Re: [oe] [meta-webserver][PATCH] nginx: update to 1.9.12
Missing SOB line On Sat, Mar 5, 2016 at 1:37 AM, Derek Straka wrote: > --- > .../recipes-httpd/nginx/{nginx_1.9.11.bb => nginx_1.9.12.bb} | > 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > rename meta-webserver/recipes-httpd/nginx/{nginx_1.9.11.bb => > nginx_1.9.12.bb} (96%) > > diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.9.11.bb > b/meta-webserver/recipes-httpd/nginx/nginx_1.9.12.bb > similarity index 96% > rename from meta-webserver/recipes-httpd/nginx/nginx_1.9.11.bb > rename to meta-webserver/recipes-httpd/nginx/nginx_1.9.12.bb > index 8b60e53..d18f82b 100644 > --- a/meta-webserver/recipes-httpd/nginx/nginx_1.9.11.bb > +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.9.12.bb > @@ -19,8 +19,8 @@ SRC_URI = " \ > file://nginx-volatile.conf \ > file://nginx.service \ > " > -SRC_URI[md5sum] = "76eb5853a1190e0cfc691aa21c545de3" > -SRC_URI[sha256sum] = > "6a5c72f4afaf57a6db064bba0965d72335f127481c5d4e64ee8714e7b368a51f" > +SRC_URI[md5sum] = "0afe4a7e589a0de43b7b54aa055a4351" > +SRC_URI[sha256sum] = > "1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042" > > inherit update-rc.d useradd > > -- > 1.9.1 > > -- > ___ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel > -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-networking][PATCH] pptp-linux: update to 1.8.0
Signed-off-by: Derek Straka --- .../pptp-linux-1.7.2/fix-parallel-build.patch | 19 --- .../options.pptp | 0 .../{pptp-linux_1.7.2.bb => pptp-linux_1.8.0.bb} | 7 +++ 3 files changed, 3 insertions(+), 23 deletions(-) delete mode 100644 meta-networking/recipes-protocols/pptp-linux/pptp-linux-1.7.2/fix-parallel-build.patch rename meta-networking/recipes-protocols/pptp-linux/{pptp-linux-1.7.2 => pptp-linux-1.8.0}/options.pptp (100%) rename meta-networking/recipes-protocols/pptp-linux/{pptp-linux_1.7.2.bb => pptp-linux_1.8.0.bb} (77%) diff --git a/meta-networking/recipes-protocols/pptp-linux/pptp-linux-1.7.2/fix-parallel-build.patch b/meta-networking/recipes-protocols/pptp-linux/pptp-linux-1.7.2/fix-parallel-build.patch deleted file mode 100644 index 77722b0..000 --- a/meta-networking/recipes-protocols/pptp-linux/pptp-linux-1.7.2/fix-parallel-build.patch +++ /dev/null @@ -1,19 +0,0 @@ -pptp.c and version.c depend on config.h - -Upstream-Status: Backport - -Upstream has already similar fixes. Will be available on next release. - -Signed-off-by: Jesse Zhang - a/Makefile 2013-02-27 17:09:24.431226665 +0800 -+++ b/Makefile 2013-02-27 17:09:03.442075550 +0800 -@@ -43,6 +43,8 @@ - pptpsetup.8: pptpsetup - pod2man $? > $@ - -+pptp.o version.o: config.h -+ - config.h: - echo "/* text added by Makefile target config.h */" > config.h - echo "#define PPTP_LINUX_VERSION \"$(VERSION)$(RELEASE)\"" >> config.h diff --git a/meta-networking/recipes-protocols/pptp-linux/pptp-linux-1.7.2/options.pptp b/meta-networking/recipes-protocols/pptp-linux/pptp-linux-1.8.0/options.pptp similarity index 100% rename from meta-networking/recipes-protocols/pptp-linux/pptp-linux-1.7.2/options.pptp rename to meta-networking/recipes-protocols/pptp-linux/pptp-linux-1.8.0/options.pptp diff --git a/meta-networking/recipes-protocols/pptp-linux/pptp-linux_1.7.2.bb b/meta-networking/recipes-protocols/pptp-linux/pptp-linux_1.8.0.bb similarity index 77% rename from meta-networking/recipes-protocols/pptp-linux/pptp-linux_1.7.2.bb rename to meta-networking/recipes-protocols/pptp-linux/pptp-linux_1.8.0.bb index 003361c..bc8b2cb 100644 --- a/meta-networking/recipes-protocols/pptp-linux/pptp-linux_1.7.2.bb +++ b/meta-networking/recipes-protocols/pptp-linux/pptp-linux_1.8.0.bb @@ -7,17 +7,16 @@ DESCRIPTION = "PPTP Client is a Linux, FreeBSD, NetBSD \ HOMEPAGE = "http://pptpclient.sourceforge.net"; SECTION = "net" LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" PR = "r1" SRC_URI = "${SOURCEFORGE_MIRROR}/sourceforge/pptpclient/pptp-${PV}.tar.gz \ file://options.pptp \ - file://fix-parallel-build.patch \ " -SRC_URI[md5sum] = "4c3d19286a37459a632c7128c92a9857" -SRC_URI[sha256sum] = "e98ae0065d2a39fa3131654ff28cb7070e996f668ed6d0e7d9a445b8d37694bc" +SRC_URI[md5sum] = "4efce9f263e2c3f38d79d9df222476de" +SRC_URI[sha256sum] = "e39c42d933242a8a6dd8600a0fa7f0a5ec8f066d10c4149d8e81a5c68fe4bbda" S = "${WORKDIR}/pptp-${PV}" -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-webserver][PATCH] nginx: update to 1.9.12
--- .../recipes-httpd/nginx/{nginx_1.9.11.bb => nginx_1.9.12.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-webserver/recipes-httpd/nginx/{nginx_1.9.11.bb => nginx_1.9.12.bb} (96%) diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.9.11.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.9.12.bb similarity index 96% rename from meta-webserver/recipes-httpd/nginx/nginx_1.9.11.bb rename to meta-webserver/recipes-httpd/nginx/nginx_1.9.12.bb index 8b60e53..d18f82b 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.9.11.bb +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.9.12.bb @@ -19,8 +19,8 @@ SRC_URI = " \ file://nginx-volatile.conf \ file://nginx.service \ " -SRC_URI[md5sum] = "76eb5853a1190e0cfc691aa21c545de3" -SRC_URI[sha256sum] = "6a5c72f4afaf57a6db064bba0965d72335f127481c5d4e64ee8714e7b368a51f" +SRC_URI[md5sum] = "0afe4a7e589a0de43b7b54aa055a4351" +SRC_URI[sha256sum] = "1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042" inherit update-rc.d useradd -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-browser][PATCH] firefox: fix install for oe-core master and cleanup packaging
On Sat, Mar 5, 2016 at 12:33 AM, Khem Raj wrote: > On Wed, Feb 24, 2016 at 6:25 AM, Andreas Müller > wrote: >> Could build test only due to lack of building image >> > > this is ok to install. Forgot to mention: meanwhile I have run-on-target-experience without issues Andreas -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-browser][PATCH] firefox: fix install for oe-core master and cleanup packaging
On Wed, Feb 24, 2016 at 6:25 AM, Andreas Müller wrote: > Could build test only due to lack of building image > this is ok to install. > Signed-off-by: Andreas Müller > --- > recipes-mozilla/firefox/firefox_38.6.1esr.bb | 16 +++- > 1 file changed, 3 insertions(+), 13 deletions(-) > > diff --git a/recipes-mozilla/firefox/firefox_38.6.1esr.bb > b/recipes-mozilla/firefox/firefox_38.6.1esr.bb > index 8356532..4e4a7aa 100644 > --- a/recipes-mozilla/firefox/firefox_38.6.1esr.bb > +++ b/recipes-mozilla/firefox/firefox_38.6.1esr.bb > @@ -68,7 +68,7 @@ do_install_append() { > > install -m 0644 ${WORKDIR}/mozilla-firefox.desktop > ${D}${datadir}/applications/ > install -m 0644 ${WORKDIR}/mozilla-firefox.png ${D}${datadir}/pixmaps/ > -install -m 0644 ${WORKDIR}/vendor.js > ${D}${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/defaults/pref/ > +install -m 0644 ${WORKDIR}/vendor.js ${D}${libdir}/${PN}/defaults/pref/ > > # Fix ownership of files > chown root:root -R ${D}${datadir} > @@ -78,19 +78,9 @@ do_install_append() { > FILES_${PN} = "${bindir}/${PN} \ > ${datadir}/applications/ \ > ${datadir}/pixmaps/ \ > - ${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/* \ > - ${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/.autoreg \ > + ${libdir}/${PN}/* \ > ${bindir}/defaults" > -FILES_${PN}-dev += "${datadir}/idl ${bindir}/${PN}-config > ${libdir}/${PN}-devel-*" > -FILES_${PN}-staticdev += "${libdir}/${PN}-devel-*/sdk/lib/*.a" > -FILES_${PN}-dbg += "${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/.debug \ > -${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/*/.debug \ > -${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/*/*/.debug \ > -${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/*/*/*/.debug \ > -${libdir}/${PN}-devel-*/*/.debug \ > -${libdir}/${PN}-devel-*/*/*/.debug \ > -${libdir}/${PN}-devel-*/*/*/*/.debug \ > -${bindir}/.debug" > +FILES_${PN}-dev += "${datadir}/idl ${bindir}/${PN}-config" > > # We don't build XUL as system shared lib, so we can mark all libs as private > PRIVATE_LIBS = "libmozjs.so \ > -- > 2.5.0 > > -- > ___ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [OE-core] [jethro][fido][PATCH] openssl: Security fix CVE-2016-0800
On Fri, Mar 04, 2016 at 11:02:38AM -0600, Mark Hatle wrote: > On 3/4/16 10:51 AM, Denys Dmytriyenko wrote: > > On Fri, Mar 04, 2016 at 08:46:01AM -0800, akuster wrote: > >> > >> > >> On 03/04/2016 07:39 AM, Denys Dmytriyenko wrote: > >>> On Tue, Mar 01, 2016 at 11:37:21PM -0800, Armin Kuster wrote: > From: Armin Kuster > > CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) > > https://www.openssl.org/news/secadv/20160301.txt > > Signed-off-by: Armin Kuster > --- > .../openssl/openssl/CVE-2016-0800.patch| 198 +++ > .../openssl/openssl/CVE-2016-0800_2.patch | 592 > + > .../openssl/openssl/CVE-2016-0800_3.patch | 503 > + > .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 3 + > 4 files changed, 1296 insertions(+) > create mode 100644 > meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > create mode 100644 > meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch > create mode 100644 > meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch > > diff --git > a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > new file mode 100644 > index 000..e5635fe > --- /dev/null > +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > @@ -0,0 +1,198 @@ > +From 9dfd2be8a1761fffd152a92d8f1b356ad667eea7 Mon Sep 17 00:00:00 2001 > +From: Viktor Dukhovni > +Date: Wed, 17 Feb 2016 21:07:48 -0500 > +Subject: [PATCH] Disable SSLv2 default build, default negotiation and > weak > + ciphers. > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +SSLv2 is by default disabled at build-time. Builds that are not > +configured with "enable-ssl2" will not support SSLv2. Even if > +"enable-ssl2" is used, users who want to negotiate SSLv2 via the > +version-flexible SSLv23_method() will need to explicitly call either > +of: > + > +SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); > +or > +SSL_clear_options(ssl, SSL_OP_NO_SSLv2); > + > +as appropriate. Even if either of those is used, or the application > +explicitly uses the version-specific SSLv2_method() or its client > +or server variants, SSLv2 ciphers vulnerable to exhaustive search > +key recovery have been removed. Specifically, the SSLv2 40-bit > +EXPORT ciphers, and SSLv2 56-bit DES are no longer available. > + > +Mitigation for CVE-2016-0800 > >>> > >>> So, this CVE is all nice and good, but it breaks things and other OE > >>> recipes. > >>> > >>> For starters, python-m2crypto and crda from meta-openembedded: > >>> > >>> ERROR: Failed to import the "M2Crypto" module: > >>> .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined > >>> symbol: SSLv2_method > >> > >> well we built that internally and it pass because we are using the one > >> from meta-virt. its a newer version (0.22.3) than the one in meta-python > >> (0.21.1). > >> > >> working on the one in meta-python. > > > > Ah, thanks! So, what would be the approach to fix it in meta-python? Would > > version update be allowed for backport to fido/dizzy? It's rather against > > the > > policy, but in this case it's broken w/o the update... > > I think in this case, it makes sense to backport a python first for the issue. > > SSLv2 really isn't secure any longer. Anything using cryptography should not > be > using SSLv2, but if it available should be switching based on OpenSSL having > (or > not) the necessary symbols. > > For reference the CVE-2016-0800 change disables SSLv2 and various 'weak' > SSLv3+ > cryptographic functions. This can be re-enabled, with a simple build switch > in > OpenSSL -- but I'd caution against doing so. Previous patches have mitigated > a > related problem that would allow an attacker to get OpenSSL to downgrade to a > weak SSLv2 encryption, the 0800 patch takes it one further and just disables > SSLv2 completely. So the previous fixes will help mitigate the problem, but > only disabling will remove potential reliance on less then secure methods. Thanks, Mark! As I said before, I understand and agree with this CVE fix, especially in light of all the latest news... But backporting it all the way to fido seems to break bunch of older packages that still rely on SSLv2. Just saying that we now need to fix those either by patching or by upgrading, since past releases should not only be secure, but also stable :) -- Denys > >>> Are there any plans to go and ensure that other recipes using SSLv2 are > >>> not > >>> broken now? > >> > >> yes, as I find time and not _all_ meta layers. > >> > >>
Re: [oe] [OE-core] [jethro][fido][PATCH] openssl: Security fix CVE-2016-0800
On 3/4/16 10:51 AM, Denys Dmytriyenko wrote: > On Fri, Mar 04, 2016 at 08:46:01AM -0800, akuster wrote: >> >> >> On 03/04/2016 07:39 AM, Denys Dmytriyenko wrote: >>> On Tue, Mar 01, 2016 at 11:37:21PM -0800, Armin Kuster wrote: From: Armin Kuster CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) https://www.openssl.org/news/secadv/20160301.txt Signed-off-by: Armin Kuster --- .../openssl/openssl/CVE-2016-0800.patch| 198 +++ .../openssl/openssl/CVE-2016-0800_2.patch | 592 + .../openssl/openssl/CVE-2016-0800_3.patch | 503 + .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 3 + 4 files changed, 1296 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch new file mode 100644 index 000..e5635fe --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch @@ -0,0 +1,198 @@ +From 9dfd2be8a1761fffd152a92d8f1b356ad667eea7 Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni +Date: Wed, 17 Feb 2016 21:07:48 -0500 +Subject: [PATCH] Disable SSLv2 default build, default negotiation and weak + ciphers. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +SSLv2 is by default disabled at build-time. Builds that are not +configured with "enable-ssl2" will not support SSLv2. Even if +"enable-ssl2" is used, users who want to negotiate SSLv2 via the +version-flexible SSLv23_method() will need to explicitly call either +of: + +SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); +or +SSL_clear_options(ssl, SSL_OP_NO_SSLv2); + +as appropriate. Even if either of those is used, or the application +explicitly uses the version-specific SSLv2_method() or its client +or server variants, SSLv2 ciphers vulnerable to exhaustive search +key recovery have been removed. Specifically, the SSLv2 40-bit +EXPORT ciphers, and SSLv2 56-bit DES are no longer available. + +Mitigation for CVE-2016-0800 >>> >>> So, this CVE is all nice and good, but it breaks things and other OE >>> recipes. >>> >>> For starters, python-m2crypto and crda from meta-openembedded: >>> >>> ERROR: Failed to import the "M2Crypto" module: >>> .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined >>> symbol: SSLv2_method >> >> well we built that internally and it pass because we are using the one >> from meta-virt. its a newer version (0.22.3) than the one in meta-python >> (0.21.1). >> >> working on the one in meta-python. > > Ah, thanks! So, what would be the approach to fix it in meta-python? Would > version update be allowed for backport to fido/dizzy? It's rather against the > policy, but in this case it's broken w/o the update... I think in this case, it makes sense to backport a python first for the issue. SSLv2 really isn't secure any longer. Anything using cryptography should not be using SSLv2, but if it available should be switching based on OpenSSL having (or not) the necessary symbols. For reference the CVE-2016-0800 change disables SSLv2 and various 'weak' SSLv3+ cryptographic functions. This can be re-enabled, with a simple build switch in OpenSSL -- but I'd caution against doing so. Previous patches have mitigated a related problem that would allow an attacker to get OpenSSL to downgrade to a weak SSLv2 encryption, the 0800 patch takes it one further and just disables SSLv2 completely. So the previous fixes will help mitigate the problem, but only disabling will remove potential reliance on less then secure methods. > >>> Are there any plans to go and ensure that other recipes using SSLv2 are not >>> broken now? >> >> yes, as I find time and not _all_ meta layers. >> >> thanks for letting me know. it will make this task go by faster. > > I'll let you know if anything else is broken :) > -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [OE-core] [jethro][fido][PATCH] openssl: Security fix CVE-2016-0800
On Fri, Mar 04, 2016 at 08:46:01AM -0800, akuster wrote: > > > On 03/04/2016 07:39 AM, Denys Dmytriyenko wrote: > > On Tue, Mar 01, 2016 at 11:37:21PM -0800, Armin Kuster wrote: > >> From: Armin Kuster > >> > >> CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) > >> > >> https://www.openssl.org/news/secadv/20160301.txt > >> > >> Signed-off-by: Armin Kuster > >> --- > >> .../openssl/openssl/CVE-2016-0800.patch| 198 +++ > >> .../openssl/openssl/CVE-2016-0800_2.patch | 592 > >> + > >> .../openssl/openssl/CVE-2016-0800_3.patch | 503 + > >> .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 3 + > >> 4 files changed, 1296 insertions(+) > >> create mode 100644 > >> meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > >> create mode 100644 > >> meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch > >> create mode 100644 > >> meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch > >> > >> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > >> b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > >> new file mode 100644 > >> index 000..e5635fe > >> --- /dev/null > >> +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > >> @@ -0,0 +1,198 @@ > >> +From 9dfd2be8a1761fffd152a92d8f1b356ad667eea7 Mon Sep 17 00:00:00 2001 > >> +From: Viktor Dukhovni > >> +Date: Wed, 17 Feb 2016 21:07:48 -0500 > >> +Subject: [PATCH] Disable SSLv2 default build, default negotiation and weak > >> + ciphers. > >> +MIME-Version: 1.0 > >> +Content-Type: text/plain; charset=UTF-8 > >> +Content-Transfer-Encoding: 8bit > >> + > >> +SSLv2 is by default disabled at build-time. Builds that are not > >> +configured with "enable-ssl2" will not support SSLv2. Even if > >> +"enable-ssl2" is used, users who want to negotiate SSLv2 via the > >> +version-flexible SSLv23_method() will need to explicitly call either > >> +of: > >> + > >> +SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); > >> +or > >> +SSL_clear_options(ssl, SSL_OP_NO_SSLv2); > >> + > >> +as appropriate. Even if either of those is used, or the application > >> +explicitly uses the version-specific SSLv2_method() or its client > >> +or server variants, SSLv2 ciphers vulnerable to exhaustive search > >> +key recovery have been removed. Specifically, the SSLv2 40-bit > >> +EXPORT ciphers, and SSLv2 56-bit DES are no longer available. > >> + > >> +Mitigation for CVE-2016-0800 > > > > So, this CVE is all nice and good, but it breaks things and other OE > > recipes. > > > > For starters, python-m2crypto and crda from meta-openembedded: > > > > ERROR: Failed to import the "M2Crypto" module: > > .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined > > symbol: SSLv2_method > > well we built that internally and it pass because we are using the one > from meta-virt. its a newer version (0.22.3) than the one in meta-python > (0.21.1). > > working on the one in meta-python. Ah, thanks! So, what would be the approach to fix it in meta-python? Would version update be allowed for backport to fido/dizzy? It's rather against the policy, but in this case it's broken w/o the update... > > Are there any plans to go and ensure that other recipes using SSLv2 are not > > broken now? > > yes, as I find time and not _all_ meta layers. > > thanks for letting me know. it will make this task go by faster. I'll let you know if anything else is broken :) -- Denys -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [OE-core] [jethro][fido][PATCH] openssl: Security fix CVE-2016-0800
On Tue, Mar 01, 2016 at 11:37:21PM -0800, Armin Kuster wrote: > From: Armin Kuster > > CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) > > https://www.openssl.org/news/secadv/20160301.txt > > Signed-off-by: Armin Kuster > --- > .../openssl/openssl/CVE-2016-0800.patch| 198 +++ > .../openssl/openssl/CVE-2016-0800_2.patch | 592 > + > .../openssl/openssl/CVE-2016-0800_3.patch | 503 + > .