summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* bluez5: fix builds that require ell supportPeter A. Bigot2020-09-021-2/+2
| | | | | | | | | | | | | | | | | | | | | Shortly after the recipe was updated to add ell as a mesh dependency the way ell was integrated into bluez5 was changed. BlueZ requires ell only for mesh and for btpclient (external test programs). It will be ignored unless either mesh or btpclient are selected. ell can be supplied externally, or it can be copied into the bluez build directory from an existing sibling source directory. Since bitbake builds do not provide a sibling source directory tell bluez to look for it as an external library in the conditions where it's required. (From OE-Core rev: a29eac72da3579edd9eebc3358498146000a491a) Signed-off-by: Peter A. Bigot <pab@pabigot.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f22b4eba98b3707d7f6daa4277414cecb3e5ee6b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.22 ESVArmin Kuster2020-09-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Source: isc.org MR: 105232, 105246, 105260 Type: Security Fix Disposition: Backport from https://www.isc.org/bind/ ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366 Description: Bug fix only update Three CVE fixes CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 For more information see: https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.pdf (From OE-Core rev: 08e362ebd65816106afbc594cbbc552b9a6c32c6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1c85f26b1bd3475699d54f18c6b5b4924bcd8eb2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: upgrade 9.11.19 -> 9.11.21Yi Zhao2020-08-071-1/+1
| | | | | | | | | | | | | | | Bug and CVE fixes only Detailed list of changes at: https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11_21/CHANGES (From OE-Core rev: dc916547041b8d7636e5234f7e3150036bbbde4a) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c6749532f94f435e6771d66d3fa225e676753478) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: openssl-bin requires openssl-conf to runRobert Yang2020-07-311-0/+2
| | | | | | | | | | | | | | | Fixed: $ dnf install openssl-bin $ openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes -batch Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory (From OE-Core rev: 2a4980cd8bfd829bab1ba081588eb0bdbd285b97) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e93cd3b83a255294c9ab728adc7e237eb1321dab) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: Fix typo in recipeChristian Eggers2020-07-221-1/+1
| | | | | | | | | | | | | | According to the PACKAGES variable, LICENSE_avahi-client is misspelled. Additionally, the libavahi-client package actually only includes LGPLv2.1+ software (as opposed to the global LICENSE variable). (From OE-Core rev: 683fb53c94e63e4f5acf4c2efd04977cc10bed49) Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d8837b4735b5e96ae0f5542319e711dbda8c3849) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-confHannu Lounento2020-07-161-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some openssl command line operations like creating an X.509 CSR require the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes -keyout my.key Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory 140289168594176:error:02001002:system library:fopen:No such file or directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r') 140289168594176:error:2006D080:BIO routines:BIO_new_file:no such file:../openssl-1.1.1g/crypto/bio/bss_file.c:76: which is the case e.g. in core-image-minimal with just the package openssl-bin added to the image by declaring IMAGE_INSTALL_append = " openssl-bin" e.g. in local.conf. The file did not exist in the aforementioned image / configuration because it was packaged to the main openssl package FILES_${PN} =+ "${libdir}/ssl-1.1/*" (there is no other FILES specification that would match the file either) and path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm [...] /usr/lib/ssl-1.1/openssl.cnf [...] Hence move /usr/lib/ssl-1.1/openssl.cnf (and openssl.cnf.dist as it seems closely related) to the ${PN}-conf package to have it installed with ${PN}-bin, which already (indirectly) depends on ${PN}-conf. Note that the openssl recipe has the comment Add the openssl.cnf file to the openssl-conf package. Make the libcrypto package RRECOMMENDS on this package. This will enable the configuration file to be installed for both the openssl-bin package and the libcrypto package since the openssl-bin package depends on the libcrypto package. but openssl-conf only contained /etc/ssl/openssl.cnf path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm /etc /etc/ssl /etc/ssl/openssl.cnf /usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to ../../../etc/ssl/openssl.cnf. Other files and directories in /usr/lib/ssl-1.1/ were considered as well because they seem to be configuration files and / or related to (symlinks pointing to) /etc. They were not moved though, because based on our use case and testing moving the openssl.cnf symlink is sufficient for fixing the immediate problem and we lack knowledge about the other files in order to make a decision to change their packaging. (From OE-Core rev: e5405189e6d1b3b3b236aa8fe7a577c72f6af8d8) Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c1632d7041fe0c18ec61abfa79a9c025af43c033) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Security fix CVE-2020-12695Armin Kuster2020-07-024-1/+267
| | | | | | | | | | | | | | | Source: http://w1.fi/security/ Disposition: Backport from http://w1.fi/security/2020-1/ Affects <= 2.9 wpa-supplicant (From OE-Core rev: 720d29cbfce34375402c6a4c17e440ffbb2659bf) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e9c696397ae1b4344b8329a13076f265980ee74d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.19akuster2020-06-263-240/+2
| | | | | | | | | | | | | | | | | | | Bug fix only updates. suitable for Stable branch updates where applicable. Drop CVE patches included in update LIC_FILES_CHKSUM update copyright year to 2020 Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES (From OE-Core rev: c672d2b6c98607f1fda917f4a3189a53712e8fc2) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a6ba66cf5e754cdcd41f01d233fbef7b94a10225) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: remove service templates from SYSTEMD_SERVICEKai Kang2020-06-261-3/+3
| | | | | | | | | | | | | | Remove service templates wpa_supplicant-nl80211@.service and wpa_supplicant-wired@.service from SYSTEMD_SERVICE that they should NOT be started/stopped by calling 'systemctl' in postinst and prerm scripts. (From OE-Core rev: 7910a0d6f332253608767a9576a0d521dd87efd7) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fe9b8e50461ab00ab3ad8b065ebd32f0eea2a255) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: Remove -fcommonAdrian Bunk2020-06-231-1/+1
| | | | | | | | | | | | This was fixed in upstream version 5.5.0. (From OE-Core rev: 433d3856151e095afb640a567241bebaf2e84b87) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9a9f67b7c50a8c28a75fc48c8abcb8a7bb35f0e6) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix CVE-2020-8616/7Lee Chee Yang2020-06-053-0/+237
| | | | | | | | | | | | fix CVE-2020-8616 and CVE-2020-8617 (From OE-Core rev: 8681058cce46b342c9895819e3a4bc0770934d86) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d0df831830e4c5f8df2343a45ea75c2ab4f57058) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: Don't advertise example services by defaultPaul Barker2020-05-281-0/+5
| | | | | | | | | | | | | | | | The example service files are placed into /etc/avahi/services when we run `make install` for avahi. This results in ssh and sftp-ssh services being announced by default even if no ssh server is installed in an image. These example files should be moved away to another location such as /usr/share/doc/avahi (taking inspiration from Arch Linux). (From OE-Core rev: c88cf750f26f6786d6ba5b4f1f7e5d4f0c800e6e) Signed-off-by: Paul Barker <pbarker@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Include vpn-script in FILESAlejandro Hernandez2020-05-221-1/+2
| | | | | | | | | | | | | When vpnc support is included through PACKAGECONFIG, there is now an extra vpn-script coming after the atest upgrade, include that script into FILES so it gets packaged. (From OE-Core rev: 8587149c49dd8d1e1a0a0b5cf81e458bfa88547e) Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade 1.1.1f -> 1.1.1gJan Luebbe2020-05-071-1/+1
| | | | | | | | | | | This also fixes CVE-2020-1967. (From OE-Core rev: f0bd52e5b50a1742b767eefe0d9d67facbb6c53a) Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "dhclient: not always skip the nfsroot interface"Mingli Yu2020-04-071-25/+1
