Fix sshd by ensuring the agent daemon is included.
Internally, this release is versioned as 10.0p2 but upstream don't plan to
change this or re-release.
(From OE-Core rev: 2a4dd93e98ca9e61644213aa00c1cb837fb27316)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add PACKAGECONFIG[fips] to enable fips build.
* Split a new package openssl-ossl-module-fips for fips.so.
* Add pkg_postinst_ontarget for openssl-ossl-module-fips to ensure the
config file fipsmodule.cnf is created on target. This is because we
should not use the same fipsmodule.cnf on different machines.
The 'openssl fipsinstall' commandline in pkg_postinst_ontarget will do
the following things:
1. Run the FIPS module self tests on target.
2. Generate config file fipsmodule.conf containing information about
the FIPS module such as the calculated MAC of the module.
(From OE-Core rev: 29979937e2d40885e7e91bb9a7e7dca6763e3d52)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
* win: fix leak in uv_os_tmpdir
* docs: fix RTD build
* win: lazy-load [GS]etThreadDescription symbols
* linux: try preadv64/pwritev64 before preadv/pwritev
* win: check cwd length before spawning a child process
* macos,bsd: handle missing /dev/null in chroot env
* doc: fix README link text
* win: fix order of FILE_STAT_BASIC_INFORMATION struct fields
* macos: increase child process stdio buffer size
* doc: add C3 bindings to LINKS.md
* unix: remove unnecessary errno.h include in poll.c
* win: fix the inconsistency in volume serial number
* unix: add thread affinity support on openharmony
* unix: enable getrusage for SunOS
* unix,win: accept NAN/INFINITY as file timestamps
* win: add ENABLE_VIRTUAL_TERMINAL_INPUT raw tty mode
* test: handle UV_ENOTSUP in platform_output
* doc: fix rendering of threading.html
* unix,sunos: enable use of sendmmsg on Solaris and Illumos
* unix: handle out of memory in iface name copy
* openbsd: do not error out if cpuspeed is not available
* test: skip thread_name_threadpool on AIX/IBMi
* aix,ibmi: fix undeclared identifiers
* unix,sunos: prefer SO_REUSEPORT for load balancing
* doc: free lib pointer before function return
* test: link with libm
* style: rename parameter to match definition
* test: support partial output lines in test runner
* build: switch from c90 to c11
* linux: allow nul bytes in abstract socket address
* sunos: use pipe2 on solaris and illumos
* unix: remove TOCTOU issues from uv_pipe_chmod
* unix: use pipe_fname if getsockname returns nothing
* haiku: use uint32 instead of uint32_t
* doc: update thread pool stack size comment
* unix: improve uv_loop_init OOM handling
* test: merge uv_tcp_connect callbacks
* test: skip multievent tests on macOS with TSAN enabled
* linux: align CPU quota calculation with Rust
* kqueue: improve fs event watcher OOM handling
* sunos: improve fs event watcher OOM handling
* build: shorten instructions for cmake build
(From OE-Core rev: d79b2a4cfcc439d430790500d46ad8966502e7b6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To adapt user network enviroment, buildtools should first try to use
the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these
envs is not set, then use the auto-detected ca file and ca path, and
finally use the CA certificates in buildtools.
nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work
nativesdk-curl don't set default ca file, need
SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work
nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO
also works
nativesdk-python3-requests will use cacert.pem under python module certifi by
default, need to set REQUESTS_CA_BUNDLE
(From OE-Core rev: 8a7ec52e9b35654bee48cd948c6c34c63db3e265)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
connman supports systemd-resolved as a resolver, select it automatically when
DISTRO_FEATURES includes systemd-resolved support, then drop the patch which
disables connman when systemd-resolved is active.
(From OE-Core rev: bec0cfc9b21566348886a8122c9b0756539b416d)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Only one of iptables or nftables can be specified, mark them mutually
incompatible. Drop the RDEPENDS on iptables from PACKAGECONFIG as its
libraries are automatically discovered on the main package, with only the
scripts required as part of iptables/ip6tables-test.
(From OE-Core rev: fa6772414b065f3f5481e328f182eecc971d2605)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set the paths for iptables/ip6tables so that they are correct for the target
install and not discovered on the host filesystem.
(From OE-Core rev: aa60cc7e65d3964d6eedea97246f1ebc24fe66e2)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Depending on what set of PACKAGECONFIG options you have, ${sysconfdir} may not
have been created.
(From OE-Core rev: ac582cb1f2b5b75695b69b07925257c335a76861)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have ${runtimedir} for /run, use it here.
(From OE-Core rev: 0e505e1cc48132cfaab18120666abee34d185a6c)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* make git,curl,python3-requests align with openssl, move the setting of
envvars into respective envfile
* for environment.d-openssl.sh, also check if ca-certificates.crt exist
before export envvars
(From OE-Core rev: 9d8ebfcd55ad274e79cb81f162397c8f39f4287b)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The now-removed patch was added for clang compatibility, but over time
started fixing problems that do not exist, and got its description
to mismatch the content.
