Age | Commit message (Collapse) | Author |
|
We don't normally do this, but with the recent CVE fixes (most
importantly the one for the serious CVE-2014-0160 vulnerability) I am
bumping PR explicitly to make it a bit more obvious that the patch has
been applied.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c50da4a2c1128f599b2c66d06b7d2ea80215f9d0)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More
information here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Patch borrowed from Debian; this is just a tweaked version of the
upstream commit (without patching the CHANGES file which otherwise
would fail to apply on top of this version).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bebed954e8fea9d805a0eb6b284dd90177379242)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3e0ac7357a962e3ef6595d21ec4843b078a764dd)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 94352e694cd828aa84abd846149712535f48ab0f)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 35ccce7002188c8270d2fead35f9763b22776877)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Add patch file for one of the ciphers used in openssl, namely the cipher
des-ede3-cfb1. Details of the bug, without this patch, can be found here.
http://rt.openssl.org/Ticket/Display.html?id=2867
Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit ed61c28b9af2f11f46488332b80752b734a3cdeb)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8792b7fb4ef8d66336d52de7e81efbb818e16b08)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Otherwise you get errors like:
| ../libcrypto.so: file not recognized: File truncated
| collect2: error: ld returned 1 exit status
| make[2]: *** [link_o.gnu] Error 1
(From OE-Core master rev: 61c21a0f7a2041446a82b76ee3658fda5dfbff1d)
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17d787ba8825ea97d7898eaa329e16ae86dd072d)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
do_patch failed after upgrading to openssl-1.0.1e. Log:
| ERROR: Command Error: exit status: 1 Output:
| Applying patch man-section.patch
| patching file Makefile.org
| Hunk #1 succeeded at 160 (offset 26 lines).
| Hunk #2 succeeded at 626 (offset 19 lines).
| misordered hunks! output would be garbled
| Hunk #3 FAILED at 633.
| 1 out of 3 hunks FAILED -- rejects in file Makefile.org
| Patch man-section.patch does not apply (enforce with -f)
| ERROR: Function failed: patch_do_patch
| ERROR: Logfile of failure stored in:temp/log.do_patch.14679
| ERROR: Task 646 (virtual:native:openssl_1.0.1e.bb, do_patch) failed with exit code '1'
Change-Id: Ib63031fdbd09443e387ee57efa70381e0aca382c
Signed-off-by: Ting Liu <b28495@freescale.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ded738b945b6af6c73a1c5f1b4cd5ad1b6ac06c0)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Dropped obolete patches and pulled updates for debian patches.
Addresses CVEs:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2686
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169
[YOCTO #3965]
Signed-off-by: Radu Moisan <radu.moisan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0470edd01c0aebaa78db137e365a7e22bfb199e9)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
There is no reason to disable exec-stack only for -native builds;
binaries on the target will suffer from the same SELinux ACLs.
OpenSSL does not use executable stack so this option can be disabled
unconditionally.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c32b62d6494139daf4bab3279779c392fead116)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Conflicts:
meta/recipes-connectivity/openssl/openssl.inc
|
|
Add mips64 configure support but assume mips(32) userspace.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 7d775b071b902ee0de6391b2c30d36e3003643e1)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The latter variable is only applicable for target builds and could
result in passing incompatible options (and/or failing to pass
required options) to ${BUILD_CC} for a virtclass-native build.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0e90a303bc5cb0ede21ff4346843f9daeddfff45)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 490b12126aff7e8e59569ebb471ce04ba4962b7c)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Addresses CVE-2012-2333
Fixes [YOCTO #2682]
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 57f45fca7b8e1c0cf98d295bc0fd8839799dfa86)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
perlpath.pl
* openembedded-core/meta/recipes-connectivity/openssl/openssl.inc
*
* is using perlpath.pl:
*
* do_configure () {
* cd util
* perl perlpath.pl ${STAGING_BINDIR_NATIVE}
* ...
*
* and perlpath.pl is using find.pl:
* openssl-1.0.0i/util/perlpath.pl:
* #!/usr/local/bin/perl
* #
* # modify the '#!/usr/local/bin/perl'
* # line in all scripts that rely on perl.
* #
*
* require "find.pl";
* ...
*
* which was removed in perl-5.16.0 and marked as deprecated and
* unmaintained in 5.14 and older:
* /tmp/usr/lib/perl5/5.14.2/find.pl:
* warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl
* core distribution in the next major release. Please install it from the
* CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]},
* line @{[(caller)[2]]}.\n";
*
* # This library is deprecated and unmaintained. It is included for
* # compatibility with Perl 4 scripts which may use it, but it will be
* # removed in a future version of Perl. Please use the File::Find module
* # instead.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* pcap-config was packaged into ${PN}
* pcap linked against libnl if it was build before libpcap
without being listed in DEPENDS.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* Import patch from OE-Classic commit f7c547ede1bfc94c24f6315a23ff48a4c5b9ffaf.