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 3 + > 4 files changed, 1296 insertions(+) > create mode 100644 > meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > create mode 100644 > meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch > create mode 100644 > meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch > > diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > new file mode 100644 > index 000..e5635fe > --- /dev/null > +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch > @@ -0,0 +1,198 @@ > +From 9dfd2be8a1761fffd152a92d8f1b356ad667eea7 Mon Sep 17 00:00:00 2001 > +From: Viktor Dukhovni > +Date: Wed, 17 Feb 2016 21:07:48 -0500 > +Subject: [PATCH] Disable SSLv2 default build, default negotiation and weak > + ciphers. > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +SSLv2 is by default disabled at build-time. Builds that are not > +configured with "enable-ssl2" will not support SSLv2. Even if > +"enable-ssl2" is used, users who want to negotiate SSLv2 via the > +version-flexible SSLv23_method() will need to explicitly call either > +of: > + > +SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); > +or > +SSL_clear_options(ssl, SSL_OP_NO_SSLv2); > + > +as appropriate. Even if either of those is used, or the application > +explicitly uses the version-specific SSLv2_method() or its client > +or server variants, SSLv2 ciphers vulnerable to exhaustive search > +key recovery have been removed. Specifically, the SSLv2 40-bit > +EXPORT ciphers, and SSLv2 56-bit DES are no longer available. > + > +Mitigation for CVE-2016-0800 So, this CVE is all nice and good, but it breaks things and other OE recipes. For starters, python-m2crypto and crda from meta-openembedded: ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method Are there any plans to go and ensure that other recipes using SSLv2 are not broken now? -- Denys > +Reviewed-by: Emilia Käsper > + > +Upstream-Status: Backport > + > +https://git.openssl.org/?p=openssl.git;a=commit;h=9dfd2be8a1761fffd152a92d8f1b356ad667eea7 > + > +CVE: CVE-2016-0800 > +Signed-off-by: Armin Kuster > + > +--- > + CHANGES| 17 + > + Configure | 3 ++- > + NEWS | 2 +- > + ssl/s2_lib.c | 6 ++ > + ssl/ssl_conf.c | 10 +- > + ssl/ssl_lib.c | 7 +++ > + 6 files changed, 42 insertions(+), 3 deletions(-) > + > +Index: openssl-1.0.2d/Configure > +=== > +--- openssl-1.0.2d.orig/Configure > openssl-1.0.2d/Configure > +@@ -847,9 +847,10 @@ my %disabled = ( # "what" => "co > + "md2"=> "default", > + "rc5"=> "default", > + "rfc3779"=> "default", > +- "sctp" => "default", > ++ "sctp" => "default", > + "shared" => "default", > + "ssl-trace" => "default", > ++ "ssl2" => "default", > + "store" => "experimental", > + "unit-test" => "default", > + "zlib" => "default", > +Index: openssl-1.0.2d/ssl/s2_lib.c > +=== > +--- openssl-1.0.2d.orig/ssl/s2_lib.c > openssl-1.0.2d/ssl/s2_lib.c > +@@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip > + 128, > + }, > + > ++# if 0 > + /* RC4_128_EXPORT40_WITH_MD5 */ > + { > + 1, > +@@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip > + 40, > + 128, > + }, > ++# endif > + > + /* RC2_128_CBC_WITH_MD5 */ > + { > +@@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip > + 128, > + }, > + > ++# if 0 > + /* RC2_128_CBC_EXPORT40_WITH_MD5 */ > + { > + 1, > +@@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip > + 40, > + 128, > + }, > ++# endif > + > + # ifndef OPENSSL_NO_IDEA > + /* IDEA_128_CBC_WITH_MD5 */ > +@@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip > + }, > + # endif > + > ++# if 0 > + /* DES_64_CBC_WITH_MD5 */ > + { > + 1, > +@@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip > + 56, > +
[oe] [PATCH][meta-oe] Revert "toybox: upgrade to 0.7.0"
* issues reported by me and Khem weren't addressed http://lists.openembedded.org/pipermail/openembedded-devel/2016-February/105824.html http://lists.openembedded.org/pipermail/openembedded-devel/2016-March/106344.html This reverts commit 26ee1849d1d70296aee8694f89502eb813842565. --- .../toybox/0001-Match-paths-with-busybox.patch | 388 + .../toybox/toybox_build-add-Missing-CFLAGS.patch | 28 -- .../toybox/{toybox_0.7.0.bb => toybox_0.6.0.bb}| 10 +- 3 files changed, 392 insertions(+), 34 deletions(-) create mode 100644 meta-oe/recipes-core/toybox/toybox/0001-Match-paths-with-busybox.patch delete mode 100644 meta-oe/recipes-core/toybox/toybox/toybox_build-add-Missing-CFLAGS.patch rename meta-oe/recipes-core/toybox/{toybox_0.7.0.bb => toybox_0.6.0.bb} (87%) diff --git a/meta-oe/recipes-core/toybox/toybox/0001-Match-paths-with-busybox.patch b/meta-oe/recipes-core/toybox/toybox/0001-Match-paths-with-busybox.patch new file mode 100644 index 000..9eb965d --- /dev/null +++ b/meta-oe/recipes-core/toybox/toybox/0001-Match-paths-with-busybox.patch @@ -0,0 +1,388 @@ +From 9b37b45067677563dc8daa73d73a015c20ad6222 Mon Sep 17 00:00:00 2001 +From: Paul Barker +Date: Mon, 18 Aug 2014 12:18:16 + +Subject: [PATCH] Match paths with busybox + +To ensure that toybox can be installed alongside busybox without confusing +update-alternatives, the paths of the links installed by toybox should match +those installed by busybox. This is accomplished by changing the flags of a few +tools within toybox. + +v3: +- Forward ported from v0.5.0 to v0.5.2 + +v2: +- Forward ported from v0.4.9 to v0.5.0 +- Move new 'mount' command + +Signed-off-by: Paul Barker + +Upstream-status: Inappropriate +(specific to update-alternatives use in OpenEmbedded) + +Signed-off-by: Amarnath Valluri +--- + toys/lsb/mount.c| 2 +- + toys/lsb/pidof.c| 2 +- + toys/other/chvt.c | 2 +- + toys/other/ifconfig.c | 2 +- + toys/other/insmod.c | 2 +- + toys/other/lsmod.c | 2 +- + toys/other/netcat.c | 2 +- + toys/other/pivot_root.c | 2 +- + toys/other/readlink.c | 2 +- + toys/other/reboot.c | 6 +++--- + toys/other/rfkill.c | 2 +- + toys/other/rmmod.c | 2 +- + toys/other/swapoff.c| 2 +- + toys/other/swapon.c | 2 +- + toys/other/sysctl.c | 2 +- + toys/posix/cut.c| 2 +- + toys/posix/df.c | 2 +- + toys/posix/head.c | 2 +- + toys/posix/id.c | 6 +++--- + toys/posix/mkfifo.c | 2 +- + toys/posix/renice.c | 2 +- + toys/posix/tail.c | 2 +- + toys/posix/tee.c| 2 +- + toys/posix/uniq.c | 2 +- + toys/posix/who.c| 2 +- + 25 files changed, 29 insertions(+), 29 deletions(-) + +diff --git a/toys/lsb/mount.c b/toys/lsb/mount.c +index c334681..b076ca1 100644 +--- a/toys/lsb/mount.c b/toys/lsb/mount.c +@@ -6,7 +6,7 @@ + * Note: -hV is bad spec, haven't implemented -FsLU yet + * no mtab (/proc/mounts does it) so -n is NOP. + +-USE_MOUNT(NEWTOY(mount, "?O:afnrvwt:o*[-rw]", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_STAYROOT)) ++USE_MOUNT(NEWTOY(mount, "?O:afnrvwt:o*[-rw]", TOYFLAG_BIN|TOYFLAG_STAYROOT)) + //USE_NFSMOUNT(NEWTOY(nfsmount, "?<2>2", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_STAYROOT)) + + config MOUNT +diff --git a/toys/lsb/pidof.c b/toys/lsb/pidof.c +index 51b742f..a8fc8ef 100644 +--- a/toys/lsb/pidof.c b/toys/lsb/pidof.c +@@ -5,7 +5,7 @@ + * + * http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/pidof.html + +-USE_PIDOF(NEWTOY(pidof, "<1so:", TOYFLAG_USR|TOYFLAG_BIN)) ++USE_PIDOF(NEWTOY(pidof, "<1so:", TOYFLAG_BIN)) + + config PIDOF + bool "pidof" +diff --git a/toys/other/chvt.c b/toys/other/chvt.c +index 6544265..a93327f 100644 +--- a/toys/other/chvt.c b/toys/other/chvt.c +@@ -2,7 +2,7 @@ + * + * Copyright (C) 2008 David Anders + +-USE_CHVT(NEWTOY(chvt, "<1", TOYFLAG_USR|TOYFLAG_SBIN)) ++USE_CHVT(NEWTOY(chvt, "<1", TOYFLAG_USR|TOYFLAG_BIN)) + + config CHVT + bool "chvt" +diff --git a/toys/other/ifconfig.c b/toys/other/ifconfig.c +index 8db3ff0..445799d 100644 +--- a/toys/other/ifconfig.c b/toys/other/ifconfig.c +@@ -6,7 +6,7 @@ + * + * Not in SUSv4. + +-USE_IFCONFIG(NEWTOY(ifconfig, "^?a", TOYFLAG_BIN)) ++USE_IFCONFIG(NEWTOY(ifconfig, "^?a", TOYFLAG_SBIN)) + + config IFCONFIG + bool "ifconfig" +diff --git a/toys/other/insmod.c b/toys/other/insmod.c +index 81721a3..cb222a5 100644 +--- a/toys/other/insmod.c b/toys/other/insmod.c +@@ -2,7 +2,7 @@ + * + * Copyright 2012 Elie De Brauwer + +-USE_INSMOD(NEWTOY(insmod, "<1", TOYFLAG_BIN|TOYFLAG_NEEDROOT)) ++USE_INSMOD(NEWTOY(insmod, "<1", TOYFLAG_SBIN|TOYFLAG_NEEDROOT)) + + config INSMOD + bool "insmod" +diff --git a/toys/other/lsmod.c b/toys/other/lsmod.c +index b8f5d82..4d16048 100644 +--- a/toys/other/lsmod.c b/toys/other/lsmod.c +@@ -2,7 +2,7 @@ + * + * Copyright 2012 Elie De Brauwer + +-USE_LSMOD(NEWTOY(lsmod, NULL, TOYFLAG_BIN)) ++USE_LSMOD(NEWTOY(lsmod,
