| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
It is used in NVD database CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2015-1863
(From OE-Core rev: cc3882ca2fea2c5a8830311eeb7840ae98da9b3c)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
bluez is the product name in NVD database for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2016-7837
(From OE-Core rev: aade84aa54bb2f958572623ed6464184efd19862)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add dhclient.service. This service file mainly comes from meta-systemd,
with modifications to take nfs boot into consideration.
While using eth0 as the nfsboot interface, we'd like dhclient service
to skip it like what ifup and connman do in sysvinit.
(From OE-Core rev: faa8d0f5e8db4a99367d42ba8c8de5b2e339d8d2)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
5.45 -> 5.46
This includes the new testing utility "advtest"
(From OE-Core rev: 514e9be6b00cd39bb8b2eaf117125109fba17910)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Update the status of following patch from Pending to Accepted:
a) 0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch
(From OE-Core rev: f9ccac5dd359e9b874a39cd879ea23c841085eab)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In https://source.isc.org/git/bind9.git, since the following
commit applied:
...
commit b99bfa184bc9375421b5df915eea7dfac6a68a99
Author: Evan Hunt <each@isc.org>
Date: Wed Apr 10 13:49:57 2013 -0700
[master] unify internal and export libraries
3550. [func] Unified the internal and export versions of the
BIND libraries, allowing external clients to use
the same libraries as BIND. [RT #33131]
...
(git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c)
In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS),
it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart.
Which caused dhclient/dhcpd could not be stopped by SIGTERM.
It caused systemd's reboot hung which send SIGTERM by default.
(From OE-Core rev: 7d3e734481e5d400d03ffd0a12669913fd264c5f)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade bind from 9.10.3-P3 to 9.10.5-P3
* Update md5sum of LIC_FILES_CHKSUM that it update year in file COPYRIGHT
* Remvoe mips1-not-support-opcode.diff which has been merged
* Remove CVE patches that there are backported from upstream
* Use python3 for build and make sure install .py files to right directory
(From OE-Core rev: 9ee6a0a6599d081767b63382a576e67aed12cf4d)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
[Yocto #11548]
(From OE-Core rev: 9e18fc1aa4aa0ead854bb4e02eb3af2e7909f597)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
bcm43xx failed as time out for firmware downloading.
The root cause is that it need wait 50ms to download firmware,
but the value of 50us is set to the timer.
(From OE-Core rev: bb8bc17ab8d71e3a30e2f0b655c42434dd968ea4)
Signed-off-by: Jun Zhu <junzhu@nxp.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Dropped obsolete patches, because the new version contains them:
- fix-cipher-des-ede3-cfb1.patch
- openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
2. LICENSE checksum change due to copyright years and wording tweak.
3. Test binaries (x86-64) are included in source code. So remove those
only for ptest.
(From OE-Core rev: 64ec18d7e13d310e5e44080a04b3f2181ea96ae3)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building with nftables support, connman doesn't ever
depend on the nftables command line tool.
connman will depend on libmnl and libnftnl at build and
run time. In addition, the nftables rules it creates
depend on various kernel modules being present.
Update the PACKAGECONFIG to reflect this. We use the
just introduced RRECOMMENDS field so as to make the
build still succeed if those kernel modules have been
linked statically into the kernel, i.e. when the
packages haven't actually been created.
(From OE-Core rev: ed6c92d62be1c98ec9dbf92317d850499d127631)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The UsePrivilegeSeparation is no longer supported (recent SSHD always runs
with previlege separation), so remove this option from the default config
file to avoid this warning:
/etc/ssh/sshd_config line 110: Deprecated option UsePrivilegeSeparation
(From OE-Core rev: 8ee1c567b67ec55be0fa2fbcef3d5e8fb4e82709)
Signed-off-by: Gary Thomas <gary@mlbassoc.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to recent modifications related to systemd, sysvinit builds began
to show this warning:
WARNING: connman-1.34-r0 do_package: connman: NOT adding alternative
provide /etc/resolv.conf: /etc/resolv-conf.connman does not exist
Fix this warning by making those updates specific to systemd.
(From OE-Core rev: 2a0afa9682d6119f403626ca31cd8c9854637312)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 09960ac22d78d65cf840140bf6458f4fc1ff556f)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
(From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Fix a variety of spelling and format mistakes to improve the ease of reading the
tags programatically.
(From OE-Core rev: 6e1aaf80b0d951b48cd25cb7161ec19448295094)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
../libpcap-1.8.1/grammar.y:78:10:
fatal error: scanner.h: No such file or directory
(From OE-Core rev: aaed4e92d79919e40c896536fcb4ff6567c9a755)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds missing PACKAGECONFIG options and allow for a more
fine-grained build of bluez5.
I took care of providing a default configuration that matches the
previous default config.
(From OE-Core rev: 2589cfb8a5b46be958ff3ee228c3a32f82dada86)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Not a dependency since version 5.9.
(From OE-Core rev: 3202782d4c76653d83a90122588131e6d945a4e0)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of these are clearly dead, e.g. one binutils patch reverts the effects
of the earlier one.
This also removes the uclibc site files. We now have mechanisms to allow these
to be extended from another layer should someone ever wish to do that.
(From OE-Core rev: e01e7c543a559c8926d72159b5cd55db0c661434)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
(From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
For the same reasons as Debian:
https://www.debian.org/News/2017/20170425
(From OE-Core rev: 95a83b81421e07b5daa42c2311f8f5fce859c391)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
connman fails to start in systemd based read-only images while creating links:
Jun 08 12:53:56 qemux86-64 systemd[1]: Starting Create Volatile Files
and Directories...
Jun 08 12:53:56 qemux86-64 systemd-tmpfiles[366]:
[[0;1;31msymlink(/var/run/connman/resolv.conf, /etc/resolv.conf) failed:
Read-only file system[[0m
Fix this failure and make connman co-exist with systemd-resolved.
(From OE-Core rev: 732e1f74bb9f5ecc98b29197f6bcab117710adab)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
0001-ip-Remove-unneed-header.patch is to fix build error
built with musl.
(From OE-Core rev: 2a6fe7c6c1e113d930ddc8e06717747a779b46f1)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With these changes it is possible to have a .bbappend that
- sets SYSCONFDIR to some persistent storage
- modifies SYSCONFDIR/sshd_config to use ssh host keys from
the (writable) sysconfdir
(From OE-Core rev: 106b59d9f96f70d133fa1421091ad280d27a5b6a)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8a0af685adb5275dc39ef0cd209d03905d1db067)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 30178fed5172d0d8039dea06c32d391eb4a530b8)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build without threads for bind is inherited from legacy openembedded.
All libc's support proper threading on Linux now, so enable threads
support for bind.
It is also need to disable static library build which cause package dhcp
fail to build after enable bind threads support.
Options devpoll and epoll are configured to choose most preferable
multiplex method for unix socket. The priorities are: epoll > poll >
select. When set '--enable-epoll', it just defines a var and include
header file that is available for cross compile. So use epoll for bind.
Add PACKAGECONFIG 'urandom' that could use /dev/urandom as random device.
Update file/directory ownerships to fix daemon start failure.
(From OE-Core rev: 598e5da5a2af2bd93ad890687dd32009e348fc85)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When enable bind threads support, it fails to compile dhcp:
| tmp/work/armv5e-poky-linux-gnueabi/bind/9.10.3-P3-r0/build/lib/isc/pthreads/../../../
| ../bind-9.10.3-P3/lib/isc/pthreads/thread.c:64: undefined reference to `pthread_create'
Enable build shared libraries for bind and dhcp to fix the build
failure. And the patch is ported from Fedora.
Add sub-package dhcp-libs to package shared libraries.
(From OE-Core rev: dde83ec778c09557d28b4388258e594be653875c)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add package libpcap-native required by recipe daq-native in layer
meta-networking. And daq-native is added to fix snort start error.
(From OE-Core rev: 12373003cc3753421321d558813b1de95667c192)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1143181577051ccd6de234fd79542bff24045280)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 39481b72644d2779bb681bb2dba8db5ba1a3d18d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.33 -> 1.34
1. Refreshed 0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch
2. Removed upstreamed patch:
0003-stats-Fix-bad-file-descriptor-initialisation.patch
3. Provided PACKAGECONFIGs for nftables and iptables support
4. Add new patch to fix build with nftables:
0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch
(From OE-Core rev: dfe40b7abbea36605e4ea8f74ec8e477505148a6)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to gstreamer _git recipes, this recipe wasn't kept upto date
or tested regularly.
