summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* wpa-supplicant_2.6.bb: set CVE_PRODUCT to wpa_supplicantMikko Rapeli2017-07-241-0/+2
| | | | | | | | | | | | It is used in NVD database CVE's like: https://nvd.nist.gov/vuln/detail/CVE-2015-1863 (From OE-Core rev: cc3882ca2fea2c5a8830311eeb7840ae98da9b3c) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5.inc: set CVE_PRODUCT to bluezMikko Rapeli2017-07-241-0/+2
| | | | | | | | | | | | bluez is the product name in NVD database for CVE's like: https://nvd.nist.gov/vuln/detail/CVE-2016-7837 (From OE-Core rev: aade84aa54bb2f958572623ed6464184efd19862) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: add dhclient.serviceChen Qi2017-07-243-3/+70
| | | | | | | | | | | | | | Add dhclient.service. This service file mainly comes from meta-systemd, with modifications to take nfs boot into consideration. While using eth0 as the nfsboot interface, we'd like dhclient service to skip it like what ifup and connman do in sysvinit. (From OE-Core rev: faa8d0f5e8db4a99367d42ba8c8de5b2e339d8d2) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade to 5.46Maxin B. John2017-07-211-2/+3
| | | | | | | | | | | | 5.45 -> 5.46 This includes the new testing utility "advtest" (From OE-Core rev: 514e9be6b00cd39bb8b2eaf117125109fba17910) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: update patch statusMaxin B. John2017-07-211-1/+1
| | | | | | | | | | Update the status of following patch from Pending to Accepted: a) 0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch (From OE-Core rev: f9ccac5dd359e9b874a39cd879ea23c841085eab) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: fix shutdown not work by SIGTERM while bind9 enable threadsHongxu Jia2017-07-172-0/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | In https://source.isc.org/git/bind9.git, since the following commit applied: ... commit b99bfa184bc9375421b5df915eea7dfac6a68a99 Author: Evan Hunt <each@isc.org> Date: Wed Apr 10 13:49:57 2013 -0700 [master] unify internal and export libraries 3550. [func] Unified the internal and export versions of the BIND libraries, allowing external clients to use the same libraries as BIND. [RT #33131] ... (git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c) In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS), it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart. Which caused dhclient/dhcpd could not be stopped by SIGTERM. It caused systemd's reboot hung which send SIGTERM by default. (From OE-Core rev: 7d3e734481e5d400d03ffd0a12669913fd264c5f) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: 9.10.3-P3 -> 9.10.5-P3Kai Kang2017-07-1713-2443/+61
| | | | | | | | | | | | | | | Upgrade bind from 9.10.3-P3 to 9.10.5-P3 * Update md5sum of LIC_FILES_CHKSUM that it update year in file COPYRIGHT * Remvoe mips1-not-support-opcode.diff which has been merged * Remove CVE patches that there are backported from upstream * Use python3 for build and make sure install .py files to right directory (From OE-Core rev: 9ee6a0a6599d081767b63382a576e67aed12cf4d) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi-ui: reduce local pending patchesDengke Du2017-07-061-4/+5
| | | | | | | | | | [Yocto #11548] (From OE-Core rev: 9e18fc1aa4aa0ead854bb4e02eb3af2e7909f597) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez: Correct the timer count for bcm43xx firmware downloadJun Zhu2017-07-062-0/+37
| | | | | | | | | | | | bcm43xx failed as time out for firmware downloading. The root cause is that it need wait 50ms to download firmware, but the value of 50us is set to the timer. (From OE-Core rev: bb8bc17ab8d71e3a30e2f0b655c42434dd968ea4) Signed-off-by: Jun Zhu <junzhu@nxp.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.0.2k -> 1.0.2lChanghyeok Bae2017-07-064-49/+8
| | | | | | | | | | | | | | | 1. Dropped obsolete patches, because the new version contains them: - fix-cipher-des-ede3-cfb1.patch - openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch 2. LICENSE checksum change due to copyright years and wording tweak. 3. Test binaries (x86-64) are included in source code. So remove those only for ptest. (From OE-Core rev: 64ec18d7e13d310e5e44080a04b3f2181ea96ae3) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: fix nftables dependencyAndré Draszik2017-06-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | When building with nftables support, connman doesn't ever depend on the nftables command line tool. connman will depend on libmnl and libnftnl at build and run time. In addition, the nftables rules it creates depend on various kernel modules being present. Update the PACKAGECONFIG to reflect this. We use the just introduced RRECOMMENDS field so as to make the build still succeed if those kernel modules have been linked statically into the kernel, i.e. when the packages haven't actually been created. (From OE-Core rev: ed6c92d62be1c98ec9dbf92317d850499d127631) Signed-off-by: André Draszik <adraszik@tycoint.com> Acked-by: Sylvain Lemieux <slemieux@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Remove deprecated sshd optionGary Thomas2017-06-281-1/+0
