summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* bind: CVE-2016-2088Jussi Kukkonen2016-04-182-0/+248
| | | | | | | | | | | | | | | | | Duplicate EDNS COOKIE options in a response could trigger an assertion failure: Fix with a backport. bind as built with the oe-core recipe is not at risk: Only servers which are built with DNS cookie support (--enable-sit) are vulnerable to denial of service. Fixes [YOCTO #9438] (From OE-Core rev: da38a9840b32e80464e2938395db5c9167729f7e) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: Enable update-rc.d serviceFabio Berton2016-04-151-1/+5
| | | | | | | | | | | do_install_append function installs init scripts but to enable this service we need to inherit update-rc.d class and set INITSCRIPT name and params. (From OE-Core rev: 854523f173ba9784f1e2a00804c0f5ef16e8cf85) Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: CVE-2016-1285 CVE-2016-1286Sona Sarmadi2016-04-144-0/+550
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes following vulnerabilities: CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: =========================================================== CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=70037e040e587329cec82123e12b9f4f7c945f67 CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=a3d327bf1ceaaeabb20223d8de85166e940b9f12 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=7602be276a73a6eb5431c5acd9718e68a55e8b61 (From OE-Core rev: 080d1a313e4982dd05846b375ebf936c46934d80) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* socat: Use c_ispeed and c_ospeed based upon libcKhem Raj2016-04-141-20/+33
| | | | | | | | | | | | | musl calls them __c_ispeed and __c_ospeed and we can not use get/set APIs because the get APIs will return the value from iflags and not from *speed element from termios struct (From OE-Core rev: b4744ffb94f76f2be138f2f9bd04153034bf62df) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: minor packaging cleanupAndre McCurdy2016-04-091-2/+1
| | | | | | | | | | | | | | | | | | | | | libcrypto.so was explicitly added to FILES_${PN}-dev as part of moving libcrypto from libdir -> base_libdir to support dhclient [1]. However, the line has been unnecessary since ${base_libdir}/lib*.so files started to be included in FILES_${PN}-dev by default [2] (and it's still unnecessary now, after moving libcrypto from back to libdir to support ntp [3]). [1] http://git.openembedded.org/openembedded-core/commit/?id=01ea85f7f6c53c66c76d6f832518b28bf06ec072 [2] http://git.openembedded.org/openembedded-core/commit/?id=66c36bcb7d9368718453265e58bd5e3c854c786a [3] http://git.openembedded.org/openembedded-core/commit/?id=0be2ab32f690a2fcba0e821abe11460958bbc6dc Also define FILES_libssl using SOLIBS instead of a hardcoded pattern. (From OE-Core rev: 3f81b516e2f23683ce6129bb79bcc08263cb7fe1) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5.inc: remove obsolete workaroundPatrick Ohly2016-04-051-2/+0
| | | | | | | | | | | | | Bluez 5.37 itself correctly installs bluetooth.conf, and honors the path settings in dbus-1.pc. Removing the obsolete workaround is necessary for compiling "stateless" (= read-only system configuration moved out of /etc). (From OE-Core rev: 695b99336b40842c15762ef9dac2ce43d1c8c186) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: add ptest supportAlexander Kanavin2016-04-033-1/+71
| | | | | | | | | [YOCTO #5134] (From OE-Core rev: 70d8cb61b03aa9214fe0e1990ab9500888d9f565) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: /var/cache/bindJoe Slater2016-03-251-3/+2
| | | | | | | | | | Change the ownership of /var/cache/bind to bind rather than root. (From OE-Core rev: 6c76c9e5bb4f4bf6adfac7ccece03d7dcdea7f3d) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcpd: create dhcpd user for dhcp dameonAlexandru Moise2016-03-202-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch enables the functionality for dhcpd service to be started with dhcp uid and gid. Test steps: Step 1: Assign ip to interface ifconfig eth0 192.168.1.1 Step 2: Edit /etc/dhcp/dhcpd.conf: default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; subnet 192.168.1.0 netmask 255.255.255.0 { option broadcast-address 192.168.1.255; range 192.168.1.88 192.168.1.88; option routers 192.168.1.0; } Step 3: Edit /etc/default/dhcp-server: INTERFACES="eth0" Step 4: Check uid and gid of running dhcpd process $ ps -eo user:19,group:19,cmd | grep dhcpd dhcp dhcp /usr/sbin/dhcpd eth0 -user dhcp -group dhcp (From OE-Core rev: 36d59255131f6d3f289d4f5dfcb58a9890996ffe) Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: allow D-Bus to spawn obexd in systems without systemdJavier Viguera2016-03-202-0/+64
