Age | Commit message (Collapse) | Author |
|
The nfs-utils recipe creates a nfs-utils-client package, which can be
used if we need to install only the client side of nfs-utils.
Unfortunately, rpc.idmapd is part of this package, and requires the
dynamic library libnfsidmap.so, which is included in the main package
nfs-utils. Therefore, nfs-utils-client has a dependency on nfs-utils, so
the server is installed, and try to be started, even on system where the
appropriate modules are not present, which causes errors.
This patch adds the needed library to the nfs-utils-client package, so
that it is now complete and does not require nfs-utils anymore.
Signed-off-by: Stéphane Veyret <sveyret@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
https://github.com/openssl/openssl/blob/openssl-3.1/NEWS.md#major-changes-between-openssl-311-and-openssl-312-1-aug-2023
Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
* Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
* Do not ignore empty associated data entries with AES-SIV (CVE-2023-2975)
* When building with the enable-fips option and using the resulting FIPS provider, TLS 1.2 will, by default, mandate the use of an extended master secret and the Hash and HMAC DRBGs will not operate with truncated digests.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes:
Update license checksum: change in copyright year.
Update sha256sum for new version.
An additinal patch to fix the reproducible build failure which is
still under discussion with upstream.
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The goal of connman-conf in qemu environments is to stop connman from
trying to control the network device, because runqemu will set it up
appropriately.
It currently hardcodes eth0, but 6.2 kernels onwards will rename eth0 to
en* even when the interface is already up[1]. So that this recipe
continues to work as intended, expand the list to "eth,en" so that
connman ignores _all_ ethernet devices with either the new or old names.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?id=bd039b5ea2a91ea707ee8539df26456bd5be80af
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit 4048ddf7fdd6859c43aeb82d85ee0851b3a9177b.
2.5.0 is a development series and the upgrade should have been to 2.4.x.
|
|
Changes:
Update license checksum: change in copyright year.
Update sha256sum for new version.
An additinal patch to fix the reproducible build failure.
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Changes:
Update license checksum: only whitespace change.
Update sha256sum for new version.
Additional change:
Do not use version with the foldername, which will result in less diffstat
with future upgrades.
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
This change sync the contents of this file with upstream's
ssh_config except for the locally added line
'Include /etc/ssh/ssh_config.d/*.conf'.
More specifically the ForwardXXX options are disabled by default,
this sync with what ssh_config(5) says about these two items.
In addition, the RSAAuthentication items are removed as they are v1 protocol.
See the contents of Changelog file in openssh project as below:
"""
commit bfe19197a92b7916f64a121fbd3c179abf15e218
Author: Darren Tucker <dtucker@dtucker.net>
Date: Fri Jul 2 15:43:28 2021 +1000
Remove now-unused SSHv1 enums.
sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options
and are no longer used.
"""
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
No longer used in generating packages
Also creates a possible confusion with the recipe maintainer
name.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
9795c401 (tag: V_9_3_P2) OpenSSH 9.3p2
bde3635f update version in README
f673f2f3 update RPM spec versions
d7790cdc disallow remote addition of FIDO/PKCS11 keys
b23fe83f terminate pkcs11 process for bad libraries
This includes the fix for CVE-2023-38408.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
Rewrite of CVE_CHECK_IGNORE to CVE_STATUS contained copy+paste
problem changing CVE numbers.
CVE-2020-12352 -> CVE-2022-3563
CVE-2020-24490 -> CVE-2022-3637
CVE-2020-12352 is now for kernel only in NVD BD, so remove it.
CVE-2020-24490 is corrected in this commit.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Changelog: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Added a patch for including limits.h with musl builds, or else
we get failures such as:
| mdb.c: In function 'mdb_parse_vni':
| mdb.c:666:47: error: 'ULONG_MAX' undeclared (first use in this function)
| 666 | if ((endptr && *endptr) || vni_num == ULONG_MAX)
| | ^~~~~~~~~
| mdb.c:666:47: note: 'ULONG_MAX' is defined in header '<limits.h>'; did you forget to '#include <limits.h>'?
