| Age | Commit message (Collapse) | Author |
|---|
|
(From OE-Core rev: 4d20e8295dbca4bd6e0c8ad36ab922d9dd4d8616)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Missing dependency uncovered after recipe specific sysroots were enabled.
(From OE-Core rev: 3173505ba6014271e59fdde2450ecc0d3cd4c8c2)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add readline support to PACKAGECONFIG. If readline needs if left out
of compilation, the bluez utilities which depend on readline are not
included in build or packages.
The defaults in PACKAGECONFIG are the same as before, so there should be
no change to current users.
(From OE-Core rev: 3985eed70c194c3d9d0c6e94a65e2edfa3f29a8e)
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Drop CVE patch: fix-CVE-2016-8858.patch, because the version 7.4p1 have
been fixed it.
2. Rebase the remaining patchs on the version 7.4p1.
(From OE-Core rev: b648b382046bd94f0cf5fe0aa4b77ab250f126cd)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is needed for building the swtpm TPM simulator (recipe
in meta-security).
Native compilation disables tcp-wrappers by default to simplify
the build.
"nativesdk" is added just in case that someone also wants this
in an SDK.
(From OE-Core rev: a33a252462e2d7b90a1c89e42a96b9696eb08b23)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Kernel headers break when musl defines IFF_LOWER_UP. While
waiting for more proper fix in musl, add a workaround to connman.
(From OE-Core rev: e6178138968717e1bdb7af7b5aed42fc74d956ab)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ppp.samba.org has disappeared from the Internet and isn't responding anymore, so
point the SRC_URI at the canonical samba.org download server instead.
(From OE-Core rev: 9b2f5a57bdff46973cc1625da78d04b666710209)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
aarch64 target was being configured for linux-generic64 but openssl has
linux-aarch64 target. Change to use linux-aarch64 as default.
(From OE-Core rev: 13e9a692510151383bc3243c3917154896b0e049)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade iproute2 from 4.7 to 4.9
(From OE-Core rev: c6e7db1446a4c94caf3df0b8a9758888d1b8b7f9)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The upstream project remove that option as it was quote:
It is completely ineffective.
[YOCTO #10843]
(From OE-Core rev: 52a12c6e5360f3f60b5610eb9ad6edaa076427c1)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removing unused includes fixes the build.
Fixes [YOCTO #10853].
(From OE-Core rev: c580d2938286d62d092496e699f12b03fa065546)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ppp no longer provides the duplicate if_pppox.h header so no need to patch that
out of the Makefile.
(From OE-Core rev: 015574ac9335799e0a3da00cf882b103177c3744)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add more case statements to catch MIPS tune configurations
(From OE-Core rev: cd1f6fbf9a2113cf510c25de2eb3895468e79149)
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes
| /usr/bin/ld: libcrypto.a(sha1-x86_64.o): relocation R_X86_64_PC32 against undefined symbol `OPENSSL_ia32cap_P' can not be used when making a shared object; recompile with -fPIC
| /usr/bin/ld: final link failed: Bad value
(From OE-Core rev: 0a19e72081771fca8ed94fb2a2a8996fd3dce00c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1)Upgrade wpa-supplicant from 2.5 to 2.6.
2)Delete 5 patches below, since they are integrated upstream.
0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
3)License checksum changes are not related to license changes.
(From OE-Core rev: 878d411eb53e96bf78e902cc2345eccda8807bfc)
(From OE-Core rev: 8751dbde2736a4dbea83f6f581fe90f0c60def76)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Disable bits of remote capture support inherited from the WinPCAP merge
which cause applications to fails to build if they define HAVE_REMOTE.
(From OE-Core rev: 4e412234c37efec42b3962c11d44903c0c58c92e)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nfs-server failed to start after installation from a package feed.
(From OE-Core rev: c4d276f9f639a1a534789de12a4783ae931e6aa4)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This conflicts with KERNEL_MODULE_AUTOLOAD += "nfsd".
