| Age | Commit message (Collapse) | Author |
|---|
|
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before
4.3.4 does not restrict the number of concurrent TCP sessions,
which allows remote attackers to cause a denial of service
(INSIST assertion failure or request-processing outage)
by establishing many sessions.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2774
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For now, `systemctl stop dhcpd' cannot stop dhcpd correctly, the SIGTERM
signal would time out, causing a SIGKILL signal sent to dhcpd.
Patch site.h to enable gentle shutdown to so that dhcpd could be stopped
by SIGTERM.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ISC DHCP allows remote attackers to cause a denial of
service (application crash) via an invalid length field
in a UDP IPv4 packet.
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
- Rebase: fix-external-bind.patch and fixsepbuild.patch for 4.3.3
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libdns requires libxml2 if bind was built with libxml2 support
enabled. Compilation will fail for omapip/test.c in case
-lxml2 isn't used during the build. So, we add losely coupled
search path which will pick up the lib if it is present.
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed dhcp-xen-checksum.patch since already merged.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
dhclient will fail to get an IP address if run inside a guest when traffic is
flowing over a virtual network interface. The user will see the error
message:
5 bad udp checksums in 5 packets
No DHCPOFFERS received.
Unable to obtain a lease on first try. Exiting.
Failed to bring up eth0.
This is because Linux only uses partial checksums for packets that go over
virtual network interfaces and dhclient does not like this.
See linux kernel commit 78ea85f17b15390e30d8b47488ec7b6cf0790663
("net: skbuff: improve comment on checksumming")
An application can detect this behaviour by checking for the
TP_STATUS_CSUMNOTREADY flag in the tp_status field.
See linux kernel commit 8dc4194474159660d7f37c495e3fc3f10d0db8cc
("Add optional checksum computation for recvmsg")
An extra parameter is added to decode_udp_ip_header() in dhclient to indicate
whether or not dhclient should ignore partial checksums. This is used
when the TP_STATUS_CSUMNOTREADY bit is set by the guest kernel.
This fix has been included in Fedora and Ubuntu, however it has not yet been
accepted by ISC upstream. Likely because it is specific to behaviour in Linux
and other UNIX variants do not seem to be affected.
The patch was imported from the dhcp source RPM in Fedora 21
(http://pkgs.fedoraproject.org/cgit/dhcp.git/tree/dhcp-xen-checksum.patch?h=f21)
Originally contributed to fedora-cvs-commit by David Cantrell on Jan 30 2007
(https://www.redhat.com/archives/fedora-cvs-commits/2007-January/msg01442.html)
Submitted to dhcp-bugs@isc.org - [ISC-Bugs #22806] - by Michael S. Tsirkin
(http://comments.gmane.org/gmane.comp.emulators.kvm.devel/65236)
(https://lists.isc.org/pipermail/dhcp-hackers/2010-April/001835.html)
Upstream-Status: Submitted [dhcp-bugs@isc.org]
Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Previously, site.h was overridden for setting _PATH_DHCPD_CONF
and _PATH_DHCLIENT_CONF, it caused other MACROs were missing,
so we use a patch to instead.
The macros NSUPDATE and COMPACT_LEASES existed in site.h
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
|
Rebase fixsepbuild.patch to 4.3.1
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
|
The original patch was submitted on ISC's mailing list but it didn't get merged
for some reason, it can be found here;
https://lists.isc.org/pipermail/dhcp-users/2011-January/012910.html
"The ISC DHCP's dhclient-script for Linux still uses the legacy commands
'ifconfig' & 'route' to manage IPv4 network addresses & routes,
while it uses iproute2's new "ip" command to manage IPv6 network data.
This requires users & distributions to have both types of commands installed
The attached patch tries to improve the situation by replacing the
old "ifconfig" resp. "route" commands with their "ip" counterparts.
It even improves the logic a bit by only flushing the IPv4 addresses
instead of taking down the whole interface, which may still have active IPv6
connections."
Signed-off-by: Fahad Usman <fahad.usman@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rebase fix-external-bind patch
LICENSE file has date update to 2014
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In read-only file system, '/etc' is on the readonly partition,
and '/etc/resolv.conf' is symlinked to a separate writable
partition.
