| Age | Commit message (Collapse) | Author |
|---|
|
It is used in NVD database CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2015-1863
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
bluez is the product name in NVD database for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2016-7837
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add dhclient.service. This service file mainly comes from meta-systemd,
with modifications to take nfs boot into consideration.
While using eth0 as the nfsboot interface, we'd like dhclient service
to skip it like what ifup and connman do in sysvinit.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
5.45 -> 5.46
This includes the new testing utility "advtest"
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update the status of following patch from Pending to Accepted:
a) 0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In https://source.isc.org/git/bind9.git, since the following
commit applied:
...
commit b99bfa184bc9375421b5df915eea7dfac6a68a99
Author: Evan Hunt <each@isc.org>
Date: Wed Apr 10 13:49:57 2013 -0700
[master] unify internal and export libraries
3550. [func] Unified the internal and export versions of the
BIND libraries, allowing external clients to use
the same libraries as BIND. [RT #33131]
...
(git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c)
In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS),
it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart.
Which caused dhclient/dhcpd could not be stopped by SIGTERM.
It caused systemd's reboot hung which send SIGTERM by default.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade bind from 9.10.3-P3 to 9.10.5-P3
* Update md5sum of LIC_FILES_CHKSUM that it update year in file COPYRIGHT
* Remvoe mips1-not-support-opcode.diff which has been merged
* Remove CVE patches that there are backported from upstream
* Use python3 for build and make sure install .py files to right directory
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
[Yocto #11548]
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
bcm43xx failed as time out for firmware downloading.
The root cause is that it need wait 50ms to download firmware,
but the value of 50us is set to the timer.
Signed-off-by: Jun Zhu <junzhu@nxp.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1. Dropped obsolete patches, because the new version contains them:
- fix-cipher-des-ede3-cfb1.patch
- openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
2. LICENSE checksum change due to copyright years and wording tweak.
3. Test binaries (x86-64) are included in source code. So remove those
only for ptest.
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When building with nftables support, connman doesn't ever
depend on the nftables command line tool.
connman will depend on libmnl and libnftnl at build and
run time. In addition, the nftables rules it creates
depend on various kernel modules being present.
Update the PACKAGECONFIG to reflect this. We use the
just introduced RRECOMMENDS field so as to make the
build still succeed if those kernel modules have been
linked statically into the kernel, i.e. when the
packages haven't actually been created.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The UsePrivilegeSeparation is no longer supported (recent SSHD always runs
with previlege separation), so remove this option from the default config
file to avoid this warning:
/etc/ssh/sshd_config line 110: Deprecated option UsePrivilegeSeparation
Signed-off-by: Gary Thomas <gary@mlbassoc.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Due to recent modifications related to systemd, sysvinit builds began
to show this warning:
WARNING: connman-1.34-r0 do_package: connman: NOT adding alternative
provide /etc/resolv.conf: /etc/resolv-conf.connman does not exist
Fix this warning by making those updates specific to systemd.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix a variety of spelling and format mistakes to improve the ease of reading the
tags programatically.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
../libpcap-1.8.1/grammar.y:78:10:
fatal error: scanner.h: No such file or directory
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This patch adds missing PACKAGECONFIG options and allow for a more
fine-grained build of bluez5.
I took care of providing a default configuration that matches the
previous default config.
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Not a dependency since version 5.9.
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Some of these are clearly dead, e.g. one binutils patch reverts the effects
of the earlier one.
This also removes the uclibc site files. We now have mechanisms to allow these
to be extended from another layer should someone ever wish to do that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For the same reasons as Debian:
https://www.debian.org/News/2017/20170425
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
connman fails to start in systemd based read-only images while creating links:
Jun 08 12:53:56 qemux86-64 systemd[1]: Starting Create Volatile Files
and Directories...
Jun 08 12:53:56 qemux86-64 systemd-tmpfiles[366]:
[[0;1;31msymlink(/var/run/connman/resolv.conf, /etc/resolv.conf) failed:
Read-only file system[[0m
Fix this failure and make connman co-exist with systemd-resolved.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-ip-Remove-unneed-header.patch is to fix build error
built with musl.
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With these changes it is possible to have a .bbappend that
- sets SYSCONFDIR to some persistent storage
- modifies SYSCONFDIR/sshd_config to use ssh host keys from
the (writable) sysconfdir
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Build without threads for bind is inherited from legacy openembedded.
