_git.bb b/recipes-security/selinux/libselinux_git.bb index 6f93fd4..fb4fef2 100644 --- a/recipes-security/selinux/libselinux_git.bb +++ b/recipes-security/selinux/libselinux_git.bb @@ -1,10 +1,14 @@ PR = r0 -PV = 2.1.13+git${SRCPV} +PV = 2.2+git${SRCPV} include selinux_git.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0 -SRC_URI += file://libselinux-fix-init-load-policy.patch \ - file://libselinux-pcre-link-order.patch +SRC_URI += \ + file://libselinux-drop-Wno-unused-but-set-variable.patch \
[oe] [meta-selinux][PATCH 02/10] checkpolicy: migrate SRC_URI to 2.2
From: Wenzong Fan wenzong@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- recipes-security/selinux/checkpolicy_2.2.bb |6 +++--- recipes-security/selinux/checkpolicy_git.bb |2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes-security/selinux/checkpolicy_2.2.bb b/recipes-security/selinux/checkpolicy_2.2.bb index 198de31..8388e0f 100644 --- a/recipes-security/selinux/checkpolicy_2.2.bb +++ b/recipes-security/selinux/checkpolicy_2.2.bb @@ -1,9 +1,9 @@ PR = r0 -include selinux_20130423.inc +include selinux_20131030.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://COPYING;md5=393a5ca445f6965873eca0259a17f833 -SRC_URI[md5sum] = b82c55a95855611b67ac99c7e8f48552 -SRC_URI[sha256sum] = e6a0ac539b74859b4262b317eb90d9914deb15e7aa509659f47724d50fe2ecc6 +SRC_URI[md5sum] = 9662eaa1163de67cf3d392b58d262552 +SRC_URI[sha256sum] = 9ff6698f4d4cb59c9c916e348187d533ada4107f90c253ef7304905934e9adf8 diff --git a/recipes-security/selinux/checkpolicy_git.bb b/recipes-security/selinux/checkpolicy_git.bb index bd59001..bf6250d 100644 --- a/recipes-security/selinux/checkpolicy_git.bb +++ b/recipes-security/selinux/checkpolicy_git.bb @@ -1,5 +1,5 @@ PR = r0 -PV = 2.1.12+git${SRCPV} +PV = 2.2+git${SRCPV} include selinux_git.inc include ${BPN}.inc -- 1.7.9.5 ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel