| Age | Commit message (Collapse) | Author |
|---|
|
The backported upgrade to 1.0.2h included an updated GNU LD
version-script which results in an ABI change. In order to try and
respect ABI for existing binaries built against fido this commit
partially reverts the version-script to maintain the existing ABI
and instead only add the new symbols required by 1.0.2h.
Suggested-by: Martin Jansa <martin.jansa@gmail.com>
(From OE-Core rev: 480db6be99f9a53d8657b31b846f0079ee1a124f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A patch is needed to fix a race in out-of-tree builds, and the install-ptest
logic can be simplified.
(From OE-Core rev: 471fdafb340e90a4ab2e31854f69d5204e9380bf)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Within the sysvinit script the path to bluetoothd is wrong. Because of this
the init scripts silently terminates without any message
Signed-off-by: Christian Ege <k4230r6@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176
https://www.openssl.org/news/secadv/20160503.txt
fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
(From OE-Core rev: c693f34f54257a8eca9fe8c5a9eee5647b7eeb0c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
opehssh <= 7.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is required for dbus-binding-tool.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before
4.3.4 does not restrict the number of concurrent TCP sessions,
which allows remote attackers to cause a denial of service
(INSIST assertion failure or request-processing outage)
by establishing many sessions.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2774
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Duplicate EDNS COOKIE options in a response could trigger an
assertion failure: Fix with a backport.
bind as built with the oe-core recipe is not at risk: Only servers
which are built with DNS cookie support (--enable-sit) are vulnerable
to denial of service.
Fixes [YOCTO #9438]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
do_install_append function installs init scripts but to enable this
service we need to inherit update-rc.d class and set INITSCRIPT name
and params.
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes following vulnerabilities:
CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure
CVE-2016-1286 bind: malformed signature records for DNAME records can
trigger assertion failure
[YOCTO #9400]
External References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
References to the Upstream commits and Security Advisories:
===========================================================
CVE-2016-1285: https://kb.isc.org/article/AA-01352
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=70037e040e587329cec82123e12b9f4f7c945f67
CVE-2016-1286_1: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=a3d327bf1ceaaeabb20223d8de85166e940b9f12
CVE-2016-1286_2: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=7602be276a73a6eb5431c5acd9718e68a55e8b61
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
musl calls them __c_ispeed and __c_ospeed
and we can not use get/set APIs because the get APIs
will return the value from iflags and not from *speed
element from termios struct
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
libcrypto.so was explicitly added to FILES_${PN}-dev as part of moving
libcrypto from libdir -> base_libdir to support dhclient [1].
However, the line has been unnecessary since ${base_libdir}/lib*.so
files started to be included in FILES_${PN}-dev by default [2] (and
it's still unnecessary now, after moving libcrypto from back to libdir
to support ntp [3]).
[1] http://git.openembedded.org/openembedded-core/commit/?id=01ea85f7f6c53c66c76d6f832518b28bf06ec072
[2] http://git.openembedded.org/openembedded-core/commit/?id=66c36bcb7d9368718453265e58bd5e3c854c786a
[3] http://git.openembedded.org/openembedded-core/commit/?id=0be2ab32f690a2fcba0e821abe11460958bbc6dc
Also define FILES_libssl using SOLIBS instead of a hardcoded pattern.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bluez 5.37 itself correctly installs bluetooth.conf, and honors
the path settings in dbus-1.pc.
Removing the obsolete workaround is necessary for compiling
"stateless" (= read-only system configuration moved out of /etc).
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #5134]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Change the ownership of /var/cache/bind to bind rather than root.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This patch enables the functionality for dhcpd service to be started
with dhcp uid and gid.
Test steps:
Step 1: Assign ip to interface
ifconfig eth0 192.168.1.1
Step 2: Edit /etc/dhcp/dhcpd.conf:
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
subnet 192.168.1.0 netmask 255.255.255.0 {
option broadcast-address 192.168.1.255;
range 192.168.1.88 192.168.1.88;
option routers 192.168.1.0;
}
Step 3: Edit /etc/default/dhcp-server:
INTERFACES="eth0"
Step 4: Check uid and gid of running dhcpd process
$ ps -eo user:19,group:19,cmd | grep dhcpd
dhcp dhcp /usr/sbin/dhcpd eth0 -user dhcp -group dhcp
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This includes a proper D-Bus service file for obexd in systems that do
not support systemd.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
make it more portable across libc implementations
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For now, if 'openssl' is enabled for ntp, ntp would still be built
without openssl & libcrypto. This is because that ntp thinks openssl
and libcrypto locates under the same directory.
This patch removes the codes of moving libcrypto to base_libdir.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For now, `systemctl stop dhcpd' cannot stop dhcpd correctly, the SIGTERM
signal would time out, causing a SIGKILL signal sent to dhcpd.