(From OE-Core rev: 9348ab34de2fe2ab04c8b84011809045c632fd87)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
1.19 -> 1.20
(From OE-Core rev: 9333db014a56559f96bb912436a1f9f5b453e1e0)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 82a47a2748869a20e992b72bcc104ae2ab81a3cc)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: a89da82567f95d4fcd467003359ebcd13571fc0d)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 476e730df93223033ba2b3b36cdc47abb3ba30ae)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
The audio.conf file has been removed, stop installing it.
(From OE-Core rev: 4354fcad22322a80375668bc1beaac9219291136)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 49d27787d48bab371dbacaf44419fc66f697628a)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 3eb9a546c0eae4a5ea8526445ba0bf1e7ed5517e)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 057f642b45c740c68c0b10b48eb57c3eac321085)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Cleanup references to libasound-module since this code has been
completly removed from Bluez.
(From OE-Core rev: 8b433f49c8ea153f75d986e5b9ad89dd3f625cba)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New feautures/fixes in this version:
* fixes to BLE
* a new midi plugin
* support for single-mode controllers w/o public address
* most of the experimental tools have been promoted and are now part of
the official tools
* 'experimental' has been renamed to 'testing' (hence the addition of
the 'testing' package config option)
* classic command line tools like hciattach and hciconfig are now enabled
by the "--enable-deprecated" configure option (enabled by default for
backward compatibility).
(From OE-Core rev: dec3620bd13d43575bcfc5d99f40659672d7252b)
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was dropped from Debian years ago, and superseded by rpcbind (which we also ship).
https://packages.qa.debian.org/p/portmap.html
The upstream source is no longer available either since a few days ago.
(From OE-Core rev: aa4bc52a0b885c6ed4af5260e54ab6b2348839e3)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 2e8b43d89c61b32e5fafd0f57eea2241316628e5)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and
9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of
service (secondary DNS server crash) via a large AXFR response, and
possibly allows IXFR servers to cause a denial of service (IXFR client
crash) via a large IXFR response and allows remote authenticated users
to cause a denial of service (primary DNS server crash) via a large
UPDATE message.
External References:
https://nvd.nist.gov/vuln/detail/CVE-2016-6170
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f
(From OE-Core rev: 14abd767349bc868ca59838f1af3aaf17dfe4350)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before
9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via a DNAME
record in the answer section of a response to a recursive query,
related to db.c and resolver.c.
External References:
https://nvd.nist.gov/vuln/detail/CVE-2016-8864
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8
(From OE-Core rev: c06f3a5993c7d63d91840c2a4d5b621e946ef78f)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 7933fbbc637 "Security fix Drown via 1.0.2g update" included
a version-script change from Debian that was an ABI change. It did
not include the soname change that Debian did so we have been calling
our ABI 1.0.0 but it really matches what others call 1.0.2.
Bump SONAME to match the ABI. In practice this changes both libcrypto
and libssl sonames from 1.0.0 to 1.0.2.
For background: Upstream does not do sonames so these are set by
distros. In this case the ABI changes based on a build time
configuration! Debian took the ABI changing configuration and bumped
soname but e.g. Ubuntu kept the deprecated API and just made it not
work, keeping soname. So both have same version of openssl but support
different ABI (and expose different SONAME).
Fixes [YOCTO #11396].
Thanks to Alexander Larsson et al for detective work.
(From OE-Core rev: 1b430eef7131876bc735c22d66358379b0516821)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 991620f3962a9917fa99abb5582f4b72ebd42a3d.
The commit breaks openssl-native (you can no longer generate keys
because it can't find the configuration file). Also the idea that we
would install configuration files normally but then add the symlinks
pointing to them in a postinstall feels wrong.
Fixes [YOCTO #11296]. The bug contains an alternative fix but I'm
sending a revert as I cannot fully understand the motive of the
original patch. See also discussion in
http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135176.html
(From OE-Core rev: b192daef5d1e7f3501c533b92dc75e2d996afc13)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|