* Fixes linking with libpcap (ppp filter).
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* wpa-passphrase has its own package, but commit
4a4c568e25a08e9f222d723f9819582c9f895c58 broke it.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* On upgrade, postinst ocassionally returned 1, so use a
conditional instead of &&.
* Use sed patterns in order to make it work more generally.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* Calling "systemctl disable" from postrm is too late and
causes the following error:
| Failed to issue method call: No such file or directory
* Fix indentation of prerm for resulting shell snippet.
* Messing with $D is not needed in *rm scripts.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* 51a122a5593c62d7ffd07f860e54a2fb0327959c incorrectly set
INC_PR to r0.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* When nfsserver get's stopped, "modprobe -r nfsd" may
hang indefinitely. As there's no need to unload the
module, just remove the call to modprobe.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* wpa_passphrase doesn't require special privileges.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* defconfig, init.sh, wpa_supplicant-0.5.7-always-scan.patch,
wpa_supplicant-fix-deprecated-dbus-function.patch and
wpa_supplicant_default.conf are not used by the recipe.
* default-sane gets installed but is unused.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Addresses CVE-2012-2110
Fixes bug [YOCTO #2368]
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Those fixes are required to get the test scripts to work with current
0.79 DBus API.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
|
|
Fixes errors like below
/home/kraj/work/angstrom/build/tmp-angstrom_2010_x-eglibc/sysroots/x86_64-linux/usr/libexec/armv5te-angstrom-linux-gnueabi/gcc/arm-angstrom-linux-gnueabi/4.6.3/ld:
error: hidden symbol '__start___debug' is not defined locally
/home/kraj/work/angstrom/build/tmp-angstrom_2010_x-eglibc/sysroots/x86_64-linux/usr/libexec/armv5te-angstrom-linux-gnueabi/gcc/arm-angstrom-linux-gnueabi/4.6.3/ld:
error: hidden symbol '__stop___debug' is not defined locally
collect2: ld returned 1 exit status
make[1]: *** [plugins/loopback.la] Error 1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* update-rc.d wasn't executed when the rootfs was built, because
pkg_postinst_avahi-daemon exited early. It wasn't run either
on first boot, because the exit code was 0.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes a segfault in the properties application when connecting to a WiFi
service succeeds.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix connman-gnome to work with connman 0.79, which made a number of
fairly serious DBus API changes. Also switch over to the newly
repopulated git repo on kernel.org in which the two previous patches
have been merged.
Fixes [YOCTO #2202].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added dependency to ofono because we always enable ofono plug-in.
We did this because the 1.2 release cycle is coming to an end. We should
use PACKAGECONFIG in 1.3.
This is part of the 1.2 bug fixing [YOCTO #2216].
Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Corrected the package content of connman-test.
This is part of the bug fixing [YOCTO #2216].
Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
Removed ofono addtion - sgw
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Delete reference to what is apparently a remnant from the OE-core
split, according to Paul Eggleton.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* pkg-postinst was used to make pppd setuid root, which
can now be done in do_install() instead.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We were seeing weird autobuilder failures where the bluetooth headers could disappear.
The reason why is that this recipe was conflicting with them. bluez4 should be handling
them and the plugin shouldn't be installing them so lets not.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix a couple common typoes, all contained within comments so there
should be no effect on functionality.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed pkg-config.patch, which was incorporated upstream.
Addresses CVE-2012-0884.
Fixes bug [YOCTO #2139].
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Shane Wang <shane.wang@intel.com>
|
|
WARNING: For recipe gst-plugin-bluetooth, the following files/directories were installed but not shipped in any package:
WARNING: /var
WARNING: /usr/lib/bluetooth
WARNING: /usr/lib/bluetooth/plugins
WARNING: /usr/lib/alsa-lib/libasound_module_pcm_bluetooth.so
WARNING: /usr/lib/alsa-lib/libasound_module_ctl_bluetooth.so
WARNING: /usr/lib/alsa-lib/libasound_module_ctl_bluetooth.la
WARNING: /usr/lib/alsa-lib/libasound_module_pcm_bluetooth.la
WARNING: /usr/share/alsa
WARNING: /usr/share/alsa/bluetooth.conf
WARNING: /var/lib
WARNING: /var/lib/bluetooth
These are removed because they are packages in the bluez4 package
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Shane Wang <shane.wang@intel.com>
|
|
Signed-off-by: Shane Wang <shane.wang@intel.com>
|
|
Signed-off-by: Shane Wang <shane.wang@intel.com>
|
|
Signed-off-by: Shane Wang <shane.wang@intel.com>
|
|
WARNING: For recipe telepathy-mission-control, the following files/directories were installed but not shipped in any package:
WARNING: /usr/share/glib-2.0
WARNING: /usr/share/glib-2.0/schemas
WARNING: /usr/share/glib-2.0/schemas/im.telepathy.MissionControl.FromEmpathy.gschema.xml
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|