| | | | | | | | | | | This includes a proper D-Bus service file for obexd in systems that do not support systemd. (From OE-Core rev: 75c5dc8d4a5506bf5b89292a96c7b9f91e9d71c8) Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* socat: Access c_ispeed and c_ospeed via APIsKhem Raj2016-03-202-0/+40
| | | | | | | | | | make it more portable across libc implementations (From OE-Core rev: cd3408e7b845891b63de04249982330e02f13ee8) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: don't move libcrypto to base_libdirChen Qi2016-03-201-9/+2
| | | | | | | | | | | | | | For now, if 'openssl' is enabled for ntp, ntp would still be built without openssl & libcrypto. This is because that ntp thinks openssl and libcrypto locates under the same directory. This patch removes the codes of moving libcrypto to base_libdir. (From OE-Core rev: 0be2ab32f690a2fcba0e821abe11460958bbc6dc) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: enable gentle shutdownChen Qi2016-03-202-0/+26
| | | | | | | | | | | | | | For now, `systemctl stop dhcpd' cannot stop dhcpd correctly, the SIGTERM signal would time out, causing a SIGKILL signal sent to dhcpd. Patch site.h to enable gentle shutdown to so that dhcpd could be stopped by SIGTERM. (From OE-Core rev: 2c789bac353e17637549a7b31706761ba848728e) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: enable gobject-introspectionAlexander Kanavin2016-03-122-5/+12
| | | | | | | (From OE-Core rev: b9f543de30eb86c0787886d0e78d530fb24984dc) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi-ui: remove the dependency on python-pygtk by disabling avahi-discoverAlexander Kanavin2016-03-121-8/+6
| | | | | | | | | | python-pygtk is removed in a separate commit; the reasons for that are explained in that commit's message. (From OE-Core rev: 40e7d522f1e0f9e5533cbb2660f7cec4d62b5d11) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi-ui: add dbus to PACKAGECONFIGRoss Burton2016-03-091-1/+1
| | | | | | | | | | Now that avahi has a dbus PACKAGECONFIG we need to ensure it's enabled as otherwise the avahi-ui module won't build. (From OE-Core rev: d5e3cf611d302babf0120f887f15aec176ff3429) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: add missing intltool-native build dependencyRoss Burton2016-03-091-1/+1
| | | | | | | (From OE-Core rev: 52e6e586b142ec782aac10c16366f273be6405f6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: make dbus optional but defaultJens Rehsack2016-03-091-2/+5
| | | | | | | | | | | Since do_install fails when dbus is removed by .bbappend, add packageconfig to allow users to get rid of desktop ipc helper dbus. (From OE-Core rev: 93b6ac66a90a6f2cca18ee4cae15f899da7ecb15) Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add a patch to fix parallel buildsRoss Burton2016-03-072-0/+327
| | | | | | | | | | Apply a patch taken from Gentoo to hopefully fix the remaining parallel make races. (From OE-Core rev: 3d806d59a4c5e8ff35c7e7c5a3a6ef85e2b4b259) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix Drown via 1.0.2g updateArmin Kuster2016-03-033-11/+4668
| | | | | | | | | | | | | | | | | | | | CVE-2016-0800 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 https://www.openssl.org/news/secadv/20160301.txt Updated 2 debian patches to match changes in 1.0.2g (From OE-Core rev: 7933fbbc6372ec8edaec82dd5c7b44fa2d15a4d5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: CVE-2015-8605Mariano Lopez2016-03-022-0/+100
| | | | | | | | | | | | ISC DHCP allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. (From OE-Core rev: f9739b7fa8d08521dc5e42a169753d4c75074ec7) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: update to version 0.6.32Maxin B. John2016-02-189-356/+8
| | | | | | | | | | | | | | | | | | | | | 0.6.31 -> 0.6.32 a. Switched to the new repository hosted in github. b. Removed the following Upstreamed/Backported patches 1. 0001-Don-t-log-warnings-about-invalid-packets-Fixes-lathi.patch 2. 0001-avahi-fix-avahi-status-command-error-prompt.patch 3. avahi_fix_install_issue.patch 4. fix_for_automake_1.12.x.patch 5. out-of-tree.patch 6. reuseport-check.patch c. Added UPSTREAM_CHECK_URI [YOCTO #7553] (From OE-Core rev: 5ba7df63c4f0ac56f8513f9aecdbf3b12a121cd1) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: bugfix: adjust name of statd service unitUlrich Ölmann2016-02-182-0/+35
| | | | | | | | | | | Upstream nfs-utils use 'rpc-statd.service' and Yocto introduced 'nfs-statd.service' instead but forgot to update the mount.nfs helper 'start-statd' accordingly. (From OE-Core rev: cda5b219d62fece0e67ee766290e73a6636bd652) Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* socat: Fix build with muslKhem Raj2016-02-182-0/+33
| | | | | | | | | NETDB_INTERNAL is a glibc define (From OE-Core rev: eb513884519804b3b8d600eeb7aadf3ec54e0345) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: update to version 4.4.0Maxin B. John2016-02-111-2/+8
| | | | | | | | | | | | | | | | | | | | | 4.3.0 -> 4.4.0 a) Added iproute2-fix-building-with-musl.patch to fix build with musl. b) Include below listed utilities that are not yet enabled/packaged in the iproute2 recipe: 1. lnstat 2. ifstat 3. genl 4. rtacct 5. nstat 6. ss (From OE-Core rev: 4e94ba3b0b8b476e46441707d3b1ead13da4ea76) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: update to version 4.4.0Maxin B. John2016-02-112-2/+27
| | | | | | | | | | | | | 4.3.0 -> 4.4.0 Added iproute2-fix-building-with-musl.patch to fix build with musl. (From OE-Core rev: c8a7fdb2ac37b42a97f666cae6b3f5061a01ad45) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Properly skip ptrace test if tools are missingJussi Kukkonen2016-02-111-3/+3
| | | | | | | | | | | Without the exit there will be a SKIP and a FAIL for the same test. Also fix typo in a message. (From OE-Core rev: d44a2ec730fe52d2266c5e4d184cd4c881e172d1) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Fix regex that sets sftp-server path for testsJussi Kukkonen2016-02-111-1/+1
| | | | | | | | | | [YOCTO #9049] (From OE-Core rev: b4dc73b6d6d082cd9e907998ff61dc3da7df2018) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Only depend on libgcrypt when neededJussi Kukkonen2016-02-111-2/+2
| | | | | | | | (From OE-Core rev: 8490c3da1a84f654a05254cb7b12871f89fda976) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: drop obsolete mtx-1 and mtx-2 over-ridesAndre McCurdy2016-02-061-4/+0
| | | | | | | | | | Machine specific over-rides for mtx-1 (aka MeshCube) and mtx-2 (aka SurfBox 2nd generation) don't belong in oe-core. (From OE-Core rev: cf0b94629d135b2fa211fae89f48e00469974279) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* socat: upgrade to 1.7.3.1Ross Burton2016-02-041-2/+2
| | | | | | | | | | | This fixes Socat Security Advisory 7 (MSVR-1499) and 8. [ YOCTO #9024 ] (From OE-Core rev: 4be6104e8466e977e2ea45d068d277c089b2a9d1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Explicitly set EXTRA_OEMAKE as requiredMike Crowe2016-02-041-0/+1
| | | | | | | | | | | The openssl recipe currently relies on EXTRA_OEMAKE having been set to "-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this explicit so that the default in bitbake.conf can be changed. (From OE-Core rev: a384ab5cb4701fd1c1475bca4449def66b42c799) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libnss-mdns: Check for nss.h before usingKhem Raj2016-02-022-1/+59
| | | | | | | | | | | | | | | | | | nss.h is not available on all libcs so check for it and if its not there provide the needed data types. Fixed buil with musl ../../nss-mdns-0.10/src/nss.c:32:17: fatal error: nss.h: No such file or directory compilation terminated. make[2]: *** [libnss_mdns4_la-nss.lo] Error 1 (From OE-Core rev: 94f780e889f194b67a48587ac68b3200288bee10) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update 1.0.2e -> 1.0.2f ( CVE-2016-0701 CVE-2015-3197 )Andre McCurdy2016-01-301-3/+3
| | | | | | | | | | | | | | | Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] o DH small subgroups (CVE-2016-0701) o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) Updated LICENSE hash due to change in copyright year. (From OE-Core rev: b451e3efc79d29c39c85f7da2dc75becf3fdf5a2) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: fix crash with iptables 1.6Maxin B. John2016-01-302-0/+43
| | | | | | | | | | | | | | | | | | | | The struct of xtables_globals has been modified in iptables 1.6. If connman runs with iptables 1.6, it can crash. Program received signal SIGSEGV, Segmentation fault. 0x00000000 in ?? () 0xb7dea89c in xtables_find_target () from /usr/lib/libxtables.so.11 0xb7deac1c in ?? () from /usr/lib/libxtables.so.11 0xb7dea793 in xtables_find_target () from /usr/lib/libxtables.so.11 The the missing function item of xtables is added to xtables_globals. It can fix the above issue. (From OE-Core rev: ae64dc3af8c49ef53ab3e847f7761cf5e59c5998) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: tidy up connman-conf usageJoshua Lock2016-01-301-5/+0
| | | | | | | | | | | | | | | | | connman-conf is now a systemd oneshot and therefore doesn't need to be sed'ed in to the ConnMan service file. Note: this doesn't affect sysvinit where we provide a ConnMan init script which checks for the presence of the wired-networking script and, if it exists, executes it as part of the connman init. [YOCTO #8399] (From OE-Core rev: 20c897d34ba4ea3985723383a0effa3631cd925e) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman-conf: convert to systemd oneshotJoshua Lock2016-01-302-1/+21
| | | | | | | | | | | | Install a oneshot unit file that is started before ConnMan to configure a wired network inteface with the wired-setup script, rather than requiring this script to be manually run some how. (From OE-Core rev: 530c4525f278bff72d8184035d00020c10b8f8b4) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: fix capitalisation in Upstream-StatusRoss Burton2016-01-261-1/+1
| | | | | | | (From OE-Core rev: 4084bd02796358abd432104607d9c6569a7e0238) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: Add patch to fix Win10 mDNS issuesbmouring@ni.com2016-01-262-0/+159
| | | | | | | | | | | | | | | | | | Windows 10 will respond to mDNS messages when it really shouldn't, resulting in a lot of logging. Pulling the change from avahi upstream. This will be fixed in avahi 0.6.32 External References: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1342400 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794145 https://bugzilla.redhat.com/show_bug.cgi?id=1240711 https://social.technet.microsoft.com/Forums/en-US/b334e797-ef80-4525-b74a-b4830420a14e/windows-10-spams-network-with-invalid-mdns-response-packets?forum=win10itpronetworking (From OE-Core rev: 72027dea342a6f3a9fe35f1a04ce59728e21863a) Signed-off-by: Brad Mouring <brad.mouring@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.10.3-P3Derek Straka2016-01-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | Addresses CVE-2015-8704 and CVE-2015-8705 CVE-2015-8704 Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record CVE-2015-8705: When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option [YOCTO 8966] References: https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 (From OE-Core rev: 58d47cdf91076cf055046ce9ec5f3e2e21dae1c0) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* portmap: Point to tirpc headers and libraries on muslKhem Raj2016-01-241-0/+4
| | | | | | | (From OE-Core rev: 68442d149158a4d6ca817bbaedb2400e43d3957f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: Disable tcp-wrappers for muslKhem Raj2016-01-241-0/+1
| | | | | | | | | Doesnt build with musl (From OE-Core rev: 8c41bdc5252bbe119ab91a119cc3b9c285a7c16c) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* irda-utils: Fix header inclusionsKhem Raj2016-01-242-0/+30
| | | | | | | | | Helps compile with musl (From OE-Core rev: b16f41b43f1955331baf95ea17965332fe4556a2) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: Fix build with muslKhem Raj2016-01-242-0/+98
| | | | | | | (From OE-Core rev: e24ca9a02c0c66796c9815752679594e78821127) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: include config.h for HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDRKhem Raj2016-01-241-23/+56
| | | | | | | | | We now check at configure time of libc has pktinfo struct (From OE-Core rev: bf8559bc78853c3d8d3470967debb9241e726442) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: Fix build with muslKhem Raj2016-01-242-0/+166
| | | | | | | | | | Therer are assumptions about glibc headers and features which needs to be addressed for musl (From OE-Core rev: 1949b128b87f89a56a2794ad056f2e4f4dbf6a3c) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: CVE-2016-1907Armin Kuster2016-01-184-1/+431
| | | | | | | | | | | | This issue requires three commits: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0 (From OE-Core rev: a42229df424552955c0ac62da1063461f97f5938) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: upgrade to 1.31Maxin B. John2016-01-182-5/+13
| | | | | | | | | | | 1.30 -> 1.31 Included newly introduced connman-wait-online service. (From OE-Core rev: dd329d28ab3f47c8b03563e88703f6b1c09ce72b) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update to 7.1p2Alexander Kanavin2016-01-151-2/+2
| | | | | | | | | This fixes a number of security issues. (From OE-Core rev: b3b679d5be86f73d1a06c7230cb00872f0a407b5) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* resolvconf: upgrade to 1.78Chen Qi2016-01-151-3/+3
| | | | | | | (From OE-Core rev: 1d7593380ab241dcbf858de7c901bcc10c014aed) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>