| | | | | | | | | | | | | | | | | | | | | This reverts commit[27aec88 dhclient: not always skip the nfsroot interface] which used to address the IP address renew issue when boot a system in a nfsroot fs and altogether boot with ip=dhcp. But reported by some tester, the above commit introduces below issue when run ltp test on a nfsroot system which boot with ip=dhcp: nfs: server 192.168.100.1 not responding, still trying nfs: server 192.168.100.1 not responding, still trying [snip] So revert the above commit now to avoid blocking test. (From OE-Core rev: 5c172e0e8f8d02fe1dacec9d3574671baf9ad075) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: add RDEPENDS for dhcp-clientMingli Yu2020-04-021-0/+1
| | | | | | | | | | | | | Add iproute2 RDEPENDS for dhcp-client as /sbin/dhclient-systemd-wrapper which called by dhclient.service depends on ip command which provided by iproute2 package when systemd enabled in DISTRO_FEATURES. (From OE-Core rev: 0c91fcba446418ad1f71d3df9aa3b186bbd353c7) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhclient: not always skip the nfsroot interfaceMingli Yu2020-04-021-1/+25
| | | | | | | | | | | | Don't skip the nfsroot interface when use dhcp to get the address for nfsroot interface as the nfsroot interface may need dhclient to renew the lease. (From OE-Core rev: 27aec88c2ff4588acacadbe1cd61d7ce233fc817) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* inetutils: Use alternatives to avoid manpage conflictOvidiu Panait2020-04-021-1/+5
| | | | | | | | | | | | | | | Fix the following manpage conflicts: * check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man1/tftp.1 But that file is already provided by package * tftp-hpa-doc * check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man8/tftpd.8 But that file is already provided by package * tftp-hpa-doc * check_data_file_clashes: Package netkit-telnet-doc wants to install file /usr/share/man/man8/telnetd.8 But that file is already provided by package * inetutils-doc (From OE-Core rev: fc14bfd60ad86094f65ebefbd10dbddc112d2698) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update to 1.1.1fAlexander Kanavin2020-04-011-1/+1
| | | | | | | | | | This also un-breaks python3 ptest which got broken with 1.1.1e update. (From OE-Core rev: b4ddf5b9d8cd769b7026663f93c8bc69b55d8cbf) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: add LICENSE for individual packagesMatthew2020-03-291-0/+10
| | | | | | | | | | | | | Fixes [YOCTO #13609] avahi_0.7.bb defines 9 PACKAGES. However, avahi.inc generically sets LICENSE to "GPLv2+ & LGPLv2.1+". The library specific packages should be LGPLv2.1+ only. (From OE-Core rev: bd10fa54a94e9ae44defddae573ce67d33a11979) Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: fix do_package error when enable PACKAGECONFIG[nfsv4]Yi Zhao2020-03-241-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: ERROR: nfs-utils-2.4.3-r0 do_package: QA Issue: nfs-utils: Files/directories were installed but not shipped in any package: /usr/lib/libnfsidmap/nsswitch.so /usr/lib/libnfsidmap/static.so Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. nfs-utils: 2 installed and not shipped files. [installed-vs-shipped] Add rdep on python3-core for PACKAGECONFIG[nfsv4] to fix: ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/clddb-tool contained in package nfs-utils requires /usr/bin/python3, but no providers found in RDEPENDS_nfs-utils? [file-rdeps] Add rdep on libdevmapper for PACKAGECONFIG[nfsv41] to fix: ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/blkmapd contained in package nfs-utils requires libdevmapper.so.1.02()(64bit), but no providers found in RDEPENDS_nfs-utils? [file-rdeps] (From OE-Core rev: 17b44d51eaf71ae6d04034454dcb68f508b85258) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.1.1d -> 1.1.1eAdrian Bunk2020-03-242-761/+1
| | | | | | | | | Backported patch removed. (From OE-Core rev: 710bc0f8544f54750c8fb7b8affa243932927a24) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade 5.53 -> 5.54Wang Mingyu2020-03-214-182/+2
| | | | | | | | | | | CVE-2020-0556-1.patch CVE-2020-0556-2.patch removed since they are included in 5.54 (From OE-Core rev: 5552caed72169d397ce0bdf436216ec320a29751) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez: fix CVE-2020-0556Anuj Mittal2020-03-133-0/+180
