Age | Commit message (Collapse) | Author |
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* -I../ofono-1.31 is included when building drivers/mbimmodem/mbim.c and then
ell.h will happily include ell/util.h from there:
# 1 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/ell/ell.h" 1 3 4
# 23 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/ell/ell.h" 3 4
# 1 "../ofono-1.31/ell/util.h" 1 3 4
# 26 "../ofono-1.31/ell/util.h" 3 4
# 1 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/string.h" 1 3 4
# 26 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/string.h" 3 4
# 1 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/bits/libc-header-start.h" 1 3 4
# 27 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/string.h" 2 3 4
* and it gets more interesting because unlikely() macro was dropped from ell/util.h in:
https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021
and ofono builds from git (which doesn't bundle ell) were failing with:
drivers/mbimmodem/mbim-message.c: In function 'message_iter_next_entry_valist':
drivers/mbimmodem/mbim-message.c:504:8: warning: implicit declaration of function 'unlikely' [-Wimplicit-function-declaration]
504 | if (unlikely(indent > MAX_NESTING))
| ^~~~~~~~
...
x86_64-webos-linux-libtool: link: x86_64-webos-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse --sysroot=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot -I/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot/usr/include/dbus-1.0 -I/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot/usr/lib/dbus-1.0/include -I/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot/usr/include/glib-2.0 -I/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot/usr/lib/glib-2.0/include -DOFONO_PLUGIN_BUILTIN -DPLUGINDIR=\"/usr/lib/ofono/plugins\" -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0=/usr/src/debug/ofono/1.31+gitAUTOINC+0db662bd6b-r0 -fdebug-prefix-map=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0=/usr/src/debug/ofono/1.31+gitAUTOINC+0db662bd6b-r0 -fdebug-prefix-map=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot= -fdebug-prefix-map=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot-native= -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -o unit/test-mbim unit/test-mbim.o drivers/mbimmodem/mbim-message.o drivers/mbimmodem/mbim.o -lell
drivers/mbimmodem/mbim-message.c:1389: error: undefined reference to 'unlikely'
drivers/mbimmodem/mbim-message.c:1255: error: undefined reference to 'unlikely'
drivers/mbimmodem/mbim-message.c:514: error: undefined reference to 'unlikely'
drivers/mbimmodem/mbim-message.c:504: error: undefined reference to 'unlikely'
collect2: error: ld returned 1 exit status
while build from 1.31 tarball was passing OK, because using this older
bundled ell/util.h
delete bundled ell as we always enable external ell to make sure this
doesn't happen again and fix mbimmodem to build with ell-0.39
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use openSSL for TLS/SSL implementation
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30004
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Only security issues fixed in this release according to
https://www.openssl.org/news/cl111.txt
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update LICENSE to show that BSD-2-Clause, BSD-3-Clause and BSD-4-Clause
are all present.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0f90440ca70abab947acbd77795e9f130967956c.patch
removed since it is included in 8.5p1
License Updated :
2-clause BSD license and 4-clause BSD license added
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adjust library packaging (see link to commit in the recipe).
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant
before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
It could result in denial of service or other impact (potentially
execution of arbitrary code), for an attacker within radio range.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-27803
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For some reason the new perl no longer has . in list of
directories searched in 'require', and so the file
needs to be copied where perl can find it.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since the test program fails to compile, configure thinks compiler is
not having thread support and bails out
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
-License-Update:
remove the description of license from src/main.c
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write
due to a missing bounds check. This could lead to remote code execution
if the target device is performing a Wi-Fi Direct search, with no
additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android-10 Android-11
Android-8.1 Android-9 Android ID: A-172937525
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-0326
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e<links_for_CVE_patches>
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The licenses were renamed to match their SPDX names, fix the
references in LIC_FILES_CHKSUM in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fix only and includes two security fixes:
CVE-2021-26675
CVE-2021-26676
Changelog:
- Fix issue with scanning state synchronization and iwd.
- Fix issue with invalid key with 4-way handshake offloading.
- Fix issue with DNS proxy length checks to prevent buffer overflow.
- Fix issue with DHCP leaking stack data via uninitialized variable.
[Yocto #14231]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rename directory of patches
-License-Update: Copyright year updated to 2021.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed upstreamed patches and refreshed q few other.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it breaks KDE's qca and dependencies
* it is not deprecated. Openssl 3.0 (currently alpha) will deprecate whirlpool
[1] https://www.openssl.org/news/changelog.html#openssl-30
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes openssh failing to work on qemux86 with glibc 2.33 due to
seccomp and the fact new syscalls are used. Also likely fixes issues
on other platforms.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The rdma command is part of iproute2 and is used to query or set the RDMA
configuration where applicable. This patch adds options to build it
and include it.
Signed-off-by: Alan Perry <alanp@snowmoose.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is still needed by libest in meta-security
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cc: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
README updated:
version updated
add descrition of platform specifics - Debian
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
TLS 1.3 implementation in qt5 uses psk so retain it for now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They are still needed by several packages in meta-openembedded
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Drop support for many deprecated algorithms by default
2. Allow dropping support for TLS 1.0/1.1 via PACKAGECONFIG
Signed-off-by: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Move the ip tool into its own package. Useful for size constrained
systems that only want the ip tool.
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Depending on which patches the make program has, the internal or external
utmp could would be used. Add add a patch which avoids the issue and makes
the build determnistic. We saw the regression on ubuntu1604.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the first ppp release in a long time. Many patches
were resolved upstream:
* musl fixes were merged
* EAP patch was a backport added upstream
* cflags were fixed upstream
* CVE fix was merged upstream and a backport
* pcap header from the host was fixed upstream
* suid bits during install was removed upstream
The only patch left was the /var/ redirect for resolv.conf which no longer
applied cleanly after upstream changes. For this one the patch will
need to be rewritten (and preferably submitted upstream) by someone
who needs/uses it. It was presumbaly for RO rootfs and may be resolved
by symlinks in modern system usage anyway.
Tweak the files pulled into the pppoe package for a compatibility
symlink and module rename.
Add CC to the OEMAKE command to allow builds correctly.
[Big thanks to Alex Kanavin for a lot of the work with upstream and
pre-release testing of this]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop backported patches:
0001-Linux-Fix-privsep-build-by-including-sys-termios.h-f.patch
0001-privsep-Fix-Linux-i386-for-SECCOMP-as-it-just-uses-s.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The dnsdomainname can also be provided by busybox and net-tools. Also
move it from ${bindir} to ${base_bindir} because the command provided by
busybox or net-tools is located here.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The dhcpcd doesn't work on Intel 32bit platform. Backport a patch to fix
the issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently there's no easy way to override this part as it's hardcoded
into the EXTRA_OEMAKE var. This change makes it possible to manipulate
the list of subdirs in a more fine graned and future oriented manner.
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Engines are installed in a slightly different path, and
the host type doesn't precisely match in x86_64
Co-authored-by: Paul Eggleton <paul.eggleton@microsoft.com>
Co-authored-by: Deepak Rawat <derawa@microsoft.com>
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
update version to 1.1.1i
openssl 1.1.1i Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
updates include fix for CVE:
CVE-2020-1971
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|