Age | Commit message (Collapse) | Author |
|
Upgrade to fix CVE-2014-9403
Remove backport patch
Add CSocket submodule, which split from znc
Add the dependency on icu
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
OpenSAF uses OpenHPI if available. If openhpi happens to be in
PACKAGECONFIG from the build, turn on support in OpenSAF and add it to the
DEPENDS list.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Remove three very minor bashisms, all about redirecting stdout/stderr.
The initscript identifies as /bin/sh, this change ensures that the script
should work with a non-bash /bin/sh as well.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
tcpd from tcp-wrapper is installed into /usr/sbin/, not /usr/bin/
using sed to dynamical update the path to add the robust
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
1) WARNING: The recipe opensaf is trying to install files into a
shared area when those files already exist,so set
--libdir=${libdir}/opensaf
2) Add systemd service file plmcboot.service and plmcd.service.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
1.Remove postfix-add-db6-support.patch which is not needed,
since it is backported from upstream.
2.update install.patch and makedefs.patch that context changes.
3.Install smtp-sink which listens on the named host (or address) and port.
It takes SMTP messages from the network and throws them away.
Ref: http://www.postfix.org/smtp-sink.1.html
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
the snmp_pdu_parse() function could leave incompletely parsed varBind
variables in the list of variables in case the parsing of the SNMP
PDU failed. If later processing tries to operate on the stale and
incompletely processed varBind (e.g. when printing the variables),
this can lead to e.g. crashes or, possibly, execution of arbitrary
code.
The snmp_pdu_parse() function stores varBind variables in a list of
netsnmp_variable_list structures. Each time the function parses a new
varBind, a new netsnmp_variable_list item is allocated on the heap
and linked to the list of variables. The problem is that this item
is not removed from the list, even if snmp_pdu_parse() fails to
complete the parsing.
The "type" member of the stale netsnmp_variable_list is not
properly initialized in case snmp_pdu_parse() returns early from the
parsing. However, the "type" member is used to determine later code
paths, which is why we see crashes in a variety of functions,
although the root cause for all of these is the same.
This patch come from
http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
Written-by: Robert Story
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
move daemon servers from bin to sbin directory:
tftpd, telnetd, rshd, rexecd and rlogind
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Bitbake is likely to require this parameter in future, add
the default value.
Patch generated with the command:
sed -e 's:\(getVar([^,()]*\)\s*):\1, False):g' -i `grep -ril getVar *`
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The named packages explicitly install some items under /lib,
but the recipes assume they are in base_libdir. We change
the recipes.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
daemon_directory is set to /usr/lib/postfix which causes daemon postfix
fails to start on 64 bits target if enable multilib. Set daemon_directory
with libexecdir to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
include a security fixes but no CVE #
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-19
WCCP dissector crash. ([2]Bug 11153)
* [3]wnpa-sec-2015-20
GSM DTAP dissector crash. ([4]Bug 11201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The bug is: after the service stopped,the pid file still exists.
So modidy the service files.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
1. 1.3.5a includes the fix for CVE-2015-3306:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3306
2. replace the proftpd generated libtool with the native libtool
which support the sysroot
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
1. PolarSSL is now rebranded as mbed TLS.
2. upgrade to include CVE-2015-1182 fix:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1182
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
fixed broken url and cleaned up the PACKAGECONFIG
removed patch as it is included in this release
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-12
The LBMR dissector could go into an infinite loop. ([2]Bug 11036)
[3]CVE-2015-3808 [4]CVE-2015-3809
* [5]wnpa-sec-2015-13
The WebSocket dissector could recurse excessively. ([6]Bug 10989)
[7]CVE-2015-3810
* [8]wnpa-sec-2015-14
The WCP dissector could crash while decompressing data. ([9]Bug
10978) [10]CVE-2015-3811
* [11]wnpa-sec-2015-15
The X11 dissector could leak memory. ([12]Bug 11088)
[13]CVE-2015-3812
* [14]wnpa-sec-2015-16
The packet reassembly code could leak memory. ([15]Bug 11129)
[16]CVE-2015-3813
* [17]wnpa-sec-2015-17
The IEEE 802.11 dissector could go into an infinite loop. ([18]Bug
11110) [19]CVE-2015-3814
* [20]wnpa-sec-2015-18
The Android Logcat file parser could crash. Discovered by Hanno
Böck. ([21]Bug 11188) [22]CVE-2015-3815
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Make postfix compilable on 4.0 kernel.
Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
start dovecot service.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The error is as follows:
error: unrecognized command line option '-V'
conftest.c:9:28: fatal error: ac_nonexistent.h:
No such file or directory #include <ac_nonexistent.h>.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This fixed the CVE-2015-4047:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
http://netfilter.org/projects/nftables/index.html
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
libnftnl is needed by nftable, so add it
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
upgrade to include the fix for CVE-2015-3644:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3644
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Ntimed is an unreleased ntpd replacement being sponsored by the Linux
Foundation. Currently it only includes a work-in-progress client, but for
future use this recipe emits an ntimed-client package and an ntimed meta
package which will pull in client and server.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
- `geoipupdate` now verifies the MD5 of the new database before deploying it.
If the database MD5 does not match the expected MD5, `geoipupdate` will
exit with an error.
- The copy of `base64.c` and `base64.h` was switched to a version under GPL 2+
to prevent a license conflict.
- The `LICENSE` file was added to the distribution.
- Several issues in the documentation were fixed.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The default configuration of ntp includes a large number of reference
clock drivers. Provide a PACKAGECONFIG to allow control over whether
or not these refclock drivers are built. Leave enabled by default.
http://doc.ntp.org/4.2.8/refclock.html
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Remove two unneeded patches, configure.patch and tcpdump-cross-getaddrinfo.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
ERROR: Nothing PROVIDES 'libdnet' (but /home/akuster/oss/clean/meta-openembedded/meta-oe/recipes-connectivity/daq/daq_2.0.2.bb DEPENDS on or otherwise requires it). Close matches:
libnet
libnewt
libidn
ERROR: Required build target 'daq' has no buildable providers.
Missing or unbuildable dependency chain was: ['daq', 'libdnet']
world build fails for meta-oe.
move daq to meta-networking where snort and libdnet both reside.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
when check the CC, only compile the object by CC, not run the object.
MCONFIG file includes more configuration, we can not clear it
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in
Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows
remote attackers to cause a denial of service (snmptrapd crash) via an
empty community string in an SNMP trap, which triggers a NULL pointer
dereference within the newSVpv function in Perl.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
6.4 fixed a CVE defect:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2830
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils
before 6.4, as used in pam_cifscreds, allows remote attackers to have
unspecified impact via unknown vectors.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
ipsec-tools-0.8.2: ipsec-tools: Files/directories were installed but not shipped
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/racoon.service [installed-vs-shipped]
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
python:
opensaf/usr/share/opensaf/samples/immsv/immom_python/immom.py
bash:
opensaf/usr/share/opensaf/immxml/verify.sh
opensaf/usr/share/opensaf/immxml/immxml-modify-config
opensaf/usr/share/opensaf/immxml/immxml-configure
opensaf/usr/share/opensaf/immxml/immxml-clustersize
opensaf/usr/share/opensaf/immxml/immxml-nodegen
opensaf/usr/share/opensaf/samples/INSTALL
opensaf/usr/share/opensaf/samples/smfsv/campaigns/smf-verify
opensaf/usr/lib/opensaf/configure_tipc
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Fixed when systemd:
ERROR: Function failed: SYSTEMD_SERVICE_opensaf value opensafd.service does not exist
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Chunrong Guo <B40290@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Taken Patch from fedora to fix CVE-2015-1419, deny_file parsing to do
more what is expected.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
ntp 4.2.8p2 has more CVE fixes, like CVE-2015-1799, CVE-2015-1798;
and remove ntp-4.2.8-ntp-keygen-no-openssl.patch which 4.2.8p2 has integrated
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Neither -utils nor -ptest packages make sense w/o actual kernel support
for SCTP protocol. Make both packages RRECOMMEND kernel-module-sctp.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Keep compatibility with chkconfig tool.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Keep compatibility with chkconfig tool.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Kernel modules may be built-in, so rrecommend it instead.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
CyaSSL is now called wolfSSL. Recipe updates included RPROVIDE and
PROVIDE lines, with updates to sha/md5 sums.
Signed-off-by: lchristina26 <leah@wolfssl.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
* add ipvs administration tool
Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
When building for a system including systemd ypbind-mt will link against
libsystemd creating an implicit dependency. Make that explicit.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|