| | | | | | | | | | | | | | | | It was discovered that BlueZ's HID and HOGP profiles implementations don't specifically require bonding between the device and the host. This creates an opportunity for an malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. (From OE-Core rev: d598f8eee0741148416e8660e10c716654205cb5) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix perl shebang in c_rehashMartin Jansa2020-03-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | * passing PERL=perl breaks c_rehash calls from dash (works fine with bash) dash doesn't like #!perl shebang PERL="/usr/bin/env perl" unfortunately just passing PERL like this doesn't pass do_configure: Creating Makefile sh: 1: /usr/bin/env perl: not found WARNING: exit code 1 from a shell command. But passing it as: HASHBANGPERL="/usr/bin/env perl" PERL=perl seems to work. (From OE-Core rev: 79350826396a882d115caafd88b0a49c91a4fa6c) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: recommend cryptodev-module for corresponding PACKAGECONFIGDenys Dmytriyenko2020-03-081-1/+1
| | | | | | | (From OE-Core rev: 57fcf9b517fe95e871122946cb99fe7fa9fd2e26) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: pass PERL=perl environment variable to configuratorRuslan Bilovol2020-03-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | In our build environment we use wrapper script for perl in non-standard configuration with extra variables set (provided by custom buildtools-tarball). In this case openssl fails to build because by default it's Configure script detects and uses perl executable directly (with absolute path) obviously missing extra settings from wrapper script. Pass PERL=perl environment variable to Configure, so it won't try to use perl executable directly but will use what is provided from environment. (From OE-Core rev: 2b087fef6820da8a6d86ca763bd7730dcac30849) Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade 5.52 -> 5.53Anuj Mittal2020-02-211-2/+2
| | | | | | | (From OE-Core rev: 1df5ece4ef6ef49bfeba83a2716ae4e2ce58d20e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: upgrade 2.4.2 -> 2.4.3Wang Mingyu2020-02-213-47/+10
| | | | | | | | | | | | | 0001-Don-t-build-tools-with-CC_FOR_BUILD.patch Removed since it is included in 2.4.3. refresh the following patch: 0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch (From OE-Core rev: fcaca33d458449379eeb2f99b613f8be1e6a44ce) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: add devlink support to iproute2Scott Branden2020-02-211-11/+23
| | | | | | | | | Add devlink support to iproute2 recipe. (From OE-Core rev: 00cc9773505b2afd002f9b2d72330e517af97d0c) Signed-off-by: Scott Branden <scott.branden@broadcom.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 8.1p1 -> 8.2p1Alex Kiernan2020-02-154-123/+2
| | | | | | | | | | | | | Drop backports from upstream: 0001-Manually-applied-upstream-fix-for-openssh-test.patch 0001-seccomp-Allow-clock_gettime64-in-sandbox.patch openssh-8.1p1-seccomp-nanosleep.patch (From OE-Core rev: c9b5802bbe1de609450f509edf4721ab0a7a70aa) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: add mulitlib_header for platform.hJeremy A. Puhlman2020-02-151-1/+3
| | | | | | | (From OE-Core rev: cfaaeedcb634b68d0b20a05130fd582df660fef6) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: Security fix CVE-2020-8597Yi Zhao2020-02-142-0/+48
| | | | | | | | | | | | | | | | CVE-2020-8597: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. References: https://nvd.nist.gov/vuln/detail/CVE-2020-8597 Patch from: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 (From OE-Core rev: b01505e018ff46f1af34f98219d55f4ca700cd5a) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: upgrade 4.4.1 -> 4.4.2Wang Mingyu2020-02-084-153/+6
| | | | | | | | | | | | | | 0001-Fix-a-NSUPDATE-compiling-issue.patch 0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch Removed since they are included in 4.4.2. refresh the following patch: 0004-Fix-out-of-tree-builds.patch (From OE-Core rev: d3c6f7e689a743fd060755eceb60353093013e84) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix reproducibility issueRichard Purdie2020-02-082-0/+33
| | | | | | | | | | | There was a build architecture leaking into the target ptest which could vary depending upon host. Remove it as its cosmetic. [YOCTO #13770] (From OE-Core rev: 37db519eedb7eb5cd4f14d05f30f5d580aa7458d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* socat: upgrade 1.7.3.3 -> 1.7.3.4Alexander Kanavin2020-02-031-2/+2
| | | | | | | (From OE-Core rev: 37b11d03bec508fa7428b6b0ed3a5f4ca2b7e65e) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iw: upgrade 5.3 -> 5.4Changhyeok Bae2020-02-022-10/+18