| | | | | | | | | | | | | The UsePrivilegeSeparation is no longer supported (recent SSHD always runs with previlege separation), so remove this option from the default config file to avoid this warning: /etc/ssh/sshd_config line 110: Deprecated option UsePrivilegeSeparation (From OE-Core rev: 8ee1c567b67ec55be0fa2fbcef3d5e8fb4e82709) Signed-off-by: Gary Thomas <gary@mlbassoc.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: fix build-time warning with sysvinitMaxin B. John2017-06-281-3/+3
| | | | | | | | | | | | | | | | Due to recent modifications related to systemd, sysvinit builds began to show this warning: WARNING: connman-1.34-r0 do_package: connman: NOT adding alternative provide /etc/resolv.conf: /etc/resolv-conf.connman does not exist Fix this warning by making those updates specific to systemd. (From OE-Core rev: 2a0afa9682d6119f403626ca31cd8c9854637312) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: remove PN from PACKAGESRoss Burton2017-06-281-1/+1
| | | | | | | (From OE-Core rev: 09960ac22d78d65cf840140bf6458f4fc1ff556f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Add/fix missing Upstream-Status to patchesRichard Purdie2017-06-273-0/+7
| | | | | | | | | This adds or fixes the Upstream-Status for all remaining patches missing it in OE-Core. (From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix malformed Upstream-Status tagsRoss Burton2017-06-271-1/+1
| | | | | | | | | | Fix a variety of spelling and format mistakes to improve the ease of reading the tags programatically. (From OE-Core rev: 6e1aaf80b0d951b48cd25cb7161ec19448295094) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcap: apply fix from upstream to fix build raceRoss Burton2017-06-232-0/+30
| | | | | | | | | | ../libpcap-1.8.1/grammar.y:78:10: fatal error: scanner.h: No such file or directory (From OE-Core rev: aaed4e92d79919e40c896536fcb4ff6567c9a755) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: add more PACKAGECONFIG optionsMarc Ferland2017-06-232-5/+25
| | | | | | | | | | | | | | This patch adds missing PACKAGECONFIG options and allow for a more fine-grained build of bluez5. I took care of providing a default configuration that matches the previous default config. (From OE-Core rev: 2589cfb8a5b46be958ff3ee228c3a32f82dada86) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: remove libusb dependencyMarc Ferland2017-06-231-1/+1
| | | | | | | | | | Not a dependency since version 5.9. (From OE-Core rev: 3202782d4c76653d83a90122588131e6d945a4e0) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Remove further uclibc remnants (inc. patches and site files)Richard Purdie2017-06-223-9/+2
| | | | | | | | | | | | Some of these are clearly dead, e.g. one binutils patch reverts the effects of the earlier one. This also removes the uclibc site files. We now have mechanisms to allow these to be extended from another layer should someone ever wish to do that. (From OE-Core rev: e01e7c543a559c8926d72159b5cd55db0c661434) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Drop remnants of uclibc supportRichard Purdie2017-06-223-13/+0
| | | | | | | | | | | | | | uclibc support was removed a while ago and musl works much better. Start to remove the various overrides and patches related to uclibc which are no longer needed. uclibc support in a layer would still be possible. I have strong reasons to believe nobody is still using uclibc since patches are missing and I doubt the metadata even parses anymore. (From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: switch from ftp to httpMaxin B. John2017-06-141-1/+1
| | | | | | | | | | For the same reasons as Debian: https://www.debian.org/News/2017/20170425 (From OE-Core rev: 95a83b81421e07b5daa42c2311f8f5fce859c391) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: correct the systemd boot in read only rootfsMaxin B. John2017-06-143-1/+44
| | | | | | | | | | | | | | | | | connman fails to start in systemd based read-only images while creating links: Jun 08 12:53:56 qemux86-64 systemd[1]: Starting Create Volatile Files and Directories... Jun 08 12:53:56 qemux86-64 systemd-tmpfiles[366]: [[0;1;31msymlink(/var/run/connman/resolv.conf, /etc/resolv.conf) failed: Read-only file system[[0m Fix this failure and make connman co-exist with systemd-resolved. (From OE-Core rev: 732e1f74bb9f5ecc98b29197f6bcab117710adab) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: Upgrade 4.10.0 -> 4.11.0Changhyeok Bae2017-06-132-2/+33