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Changelog: http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=shortlog
Three patches were removed as they're now upstream:
2c0b5249 Replace statfs64 with statfs
167f2336 Fix function prototypes
896946e3 mountd: Check for return of stat function
do_compile still failed after removing these patches, reporting
undefined references to 'event_base_new', 'sqlite3_open_v2', etc. This
is fixed by backporting
0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch from
upstream.
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Reviewed-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
The Text-Template was updated from 1.46 to 1.56
| ERROR: openssl-native-3.1.1-r0 do_configure: PERLEXTERNAL '/build/tmp/work/x86_64-linux/openssl-native/3.1.1-r0/openssl-3.1.1/external/perl/Text-Template-1.46/lib' not found!
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When upstream change is better to fail or removing the PERL5LIB
if they are not need anymore.
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes since version 1.45.0:
* Add SHA to ChangeLog
* misc: update readthedocs config
* test: remove erroneous RETURN_SKIP
* android: disable io_uring support
* linux: add some more iouring backed fs ops
* build: add autoconf option for disable-maintainer-mode
* fs: use WTF-8 on Windows (Stefan Karpinski)
* unix,win: replace QUEUE with struct uv__queue
* linux: fs_read to use io_uring if iovcnt > IOV_MAX
* ios: fix uv_getrusage() ru_maxrss calculation
* include: update outdated code comment
* linux: support abstract unix sockets
* unix,win: add UV_PIPE_NO_TRUNCATE flag
* unix: add loongarch support
* doc: add DPS8M to LINKS.md
* include: add EUNATCH errno mapping
* src: don't run timers if loop is stopped/unref'd
* win: fix -Wpointer-to-int-cast warning
* test,win: fix -Wunused-variable warning
* test,win: fix -Wformat warning
* linux: work around io_uring IORING_OP_CLOSE bug
* win: remove unused functions
* bench: add bench to check uv_loop_alive
* test: add uv_cancel test for threadpool
* unix: skip prohibited syscalls on tvOS and watchOS
* unix,fs: make no_pwritev access thread-safe
* unix: fix build for lower versions of Android
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Include a patch submitted upstream to fix cross-compilation issues.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Remove configure options no longer supported online.
Changelog:
=========
[security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
[security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
[performance] Reduce memory consumption by allocating properly
sized send buffers for stream-based transports.
[GL #4038]
[bug] Fix a 'clients-per-query' miscalculation bug. When the
'stale-answer-enable' options was enabled and the
'stale-answer-client-timeout' option was enabled and
larger than 0, named was taking two places from the
'clients-per-query' limit for each client and was
failing to gradually auto-tune its value, as configured.
[GL #4074]
[func] Add "ClientQuota" statistics channel counter, which
indicates the number of the resolver's spilled queries
due to reaching the clients per query quota. [GL !7978]
[bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
[cleanup] Remove configure checks for epoll, kqueue and
/dev/poll. [GL #4098]
[func] The "tkey-dhkey" option has been deprecated; a
warning will be logged when it is used. In a future
release, Diffie-Hellman TKEY mode will be removed.
[GL #3905]
[bug] The session key object could be incorrectly added
to multiple different views' keyrings. [GL #4079]
[bug] Fix an interfacemgr use-after-free error in
zoneconf.c:isself(). [GL #3765]
[test] Add support for using pytest & pytest-xdist to
execute the system test suite. [GL #3978]
[bug] BIND could get stuck on reconfiguration when a
'listen' statement for HTTP is removed from the
configuration. That has been fixed. [GL #4071]
[bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
[bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
[bug] Fix a logic error in dighost.c which could call the
dighost_shutdown() callback twice and cause problems
if the callback function was not idempotent. [GL #4039]
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Below upstream commit removed BSD-4-Clause from the LICENSE variable,
Link: https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8
But actually if we check from the source code of the openssh for this
version (8.9p1), there are some files (openbsd-compat/libressl-api-compat.c)
still affected.