Re: [oe] [meta-oe][PATCH v2 1/2] efivar: update to 0.23
On Fri, Mar 04, 2016 at 03:16:22PM +0100, Koen Kooi wrote: > On 4 March 2016 at 14:34, Martin Jansa wrote: > > On Fri, Mar 04, 2016 at 08:14:54AM +0100, Koen Kooi wrote: > >> Upstream removed the use of the nvme headers completely, so no more > >> conflicts. Also drop gcc options patch, ubuntu 12.04 is too old to support > >> in meta-oe/master. > > > > This fails to build static version, when no-static-libs.inc is used > > (e.g. default in Poky). > > > > Can you either disable static in popt or change efivar to respect > > --disable-static (if possible)? > > I've patched out the static build in v3, that should fix this. Thanks for quick updated, applied in master-next with small indentation fix. > > regards, > > Koen > > > > > > 5.3.0/ld: cannot find -lpopt > > | collect2: error: ld returned 1 exit status > > | make[1]: *** [efivar-static] Error 1 > > | make[1]: *** Waiting for unfinished jobs > > > > > >> > >> Signed-off-by: Koen Kooi > >> --- > >> .../efivar/0001-efivar-fix-for-cross-compile.patch | 21 +++ > >> ...ptions-not-supported-by-lower-version-gcc.patch | 71 > >> -- > >> meta-oe/recipes-extended/efivar/efivar_0.21.bb | 39 > >> meta-oe/recipes-extended/efivar/efivar_0.23.bb | 36 +++ > >> 4 files changed, 45 insertions(+), 122 deletions(-) > >> delete mode 100644 > >> meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch > >> delete mode 100644 meta-oe/recipes-extended/efivar/efivar_0.21.bb > >> create mode 100644 meta-oe/recipes-extended/efivar/efivar_0.23.bb > >> > >> diff --git > >> a/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch > >> > >> b/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch > >> index 4bd7d95..b02edd9 100644 > >> --- > >> a/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch > >> +++ > >> b/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch > >> @@ -12,20 +12,17 @@ Signed-off-by: Kai Kang > >> 1 file changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/src/Makefile b/src/Makefile > >> -index 6eac858..ef4eb1d 100644 > >> +index 5fc7887..1829d22 100644 > >> --- a/src/Makefile > >> +++ b/src/Makefile > >> -@@ -65,8 +65,8 @@ makeguids.o : makeguids.c > >> - makeguids : makeguids.o fakeguid.o > >> - $(CC) $(cflags) -o $@ $^ -ldl > >> - > >> +@@ -29,8 +29,8 @@ all : deps $(TARGETS) > >> + ./guid-symbols.c : include/efivar/efivar-guids.h > >> + ./guids.bin : include/efivar/efivar-guids.h > >> + ./names.bin : include/efivar/efivar-guids.h > >> -include/efivar/efivar-guids.h : makeguids guids.txt > >> --./makeguids guids.txt guids.bin names.bin guid-symbols.S $@ > >> +-./makeguids guids.txt guids.bin names.bin \ > >> +include/efivar/efivar-guids.h : guids.txt > >> -+makeguids guids.txt guids.bin names.bin guid-symbols.S $@ > >> ++makeguids guids.txt guids.bin names.bin \ > >> + guid-symbols.c include/efivar/efivar-guids.h > >> > >> - guidlist.o : guids.S include/efivar/efivar-guids.h > >> - $(CC) $(cflags) -c -o guidlist.o guids.S > >> --- > >> -2.6.0.rc2.10.gf4d9753 > >> - > >> + makeguids : CPPFLAGS+=-DEFIVAR_BUILD_ENVIRONMENT > >> diff --git > >> a/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch > >> > >> b/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch > >> deleted file mode 100644 > >> index 7f04b19..000 > >> --- > >> a/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch > >> +++ /dev/null > >> @@ -1,71 +0,0 @@ > >> -gcc options '-Wmaybe-uninitialized' and '-std=gnu11' are not recognized > >> by gcc > >> -whose version is lower than 4.6, such as on Ubuntu 12.04. Drop them for > >> backward > >> -compatible. > >> - > >> -Upstream-Status: Pending > >> - > >> -Signed-off-by: Kai Kang > >> > >> -diff --git a/Make.defaults b/Make.defaults > >> -index cc2baa9..118ae56 100644 > >> a/Make.defaults > >> -+++ b/Make.defaults > >> -@@ -10,10 +10,9 @@ CFLAGS?= -O2 -g > >> - > >> - ARCH = $(shell uname -m) > >> - clang_cflags = > >> --gcc_cflags = -Wmaybe-uninitialized > >> - cflags := $(CFLAGS) \ > >> - -Werror -Wall -Wsign-compare -Wstrict-aliasing \ > >> ---std=gnu11 -fshort-wchar -fPIC \ > >> -+-fshort-wchar -fPIC \ > >> - -fvisibility=hidden \ > >> - -D_GNU_SOURCE -I${TOPDIR}/src/include/efivar/ \ > >> - $(if $(filter $(CC),clang),$(clang_cflags),) \ > >> -diff --git a/src/guid.h b/src/guid.h > >> -index 9542ee1..0817991 100644 > >> a/src/guid.h > >> -+++ b/src/guid.h > >> -@@ -31,7 +31,8 @@ static inline int > >> - real_isspace(char c) > >> - { > >> - char spaces[] = " \f\n\r\t\v"; > >> --for (int i = 0; spaces[i] != '\0'; i++) > >> -+int i; > >> -+for (i = 0; spaces[i]
Re: [oe] [meta-oe][PATCH v2 1/2] efivar: update to 0.23
On 4 March 2016 at 14:34, Martin Jansa wrote: > On Fri, Mar 04, 2016 at 08:14:54AM +0100, Koen Kooi wrote: >> Upstream removed the use of the nvme headers completely, so no more >> conflicts. Also drop gcc options patch, ubuntu 12.04 is too old to support >> in meta-oe/master. > > This fails to build static version, when no-static-libs.inc is used > (e.g. default in Poky). > > Can you either disable static in popt or change efivar to respect > --disable-static (if possible)? I've patched out the static build in v3, that should fix this. regards, Koen > > 5.3.0/ld: cannot find -lpopt > | collect2: error: ld returned 1 exit status > | make[1]: *** [efivar-static] Error 1 > | make[1]: *** Waiting for unfinished jobs > > >> >> Signed-off-by: Koen Kooi >> --- >> .../efivar/0001-efivar-fix-for-cross-compile.patch | 21 +++ >> ...ptions-not-supported-by-lower-version-gcc.patch | 71 >> -- >> meta-oe/recipes-extended/efivar/efivar_0.21.bb | 39 >> meta-oe/recipes-extended/efivar/efivar_0.23.bb | 36 +++ >> 4 files changed, 45 insertions(+), 122 deletions(-) >> delete mode 100644 >> meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch >> delete mode 100644 meta-oe/recipes-extended/efivar/efivar_0.21.bb >> create mode 100644 meta-oe/recipes-extended/efivar/efivar_0.23.bb >> >> diff --git >> a/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch >> >> b/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch >> index 4bd7d95..b02edd9 100644 >> --- >> a/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch >> +++ >> b/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch >> @@ -12,20 +12,17 @@ Signed-off-by: Kai Kang >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/src/Makefile b/src/Makefile >> -index 