| | | | | | | | | | 0001-ip-Remove-unneed-header.patch is to fix build error built with musl. (From OE-Core rev: 2a6fe7c6c1e113d930ddc8e06717747a779b46f1) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: allow to override OpenSSL HostKeys when read-only-rootfsAndré Draszik2017-06-121-4/+42
| | | | | | | | | | | | | | With these changes it is possible to have a .bbappend that - sets SYSCONFDIR to some persistent storage - modifies SYSCONFDIR/sshd_config to use ssh host keys from the (writable) sysconfdir (From OE-Core rev: 106b59d9f96f70d133fa1421091ad280d27a5b6a) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: Fix build error due to missing stdint.h> includeKhem Raj2017-06-032-0/+28
| | | | | | | | (From OE-Core rev: 8a0af685adb5275dc39ef0cd209d03905d1db067) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: Upgrade 5.44 -> 5.45Maxin B. John2017-05-301-2/+2
| | | | | | | (From OE-Core rev: 30178fed5172d0d8039dea06c32d391eb4a530b8) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: build with threads and update configure optionsKai Kang2017-05-292-2/+9
| | | | | | | | | | | | | | | | | | | | | | | Build without threads for bind is inherited from legacy openembedded. All libc's support proper threading on Linux now, so enable threads support for bind. It is also need to disable static library build which cause package dhcp fail to build after enable bind threads support. Options devpoll and epoll are configured to choose most preferable multiplex method for unix socket. The priorities are: epoll > poll > select. When set '--enable-epoll', it just defines a var and include header file that is available for cross compile. So use epoll for bind. Add PACKAGECONFIG 'urandom' that could use /dev/urandom as random device. Update file/directory ownerships to fix daemon start failure. (From OE-Core rev: 598e5da5a2af2bd93ad890687dd32009e348fc85) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: build shared librariesKai Kang2017-05-293-2/+191
| | | | | | | | | | | | | | | | | When enable bind threads support, it fails to compile dhcp: | tmp/work/armv5e-poky-linux-gnueabi/bind/9.10.3-P3-r0/build/lib/isc/pthreads/../../../ | ../bind-9.10.3-P3/lib/isc/pthreads/thread.c:64: undefined reference to `pthread_create' Enable build shared libraries for bind and dhcp to fix the build failure. And the patch is ported from Fedora. Add sub-package dhcp-libs to package shared libraries. (From OE-Core rev: dde83ec778c09557d28b4388258e594be653875c) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcap: add native packageKai Kang2017-05-251-0/+2
| | | | | | | | | | | Add package libpcap-native required by recipe daq-native in layer meta-networking. And daq-native is added to fix snort start error. (From OE-Core rev: 12373003cc3753421321d558813b1de95667c192) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: upgrade to 2.1.1Leonardo Sandoval2017-05-251-2/+2
| | | | | | | | (From OE-Core rev: 1143181577051ccd6de234fd79542bff24045280) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: Fix build error due to missing stdint.h> includeKhem Raj2017-05-252-0/+33
| | | | | | | | (From OE-Core rev: 39481b72644d2779bb681bb2dba8db5ba1a3d18d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: upgrade to 1.34Maxin B. John2017-05-235-116/+106
| | | | | | | | | | | | | | | | | 1.33 -> 1.34 1. Refreshed 0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch 2. Removed upstreamed patch: 0003-stats-Fix-bad-file-descriptor-initialisation.patch 3. Provided PACKAGECONFIGs for nftables and iptables support 4. Add new patch to fix build with nftables: 0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch (From OE-Core rev: dfe40b7abbea36605e4ea8f74ec8e477505148a6) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: drop unmaintained _git recipeMaxin B. John2017-05-181-14/+0
| | | | | | | | | | | Similar to gstreamer _git recipes, this recipe wasn't kept upto date or tested regularly. (From OE-Core rev: 9348ab34de2fe2ab04c8b84011809045c632fd87) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: upgrade to 1.20Maxin B. John2017-05-181-2/+2
| | | | | | | | | | 1.19 -> 1.20 (From OE-Core rev: 9333db014a56559f96bb912436a1f9f5b453e1e0) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix upstream version checkAlexander Kanavin2017-05-181-0/+3
| | | | | | | | (From OE-Core rev: 82a47a2748869a20e992b72bcc104ae2ab81a3cc) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mobile-broadband-provider-info: upgrade to 20170310Alexander Kanavin2017-05-161-2/+2
| | | | | | | | (From OE-Core rev: a89da82567f95d4fcd467003359ebcd13571fc0d) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: cleanup tabs and spacesMarc Ferland2017-05-161-15/+15
| | | | | | | | (From OE-Core rev: 476e730df93223033ba2b3b36cdc47abb3ba30ae) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: do not install audio.confMarc Ferland2017-05-161-3/+0