As upstream removed this BSD-4-clause license, there are still some files
has this license. Below file is affected by this BSD-4-clause contents when
the below command is executed
grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort
openbsd-compat/libressl-api-compat.c
All advertising materials mentioning features or use of this software
Reason for backporting is some of the product restrict the BSD-4-Clause usage and the purpose of this commit is
to completely remove the BSD-4-Clause license from the openssh.
When checked in the master branch, openssh upstream removes the bsd-4 license compeletely from this commit
https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0
Hence Backport this commit completely to remove license of BSD-4-clause contents from code. Hunks are refreshed.
Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
On riscv32 configurations OpenSSL fails to build with "undefined
reference to `__atomic_foo'" kind of errors. Change OpenSSL recipe to
use linux-latomic configuration instead of linux-generic32.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: doc: clean up license file (#3876)
GitHub gets confused by the non-standard format of the LICENSE file.
Move the extra bits into the creatively named LICENSE-extra file.
Changelog:
==========
linux: introduce io_uring support #3952
src: add new metrics APIs #3749
unix,win: give thread pool threads an 8 MB stack #3787
win,unix: change execution order of timers #3927
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Changelog:
=========
[bug] Set the rndc idle read timeout back to 60 seconds,
from the netmgr default of 30 seconds, in order to
match the behavior of 9.16 and earlier. [GL #4046]
[bug] Fix log file rotation when using absolute path as
file. [GL #3991]
[bug] When removing delegations in an OPTOUT range
empty-non-terminal NSEC3 records generated by
those delegations were not removed. [GL #4027]
[bug] Reimplement the maximum and idle timeouts for incoming
zone tranfers. [GL #4004]
[bug] Treat ISC_R_INVALIDPROTO as a networking error
in the dispatch code to avoid retrying with the
same server. [GL #4005]
[bug] In dispatch, honour the configured source-port
selection when UDP connection fails with address
in use error.
Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
[GL #3986]
[test] As a workaround, include an OpenSSL header file before
including cmocka.h in the unit tests, because OpenSSL
3.1.0 uses __attribute__(malloc), conflicting with a
redefined malloc in cmocka.h. [GL #4000]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
* Drop CVE-2023-0464.patch (merged upstream).
* Refresh 0001-Configure-do-not-tweak-mips-cflags.patch
https://github.com/openssl/openssl/blob/openssl-3.1.1/NEWS.md
Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]
* Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree (CVE-2023-0464)
Security Advisory:
https://www.openssl.org/news/secadv/20230530.txt
CVE: CVE-2023-2650
CVE: CVE-2023-1255
CVE: CVE-2023-0466
CVE: CVE-2023-0465
CVE: CVE-2023-0464
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without this patch, systemd complains on startup with messages similar
to:
systemd-tmpfiles[128]: /etc/tmpfiles.d/connman_resolvconf.conf:1: Line references path below legacy directory /var/run/, updating /var/run/connman → /run/connman; please update the tmpfiles.d/ drop-in file accordingly.
systemd-tmpfiles[172]: /etc/tmpfiles.d/connman_resolvconf.conf:1: Line references path below legacy directory /var/run/, updating /var/run/connman → /run/connman; please update the tmpfiles.d/ drop-in file accordingly.
By default, connman will use "/var/run/connman" for runstatedir
instead of the now recommended "/run/connman".
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The gobject-introspection class adds this dependency as needed, so
remove it from DEPENDS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* pppd was upgraded in:
https://git.openembedded.org/openembedded-core/commit/?id=5512bf4dfd299b8d5d474d9f26c2146b3e53514a
* connman fails to build with pptp or l2tp PACKAGECONFIG is enabled
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* they were removed from SRC_URI in:
https://git.openembedded.org/openembedded-core/commit/?id=a21e8fdf1b66961ddae5929d393daa08800bb748
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes:
Update license checksum: change in copyright year.
Rebase patches for upstream changes.
Remove upstream applied patches.