| | | | | | | (From OE-Core rev: 9b436d3c5625f1525a1c9e94886ff9f373ec7cf1) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: upgrade 5.3.0 -> 5.5.0Changhyeok Bae2020-02-021-2/+2
| | | | | | | (From OE-Core rev: 90f670a9f389f497d5dc00c0d3f955f07cff5805) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: add PACKAGECONFIG for the commandline clientRoss Burton2020-01-271-5/+3
| | | | | | | | | | | | | The client depends on readline which is GPLv3. Add a PACKAGECONFIG so users who don't need the client and are against GPLv3 can disable it. Also remove the explicit installation of the client in do_install_append, as the Makefile installs it now. (From OE-Core rev: 84b082be0a879153d9af8e093b6823d49c2621b8) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: explicitly skip unit testsAlexander Kanavin2020-01-211-0/+1
| | | | | | | | | | | These tests are already implicitly excluded by not being built. This change avoids a confusing failure-but-not-really printed by run-ptest. (From OE-Core rev: f3e27d8e23df37fb06f77af1583021f471dede51) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: applied upstream fix for "cert not yet valid" testMingde (Matthew) Zeng2020-01-212-0/+61
| | | | | | | | | | | | applied upstream fix for openssh's "cert not yet valid" test Upstream Status: Backport: https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381 (From OE-Core rev: f0a949fe33da47fd0a587abb942ff60f0a56ed0d) Signed-off-by: Mingde (Matthew) Zeng<matthew.zeng@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add powerpc64 LE supportKhem Raj2020-01-191-0/+3
| | | | | | | (From OE-Core rev: a77c76566dbffaccd2692e9110fca440c8eca53e) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Allow clock_nanosleep/clock_gettime64/clock_nanosleep_time64 syscallKhem Raj2020-01-103-0/+60
| | | | | | | | | Fixes connection denials with these syscalls being there on upcoming glibc 2.31 release (From OE-Core rev: 557d464de217cdf959aa275d20e7b155e4130ec7) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* resolvconf: update to 1.82Alexander Kanavin2020-01-101-3/+4
| | | | | | | | | Switch to git, as using debian snapshots makes automated upgrades impossible. (From OE-Core rev: 0e6b5151480cd03eb96deecc465f16958c41afa2) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: Drop unneeded patches, cmdline option overridesKhem Raj2020-01-023-44/+62
| | | | | | | | | | | | | | | | 0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch is no longer needed disabling format warnings is no longer needed as well therefore remove it from recipe and address the warnings (if any in patches) Ensure that it can build with clang as well on the way via the new clang-warnings.patch patch (From OE-Core rev: c22726425a2554a65b17a9daac9350940b2ddd6b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Use -fcommon explicitlyKhem Raj2019-12-302-1/+3
| | | | | | | | | This is needed with gcc 10 (From OE-Core rev: 312e9fe3f047547df4c21c8e666cc9aa70e15347) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: update to 2.4.2Alexander Kanavin2019-12-284-391/+3
| | | | | | | | | | Drop backports, and a musl patch that is no longer needed. (From OE-Core rev: 91ab8c4ba830136116e2e9486898e683e32513d8) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libnss-dns: update to 0.14.1Alexander Kanavin2019-12-281-14/+6
| | | | | | | | | | Change SRC_URI to the new location, drop no longer supported/unneeded options. (From OE-Core rev: 7df632664b94d2b5df6e8734937eaefb91e6ff18) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2019-1551Anuj Mittal2019-12-162-0/+759
| | | | | | | (From OE-Core rev: 7a8165e0d833bc64c824fa2aee2ddad21d866675) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: update kernel module RRECOMMENDS for kernel >= v4.19André Draszik2019-12-161-1/+1
| | | | | | | | | | | | | | | | nf_tables_inet.ko and nf_tables_ipv4.ko and nf_tables_ipv6.o (and nf_tables_arp.ko and nf_tables_netdev.ko) were merged into the core nf_tables.ko before v4.17 in kernel commit 02c7b25e5f54 netfilter: nf_tables: build-in filter chain type nf_meta.ko was merged to be a builtin of nf_tables.ko before v4.18 in kernel commit 8a22543c8e70 netfilter: nf_tables: make meta expression builtin (From OE-Core rev: 98715c9dc8dd925cffce9bd5d57172206d1e2a7b) Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>