Age | Commit message (Collapse) | Author |
|
CVE-2021-36222:
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC)
in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2
allows remote attackers to cause a NULL pointer dereference and daemon
crash. This occurs because a return value is not properly managed in a
certain situation.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
Patches from:
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
ss: sigv4: disable ctest until new auth available
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Remove -f*-prefix-map from LDFLAGS in krb5-config to fix reproducibility
issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
- Fix issue with sending additional and vendor IEs
- Fix issue with IE ordering for 802.11-2020 support
- Fix issue with frequency update on channel switch events
- Fix issue with drivers and handling of IF_OPER_UP setting
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
v2.2.9: Fix a crash if telnet is used without rfc2217
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* fix WARNING: linuxptp-3.1-r0 do_fetch: Failed to fetch URL
http://sourceforge.net/projects/linuxptp/files/v3.1/linuxptp-3.1.tgz,
attempting MIRRORS if available
linuxptp-3.1.tgz replace by linuxptp-3.1.1.tgz
* 3.1.1 release note
Version 3.1.1
Fixes:
CVE-2021-3570 linuxptp: missing length check of forwarded messages
CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
License-Update: Added new sections for new files
Configuration changes:
- BUILD_EXAMPLES - does not exist anymore
- WITH_SHARED_LIB -> BUILD_SHARED_LIBS, WITH_STATIC_LIB are not to be
allowed together
- WITH_AS3=OFF - adobe action script 3 not available
Added new options (disabled by default):
- javascript, nodejs
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes:
builder@2088cb10ccfb:/work/build$ devtool check-upgrade-status linuxptp
NOTE: Starting bitbake server...
<...>
INFO: linuxptp 3.1 UNKNOWN_BROKEN None
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Update the library to the 4.2.1 stable release.
This commit includes following changes:
8a580b59 v4.2.1
e90f005a vhost: listen: protect listen port transfer between
041baf93 mbedtls: sessions: clean session on bail path
4038a7d4 windows: align plat insert socket POLLIN handling to linux
a310e16f socks5: cast for mingw3 nonposix recv args
439651fa openssl: manage _GNU_SOURCE better
c042ba8c mqtt: handle NULL mqtt publish metadata
04761c4b event libs: glib: use glib.h specifically
599d318a mqtt: coverity: help coverity see we wont have an mqtt role wsi without mqtt member allocated
bae99f63 tls: add option to serialize ssl handshake
ff1b8ed0 tls: fix inbalanced tls restrict borrow/return calls
ad3901d0 raw-proxy: fix role bind flag
4bc8b1a4 extpoll: clean up test server for Wconversion in extpoll parts
eeea000c dns: handle EAI_NONAME as fatal
9e5acc05 minimal: hcmulti: modernize startup to use OPERATIONAL
55533f96 netlink: hold in COLDPLUG until we actually have some routing table contents
fa1a7040 sspc: close: differentiate between ss and sspc at final wsi close
3f0fef17 gcc: gcc8 only recognizes fallthu
e319b15b minimal: ws client spam: modernize with pvo and cancel service after interrupted
ea4d8008 service: fix casts for EXTERNAL_POLL
aea9d0ce tls-sessions: remove no stash warning
10c1b882 ss: check destroy null policy
e4aa3ece ss: check serialize null policy
4141a68f ss: avoid null ss policy on req tx len
de8185db ss: avoid null ss policy on req tx
526310df ss: h1: log dereferences NULL
7a283eba minimal: htt-client: send user agent and accept
3d13468e ctest: do not reuse ctest-ssp path
e3da2a3b android: getnameinfo uses nonstandard size_t
8398ef79 getifaddrs: casts for android
02ae95fa non-windows: explicit cast vaarg to mode_t
7c3c179e win32: client: just do WIN32 check
4c8195df windows: only conceal mode_t on windows
0ba8df6e threadpool: disassociate wsi on close
94c50618 tls: mbedtls: fix cast for dump helper
d896d401 freertos: check for forcing each time around service loop
cd87bc1c cmake: tls: use CHECK_SYMBOL_EXISTS
da17f018 plugin: post: check unexpected write after protocol unbind
1c935dff clean: else became a NOP
896a2e09 strexp: handle NULL better
aa090fc2 cygwin: include in unix type socket init
58a34cb0 examples: embedded: keep loop running on WROVER
85f772f2 OSX: Fixed can't find clock_gettime
014aa77e core-net: Remove unused variable
e1ef2301 ss: h2: handle zero length COLON_PATH for metadata
0557e919 sspc: handle nonexistent metadata cleanly
07bef6b8 coverity: ntp from blob: handle blob missing
2f9ed48d coverity: report problem in hpack_dynamic_size() to parent
d155970b coverity: h->cwsi must be valid if we are handling rx on it
2d97e343 ss: split out blob into own minimal example
c3dd4d05 ss: sspc: handle destroy for client_connect and request_tx
Signed-off-by: Luan Rafael Carneiro <luan.rafael@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
- Add support for FT-over-DS procedure with multiple BSS.
- Add support for estimation of VHT RX data rate.
- Add support for exporting Daemon information.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Its already disabled by default so no changes otherwise
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
CMAKE_DISABLE_FIND_PACKAGE_<pkg> disables detection and would achieve
same but ON/OFF seems easier to understand
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Keep it disabled by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This is required for cmake's find_package to work
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
configs directory from source is shipped in linuxptp-configs package
and includes some example configuration files for the applications.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Before this patch just a few of the produced binaries were installed.
This patch use install from linuxptp's makefile to install all binaries
and man pages. man pages are packaged in linuxptp-doc.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Huge changelog can be found at [1]
[1] https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/blob/master/NEWS
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Remove unused variable which is flagged by clang
License-Update: copy secondary license texts into LICENSE as a convenience
Add Apache-2.0 as well since lib/tls/mbedtls/wrapper is using it
[1] https://github.com/warmcat/libwebsockets/commit/a12d5ebed672a28c16484d983885474be606cc21#diff-c693279643b8cd5d248172d9c22cb7cf4ed163a3c98c8a3f69c2717edd3eacb7
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The patch recently added for CVE-2021-30004 broke compilation with
CONFIG_TLS=internal. This adds the necessary function to let it
compile again.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Refresh the following patch:
0001-build-Use-abs_top_srcdir-instead-of-abs_srcdir-for-e.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fix out of tree builds
Switch to tarball fetch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30004
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This reverts commit 87932984c3e4aa8dc03238d0997a3ee09e0f38b1.
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Backport 2 patches to fix two CVEs.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fix out of tree builds
Switch to tarball fetch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* no update other than occassional build fix since 2011 when I've imported this
* it's also failing with usrmerge:
ERROR: phonet-utils-0.0.0+gitrAUTOINC+4acfa720fd-r2 do_package_qa: QA Issue: phonet-utils package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge]
ERROR: phonet-utils-0.0.0+gitrAUTOINC+4acfa720fd-r2 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Backport a patch to fix CVE-2019-5061.
Reference: https://security-tracker.debian.org/tracker/CVE-2019-5061
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
libmd(oe-core) also uses the doc 'sha1.h', so package it in own subdirs of czmq.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|