6eac858..ef4eb1d 100644 >> +index 5fc7887..1829d22 100644 >> --- a/src/Makefile >> +++ b/src/Makefile >> -@@ -65,8 +65,8 @@ makeguids.o : makeguids.c >> - makeguids : makeguids.o fakeguid.o >> - $(CC) $(cflags) -o $@ $^ -ldl >> - >> +@@ -29,8 +29,8 @@ all : deps $(TARGETS) >> + ./guid-symbols.c : include/efivar/efivar-guids.h >> + ./guids.bin : include/efivar/efivar-guids.h >> + ./names.bin : include/efivar/efivar-guids.h >> -include/efivar/efivar-guids.h : makeguids guids.txt >> --./makeguids guids.txt guids.bin names.bin guid-symbols.S $@ >> +-./makeguids guids.txt guids.bin names.bin \ >> +include/efivar/efivar-guids.h : guids.txt >> -+makeguids guids.txt guids.bin names.bin guid-symbols.S $@ >> ++makeguids guids.txt guids.bin names.bin \ >> + guid-symbols.c include/efivar/efivar-guids.h >> >> - guidlist.o : guids.S include/efivar/efivar-guids.h >> - $(CC) $(cflags) -c -o guidlist.o guids.S >> --- >> -2.6.0.rc2.10.gf4d9753 >> - >> + makeguids : CPPFLAGS+=-DEFIVAR_BUILD_ENVIRONMENT >> diff --git >> a/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch >> >> b/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch >> deleted file mode 100644 >> index 7f04b19..000 >> --- >> a/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch >> +++ /dev/null >> @@ -1,71 +0,0 @@ >> -gcc options '-Wmaybe-uninitialized' and '-std=gnu11' are not recognized by >> gcc >> -whose version is lower than 4.6, such as on Ubuntu 12.04. Drop them for >> backward >> -compatible. >> - >> -Upstream-Status: Pending >> - >> -Signed-off-by: Kai Kang >> >> -diff --git a/Make.defaults b/Make.defaults >> -index cc2baa9..118ae56 100644 >> a/Make.defaults >> -+++ b/Make.defaults >> -@@ -10,10 +10,9 @@ CFLAGS?= -O2 -g >> - >> - ARCH = $(shell uname -m) >> - clang_cflags = >> --gcc_cflags = -Wmaybe-uninitialized >> - cflags := $(CFLAGS) \ >> - -Werror -Wall -Wsign-compare -Wstrict-aliasing \ >> ---std=gnu11 -fshort-wchar -fPIC \ >> -+-fshort-wchar -fPIC \ >> - -fvisibility=hidden \ >> - -D_GNU_SOURCE -I${TOPDIR}/src/include/efivar/ \ >> - $(if $(filter $(CC),clang),$(clang_cflags),) \ >> -diff --git a/src/guid.h b/src/guid.h >> -index 9542ee1..0817991 100644 >> a/src/guid.h >> -+++ b/src/guid.h >> -@@ -31,7 +31,8 @@ static inline int >> - real_isspace(char c) >> - { >> - char spaces[] = " \f\n\r\t\v"; >> --for (int i = 0; spaces[i] != '\0'; i++) >> -+int i; >> -+for (i = 0; spaces[i] != '\0'; i++) >> - if (c == spaces[i]) >> - return 1; >> - return 0; >> -@@ -59,7 +60,8 @@ check_sanity(const char *text, size_t len) >> - static inline int >> - check_segment_sanity(const char *text, size_t len) >> - { >> --for(unsigned int i = 0; i < len; i++) { >> -+unsigned int i; >> -+for(i = 0; i < len; i++) { >> - if (tex
[oe] [meta-oe][PATCH v3 1/2] efivar: update to 0.23
Upstream removed the use of the nvme headers completely, so no more conflicts. Also drop gcc options patch, ubuntu 12.04 is too old to support in meta-oe/master. Signed-off-by: Koen Kooi --- .../efivar/0001-efivar-fix-for-cross-compile.patch | 24 .../efivar/efivar/0002-disable-static-build.patch | 29 + ...ptions-not-supported-by-lower-version-gcc.patch | 71 -- meta-oe/recipes-extended/efivar/efivar_0.21.bb | 39 meta-oe/recipes-extended/efivar/efivar_0.23.bb | 38 5 files changed, 79 insertions(+), 122 deletions(-) create mode 100644 meta-oe/recipes-extended/efivar/efivar/0002-disable-static-build.patch delete mode 100644 meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch delete mode 100644 meta-oe/recipes-extended/efivar/efivar_0.21.bb create mode 100644 meta-oe/recipes-extended/efivar/efivar_0.23.bb diff --git a/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch b/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch index 4bd7d95..e901fbd 100644 --- a/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch +++ b/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch @@ -1,7 +1,7 @@ -From 7036e8b0dca61432970789e5397b6fb02b362c2b Mon Sep 17 00:00:00 2001 +From 9a3c480af653b37e62d1be04d49fe7a60a80168f Mon Sep 17 00:00:00 2001 From: Kai Kang Date: Fri, 25 Sep 2015 18:14:31 +0800 -Subject: [PATCH] efivar: fix for cross compile +Subject: [PATCH 1/2] efivar: fix for cross compile It builds and calls elf file makeguids to generate a header file which doesn't work for cross compile. Fix it. @@ -12,20 +12,20 @@ Signed-off-by: Kai Kang 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile -index 6eac858..ef4eb1d 100644 +index 5fc7887..1829d22 100644 --- a/src/Makefile +++ b/src/Makefile -@@ -65,8 +65,8 @@ makeguids.o : makeguids.c - makeguids : makeguids.o fakeguid.o - $(CC) $(cflags) -o $@ $^ -ldl - +@@ -29,8 +29,8 @@ all : deps $(TARGETS) + ./guid-symbols.c : include/efivar/efivar-guids.h + ./guids.bin : include/efivar/efivar-guids.h + ./names.bin : include/efivar/efivar-guids.h -include/efivar/efivar-guids.h : makeguids guids.txt -- ./makeguids guids.txt guids.bin names.bin guid-symbols.S $@ +- ./makeguids guids.txt guids.bin names.bin \ +include/efivar/efivar-guids.h : guids.txt -+ makeguids guids.txt guids.bin names.bin guid-symbols.S $@ ++ makeguids guids.txt guids.bin names.bin \ + guid-symbols.c include/efivar/efivar-guids.h - guidlist.o : guids.S include/efivar/efivar-guids.h - $(CC) $(cflags) -c -o guidlist.o guids.S + makeguids : CPPFLAGS+=-DEFIVAR_BUILD_ENVIRONMENT -- -2.6.0.rc2.10.gf4d9753 +2.4.3 diff --git a/meta-oe/recipes-extended/efivar/efivar/0002-disable-static-build.patch b/meta-oe/recipes-extended/efivar/efivar/0002-disable-static-build.patch new file mode 100644 index 000..2c001ef --- /dev/null +++ b/meta-oe/recipes-extended/efivar/efivar/0002-disable-static-build.patch @@ -0,0 +1,29 @@ +From 126e0d3c1ad74cf5b0abe9e98ec444bcc3c83159 Mon Sep 17 00:00:00 2001 +From: Koen Kooi +Date: Fri, 4 Mar 2016 14:53:55 +0100 +Subject: [PATCH 2/2] disable static build + +Signed-off-by: Koen Kooi +--- + src/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/Makefile b/src/Makefile +index 1829d22..c7a0ca3 100644 +--- a/src/Makefile b/src/Makefile +@@ -8,9 +8,9 @@ include $(TOPDIR)/Make.defaults + + LIBTARGETS=libefivar.so libefiboot.so + STATICLIBTARGETS=libefivar.a libefiboot.a +-BINTARGETS=efivar efivar-static ++BINTARGETS=efivar + PCTARGETS=efivar.pc efiboot.pc +-TARGETS=$(LIBTARGETS) $(STATICLIBTARGETS) $(BINTARGETS) $(PCTARGETS) ++TARGETS=$(LIBTARGETS) $(BINTARGETS) $(PCTARGETS) + + LIBEFIBOOT_SOURCES = crc32.c creator.c disk.c gpt.c linux.c loadopt.c + LIBEFIBOOT_OBJECTS = $(patsubst %.c,%.o,$(LIBEFIBOOT_SOURCES)) +-- +2.4.3 + diff --git a/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch b/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch deleted file mode 100644 index 7f04b19..000 --- a/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch +++ /dev/null @@ -1,71 +0,0 @@ -gcc options '-Wmaybe-uninitialized' and '-std=gnu11' are not recognized by gcc -whose version is lower than 4.6, such as on Ubuntu 12.04. Drop them for backward -compatible. - -Upstream-Status: Pending - -Signed-off-by: Kai Kang -diff --git a/Make.defaults b/Make.defaults -index cc2baa9..118ae56 100644 a/Make.defaults -+++ b/Make.defaults -@@ -10,10 +10,9 @@ CFLAGS ?= -O2 -g - - ARCH = $(shell uname -m) - clang_cflags = --gcc_cflags = -Wmaybe-uninitialized - cflags:
[oe] [meta-oe][PATCH v3 2/2] efibootmgr: update and unblacklist
Also fix style issues. Signed-off-by: Koen Kooi --- meta-oe/recipes-extended/efibootmgr/efibootmgr_0.12.bb | 14 +++--- meta-oe/recipes-extended/efibootmgr/files/ldflags.patch | 17 - 2 files changed, 7 insertions(+), 24 deletions(-) delete mode 100644 meta-oe/recipes-extended/efibootmgr/files/ldflags.patch diff --git a/meta-oe/recipes-extended/efibootmgr/efibootmgr_0.12.bb b/meta-oe/recipes-extended/efibootmgr/efibootmgr_0.12.bb index 9b611ce..d80c89f 100644 --- a/meta-oe/recipes-extended/efibootmgr/efibootmgr_0.12.bb +++ b/meta-oe/recipes-extended/efibootmgr/efibootmgr_0.12.bb @@ -10,20 +10,20 @@ DEPENDS = "pciutils zlib efivar" COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" -SRC_URI = "https://github.com/rhinstaller/efibootmgr/releases/download/${BP}/${BP}.tar.bz2 \ - file://ldflags.patch \ +SRCREV = "eb6e36c9064eae256cd60df24a977e3abd87fd16" +SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https \ " -SRC_URI[md5sum] = "6647f5cd807bc8484135ba74fcbcc39a" -SRC_URI[sha256sum] = "a66f5850677e86255d93cb1cead04c3c48a823a2b864c579321f2a07f00256e6" +S = "${WORKDIR}/git" + + +inherit pkgconfig EXTRA_OEMAKE = "'CC=${CC}' 'CFLAGS=${CFLAGS} -I${S}/src/include `pkg-config --cflags efivar` \ -DEFIBOOTMGR_VERSION=\"$(RELEASE_MAJOR).$(RELEASE_MINOR)\" '" do_install () { -install -D -p -m0755 src/efibootmgr/efibootmgr ${D}/${sbindir}/efibootmgr +install -D -p -m0755 src/efibootmgr ${D}/${sbindir}/efibootmgr } -inherit pkgconfig -PNBLACKLIST[efibootmgr] ?= "Depends on blacklisted efivar" diff --git a/meta-oe/recipes-extended/efibootmgr/files/ldflags.patch b/meta-oe/recipes-extended/efibootmgr/files/ldflags.patch deleted file mode 100644 index 0d5594a..000 --- a/meta-oe/recipes-extended/efibootmgr/files/ldflags.patch +++ /dev/null @@ -1,17 +0,0 @@ -Upstream-Status: Pending - -Import this patch from meta-linaro. - -Signed-off-by: Kai Kang - efibootmgr-0.5.4.orig/Makefile -+++ efibootmgr-0.5.4/Makefile -@@ -11,6 +11,8 @@ - CFLAGS = $(EXTRA_CFLAGS) -DEFIBOOTMGR_VERSION=\"$(RELEASE_MAJOR).$(RELEASE_MINOR).$(RELEASE_SUBLEVEL)$(RELEASE_EXTRALEVEL)\" \ - -Wall -g -D_FILE_OFFSET_BITS=64 - -+ LDFLAGS += -lz -+ - MODULES := src - - BINDIR := /usr/sbin -- 2.4.3 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-oe][PATCH] toybox: upgrade to 0.7.0
On Mon, Feb 15, 2016 at 10:21:00AM +0100, Martin Jansa wrote: > On Tue, Feb 02, 2016 at 06:11:57PM -0800, Alejandro Joya wrote: > > Change SRC_URI to latest version and update the checksum for package. > > remove old patch not longer need it to build it and add depedency found for > > builiding > > on temporary enviroment like yocto. > > Please fix following QA and Khem's comments and send v2. > > toybox-0.7.0: toybox rdepends on libattr, but it isn't a build > dependency? [build-deps] I've already merged this in good mood expecting follow-up fix soon, but now I regret that and will revert this soon. It also fails when hardfloat is used: usr/include/gnu/stubs.h:7:29: fatal error: gnu/stubs-soft.h: No such file or directory | # include | ^ | compilation terminated. | make: *** [generated/instlist] Error 1 > > > > > Signed-off-by: Alejandro Joya > > --- > > .../toybox/0001-Match-paths-with-busybox.patch | 388 > > - > > .../toybox/toybox_build-add-Missing-CFLAGS.patch | 28 ++ > > .../toybox/{toybox_0.6.0.bb => toybox_0.7.0.bb}| 10 +- > > 3 files changed, 34 insertions(+), 392 deletions(-) > > delete mode 100644 > > meta-oe/recipes-core/toybox/toybox/0001-Match-paths-with-busybox.patch > > create mode 100644 > > meta-oe/recipes-core/toybox/toybox/toybox_build-add-Missing-CFLAGS.patch > > rename meta-oe/recipes-core/toybox/{toybox_0.6.0.bb => toybox_0.7.0.bb} > > (87%) > > > > diff --git > > a/meta-oe/recipes-core/toybox/toybox/0001-Match-paths-with-busybox.patch > > b/meta-oe/recipes-core/toybox/toybox/0001-Match-paths-with-busybox.patch > > deleted file mode 100644 > > index 9eb965d..000 > > --- a/meta-oe/recipes-core/toybox/toybox/0001-Match-paths-with-busybox.patch > > +++ /dev/null > > @@ -1,388 +0,0 @@ > > -From 9b37b45067677563dc8daa73d73a015c20ad6222 Mon Sep 17 00:00:00 2001 > > -From: Paul Barker > > -Date: Mon, 18 Aug 2014 12:18:16 + > > -Subject: [PATCH] Match paths with busybox > > - > > -To ensure that toybox can be installed alongside busybox without confusing > > -update-alternatives, the paths of the links installed by toybox should > > match > > -those installed by busybox. This is accomplished by changing the flags of > > a few > > -tools within toybox. > > - > > -v3: > > -- Forward ported from v0.5.0 to v0.5.2 > > - > > -v2: > > -- Forward ported from v0.4.9 to v0.5.0 > > -- Move new 'mount' command > > - > > -Signed-off-by: Paul Barker > > - > > -Upstream-status: Inappropriate > > -(specific to update-alternatives use in OpenEmbedded) > > - > > -Signed-off-by: Amarnath Valluri > > > > - toys/lsb/mount.c| 2 +- > > - toys/lsb/pidof.c| 2 +- > > - toys/other/chvt.c | 2 +- > > - toys/other/ifconfig.c | 2 +- > > - toys/other/insmod.c | 2 +- > > - toys/other/lsmod.c | 2 +- > > - toys/other/netcat.c | 2 +- > > - toys/other/pivot_root.c | 2 +- > > - toys/other/readlink.c | 2 +- > > - toys/other/reboot.c | 6 +++--- > > - toys/other/rfkill.c | 2 +- > > - toys/other/rmmod.c | 2 +- > > - toys/other/swapoff.c| 2 +- > > - toys/other/swapon.c | 2 +- > > - toys/other/sysctl.c | 2 +- > > - toys/posix/cut.c| 2 +- > > - toys/posix/df.c | 2 +- > > - toys/posix/head.c | 2 +- > > - toys/posix/id.c | 6 +++--- > > - toys/posix/mkfifo.c | 2 +- > > - toys/posix/renice.c | 2 +- > > - toys/posix/tail.c | 2 +- > > - toys/posix/tee.c| 2 +- > > - toys/posix/uniq.c | 2 +- > > - toys/posix/who.c| 2 +- > > - 25 files changed, 29 insertions(+), 29 deletions(-) > > - > > -diff --git a/toys/lsb/mount.c b/toys/lsb/mount.c > > -index c334681..b076ca1 100644 > > a/toys/lsb/mount.c > > -+++ b/toys/lsb/mount.c > > -@@ -6,7 +6,7 @@ > > - * Note: -hV is bad spec, haven't implemented -FsLU yet > > - * no mtab (/proc/mounts does it) so -n is NOP. > > - > > --USE_MOUNT(NEWTOY(mount, "?O:afnrvwt:o*[-rw]", > > TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_STAYROOT)) > > -+USE_MOUNT(NEWTOY(mount, "?O:afnrvwt:o*[-rw]", > > TOYFLAG_BIN|TOYFLAG_STAYROOT)) > > - //USE_NFSMOUNT(NEWTOY(nfsmount, "?<2>2", > > TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_STAYROOT)) > > - > > - config MOUNT > > -diff --git a/toys/lsb/pidof.c b/toys/lsb/pidof.c > > -index 51b742f..a8fc8ef 100644 > > a/toys/lsb/pidof.c > > -+++ b/toys/lsb/pidof.c > > -@@ -5,7 +5,7 @@ > > - * > > - * > > http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/pidof.html > > - > > --USE_PIDOF(NEWTOY(pidof, "<1so:", TOYFLAG_USR|TOYFLAG_BIN)) > > -+USE_PIDOF(NEWTOY(pidof, "<1so:", TOYFLAG_BIN)) > > - > > - config PIDOF > > - bool "pidof" > > -diff --git a/toys/other/chvt.c b/toys/other/chvt.c > > -index 6544265..a93327f 100644 > > a/toys/other/chvt.c > > -+++ b/toys/other/chvt.c > > -@@ -2,7 +2,7 @@ > > - * > > - * Copyright (C) 2008 David Anders > > - > > --USE_CHVT(NEWTOY(chvt, "<1", TOYFLAG_USR|TOYFLAG_SBIN)) >