(From OE-Core rev: 759b7536756ac6fb6ad431ab8e48a03283f9ec29)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Contains just enough to mount and unmount nfs volumes, i.e.
the same as nfs-utils-client before commit 39bb7e3 ("nfs-utils:
separate package as Debain style").
Drop nfs-utils-client's dependency on bash. It contains two shell
scripts, /etc/init.d/nfscommon and /usr/sbin/start-statd, both
using /bin/sh.
(From OE-Core rev: e21bba827e06f4d6574bbb2b0f453dd0bb627d2c)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Start daemons by default like the initscripts do, but only if
/etc/exports exists.
- Inform systemd.bbclass about nfs-utils-client package.
(From OE-Core rev: 94602d8ced3a8fd033de93b47320c94db6de8755)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade dhcp from 4.3.4 to 4.3.5.
(From OE-Core rev: 7cc95c2992cc45b74a9b81b56b1c1e7c097d4fe1)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 844c63050e849c68fc9b40ada2068309e5e37e16)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This variable doesn't exist anywhere else in meta/ so presumably this is
historical legacy.
(From OE-Core rev: 6da14a9713dd37935d8918e40faeccd37b084ee4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 9a04243d307a5bf86a127cf504bec78ee963671c)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 2b59c5f90c7d8325ab8893c629b42fb333f3b583)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In particular, this fixes a crash on shutdown.
From upstream's ChangeLog:
ver 1.19:
Fix issue with DHCP parsing and Huawei modems.
Fix issue with detecting Huawei E3372 modem.
Fix issue with handling serving cell info.
Fix issue with handling SIM SC facility lock.
Fix issue with Android RIL PIN retry logic.
Fix issue with Android RIL and RAT handling.
Add support for Android RIL cell broadcast.
Add support for SoFIA 3GR thermal management.
(From OE-Core rev: a09810ef738ea1d2d643deeb255c8e6dd01ef306)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add patches to fix error:
/
| ERROR: oe_runmake failed
| config.status: creating pcap-config.tmp
| mv pcap-config.tmp pcap-config
| chmod a+x pcap-config
| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile':
| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t
| {aka struct _compiler_state}' has no member named 'ai'
| cstate.ai = NULL;
| ^
| ../libpcap-1.8.1/gencode.c: In function 'gen_gateway':
| ../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared
| (first use in this function)
| bpf_error(cstate, "direction applied to 'gateway'");
| ^~~~~~
| ../libpcap-1.8.1/gencode.c:4914:13: note: each undeclared identifier is
| reported only once for each function it appears in
\
Patches were submitted to upstream [1]
[1] https://github.com/the-tcpdump-group/libpcap/pull/541
(From OE-Core rev: 9f1fe76727e98e58fc9e46ea2b49cf5c0cb48e6c)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Mount nfs directory would fail if no specific nfsvers:
mount -t nfs IP:/foo/bar/ /mnt/
mount.nfs: an incorrect mount option was specified
mount.nfs currently expects mount(2) to fail with EPROTONOSUPPORT if
the kernel doesn't understand the requested NFS version.
Unfortunately if the requested minor is not known to the kernel
it returns -EINVAL.
Backport patch from nfs-utils-1.3.4 to fix this issue.
(From OE-Core rev: 332596628697d28ae6e8c2271c9658aaf5e54796)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is a carry propagating bug in the Broadwell-specific Montgomery
multiplication procedure that handles input lengths divisible by, but
longer than 256 bits.
External References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
https://www.openssl.org/news/secadv/20161110.txt
Patch from:
https://github.com/openssl/openssl/commit/57c4b9f6a2f800b41ce2836986fe33640f6c3f8a
(From OE-Core rev: 07cfa9e2bceb07f3baf40681f8c57f4d3da0aee5)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use SHA256 as default digest for OpenSSL instead of MD5.