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
autoconf-archive is a collection of m4 autoconf macros needed at
build-time, and autoconf-archive-native is a suitable provider as there
is nothing in the recipe that needs to be cross-compiled.
Also if we use DEPENDS=autoconf-archive then the recipe's -dev package
ends up RDEPENDing on autoconf-archive, which isn't correct.
Universally change any DEPENDS on autoconf-archive to the -native form,
and add any missing dependencies that were implicit before.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Install and package the D-Bus introspection files.
Signed-off-by: Eero Aaltonen <eero.aaltonen@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Convert the build from handcrafted makefiles to autotools;
this makes all custom tweaks in the recipe unnecessary, and
allows removing all patches.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As announced here:
https://roy.marples.name/downloads/dhcpcd/
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The recommendation from server maintainers is that the https protocol
is both faster and more reliable than the dedicated git protocol at this point.
Switch to it where possible.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
|
|
DESCRIPTION is optional for now; writing good component descriptions
is not easy (but appreciated).
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Changelog:
==========
[bug] Use two pairs of dns_db_t and dns_dbversion_t in a
catalog zone structure to avoid a race between the
dns__catz_update_cb() and dns_catz_dbupdate_callback()
functions. [GL #3907]
[bug] Make sure to revert the reconfigured zones to the
previous version of the view, when the new view
reconfiguration fails during the configuration of
one of the configured zones. [GL #3911]
[bug] Fix error path cleanup issues in dns_catz_new_zones()
and dns_catz_new_zone() functions. [GL #3900]
[bug] Unregister db update notify callback before detaching
from the previous db inside the catz update notify
callback. [GL #3777]
[func Run the catalog zone update process on the offload
threads. [GL #3881]
[func Add shutdown signaling for catalog zones. [GL !7571]
[func Add reference count tracing for dns_catz_zone_t and
dns_catz_zones_t. [GL !7570]
[bug] Detach 'rpzs' and 'catzs' from the previous view in
configure_rpz() and configure_catz(), respectively,
just after attaching it to the new view. [GL #3880]
[test Don't test HMAC-MD5 when not supported by libcrypto.
[GL #3871]
[bug] Fix RPZ reference counting error on shutdown in
dns__rpz_timer_cb(). [GL #3866]
[test Test various 'islands of trust' configurations when
using managed keys. [GL #3662]
[bug] Building against (or running with) libuv versions
1.35.0 and 1.36.0 is now a fatal error. The rules for
mixing and matching compile-time and run-time libuv
versions have been tightened for libuv versions between
1.35.0 and 1.40.0. [GL #3840]
[bug] dnssec-cds failed to cleanup properly. [GL #3831]
[bug] Source ports configured for query-source,
transfer-source, etc, were being ignored. (This
feature is deprecated, but it is not yet removed,
so the bug still needed fixing.) [GL #3790]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
If these files exist they should be packaged into PN-dev, and are with
the default FILES:${PN}-dev.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When gobject-introspection feature is disabled, glib-2.0-native
and gobject-introspection package dependencies are not pulled in
but avahi has a hard dependency on them (do_configure fails due
to missing introspection.m4 file, do_compile fails due to missing
glib-mkenums).
Signed-off-by: Petr Kubizňák <kubiznak@2n.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
OpenSSH 9.3p1 fixes 1 HIGH level security vulnerability.
Upgrade the recipe to point to 9.3p1.
CVEs Fixed:
1) CVE-2023-28531
- ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545]
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Fix an issue introduced in the new openssl version where an assembler file
isn't generated in a reproducible way by seeding the perl random number
generator consistently. It has no crypto impact, it is just used to
avoid function name clashes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
>From the NEWS.md file:
### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023]
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
* Performance enhancements and new platform support including new
assembler code algorithm implementations.
* Deprecated LHASH statistics functions.
* FIPS 140-3 compliance changes.
Drop the upstreamed afalg.patch:
c425e365f4 Configure: don't try to be clever when configuring afalgeng
Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|