| | | | | | | | | | The audio.conf file has been removed, stop installing it. (From OE-Core rev: 4354fcad22322a80375668bc1beaac9219291136) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: add PACKAGECONFIG option for cupsMarc Ferland2017-05-161-2/+6
| | | | | | | | (From OE-Core rev: 49d27787d48bab371dbacaf44419fc66f697628a) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: add PACKAGECONFIG option for systemdMarc Ferland2017-05-161-2/+2
| | | | | | | | (From OE-Core rev: 3eb9a546c0eae4a5ea8526445ba0bf1e7ed5517e) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: add PACKAGECONFIG option for midiMarc Ferland2017-05-161-0/+1
| | | | | | | | (From OE-Core rev: 057f642b45c740c68c0b10b48eb57c3eac321085) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: remove libasound-module referencesMarc Ferland2017-05-161-4/+1
| | | | | | | | | | | Cleanup references to libasound-module since this code has been completly removed from Bluez. (From OE-Core rev: 8b433f49c8ea153f75d986e5b9ad89dd3f625cba) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: Upgrade 5.43 -> 5.44Marc Ferland2017-05-162-8/+24
| | | | | | | | | | | | | | | | | | | | | New feautures/fixes in this version: * fixes to BLE * a new midi plugin * support for single-mode controllers w/o public address * most of the experimental tools have been promoted and are now part of the official tools * 'experimental' has been renamed to 'testing' (hence the addition of the 'testing' package config option) * classic command line tools like hciattach and hciconfig are now enabled by the "--enable-deprecated" configure option (enabled by default for backward compatibility). (From OE-Core rev: dec3620bd13d43575bcfc5d99f40659672d7252b) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* portmap: remove recipeAlexander Kanavin2017-05-166-205/+0
| | | | | | | | | | | | | It was dropped from Debian years ago, and superseded by rpcbind (which we also ship). https://packages.qa.debian.org/p/portmap.html The upstream source is no longer available either since a few days ago. (From OE-Core rev: aa4bc52a0b885c6ed4af5260e54ab6b2348839e3) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 7.5p1Dengke Du2017-05-121-2/+2
| | | | | | | | (From OE-Core rev: 2e8b43d89c61b32e5fafd0f57eea2241316628e5) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2016-6170Yi Zhao2017-04-292-0/+1091
| | | | | | | | | | | | | | | | | | | | | | CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-6170 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f (From OE-Core rev: 14abd767349bc868ca59838f1af3aaf17dfe4350) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2016-8864Yi Zhao2017-04-292-0/+220
| | | | | | | | | | | | | | | | | | | | CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-8864 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8 (From OE-Core rev: c06f3a5993c7d63d91840c2a4d5b621e946ef78f) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Bump SONAME to match the ABIJussi Kukkonen2017-04-212-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 7933fbbc637 "Security fix Drown via 1.0.2g update" included a version-script change from Debian that was an ABI change. It did not include the soname change that Debian did so we have been calling our ABI 1.0.0 but it really matches what others call 1.0.2. Bump SONAME to match the ABI. In practice this changes both libcrypto and libssl sonames from 1.0.0 to 1.0.2. For background: Upstream does not do sonames so these are set by distros. In this case the ABI changes based on a build time configuration! Debian took the ABI changing configuration and bumped soname but e.g. Ubuntu kept the deprecated API and just made it not work, keeping soname. So both have same version of openssl but support different ABI (and expose different SONAME). Fixes [YOCTO #11396]. Thanks to Alexander Larsson et al for detective work. (From OE-Core rev: 1b430eef7131876bc735c22d66358379b0516821) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "openssl: Fix symlink creation"Jussi Kukkonen2017-04-191-12/+1
| | | | | | | | | | | | | | | | | | | | This reverts commit 991620f3962a9917fa99abb5582f4b72ebd42a3d. The commit breaks openssl-native (you can no longer generate keys because it can't find the configuration file). Also the idea that we would install configuration files normally but then add the symlinks pointing to them in a postinstall feels wrong. Fixes [YOCTO #11296]. The bug contains an alternative fix but I'm sending a revert as I cannot fully understand the motive of the original patch. See also discussion in http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135176.html (From OE-Core rev: b192daef5d1e7f3501c533b92dc75e2d996afc13) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>