| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This should greatly reduce dependency chains on the autobuilder;
the only affected recipe is remmina, where avahi support will be
disabled by default.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Issue only affects Debian and SUSE.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These CVEs are fixed with kernel changes and don't affect the bluez recipe.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE only applies to some distributed RHEL binaries so irrelavent to us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
so the issue doesn't affect us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We don't build/use the OPIE PAM module, exclude the CVE from this recipe.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* -I../ofono-1.31 is included when building drivers/mbimmodem/mbim.c and then
ell.h will happily include ell/util.h from there:
# 1 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/ell/ell.h" 1 3 4
# 23 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/ell/ell.h" 3 4
# 1 "../ofono-1.31/ell/util.h" 1 3 4
# 26 "../ofono-1.31/ell/util.h" 3 4
# 1 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/string.h" 1 3 4
# 26 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/string.h" 3 4
# 1 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/bits/libc-header-start.h" 1 3 4
# 27 "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/ofono/1.31-r0/recipe-sysroot/usr/include/string.h" 2 3 4
* and it gets more interesting because unlikely() macro was dropped from ell/util.h in:
https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021
and ofono builds from git (which doesn't bundle ell) were failing with:
drivers/mbimmodem/mbim-message.c: In function 'message_iter_next_entry_valist':
drivers/mbimmodem/mbim-message.c:504:8: warning: implicit declaration of function 'unlikely' [-Wimplicit-function-declaration]
504 | if (unlikely(indent > MAX_NESTING))
| ^~~~~~~~
...
x86_64-webos-linux-libtool: link: x86_64-webos-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse --sysroot=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot -I/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot/usr/include/dbus-1.0 -I/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot/usr/lib/dbus-1.0/include -I/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot/usr/include/glib-2.0 -I/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot/usr/lib/glib-2.0/include -DOFONO_PLUGIN_BUILTIN -DPLUGINDIR=\"/usr/lib/ofono/plugins\" -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0=/usr/src/debug/ofono/1.31+gitAUTOINC+0db662bd6b-r0 -fdebug-prefix-map=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0=/usr/src/debug/ofono/1.31+gitAUTOINC+0db662bd6b-r0 -fdebug-prefix-map=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot= -fdebug-prefix-map=/OE/build/luneos-honister/webos-ports/tmp-glibc/work/core2-64-webos-linux/ofono/1.31+gitAUTOINC+0db662bd6b-r0/recipe-sysroot-native= -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -o unit/test-mbim unit/test-mbim.o drivers/mbimmodem/mbim-message.o drivers/mbimmodem/mbim.o -lell
drivers/mbimmodem/mbim-message.c:1389: error: undefined reference to 'unlikely'
drivers/mbimmodem/mbim-message.c:1255: error: undefined reference to 'unlikely'
drivers/mbimmodem/mbim-message.c:514: error: undefined reference to 'unlikely'
drivers/mbimmodem/mbim-message.c:504: error: undefined reference to 'unlikely'
collect2: error: ld returned 1 exit status
while build from 1.31 tarball was passing OK, because using this older
bundled ell/util.h
delete bundled ell as we always enable external ell to make sure this
doesn't happen again and fix mbimmodem to build with ell-0.39
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use openSSL for TLS/SSL implementation
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30004
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Only security issues fixed in this release according to
https://www.openssl.org/news/cl111.txt
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update LICENSE to show that BSD-2-Clause, BSD-3-Clause and BSD-4-Clause
are all present.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0f90440ca70abab947acbd77795e9f130967956c.patch
removed since it is included in 8.5p1
License Updated :
2-clause BSD license and 4-clause BSD license added
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adjust library packaging (see link to commit in the recipe).
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant
before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
It could result in denial of service or other impact (potentially
execution of arbitrary code), for an attacker within radio range.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-27803
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For some reason the new perl no longer has . in list of
directories searched in 'require', and so the file
needs to be copied where perl can find it.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since the test program fails to compile, configure thinks compiler is
not having thread support and bails out
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
-License-Update:
remove the description of license from src/main.c
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write
due to a missing bounds check. This could lead to remote code execution
if the target device is performing a Wi-Fi Direct search, with no
additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android-10 Android-11
Android-8.1 Android-9 Android ID: A-172937525
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-0326
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e<links_for_CVE_patches>
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The licenses were renamed to match their SPDX names, fix the
references in LIC_FILES_CHKSUM in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fix only and includes two security fixes:
CVE-2021-26675
CVE-2021-26676
Changelog:
- Fix issue with scanning state synchronization and iwd.
- Fix issue with invalid key with 4-way handshake offloading.
- Fix issue with DNS proxy length checks to prevent buffer overflow.
- Fix issue with DHCP leaking stack data via uninitialized variable.
[Yocto #14231]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rename directory of patches
-License-Update: Copyright year updated to 2021.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed upstreamed patches and refreshed q few other.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it breaks KDE's qca and dependencies
* it is not deprecated. Openssl 3.0 (currently alpha) will deprecate whirlpool
[1] https://www.openssl.org/news/changelog.html#openssl-30
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes openssh failing to work on qemux86 with glibc 2.33 due to
seccomp and the fact new syscalls are used. Also likely fixes issues
on other platforms.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The rdma command is part of iproute2 and is used to query or set the RDMA
configuration where applicable. This patch adds options to build it
and include it.
Signed-off-by: Alan Perry <alanp@snowmoose.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is still needed by libest in meta-security
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cc: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
README updated:
version updated
add descrition of platform specifics - Debian
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
TLS 1.3 implementation in qt5 uses psk so retain it for now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They are still needed by several packages in meta-openembedded
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Drop support for many deprecated algorithms by default
2. Allow dropping support for TLS 1.0/1.1 via PACKAGECONFIG
Signed-off-by: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Move the ip tool into its own package. Useful for size constrained
systems that only want the ip tool.
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Richard Purdie
Alexander Kanavin
Khem Raj
wangmy
Martin Jansa
Stefan Ghinea
Mikko Rapeli
Wang Mingyu
Alistair Francis
Dorinda
Anuj Mittal
akuster
Oleksandr Kravchuk
Andreas Müller
Lee Chee Yang
Alan Perry
Shachar Menashe
Sinan Kaya