Re: [oe] [meta-oe][PATCH v2 1/2] efivar: update to 0.23
On Fri, Mar 04, 2016 at 08:14:54AM +0100, Koen Kooi wrote: > Upstream removed the use of the nvme headers completely, so no more > conflicts. Also drop gcc options patch, ubuntu 12.04 is too old to support in > meta-oe/master. This fails to build static version, when no-static-libs.inc is used (e.g. default in Poky). Can you either disable static in popt or change efivar to respect --disable-static (if possible)? 5.3.0/ld: cannot find -lpopt | collect2: error: ld returned 1 exit status | make[1]: *** [efivar-static] Error 1 | make[1]: *** Waiting for unfinished jobs > > Signed-off-by: Koen Kooi > --- > .../efivar/0001-efivar-fix-for-cross-compile.patch | 21 +++ > ...ptions-not-supported-by-lower-version-gcc.patch | 71 > -- > meta-oe/recipes-extended/efivar/efivar_0.21.bb | 39 > meta-oe/recipes-extended/efivar/efivar_0.23.bb | 36 +++ > 4 files changed, 45 insertions(+), 122 deletions(-) > delete mode 100644 > meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch > delete mode 100644 meta-oe/recipes-extended/efivar/efivar_0.21.bb > create mode 100644 meta-oe/recipes-extended/efivar/efivar_0.23.bb > > diff --git > a/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch > > b/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch > index 4bd7d95..b02edd9 100644 > --- > a/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch > +++ > b/meta-oe/recipes-extended/efivar/efivar/0001-efivar-fix-for-cross-compile.patch > @@ -12,20 +12,17 @@ Signed-off-by: Kai Kang > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/Makefile b/src/Makefile > -index 6eac858..ef4eb1d 100644 > +index 5fc7887..1829d22 100644 > --- a/src/Makefile > +++ b/src/Makefile > -@@ -65,8 +65,8 @@ makeguids.o : makeguids.c > - makeguids : makeguids.o fakeguid.o > - $(CC) $(cflags) -o $@ $^ -ldl > - > +@@ -29,8 +29,8 @@ all : deps $(TARGETS) > + ./guid-symbols.c : include/efivar/efivar-guids.h > + ./guids.bin : include/efivar/efivar-guids.h > + ./names.bin : include/efivar/efivar-guids.h > -include/efivar/efivar-guids.h : makeguids guids.txt > --./makeguids guids.txt guids.bin names.bin guid-symbols.S $@ > +-./makeguids guids.txt guids.bin names.bin \ > +include/efivar/efivar-guids.h : guids.txt > -+makeguids guids.txt guids.bin names.bin guid-symbols.S $@ > ++makeguids guids.txt guids.bin names.bin \ > + guid-symbols.c include/efivar/efivar-guids.h > > - guidlist.o : guids.S include/efivar/efivar-guids.h > - $(CC) $(cflags) -c -o guidlist.o guids.S > --- > -2.6.0.rc2.10.gf4d9753 > - > + makeguids : CPPFLAGS+=-DEFIVAR_BUILD_ENVIRONMENT > diff --git > a/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch > > b/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch > deleted file mode 100644 > index 7f04b19..000 > --- > a/meta-oe/recipes-extended/efivar/efivar/efivar-drop-options-not-supported-by-lower-version-gcc.patch > +++ /dev/null > @@ -1,71 +0,0 @@ > -gcc options '-Wmaybe-uninitialized' and '-std=gnu11' are not recognized by > gcc > -whose version is lower than 4.6, such as on Ubuntu 12.04. Drop them for > backward > -compatible. > - > -Upstream-Status: Pending > - > -Signed-off-by: Kai Kang > > -diff --git a/Make.defaults b/Make.defaults > -index cc2baa9..118ae56 100644 > a/Make.defaults > -+++ b/Make.defaults > -@@ -10,10 +10,9 @@ CFLAGS?= -O2 -g > - > - ARCH = $(shell uname -m) > - clang_cflags = > --gcc_cflags = -Wmaybe-uninitialized > - cflags := $(CFLAGS) \ > - -Werror -Wall -Wsign-compare -Wstrict-aliasing \ > ---std=gnu11 -fshort-wchar -fPIC \ > -+-fshort-wchar -fPIC \ > - -fvisibility=hidden \ > - -D_GNU_SOURCE -I${TOPDIR}/src/include/efivar/ \ > - $(if $(filter $(CC),clang),$(clang_cflags),) \ > -diff --git a/src/guid.h b/src/guid.h > -index 9542ee1..0817991 100644 > a/src/guid.h > -+++ b/src/guid.h > -@@ -31,7 +31,8 @@ static inline int > - real_isspace(char c) > - { > - char spaces[] = " \f\n\r\t\v"; > --for (int i = 0; spaces[i] != '\0'; i++) > -+int i; > -+for (i = 0; spaces[i] != '\0'; i++) > - if (c == spaces[i]) > - return 1; > - return 0; > -@@ -59,7 +60,8 @@ check_sanity(const char *text, size_t len) > - static inline int > - check_segment_sanity(const char *text, size_t len) > - { > --for(unsigned int i = 0; i < len; i++) { > -+unsigned int i; > -+for(i = 0; i < len; i++) { > - if (text[i] >= '0' && text[i] <= '9') > - continue; > - /* "| 0x20" is tolower() without having to worry about > -diff --git a/src/makeguids.c b/src/makeguids.c > -index e9acf15..7e16cb2 100644 > a/src/makeguids.c > -+++ b/src
Re: [oe] [meta-browser][PATCH] firefox: fix install for oe-core master and cleanup packaging
On Tue, Feb 23, 2016 at 11:25 PM, Andreas Müller wrote: > Could build test only due to lack of building image > > Signed-off-by: Andreas Müller > --- > recipes-mozilla/firefox/firefox_38.6.1esr.bb | 16 +++- > 1 file changed, 3 insertions(+), 13 deletions(-) > > diff --git a/recipes-mozilla/firefox/firefox_38.6.1esr.bb > b/recipes-mozilla/firefox/firefox_38.6.1esr.bb > index 8356532..4e4a7aa 100644 > --- a/recipes-mozilla/firefox/firefox_38.6.1esr.bb > +++ b/recipes-mozilla/firefox/firefox_38.6.1esr.bb > @@ -68,7 +68,7 @@ do_install_append() { > > install -m 0644 ${WORKDIR}/mozilla-firefox.desktop > ${D}${datadir}/applications/ > install -m 0644 ${WORKDIR}/mozilla-firefox.png ${D}${datadir}/pixmaps/ > -install -m 0644 ${WORKDIR}/vendor.js > ${D}${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/defaults/pref/ > +install -m 0644 ${WORKDIR}/vendor.js ${D}${libdir}/${PN}/defaults/pref/ > > # Fix ownership of files > chown root:root -R ${D}${datadir} > @@ -78,19 +78,9 @@ do_install_append() { > FILES_${PN} = "${bindir}/${PN} \ > ${datadir}/applications/ \ > ${datadir}/pixmaps/ \ > - ${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/* \ > - ${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/.autoreg \ > + ${libdir}/${PN}/* \ > ${bindir}/defaults" > -FILES_${PN}-dev += "${datadir}/idl ${bindir}/${PN}-config > ${libdir}/${PN}-devel-*" > -FILES_${PN}-staticdev += "${libdir}/${PN}-devel-*/sdk/lib/*.a" > -FILES_${PN}-dbg += "${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/.debug \ > -${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/*/.debug \ > -${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/*/*/.debug \ > -${libdir}/${PN}-${MOZ_APP_BASE_VERSION}/*/*/*/.debug \ > -${libdir}/${PN}-devel-*/*/.debug \ > -${libdir}/${PN}-devel-*/*/*/.debug \ > -${libdir}/${PN}-devel-*/*/*/*/.debug \ > -${bindir}/.debug" > +FILES_${PN}-dev += "${datadir}/idl ${bindir}/${PN}-config" > > # We don't build XUL as system shared lib, so we can mark all libs as private > PRIVATE_LIBS = "libmozjs.so \ > -- > 2.5.0 > ping -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel