summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* bind: Security fix CVE-2015-8461Armin Kuster2016-02-042-0/+45
| | | | | | | | | CVE-2015-8461 bind: race condition when handling socket errors can lead to an assertion failure in resolver.c\ (From OE-Core rev: 1656eaa722952861ec73362776bd0c4826aec3da) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2015-8000Armin Kuster2016-02-042-0/+279
| | | | | | | | | CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c (From OE-Core rev: a159f9dcf3806f2c3677775d6fb131dab17a5a17) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-0701Armin Kuster2016-01-303-0/+260
| | | | | | | | | CVE-2016-0701 OpenSSL: DH small subgroups (From OE-Core rev: c5868a7cd0a28c5800dfa4be1c9d98d3de08cd12) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2015-3197Armin Kuster2016-01-302-0/+64
| | | | | | | | | CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers (From OE-Core rev: b387d9b8dff8e2c572ca14f9628ab8298347fd4f) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: CVE-2015-8704 and CVE-2015-8705Derek Straka2016-01-303-0/+74
| | | | | | | | | | | | | | | | | | | | | CVE-2015-8704: Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record CVE-2015-8705: When debug logging is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option [YOCTO 8966] References: https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 (From OE-Core rev: 78ceabeb2df55194f16324d21ba97e81121f996b) Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: CVE-2016-1907Armin Kuster2016-01-304-1/+431
| | | | | | | | | | | | | | | | This issue requires three commits: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0 (From OE-Core master rev: a42229df424552955c0ac62da1063461f97f5938) (From OE-Core rev: 50f46e40fa2d1d126294874765f90ed5bdee0f15) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update to 7.1p2Alexander Kanavin2016-01-151-2/+2
| | | | | | | | | This fixes a number of security issues. (From OE-Core rev: b31fc9b167e5ca3115a0d0169126d63f2dbd3824) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2015-3195Armin Kuster2016-01-142-0/+67
| | | | | | | (From OE-Core rev: 85841412db0b1e22c53e62a839d03f7672b07b64) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2015-3194Armin Kuster2016-01-143-0/+113
| | | | | | | (From OE-Core rev: ce9f78296101772655809036e21009acec78da24) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2015-3193Armin Kuster2016-01-142-0/+102
| | | | | | | (From OE-Core rev: 4d9006b1217ee7e97108f36db19aebd93e1d9850) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: sanity check that the bignum module is presentRoss Burton2016-01-121-0/+10
| | | | | | | | | | | | | | | | | | | | | The crypto_use_bigint_in_x86-64_perl patch uses the "bigint" module to transparently support 64-bit integers on 32-bit hosts. Whilst bigint (part of bignum) is a core Perl module not all distributions install it (notable Fedora 23). As the error message when bignum isn't installed is obscure, add a task to check that it is available and alert the user if it isn't. [ YOCTO #8562 ] (From OE-Core master rev: 2f9a2fbc46aa435a0a7f7662bb62029ac714f25a) (From OE-Core rev: 7aab4744a329f5fd1aca221950ef629e9f92b456) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Move wired-setup to ${datadir}Jussi Kukkonen2015-10-293-7/+7
| | | | | | | | | | | | | | | | | wired-setup script should not be in ${libdir} as it's not arch dependent. This also fixes (or works around) a practical issue where a multilib build installs the wrong version of connman-conf and then connman can't find the script. [YOCTO #8550] (From OE-Core rev: 38a6ecf0070a60eb14b353b158b70ddc919ad328) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix file permission for /etc/pam.d/sshdChen Qi2015-10-211-1/+1
| | | | | | | | | | The file permission should be 0644 instead of 0755. (From OE-Core rev: 38567f910130f8559c2ba6935e0bfad61f6b1f4f) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* irda-utils: clean up bugtracker infoMaxin B. John2015-10-121-1/+1
| | | | | | | | | | Update bugtracker web address (From OE-Core rev: 67d92be599ab6f679d67a882493be70d906ee5cc) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xuser-account: Take over xuser specific D-Bus policyJussi Kukkonen2015-10-013-45/+0
| | | | | | | | | | | Move connmans xuser-related D-Bus policy to a separate file that xuser-account installs: This way connman does not need to depend on xuser-account. Add policies for bluez and ofono in the same file. (From OE-Core rev: 9f37ce18b7d79135a67474187b6119980e0130ae) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: Use upstream D-Bus policyJussi Kukkonen2015-10-012-20/+2
| | | | | | | | | | | | | | | The Bluez D-Bus policy is much too open and affects not just bluez but all system services: Use upstream policy configuration instead. This change has a chance of affecting other D-Bus services: the bug that is fixed here may have hidden problems in other policies. [YOCTO #8414] (From OE-Core rev: 0f6f87c60a6ffeff6b3f53d25f4023749103e262) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix sshd key generation when systemd is in use and rootfs is readonlyAlexander Kanavin2015-10-012-6/+19
| | | | | | | | | [YOCTO #8365] (From OE-Core rev: d5ea131fe94939daabee1afe8219683de259b7a3) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: fix build with gettext 0.16.1Robert Yang2015-10-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The gettext 0.16.1 doesn't install any m4 files to sysroot, please see the following commit: commit 9e10db5bdfe77c0ef2aff2f1cf89958b62c294a1 Author: Christopher Larson <kergoth@gmail.com> Date: Mon Mar 17 18:10:54 2014 +0000 gettext-0.16.1: kill target m4 macros from sysroot This is aim for using gettext-native's macros(gettext-native-0.19.4), but when we set: PREFERRED_VERSION_gettext = "0.16.1" And build the recipes like pcmanfm, we would get errors when do_configure: configure:5164: error: possibly undefined macro: AM_NLS This is because autotools_copy_aclocals doesn't copy the native macros for target unless they're direct dependencies. Add gettext-native to DEPENDS will fix the problem. (From OE-Core rev: 48c168334bb60937653ab782026948d139603f8e) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptest failuresMaxin B. John2015-10-012-0/+249
| | | | | | | | | | | | | Remove dependencies for test targets. Otherwise, during ptest execution, "make" tries to rebuild those executables and fails there. [YOCTO #8059] (From OE-Core rev: 0efdd2236ec7f16f99847c6c372f372f81c56869) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes/meta: Add DISTRO_FEATURES check for gtk+/gtk3+Richard Purdie2015-10-012-2/+4
| | | | | | | | | | | | | | If you currently do a DISTRO_FEATURES_remove = "x11" with OE-Core, you see failures due to dependency problems. The work in resolving this was partially completed a while back. This adds in the markup mainly for gtk/gtk3+ recipes and means "bitbake world" will work successfully. Rather than code the gtk/gtk+ specific distro features into each recipe, a shared variable is used. (From OE-Core rev: ef967c70182eeccb59c7511d838a7ecb0b2315c1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: fix the configure processChen Qi2015-09-281-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the iproute2's configure script is actually run in the do_compile stage. There's a Makefile rule 'all: Config' which makes the configure process run to generate the Config file. However, this makes it hard to fix the dependency problems. We need to generate the Config file in the do_configure stage. Add do_configure_append to separate the configure process from the compile process. Besides, explicitly disable ATM support for iproute2, otherwise we'll sometimes meet errors like below when building. ld: cannot find -latm collect2: error: ld returned 1 exit status Makefile:154: recipe for target 'q_atm.so' failed make[1]: *** [q_atm.so] Error 1 (From OE-Core rev: a6967f6e441eca758058ced9982b715984ee9b5b) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Don't use a blanket "allow" D-Bus policyJussi Kukkonen2015-09-282-9/+25
| | | | | | | | | | | | | | | There are already "allow" rules for root and conditionally xuser to send messages to connman: there should be no reason for a default allow policy. Also, conditionally add a policy to allow xuser to send to the connman vpn service (similar to main service). (From OE-Core rev: 7c75981944e92b5534b054058407d19de2a8a78c) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Depend on xuser-account unconditionallyJussi Kukkonen2015-09-281-1/+1
| | | | | | | | | | | | | | | | | | This means dragging in xuser-account even when it's not used but that's a lesser evil than the recipe depending on machine specific settings. This also prevents a warning on connman service startup when ROOTLESS_X is not set: Unknown username "xuser" in message bus [YOCTO #8005] (From OE-Core rev: b791b8f1d175a73fcb9e48b3fcd56ebbc6bf6de1) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add mapping for nios2Marek Vasut2015-09-281-1/+1
| | | | | | | | | | Map nios2 architecture to linux-generic32 target. (From OE-Core rev: f601a0df106fb1da188a4b1f1155d85fad4627bb) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Fix build with muslKhem Raj2015-09-235-0/+221
| | | | | | | | (From OE-Core rev: d08f9d7145ba14ce9fbf320719c05560be69212f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix too long error from genRobert Yang2015-09-232-0/+35
| | | | | | | | | | | gen.c uses 512 as the path length which is a little short when build in deep dir, and cause "too long" error, use PATH_MAX if defined. (From OE-Core rev: 10e017fd3de3ff1ab0c1b32ac7a9610a04f8ff13) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix Upstream-Status statementsRoss Burton2015-09-126-6/+6
| | | | | | | | | | Fix a variety of problems such as typos, bad punctuations, or incorrect Upstream-Status values. (From OE-Core rev: bd220fe6ce8c3a0805f13a14706d3130ea872604) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: upgrade to 1.30Cristian Iorga2015-09-122-49/+2
| | | | | | | | | | | | | Bugfixes. build-create-dirs-before-putting-files-in-them.patch patch removed, patch included upstream. (From OE-Core rev: 080ae179e1de7f507263c550de8c02e3e224a964) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* irda-utils: Weak Define the build TARGETSKhem Raj2015-09-121-4/+7
| | | | | | | | | | | | | This will help one to disable the targets via bbappends if needed e.g. musl can not compile irdaping since it uses includes net/if_packet.h, which (on GLIBC) only defines struct sockaddr_pkt but not in other libc e.g. musl that makes irdaping specific to glibc (From OE-Core rev: 6369bff034a6ee8fbf7fd47d3f9ba46c3ac1a367) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix compile failure when building path is longChen Qi2015-09-122-0/+26
| | | | | | | | | | | | | | | | Fix the building path is long, when building bind, we would meet the following error. ".../long/path/to/bind/9.10.2-P3-r0/bind-9.10.2-P3/lib/dns" too long This is because the in gen.c, DIRNAMESIZE is limited to 256. But in OE, the path length limit is more than 400. So we change it to 512. (From OE-Core rev: 2f22eb1ce8083afb929cce432b8dda84682520e8) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.10.2-p4Armin Kuster2015-09-091-2/+2
| | | | | | | | | | | | | fixes two secruity issues: CVE-2015-5722 and CVE-2015-5986. see release notes for more information. ftp://ftp.isc.org/isc/bind9/9.10.2-P4/RELEASE-NOTES.bind-9.10.2-P4.html (From OE-Core rev: 0dab62934e69019557ebae392dc8cb25e37748c2) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: don't force use of /sbin as sbindirJoshua Lock2015-09-061-0/+8
| | | | | | | | | | | The Makefile for mount and osd_login utilities forces /sbin as asbindir, however on a merged /usr system this directory might not exist. Instead sed in the system sbindir. (From OE-Core rev: da8269ed0fd609699b23c2e3e6c61bc54f7b2832) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez: handle udev dir being 2 levels below /Joshua Lock2015-09-061-0/+1
| | | | | | | | | | | | When building with a merged /usr dir the udev directory lives at /usr/lib/udev - update the FILES pattern to also pick up udev files installed two levels below the / to ensure a merged /usr works. (From OE-Core rev: 9a55950eee49d1105d3593efed719a0a21dc3da3) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: upgrade to 4.1.1Cristian Iorga2015-09-032-3/+3
| | | | | | | | | libelf is now a build dependency. (From OE-Core rev: 4edaa7498f98977e60381bd9e5f8778abfb9fe30) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 7.0p1 -> 7.1p1Jussi Kukkonen2015-09-011-2/+2
| | | | | | | | | This is a bugfix release. (From OE-Core rev: 6089c32738dc0979968bebda03c80450afe74be2) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iw: support and enable separate build dirChristopher Larson2015-09-012-0/+61
| | | | | | | (From OE-Core rev: bc5401009332eb639d73fa4cbba217ff6899c787) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iw: obey our target path variablesChristopher Larson2015-09-011-2/+6
| | | | | | | (From OE-Core rev: f20463ceb90c7f188cc63d554ce70cfea49df985) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iw: inherit pkgconfigChristopher Larson2015-09-011-1/+3
| | | | | | | | | | We want the dep on pkgconfig-native, not pkgconfig, and the convention is to inherit pkgconfig when running pkg-config at build time. (From OE-Core rev: db71dca8fea9cb95858f1f1ec4e417a7a5f3aab4) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iw: add recipe from meta-networkingChristopher Larson2015-09-012-0/+66
| | | | | | | | | | | | | | iw uses cfg80211/nl80211, which is the way of the future. wireless-tools uses WEXT, which uses ioctl, which is in deep maintenance mode. See http://wireless.kernel.org/en/developers/Documentation/Wireless-Extensions. Also https://wireless.wiki.kernel.org/en/users/Documentation/iw indicates "The old tool iwconfing, which uses Wireless Extensions interface, is deprecated and it's strongly recommended to switch to iw and nl80211." (From OE-Core rev: a2a7c73e08f7366030dd5165b490403a13d1d7a8) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: remove dependency on bind in bind-devRoss Burton2015-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | bind doesn't ship shared libraries only static libraries, so the default dependency on PN from PN-dev is pointless and means that an image with bind-dev installed (via dhcp-dev's automatic dependency) ends up with named installed and started on boot which is rarely intended. If and when we ship bind's shared libraries we should ensure that the libraries go into a separate package. Also remove an old comment about --enable-exportlib which isn't supported by configure anymore. [ YOCTO #8216 ] (From OE-Core rev: f28757a4b89447ea528cba987f0396b92aa0bbfe) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: build regression test binariesJussi Kukkonen2015-08-242-1/+7
| | | | | | | | | | | | | | | | | | | | | ptests were failing and many more were being silently skipped because required binaries were not being built. Build the binaries in regress/ and set SUDO environment variable in run-ptests: after this all tests in regress/ are now run. Continue to skip building binaries in regress/unittests/: unittest runtime is excessive. On a NUC running intel-corei7-64 core-image-sato, new results are: PASS: 55, SKIP: 3, FAIL: 0 [YOCTO #8153] (From OE-Core rev: 1f7aaf76f4aa7875f05f4b838a5ec4594a4c35dc) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 6.9p1 -> 7.0p1Roy Li2015-08-191-2/+2
| | | | | | | | | | | 7.0p1 includes the fix for CVE-2015-5600, and release note is in: http://www.openssh.com/txt/release-7.0 (From OE-Core rev: a98f4aedb241aa4352e644b5ef7c275f467c0c48) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 6.8p1 -> 6.9p1Jussi Kukkonen2015-08-161-2/+2
| | | | | | | | | | 6.9p1 is primarily a bugfix release. (From OE-Core rev: b971bdb52ab709b60b42be56b5175f43c96304b1) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: update to 5.33Alexander Kanavin2015-08-111-2/+2
| | | | | | | | (From OE-Core rev: 82d85bdee7707896cbd432b143eb0ac22c8e3451) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Fix CVE-2015-4142Otavio Salvador2015-08-111-0/+1
| | | | | | | | | | | | | The original commit "wpa-supplicant: Fix CVE-2015-4142" included the patch file but didn't apply it into the recipe, so the backport has not been effective. Reported-by: Adam Moore <adam.moore@savantsystems.com> (From OE-Core rev: 2a8944b63b7249500f1b6b292ce1a87b82699f3d) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: upgrade to 9.10.2-p3Roy Li2015-08-101-2/+2
| | | | | | | | | | | | 9.10.2-p3 includes the fix for CVE-2015-5477: BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. (From OE-Core rev: 5094354a2811825e6d60963f03959daa349cab23) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* resolvconf: upgrade to 1.77Chen Qi2015-08-101-3/+3
| | | | | | | (From OE-Core rev: 33f087fe5d82446e7714f9a0a9fad3f4c41cae94) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, ↵Fan Xin2015-08-097-0/+352
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2015-4145, CVE-2015-4146 wpa-supplicant: backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 Backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146. This patch is originally from: For CVE-2015-4141: http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch For CVE-2015-4143: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch For CVE-2015-4144 and CVE-2015-4145: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch For CVE-2015-4146: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch (From OE-Core rev: ce16e95de05db24e4e4132660d793cc7b1d890b9) Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: fix installed not shipped warning for lib32Zhixiong Chi2015-08-011-7/+7
| | | | | | | | | | | Modify the dhcp.inc with using the variable ${PN} instead of direct packagename, so that the content will not be override after expanding while we build the lib32-dhcp package with FILES_${PN}-xxxx_append. (From OE-Core rev: c758dcc3109a5b491d13373073214bf526943497) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: upgrade to 9.10.2-P2Roy Li2015-07-311-4/+2
| | | | | | | | | | | | | | | upgrade to fix CVE-2015-4620: name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. (From OE-Core rev: d12befdf03500a0c72b661caf1a8fe81a20b6163) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>