Aside from code improvements, this version includes fixes for the following
vulnerabilities:
* CVE-2020-25681
* CVE-2020-25682
* CVE-2020-25683
* CVE-2020-25684
* CVE-2020-25685
* CVE-2020-25686
* CVE-2020-25687
While at it, remove files that were inherited from an older vulnerability fix.
These files consist of scripts, patches and configuration files that already
exist in the original meta-openembedded recipe directory.
Remake lua.patch, since the diff context has changed in v2.83.
https://jira.digi.com/browse/DEL-7389
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Includes:
opencv: Add smaller version of download models script [YOCIMX-4899]
Add a download models script that downloads a subset of the
regular script, reducing the download size from 10 to 1 GB.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
opencv: Fix build break [YOCIMX-4806]
The fix for installing face_landmark_model.dat failed
if test was not in PACKAGECONFIG. In fact we should only
install face_landmark_model.dat if test is configured.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
opencv: Fix patch fuzz
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
This recipe was originally ported from the zeus branch of poky into the dey-2.6
meta-digi branch to support the pkcs11 feature in cryptoauthlib. Now that we've
migrated to zeus, the recipe is now duplicated and no longer necessary.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
There is a mismatch between the new upstream recipe that uses a cache folder
to share the header files and the imx recipe that requires a specific folder.
https://jira.digi.com/browse/DEL-7013
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This is the version Microchip recommends to use in for the newer cryptoauthlib
with pkcs11 support. This recipe was backported from the zeus branch of
meta-openembedded.
https://jira.digi.com/browse/DEL-6826
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Otherwise, users that are behind corporate firewalls might not be able to
obtain the package sources.
https://jira.digi.com/browse/DEL-6663
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit c6e963f9e ("lvm2: Add RDEPEND on lvm2 to lvm2-udevrules")
in meta-oe layer added a package dependency for lvm2. This dependency
includes many unnecessary packages like lvm2, lvm2-scripts, etc.
and their dependencies that increase the size of the initramfs image.
Since lvm2-udevrules is not necessary for our initramfs image,
this commit removes the RRECOMENDS.
https://jira.digi.com/browse/DEL-6701
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The functionality provided by this bbappend is now available in meta-oe
upstream, commit 7f17da154372b5ec33947766783444961e8aa67c.
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
Similar to what we did on sysvinit, stop dnsmasq from starting automatically
on boot so NetworkManager can launch it via dbus.
https://jira.digi.com/browse/DEL-6415
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The commit 32a6e809f811e8b3920326330d8225b3dd895f70 from the poky layer
breaks the build in the maintenance branch for rocko. This patch updates
the curl base recipe to use the latest version.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Rename recipe and fix the path of the progress binary. Also on the
rocko branch of meta-swupdate several signing mechanisms are
supported, and the value is used as a string to determine which one
to use.
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
All this recipes only need to be renamed to the new version:
* cherokee
* curl
* imx-codec
* imx-gst1.0-plugin
* imx-parser
https://jira.digi.com/browse/DEL-5518
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
This tool was only needed for old kernels, newer kernels use the hardware
random number generator themselves.
https://jira.digi.com/browse/DEL-5518
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
After exporting a GPIO or PWM, we need to give some time for udev rules
to complete, before actually trying to access the newly created entries
in the sysfs.
This solves a problem, where udev was setting the mode and group of
the newly created files, so they are accessible for users (not root)
belonging to that group.
For traceability and to be sure the patch applies without conflicts,
this commit also sets a fixed revision to use from the libsoc
repository.
https://jira.digi.com/browse/DEL-5389
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates dnsmasq to version 2.78 to include the following
vulnerability patches:
* CVE-2017-13704
* CVE-2017-14491
* CVE-2017-14492
* CVE-2017-14493
* CVE-2017-14494
* CVE-2017-14495
* CVE-2017-14496
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-5136
NM launches 'dnsmasq' using DBus, so enable DBus support at compile
time. Also remove the symlinks in the different runlevels, so it's not
launched by the included bootscript.
https://jira.digi.com/browse/DEL-4787
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is required to use '--dns-interface' runtime parameter to instruct
'curl' to use a specific interface for DNS resolution.
We need this in the context of the network failover support, where
NetworkManager does the connectivity check, by trying to connect to a
configured URL through the different interfaces available, and for this
check it uses 'libcurl' underneath.
If you try to use this functionality without this build time option
enabled, you get:
curl: (4) A requested feature, protocol or option was not found built-in
in this libcurl due to a build-time decision.
https://jira.digi.com/browse/DEL-4787
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ICU support was not included in the rootfs in previous DEY versions
but it's included now through runtime dependences of 'harfbuzz' and
'libical'.
The support is not strictly needed, as ICU is a library for Unicode
support for applications:
http://site.icu-project.org/home
This commit disables ICU support directly for 'harfbuzz' and adds a
patch for 'libical' that allows to disable it. Notice that it's only
disabled for the CC6UL, as the CC6 has no rootfs space problems.
Only the 'libicudata' library is 25MB:
25M /usr/lib/libicudata.so.57.1
https://jira.digi.com/browse/DEL-3854
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
- The 'sign/verify' feature of swupdate can only be enabled/disabled at
compile time, it cannot be configured at run time.
- The 'sign/verify' defconfig file is only used when the images to
build are configured with 'TRUSTFENCE_SIGN=1'
- This change implies that all swupdate packages generated will have a
hash for the images to install and will be verified. Sign support is
only enabled for trustfence images.
https://jira.digi.com/browse/DEL-3773
Signed-off-by: David Escalona <david.escalona@digi.com>
- In Jethro, swupdate recipe was using 'swupdate_git.bb' as the main recipe to
build. In morty that recipe has been disabled and the '2017.01' one is used
instead, so we have to append to this new recipe by renaming our existing one.
- Our bbappend will now point to the same SHA1 that is being used, so we can
remove the SRCREV.
- The new code already includes the progress client patch, so it has been removed.
Signed-off-by: David Escalona <david.escalona@digi.com>
- This patch comes from the sw-update upstream and adds command line support
to the progress client binary.
a11e6f2b80https://jira.digi.com/browse/DEL-3356
Signed-off-by: David Escalona <david.escalona@digi.com>
There is new functionality in that version that we need for our firmware
update solution, so append the git-based recipe and set the revision to
the 2016.10 version.
Also provide a customized build configuration file. Notice that the
defconfig file is actually a full '.config'. It needs to be a full
config file because otherwise the anonymous python function in the
recipe is not able to gather all the build time dependences.
https://jira.digi.com/browse/DEL-3355
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
lvm2 package provides some user-space tools, but also some dynamic
libraries: libdevmapper, libdevmapper-event, etc.
This commit allows to package the LVM2 libraries in a different package
than the LVM2 user-space tools. This way other user-space tools (e.g.
cryptsetup) that runtime depends on the LVM2 libs can only add that libs
package to the rootfs, instead of the whole LVM2 utilities.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This daemon (rngd) feeds random data from hardware device to kernel
entropy pool.
https://jira.digi.com/browse/DEL-2501
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is hidden using Poky distribution because Poky has X11 distro
feature and then other x11-related dependences pulls in intltool-native.
In our case DEY distro does not have X11 feature and thus
intltool-native is not part of libsoup dependences. Then sometimes fails
and sometimes not depending on the bitbake threads (BB_NUMBER_THREADS)
and other race conditions.
Adding the dependence explicitly fixes:
run.do_configure: intltoolize: command not found
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Gabriel Valcazar
Mike Engel
Hector Bujanda
Arturo Buzarra
Jose Diaz de Grenu
Javier Viguera
David Escalona