CVE: CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant,
which makes it easier for context-dependent attackers to
conduct spoofing attacks, as demonstrated by attacks on the
use of MD5 in the signature algorithm of an X.509 certificate.
Upstream-Status: Backport
Backport from OpenSSL 2.0 to OpenSSL 1.0.2
Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(From OE-Core rev: f924428cf0c22a0b62769f8f31f11f173f25014f)
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2016-8858 of openssh.
Ref:
https://bugzilla.redhat.com/show_bug.cgi?id=1384860
(From OE-Core rev: 134a05616839d002970b2e7124ea38348d10209b)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This script claims to be a /bin/sh script, but it uses
a bashism:
from checkbashisms:
possible bashism in meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh line 151 (should be 'b = a'):
if [ "x/" == "x$( echo ${FILE} | cut -c1 -)" ]
This causes build issues on systems that don't have
/bin/sh symlinked to bash:
Updating certificates in ${WORKDIR}/rootfs/etc/ssl/certs...
<builddir>/tmp/sysroots/x86_64-linux/usr/bin/c_rehash: 151: [: x/: unexpected operator
...
Fix this by using POSIX shell syntax for the comparison.
(From OE-Core rev: 0526524c74d4c9019fb014a2984119987f6ce9d3)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Option --enable-canusb was removed on commit:
https://github.com/the-tcpdump-group/libpcap/commit/93ca5ff7030aaf1219e1de05ec89a68384bfc50b
- Autotools class was improved and we can now stop aclocal from running at all.
- File configure.in was renamed to configure.ac, rework libpcap-pkgconfig-support
patch and do_configure_prepend task to use configure.ac file.
(From OE-Core rev: 62771b5a426e4b7d38e4997dc3f252a547f481ce)
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fixes, add support for new management tracing capability
and marking GATT D-Bus APIs as stable interfaces
(From OE-Core rev: 03f0b46520e6a6df7cde37fdb4c27ac6145dff4f)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The c_rehash utility is supposed to be run in the folder /etc/ssl/certs
of a rootfs where the package ca-certificates puts symlinks to
various CA certificates stored in /usr/share/ca-certificates/mozilla/.
These symlinks are absolute. This means that when c_rehash is run
at rootfs creation time it can't hash the actual files since they
actually reside in the build host's directory
$SYSROOT/usr/share/ca-certificates/mozilla/.
This problem doesn't reproduce when building on Debian or Ubuntu
hosts though, because these OSs have the certificates installed
in the same /usr/share/ca-certificates/mozilla/ folder.
Images built in other distros, e.g. Fedora, have problems with
connecting to https servers when using e.g. python's http lib.
The patch fixes c_rehash to check if it runs on a build host
by testing $SYSROOT and to translate the paths to certificates
accordingly.
(From OE-Core rev: 5199b990edf4d9784c19137d0ce9ef141cd85e46)
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Import a patch from upstream, which fixes a connman daemon freeze
under certain conditions (multiple active interfaces, no r/w storage).
(From OE-Core rev: bba18cdce6fb6c5ff2f7161198d46607a72747d6)
Signed-off-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There's no way to ensure that files owned by the users aren't left
on the system at postrm time: Removing the user would mean those
files are now owned by a non-existing user, and later may be owned
by a completely unrelated new user.
[YOCTO #10442]
(From OE-Core rev: c1be2196e7ffb23b7b243ecd8aca1827cbdfa443)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They come prebuilt and don't require any dependencies, so there is no
penalty in enabling them.
(From OE-Core rev: aeb8d38cf26794aeff8827161ae1241d8d031d6c)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Several recipes reference the LICENSE file in their LIC_FILES_CHKSUM
variable as ${COREBASE}/LICENSE. This forces distribution providers to
keep this file verbatim or to overload the affected recipes. The section
"Moving to the Yocto Project 1.6 Release" in the Yocto manual suggests
removing the LICENSE file where possible.