The new patch is fixing the only problem with clang that still
occurs. I verified that all files that were patched before still
build without errors.
If you find other issues (this would be with non-default
options probably), please fix them similarly.
(From OE-Core rev: 6b8bd203180375a6b97345ddaa5fef7f68219ea6)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The issue is no longer present. Tested BlueZ 5.80 and 5.82
The issue has likely been gone for quite a while.
(From OE-Core rev: 87ab9c39c497c2a8b558e8d6ce673a931a5887b2)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
Fix issue with handling BAP state transitions.
Fix issue with handling D-Bus interface removal.
Fix issue with handling MAP and supported features.
Fix issue with handling SDP record for Phonebook Access Client.
Fix issue with handling AVRCP PDU parameters length mismatch.
Fix issue with handling AVRCP PDU for SetAbsoluteVolume.
Fix issue with handling AVDTP bad media transport format.
Fix issue with handling support for LL Privacy setting.
Full Changelog: https://github.com/bluez/bluez/compare/5.80...5.82
(From OE-Core rev: f42ee87abcfca80a803bf44fb91b41f29a2c7d70)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ppp is only required by connman when building the L2TP or PPTP plugins. Move it
from DEPENDS to PACKAGECONFIG so it's only there when required.
(From OE-Core rev: c65180bb677d8dae1992445cd378119d8cbed424)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gold is no longer built/supported. The workaround for binutils on MIPS no
longer appears to be required.
Also fix up tabs/whitespace in shell functions, correct HOMEPAGE, drop broken
BUGTRACKER link.
(From OE-Core rev: 5c269ba9a396832af3f8139ecaa0cfd9f7d4d1b5)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since each of these recipes already have 'dbus' in their DEPENDS,
explicit runtime dependency declaration to dbus is not stricly
necessary, because dbus-lib has runtime recommendation for
${VIRTUAL-RUNTIME_dbus} which in turn induces pulling also the
preferred runtime D-Bus package to rootfs.
Suggested-by: Ross Burton <ross.burton@arm.com>
(From OE-Core rev: cf5b48d03f290a6bde94ee7a5c1aaee4d1a7793c)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Temporarily disable aics tests as they can fail
depending on how the tests are executed. Sometimes they pass,
sometimes they fail. The issue has been observed since BlueZ 5.72 to 5.80
Starting with BlueZ 5.80, the tests began failing when using the
ptest-runner script. This is not a new issue in BlueZ 5.80 which is
why the test is disabled with this commit until a solution is found.
(From OE-Core rev: 1cd9f431e9a0c8c946630f2522d922e21ecfa1c2)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This change will prevent these tools from being installed if the image doesn't install bluez5-noinst-tools package.
BlueZ 5.66: tools/mesh-tester
BlueZ 5.66: tools/ioctl-tester
BlueZ 5.65: tools/iso-tester
BlueZ 5.56: tools/btpclientctl
BlueZ 5.51: tools/bcmfw
BlueZ 5.49: tools/rtlfw
BlueZ 5.47: tools/btconfig (not a new tool, but it was moved from bin_PROGRAMS to noinst_PROGRAMS)
(From OE-Core rev: 5b9d5f8971bc97f9adb0b0b8a0cfdd6fd221fc24)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes relevant for the build:
* Four patches are dropped because they are included in 5.80.
* Removed changes to etc/bluetooth directory permission bits. They are
now set correctly in 5.80 [1].
* AMP code has been removed [2]. This means "tools/amptest" can be
removed from NOINST_TOOLS_BT
[1] - b1fd409960
[2] - 1474c11618
Changelog:
Fix issue with handling address type for all types of keys.
Fix issue with handling maximum number of GATT channels.
Fix issue with handling MTU auto-tuning feature.
Fix issue with handling AVRCP volume in reconfigured transports.
Fix issue with handling VCP volume setting requests.
Fix issue with handling VCP connection management.
Fix issue with handling MAP qualification.
Fix issue with handling PBAP qualification.
Fix issue with handling BNEP qualification.
Add support for PreferredBearer device property.
Add support for SupportedTypes Message Access property.
Add support for HFP, A2DP, AVRCP, AVCTP and MAP latest versions.
(From OE-Core rev: 9e340d4c8070bab0a14adc7d9f6534d1185944f5)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
iproute2 detects presence of iptables during building and can also
be built without it. Add PACKAGECONFIG option which allows user to
optionally leave it out, and enable it by default to keep current
recipe behavior.
(From OE-Core rev: 07ddaeaacaab4c3e264816dea6de32378617bf4e)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Honor WIRELESS_DAEMON when wifi is enable for DISTRO_FEATURE.
(From OE-Core rev: 86b408919d9506b6f1ba69c96f1bc6212e724bbc)
Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are conflict of config files between kea and lib32-kea:
| Error: Transaction test error:
| file /etc/kea/kea-dhcp6.conf conflicts between attempted installs of lib32-kea-2.6.1-r0.core2_32 and kea-2.6. 1-r0.core2_64
Similar to:
| 8cc65e7eb0 kea: fix conflict between multilibs
(From OE-Core rev: 0fe8ec57f19d79e94f02e3c710a1b76c04b34143)
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ppp-2.5.2 tarball ships a generated header with various
configuration settigns that takes precedence over the same
header generated into the build directory during the actual build.
This resulted in various linking fails that were worked around
by enabling multilink in 2.5.2 version update. The correct fix
that removes all contamination is to remove the bogus header first.
(From OE-Core rev: 87863ce4530cf08fd28b1bde13e3f7142001b54d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This recipe has a configure script that isn't actually autoconf but
tries hard to look like it is. Instead of trying to run autoreconf,
change do_configure to just run the configure script directly.
(From OE-Core rev: e80d2ec5cda1121ba6b3d299fb2e79c194c7f30e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: Copyright years change only
Drop a backported patch
(From OE-Core rev: 718e4efa4f6f595b17e2438a15fc57c2c88ae9f1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GCC uses C23 standard by default which does not allow
K&R style declarations
(From OE-Core rev: acc41d7f912bf9d3ee142a02d0b64cf9ff6f226e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Current dhcpcd (version 10.1.0) service crashes on the WiFi (wlan0)
interface with the following error:
"ps_seccomp_violation: unexpected syscall 135"
This update pulls in fix#421 for dhcpcd 10.1.0 to address this issue.
(From OE-Core rev: 2bb20f49ada56f1c7707565e475051174feba945)
Signed-off-by: Balaji Pothunoori <quic_bpothuno@quicinc.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
New Features
--------------
- Adds support for EDE code 1 and 2.
- Add a rndc command to toggle jemalloc profiling.
- Add support for multiple extended DNS errors.
- Print the expiration time of the stale records.
Feature Changes
---------------
- Refactor reference counting in both QPDB and RBTDB.
- Shutdown the fetch context after canceling the last fetch.
Bug Fixes
----------
- Fix possible truncation in dns_keymgr_status()
- Recently expired records could be returned with timestamp in future.
- Yaml string not terminated in negative response in delv.
- Fix a bug in dnssec-signzone related to keys being offline.
- Apply the memory limit only to ADB database items.
- Avoid unnecessary locking in the zone/cache database.
- Fix EDE 22 time out detection.
- Split and simplify the use of EDE list implementation.
- Fix the cache findzonecut() implementation.
- DNSSEC EDE system tests on FIPS platform.
- Reduce the false sharing the dns_qpcache and dns_qpzone.
(From OE-Core rev: 1394e8befb305106695c91e2fe16c55483bf467f)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Long ago, in the OpenSSL 1.1 days changing CFLAGS worked to override
hard-coded paths in the OpenSSL libraries. Even as far back as
kirkstone this was no longer working.
Override make variables instead to poision the paths that get built
into the native (and nativesdk) libraries so they become relocatable
again.
While here, remove the -isystem<foo> compiler argument from the compiler
command line stored in the library, just like we already remove the
prefix-map and sysroot arguments.
(From OE-Core rev: d1b29222ad6243c15275a04f9de5989cf158cb2e)
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The location of rpc.statd is /usr/sbin instead of /sbin.
(From OE-Core rev: 19494e414429b74d2a15b32f21b1b3067d3a41b2)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When using openssl with some pkcs#11 plugin module, one (usually)
needs to set the OPENSSL_CONF environment variable
appropriately, and e.g. invoke openssl as
openssl dgst -engine pkcs11 -keyform engine ...
However, when putting that logic in a bitbake recipe and depending on
openssl-native (and the recipe providing the pkcs#11 engine and the
associated configuration file), the value of OPENSSL_CONF is
unconditionally overridden by the wrapper script.
If openssl was invoked directly in the task function, I could probably
call "openssl.real" instead, but then I miss the proper settings of
the other four variables, which I'd then also have to repeat in my
recipe. Moreover, sometimes openssl is only called via some helper
script (for example rpi-eeprom-digest for signing bootloader images
for RPi), and it's not reasonable to patch every such script to call
openssl.real.
So rewrite the wrapper such that if a variable is already set in the
environment before openssl is invoked, preserve its value.
(From OE-Core rev: 5582ec9d3a21c546b799d2f6d4928f5e1d19eb0a)
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A long time ago, the environment.d-openssl.sh file was shared between
openssl 1.0 and openssl 1.1 recipes, and sed was used to make the path
right for the 1.1 version. Nowadays, with only a single recipe, this
is a bit roundabout, so just use the proper path in the file directly.
(From OE-Core rev: 291fe7db623b0974e7831e908e91b1f1259e0506)
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bulk of these recipes used acpaths to work around argument list
limits as we passed the full path to every directory. As this behaviour
no longer happens we can remove these workarounds.
(From OE-Core rev: c4336f1b0da981b3ea396b17779b67898bceccef)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