All libc's support proper threading on Linux now, so enable threads
support for bind.
It is also need to disable static library build which cause package dhcp
fail to build after enable bind threads support.
Options devpoll and epoll are configured to choose most preferable
multiplex method for unix socket. The priorities are: epoll > poll >
select. When set '--enable-epoll', it just defines a var and include
header file that is available for cross compile. So use epoll for bind.
Add PACKAGECONFIG 'urandom' that could use /dev/urandom as random device.
Update file/directory ownerships to fix daemon start failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When enable bind threads support, it fails to compile dhcp:
| tmp/work/armv5e-poky-linux-gnueabi/bind/9.10.3-P3-r0/build/lib/isc/pthreads/../../../
| ../bind-9.10.3-P3/lib/isc/pthreads/thread.c:64: undefined reference to `pthread_create'
Enable build shared libraries for bind and dhcp to fix the build
failure. And the patch is ported from Fedora.
Add sub-package dhcp-libs to package shared libraries.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add package libpcap-native required by recipe daq-native in layer
meta-networking. And daq-native is added to fix snort start error.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.33 -> 1.34
1. Refreshed 0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch
2. Removed upstreamed patch:
0003-stats-Fix-bad-file-descriptor-initialisation.patch
3. Provided PACKAGECONFIGs for nftables and iptables support
4. Add new patch to fix build with nftables:
0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Similar to gstreamer _git recipes, this recipe wasn't kept upto date
or tested regularly.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.19 -> 1.20
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The audio.conf file has been removed, stop installing it.
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Cleanup references to libasound-module since this code has been
completly removed from Bluez.
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
New feautures/fixes in this version:
* fixes to BLE
* a new midi plugin
* support for single-mode controllers w/o public address
* most of the experimental tools have been promoted and are now part of
the official tools
* 'experimental' has been renamed to 'testing' (hence the addition of
the 'testing' package config option)
* classic command line tools like hciattach and hciconfig are now enabled
by the "--enable-deprecated" configure option (enabled by default for
backward compatibility).
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It was dropped from Debian years ago, and superseded by rpcbind (which we also ship).
https://packages.qa.debian.org/p/portmap.html
The upstream source is no longer available either since a few days ago.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and
9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of
service (secondary DNS server crash) via a large AXFR response, and
possibly allows IXFR servers to cause a denial of service (IXFR client
crash) via a large IXFR response and allows remote authenticated users
to cause a denial of service (primary DNS server crash) via a large
UPDATE message.
External References:
https://nvd.nist.gov/vuln/detail/CVE-2016-6170
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before
9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via a DNAME
record in the answer section of a response to a recursive query,
related to db.c and resolver.c.
External References:
https://nvd.nist.gov/vuln/detail/CVE-2016-8864
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Commit 7933fbbc637 "Security fix Drown via 1.0.2g update" included
a version-script change from Debian that was an ABI change. It did
not include the soname change that Debian did so we have been calling
our ABI 1.0.0 but it really matches what others call 1.0.2.
Bump SONAME to match the ABI. In practice this changes both libcrypto
and libssl sonames from 1.0.0 to 1.0.2.
For background: Upstream does not do sonames so these are set by
distros. In this case the ABI changes based on a build time
configuration! Debian took the ABI changing configuration and bumped
soname but e.g. Ubuntu kept the deprecated API and just made it not
work, keeping soname. So both have same version of openssl but support
different ABI (and expose different SONAME).
Fixes [YOCTO #11396].
Thanks to Alexander Larsson et al for detective work.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This reverts commit 991620f3962a9917fa99abb5582f4b72ebd42a3d.
The commit breaks openssl-native (you can no longer generate keys
because it can't find the configuration file). Also the idea that we
would install configuration files normally but then add the symlinks
pointing to them in a postinstall feels wrong.
Fixes [YOCTO #11296]. The bug contains an alternative fix but I'm
sending a revert as I cannot fully understand the motive of the
original patch. See also discussion in
http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135176.html
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
Mikko Rapeli
Chen Qi
Maxin B. John
Hongxu Jia
Kai Kang
Dengke Du
Jun Zhu
Changhyeok Bae
André Draszik
Gary Thomas
Ross Burton
Richard Purdie
Marc Ferland
Khem Raj
Leonardo Sandoval
Alexander Kanavin
Yi Zhao
Jussi Kukkonen