Patch site.h to enable gentle shutdown to so that dhcpd could be stopped
by SIGTERM.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
python-pygtk is removed in a separate commit; the reasons for
that are explained in that commit's message.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Now that avahi has a dbus PACKAGECONFIG we need to ensure it's enabled as
otherwise the avahi-ui module won't build.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since do_install fails when dbus is removed by .bbappend, add packageconfig
to allow users to get rid of desktop ipc helper dbus.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Apply a patch taken from Gentoo to hopefully fix the remaining parallel make
races.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-0800
CVE-2016-0705
CVE-2016-0798
CVE-2016-0797
CVE-2016-0799
CVE-2016-0702
CVE-2016-0703
CVE-2016-0704
https://www.openssl.org/news/secadv/20160301.txt
Updated 2 debian patches to match changes in 1.0.2g
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ISC DHCP allows remote attackers to cause a denial of
service (application crash) via an invalid length field
in a UDP IPv4 packet.
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
0.6.31 -> 0.6.32
a. Switched to the new repository hosted in github.
b. Removed the following Upstreamed/Backported patches
1. 0001-Don-t-log-warnings-about-invalid-packets-Fixes-lathi.patch
2. 0001-avahi-fix-avahi-status-command-error-prompt.patch
3. avahi_fix_install_issue.patch
4. fix_for_automake_1.12.x.patch
5. out-of-tree.patch
6. reuseport-check.patch
c. Added UPSTREAM_CHECK_URI
[YOCTO #7553]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream nfs-utils use 'rpc-statd.service' and Yocto introduced
'nfs-statd.service' instead but forgot to update the mount.nfs helper
'start-statd' accordingly.
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
NETDB_INTERNAL is a glibc define
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
4.3.0 -> 4.4.0
a) Added iproute2-fix-building-with-musl.patch to fix build with
musl.
b) Include below listed utilities that are not yet enabled/packaged
in the iproute2 recipe:
1. lnstat
2. ifstat
3. genl
4. rtacct
5. nstat
6. ss
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
4.3.0 -> 4.4.0
Added iproute2-fix-building-with-musl.patch to fix build with
musl.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Without the exit there will be a SKIP and a FAIL for the same test.
Also fix typo in a message.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
[YOCTO #9049]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Machine specific over-rides for mtx-1 (aka MeshCube) and
mtx-2 (aka SurfBox 2nd generation) don't belong in oe-core.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes Socat Security Advisory 7 (MSVR-1499) and 8.
[ YOCTO #9024 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The openssl recipe currently relies on EXTRA_OEMAKE having been set to
"-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this
explicit so that the default in bitbake.conf can be changed.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nss.h is not available on all libcs
so check for it and if its not there provide
the needed data types.
Fixed buil with musl
../../nss-mdns-0.10/src/nss.c:32:17: fatal error: nss.h: No such file or
directory
compilation terminated.
make[2]: *** [libnss_mdns4_la-nss.lo] Error 1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
o DH small subgroups (CVE-2016-0701)
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
Updated LICENSE hash due to change in copyright year.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The struct of xtables_globals has been modified in iptables 1.6.
If connman runs with iptables 1.6, it can crash.
Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
0xb7dea89c in xtables_find_target () from /usr/lib/libxtables.so.11
0xb7deac1c in ?? () from /usr/lib/libxtables.so.11
0xb7dea793 in xtables_find_target () from /usr/lib/libxtables.so.11
The the missing function item of xtables is added to xtables_globals.
It can fix the above issue.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
connman-conf is now a systemd oneshot and therefore doesn't need to
be sed'ed in to the ConnMan service file.
Note: this doesn't affect sysvinit where we provide a ConnMan
init script which checks for the presence of the wired-networking
script and, if it exists, executes it as part of the connman init.
[YOCTO #8399]
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Install a oneshot unit file that is started before ConnMan to
configure a wired network inteface with the wired-setup script,
rather than requiring this script to be manually run some how.
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Windows 10 will respond to mDNS messages when it really shouldn't,
resulting in a lot of logging. Pulling the change from avahi upstream.
This will be fixed in avahi 0.6.32
External References:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1342400
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794145
https://bugzilla.redhat.com/show_bug.cgi?id=1240711
https://social.technet.microsoft.com/Forums/en-US/b334e797-ef80-4525-b74a-b4830420a14e/windows-10-spams-network-with-invalid-mdns-response-packets?forum=win10itpronetworking
Signed-off-by: Brad Mouring <brad.mouring@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Addresses CVE-2015-8704 and CVE-2015-8705
CVE-2015-8704
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
CVE-2015-8705:
When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option
[YOCTO 8966]
References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Doesnt build with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Helps compile with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
Joshua Lock
Ross Burton
Christian Ege
Armin Kuster
Jussi Kukkonen
Catalin Enache
Fabio Berton
Sona Sarmadi
Khem Raj
Andre McCurdy
Patrick Ohly
Alexander Kanavin
Joe Slater
Alexandru Moise
Javier Viguera
Chen Qi
Jens Rehsack
Mariano Lopez
Maxin B. John
Ulrich Ölmann
Mike Crowe
Joshua Lock
bmouring@ni.com
Derek Straka