Remove LICENSE in cases where COPYING.MIT is also given and replace
LICENSE with COPYING.MIT if the former was the only entry. All modified
recipes specify LICENSE = "MIT" and none of the in-tree files specify a
different license either.
As the packages do not change (the license files are not contained in
them), do not increase PR.
(From OE-Core rev: 0059e0661826c857a07c862bcb46162671e0e330)
Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add two CVE patches from upstream
git: https://www.isc.org/git/
1.CVE-2016-2775.patch
2.CVE-2016-2776.patch
(From OE-Core rev: 5f4588d675e400f13bb6001df04790c867a95230)
Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix a build error when using the linux-4.8 headers that results in:
In file included from pppoe.h:87:0,
from plugin.c:29:
../usr/include/netinet/in.h:211:8: note: originally defined here
struct in6_addr
^~~~~~~~
In file included from ../usr/include/linux/if_pppol2tp.h:20:0,
from ../usr/include/linux/if_pppox.h:26,
from plugin.c:52:
../usr/include/linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6'
struct sockaddr_in6 {
^~~~~~~~~~~~
(From OE-Core rev: 68e917aa778742da104c038a6e1ffa789fe95410)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The aim of the original commit was to make connman-gnome load the icons
at the exact size of the systray. There are two problems with this:
* There are not enough icon sizes provided to make the scaling
look good at most sizes (including current panel size)
* Both connman-gnome and mb-panel have bugs in the icon size update
code and using scaling to exact size makes these much more visible
(See bug 9995 for example).
The problems the original commit tried to fix can be worked around
with better packing in matchbox-panel-2.
(From OE-Core rev: 82a34a770ad36fb370fff4dca66956fb47f1140c)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Deals with a CVE issue
Drops a patch applied upstream and no longer needed.
(From OE-Core rev: ee590ac736ca2a378605fa1272a1c57a1dbc7a57)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"make alltests" is sensitive to the timestamps of the installed
files. Depending on the order in which cp copies files, .o and/or
executables may end up with time stamps older than the source files.
Running tests then triggers recompilation attempts, which typically
will fail because dev tools and files are not installed.
"cp -a" is not enough because the files also have to be newer than
the installed header files. Setting the file time stamps to
the current time explicitly after copying solves the problem because
do_install_ptest_base is guaranteed to run after do_install.
(From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This update fixes several CVEs:
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)
Of these, only CVE-2016-6304 is considered of high
severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were
already fixed via local patches, which can be removed now.
See https://www.openssl.org/news/secadv/20160922.txt for details.
Some patches had to be refreshed and one compile error fix from
upstream's OpenSSL_1_0_2-stable was required. The server.pem
file is needed for test_dtls.
(From OE-Core rev: d6b69279b5d1370d9c4982d5b1842a471cfd2b0e)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bitbake.conf already sets it.
(From OE-Core rev: 73d138be52c7f7c55ec4ea1cda2d7c8ead85deec)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It doesn't have files in udev dir, and bitbake.conf already sets it.
(From OE-Core rev: 10dbf13c86ce7f10ff84547fee8c4c5f15fe91fb)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
(From OE-Core rev: d4d4ed5f31c687b2b2b716ff0fb8ca6c7aa29853)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
(From OE-Core rev: ed610b68f7e19644c89d7131e34c990a02403c62)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Andrej Valek
Markus Lehtonen
Ismo Puustinen
Dengke Du
Patrick Ohly
Jussi Kukkonen
Ross Burton
Fabio Berton
Zheng Ruoqin
Saul Wold
Zubair Lutfullah Kakakhel
Khem Raj
Joshua Lock
Andreas Oberritter
Huang Qiyu
Mariano Lopez
Maxin B. John
André Draszik
Yi Zhao
T.O. Radzy Radzykewycz
Kai Kang
Dmitry Rozhkov
Lukasz Nowak
Alexander Kanavin
Olaf Mandel
Jackie Huang
Richard Purdie
Robert Yang
Zhixiong Chi