In this situation, we should use shell variable to instead of
the temp file '/etc/resolv.conf.dhclient'.
[YOCTO #5624]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The following patches are found, but not used by any recipe, so we should
remove them.
meta/recipes-connectivity/avahi/files/fix_for_automake_1.11.2.patch
meta/recipes-connectivity/dhcp/dhcp/fix-client-path.patch
meta/recipes-connectivity/libnss-mdns/files/alignment-fix.patch
meta/recipes-core/dbus/dbus-1.6.10/test-run-path.patch
meta/recipes-core/gettext/gettext-0.16.1/fixchicken.patch
meta/recipes-core/gettext/gettext-0.16.1/getline.m4.patch
meta/recipes-core/systemd/systemd/use-rootlibdir.patch
meta/recipes-core/util-linux/util-linux/remove-lscpu.patch
meta/recipes-core/util-linux/util-linux/remove_sigsetmark.patch
meta/recipes-core/util-linux/util-linux/uclibc-compile.patch
meta/recipes-devtools/autoconf/autoconf/autoconf-x.patch
meta/recipes-devtools/btrfs-tools/btrfs-tools/btrfs-progs-fix-parallel-build.patch
meta/recipes-devtools/btrfs-tools/btrfs-tools/btrfs-progs-fix-parallel-build2.patch
meta/recipes-devtools/cdrtools/cdrtools-native/no_usr_src.patch
meta/recipes-devtools/elfutils/elfutils-0.155/elfutils-robustify.patch
meta/recipes-devtools/gdb/gdb/libiberty-cross.patch
meta/recipes-devtools/perl/perl-5.14.3/asm-pageh-fix.patch
meta/recipes-devtools/python/python-native/sys_platform_is_now_always_linux2.patch
meta/recipes-devtools/python/python-pygobject/generate-constants.patch
meta/recipes-devtools/qemu/files/3f08ffb4a4741d147634761dc053ed386243a0de.patch
meta/recipes-devtools/qemu/files/enable-i386-linux-user.patch
meta/recipes-devtools/qemu/files/init-info.patch
meta/recipes-devtools/rpm/rpm/rpm_fix_for_automake-1.12.patch
meta/recipes-devtools/tcf-agent/tcf-agent/fix_tcf-agent.init.patch
meta/recipes-extended/iputils/files/arping-break-libsysfs-dependency.patch
meta/recipes-extended/libarchive/libarchive/0003-Patch-from-upstream-rev-2516.patch
meta/recipes-extended/procps/procps-3.2.8/pagesz-not-constant.patch
meta/recipes-gnome/gtk+/gtk+-2.24.22/no-demos.patch
meta/recipes-gnome/libglade/libglade-2.6.4/no-deprecation.patch
meta/recipes-graphics/mesa/mesa/0005-llvmpipe-remove-the-power-of-two-sizeof-struct-cmd_b.patch
meta/recipes-graphics/xorg-lib/libxxf86dga/libxxf86dga-1.1.3_fix_for_x32.patch
meta/recipes-kernel/kmod/kmod/fix-undefined-O_CLOEXEC.patch
meta/recipes-kernel/linux-libc-headers/linux-libc-headers/connector-msg-size-fix.patch
meta/recipes-kernel/linux/linux-yocto/tools-perf-no-scripting.patch
meta/recipes-support/gnutls/gnutls/gnutls-texinfo-euro.patch
meta/recipes-support/nspr/nspr/fix-build-on-aarch64.patch
[YOCTO #5180]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This change no longer needs to be backported now that a newer version
of dhcp is being used. The patch isn't causing errors because it is not
included in the dhcp recipe's SRC_URI.
Signed-off-by: Kevin Strasser <kevin.strasser@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Recent versions of dhcp have swapped out use of __u16 for u_int16_t and
therefor asm/types.h no longer needs to be included. Drop fixincludes.patch
from dhcp recipe.
Signed-off-by: Kevin Strasser <kevin.strasser@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
Catalin Enache
Chen Qi
Mariano Lopez
Ross Burton
Hongxu Jia
Awais Belal
Robert Yang
Rob Woolley
Fahad Usman
Saul Wold
Chong Lu
Kevin Strasser