| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
autoconf-archive is a collection of m4 autoconf macros needed at
build-time, and autoconf-archive-native is a suitable provider as there
is nothing in the recipe that needs to be cross-compiled.
Also if we use DEPENDS=autoconf-archive then the recipe's -dev package
ends up RDEPENDing on autoconf-archive, which isn't correct.
Universally change any DEPENDS on autoconf-archive to the -native form,
and add any missing dependencies that were implicit before.
(From OE-Core rev: be5534a8ca4a5ab7323039123e680ba1f6ede908)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 571132415ea7fe2d91c62948f2b6aa553eafa83d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Install and package the D-Bus introspection files.
(From OE-Core rev: ec7ba3c31611ed9962b844256734a07ff4ca9152)
Signed-off-by: Eero Aaltonen <eero.aaltonen@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b8183ad25af3bcf23f04dd649b6ef665569fac8c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As announced here:
https://roy.marples.name/downloads/dhcpcd/
(From OE-Core rev: 6578d20898f68c0cc88eda7e0f56e6f5a557f17e)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e317eaab45da2dea70d1485fdae93cfeea0db1d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The recommendation from server maintainers is that the https protocol
is both faster and more reliable than the dedicated git protocol at this point.
Switch to it where possible.
(From OE-Core rev: 8f3669f81db8a58f8ed2faef76acab3499f59619)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 139102a73d4151f4748b4a861bd4ab28dda7dab7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
(From OE-Core rev: cc7a3c6cb32b4a8d2677159cd106068b5f2d75e8)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit da76bde131a7fe0833c9fd59a1ca48edaed6fa54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
[bug] Use two pairs of dns_db_t and dns_dbversion_t in a
catalog zone structure to avoid a race between the
dns__catz_update_cb() and dns_catz_dbupdate_callback()
functions. [GL #3907]
[bug] Make sure to revert the reconfigured zones to the
previous version of the view, when the new view
reconfiguration fails during the configuration of
one of the configured zones. [GL #3911]
[bug] Fix error path cleanup issues in dns_catz_new_zones()
and dns_catz_new_zone() functions. [GL #3900]
[bug] Unregister db update notify callback before detaching
from the previous db inside the catz update notify
callback. [GL #3777]
[func Run the catalog zone update process on the offload
threads. [GL #3881]
[func Add shutdown signaling for catalog zones. [GL !7571]
[func Add reference count tracing for dns_catz_zone_t and
dns_catz_zones_t. [GL !7570]
[bug] Detach 'rpzs' and 'catzs' from the previous view in
configure_rpz() and configure_catz(), respectively,
just after attaching it to the new view. [GL #3880]
[test Don't test HMAC-MD5 when not supported by libcrypto.
[GL #3871]
[bug] Fix RPZ reference counting error on shutdown in
dns__rpz_timer_cb(). [GL #3866]
[test Test various 'islands of trust' configurations when
using managed keys. [GL #3662]
[bug] Building against (or running with) libuv versions
1.35.0 and 1.36.0 is now a fatal error. The rules for
mixing and matching compile-time and run-time libuv
versions have been tightened for libuv versions between
1.35.0 and 1.40.0. [GL #3840]
[bug] dnssec-cds failed to cleanup properly. [GL #3831]
[bug] Source ports configured for query-source,
transfer-source, etc, were being ignored. (This
feature is deprecated, but it is not yet removed,
so the bug still needed fixing.) [GL #3790]
(From OE-Core rev: 29010c32f0e0f00b31e32a7c275a532688ddaf9d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 51ab191224aa1320d622bf79184940afa3910d60)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 6ae794bfd0db6028c79c36d2fef47471916b357c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
If these files exist they should be packaged into PN-dev, and are with
the default FILES:${PN}-dev.
(From OE-Core rev: 738434bf567d25de692cd145156263eea1a5de13)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When gobject-introspection feature is disabled, glib-2.0-native
and gobject-introspection package dependencies are not pulled in
but avahi has a hard dependency on them (do_configure fails due
to missing introspection.m4 file, do_compile fails due to missing
glib-mkenums).
(From OE-Core rev: fea90325b180ba8d2b19704dc8911a9175527c61)
Signed-off-by: Petr Kubizňák <kubiznak@2n.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSH 9.3p1 fixes 1 HIGH level security vulnerability.
Upgrade the recipe to point to 9.3p1.
CVEs Fixed:
1) CVE-2023-28531
- ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.
(From OE-Core rev: ca4b4165f388a8b8bb80c120a2baef00e7e3bcac)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545]
(From OE-Core rev: 20ae485ef65bef2ddbffe05fd29cc7d411c38448)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix an issue introduced in the new openssl version where an assembler file
isn't generated in a reproducible way by seeding the perl random number
generator consistently. It has no crypto impact, it is just used to
avoid function name clashes.
(From OE-Core rev: 448df3e1c02fe224d62f59a236fdcd47ea7e695f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
>From the NEWS.md file:
### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023]
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
* Performance enhancements and new platform support including new
assembler code algorithm implementations.
* Deprecated LHASH statistics functions.
* FIPS 140-3 compliance changes.
Drop the upstreamed afalg.patch:
c425e365f4 Configure: don't try to be clever when configuring afalgeng
(From OE-Core rev: 71c763ed4fbbea22a6a0b145e4e29436c7e59625)
Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
One of the openssl ptests needs the openssl binary so fails
on a minimal image without this. Add the missing dependency.
(From OE-Core rev: c29276b467ae10027f38cb403a2089b3558fc639)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error: Transaction test error:
file /usr/share/man/man8/dhcpcd.8 conflicts between attempted installs of dhcpcd-doc-9.4.1-r0.cortexa57 and lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon
The differences between the two files are as follows:
@@ -821,7 +821,7 @@
If you always use the same options, put them here.
.It Pa /usr/libexec/dhcpcd-run-hooks
Bourne shell script that is run to configure or de-configure an interface.
-.It Pa /usr/lib64/dhcpcd/dev
+.It Pa /usr/lib/dhcpcd/dev
Linux
.Pa /dev
management modules.
(From OE-Core rev: 65ca2c4b7349a4f7dcfcc580d926a99c673deb60)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 67734f7574877ca6e0ec06596ff1a48303df0764)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
License-Update: copyright snippet has been dropped from ip.c
(From OE-Core rev: d709e2d4c5d8768b3160d63aec207fe3e2a4066d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 665c5f217370cf28f18e818b81af07494b7acb2d)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level security vulnerability [1].
Upgrade the recipe to point to 3.0.8.
CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
CVEs Fixed:
https://www.openssl.org/news/secadv/20230207.txt
(From OE-Core rev: 8461466f63200a0b1c9c247b70fdf5819651544c)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Backport patch to fix dhcpcd start failed on qemuppc64.
(From OE-Core rev: a31d658198566de12cdd1aad18776b8da8065787)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 845334cb22708e7a88701aa0a1bc496a67f2b5d5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
License-update: copyright years
(From OE-Core rev: 63e8a8952c3d1b3b5c481be6bba52a3f4d65648e)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: c20b7b864dc6726a2ed4a40cf5a30661ad28c6e0)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: d5d787b44b102e3a69e28948326e39f83fc1d98d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
(From OE-Core rev: 5b651a929223d1965136bd97c22b89ca86b5b9c5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This script was migrated from shell to python3 in recent versions.
(From OE-Core rev: 63c89b726e9a2c844168ffeddfaf0c778abfd131)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In case of nodistro, dhcpcd gives us 'Bad system call'
error and exits. This is because there are syscalls that
should be allowed but not in privsep. Backport two patches
to fix this issue.
(From OE-Core rev: f1e6a0c16d6685096ec9313301aa431e73d02c07)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a follow-up to commit 846ff49465 to remove the extra whitespace
that is no longer needed after converting :append and :prepend to += and
=+.
(From OE-Core rev: 5a38be49e451c9f9d973b10a33c3972507f7b18a)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 1e7ebdf4e324ec6719c926fd27717f2198db937d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
As far as I can tell, none of these uses of PACKAGESPLITFUNCS need append/prepend
operators, the standard += and =+ can work just fine. Since OE-Core is copied a lot,
use the preferred syntax which is also simpler to parse and change.
(From OE-Core rev: 846ff49465337dddd75a83161f41f48117f6571c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
The key file IO locks objects would never get deleted from the hashtable due to
off-by-one error.
ANY responses could sometimes have the wrong TTL.
Speed up the named shutdown time by explicitly canceling all recursing ns_client
objects for
Removing a catalog zone from catalog-zones without also removing the referenced
zone could leave a dangling pointer. [GL #3683]
nslookup and host were not honoring the selected port in TCP mode. [GL #3721]
Deprecate alt-transfer-source, alt-transfer-source-v6 and
use-alt-transfer-source. [GL #3694]
Move the "final reference detached" log message from dns_zone unit to the
DEBUG(1) log level.
Fix assertion failure in isc_http API used by statschannel if the read callback
would be called on HTTP request that has been already closed.
Deduplicate time unit conversion factors.
Copy TLS identifier when setting up primaries for catalog member zones.
Deprecate 'auto-dnssec'. [GL #3667]
The decompression implementation in dns_name_fromwire() is now smaller and
faster. [GL #3655]
Use the current domain name when checking answers from a dual-stack-server.
Ensure 'named-checkconf -z' respects the check-wildcard option when loading a
zone. [GL #1905]
Deprecate 'coresize', 'datasize', 'files', and 'stacksize' named.conf options.
The view's zone table was not locked when it should have been leading to race
conditions when external extensions that manipulate the zone table where in use.
Some browsers (Firefox) send more than 10 HTTP headers. Bump the number of
allowed HTTP headers to 100. [GL #3670]
NXDOMAIN cache records are no longer retained in the cache after expiry,
even when serve-stale is in use. [GL #3386]
(From OE-Core rev: 1c093c38e247b522f279f616d16373795a4cdf89)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
qemu 7.2 no longer carries libslirp in-tree, and so
it has to be provided externally.
(From OE-Core rev: a4409583e0f8187b0c0cbf92fbddeffef12fd8f5)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes LFS64 builds
(From OE-Core rev: ce6a6cc8e468603a1ccec68ec70fc1a079411fca)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: c83668b89289cfd1eee87e7388239bb5b7763a7d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 45686afe96bb42c24bfd4ab540ea44423a0f57c3)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It appears that rngd is not needed as of linux-5.6 and later[1]
and should not be installed by default since the purpose of rngd
is to provide additional trusted sources of entropy.
We did some testing on real hardware, the result seems to support that
we no longer need rngd by default on kernel v5.6 and later.
Testing result as below:
1. observing the crng init stage.
the "random: crng init done" always available before fs being mounted.
2. generating random number without rngd.
testing command: dd if=/dev/random of=/dev/null status=progress
on Marvell CN96xx RDB board, speed almost 20.4 MB/s without block
on NXP i.mx6q board, speed almost 31.9 MB/s without block
on qemu x86-64, speed almost 2.6MB/s without block
3. using rngtest command without rngd
testing command: rngtest -c 1000 </dev/random
on Marvell CN96xx RDB board:
rngtest: input channel speed: (min=4.340; avg=135.364; max=146.719)Mibits/s
rngtest: FIPS tests speed: (min=8.197; avg=69.020; max=72.800)Mibits/s
rngtest: Program run time: 418771 microseconds
on NXP i.mx6q board:
rngtest: input channel speed: (min=96.820; avg=326.769; max=340.598)Mibits/s
rngtest: FIPS tests speed: (min=15.090; avg=37.543; max=40.324)Mibits/s
rngtest: Program run time: 570229 microseconds
on qemu x86-64:
rngtest: input channel speed: (min=37.769; avg=101.136; max=136.239)Mibits/s
rngtest: FIPS tests speed: (min=10.288; avg=30.682; max=40.155)Mibits/s
rngtest: Program run time: 836800 microseconds
4. observing sshd service.
using "systemctl disable rng-tools" disable service and reboot system.
system boot up normal, sshd service also start in normal time without
block.
Reference:
[1] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32
(From OE-Core rev: 868dfb46d96a27ec9041cb902fb769330277257d)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
texrels are generated while compiling on x86/clang because pic/pie flags
that are passed via bitbake do not make it everywhere evenly.
--enable-pie is default way of getting it enabled in bluez5
PIE is enabled by default which ensures that textrels are not generated
(From OE-Core rev: 804aa082e4c4fdd4881ff668f52790bea818eabb)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
Fix a crash that could happen when you change
a dnssec-policy zone with NSEC3 to start using
inline-signing. [GL #3591]
Don't trust a placeholder KEYDATA from the managed-keys
zone by adding it into secroots. [GL #2895]
Fixed a race condition that could cause a crash
in dns_zone_synckeyzone(). [GL #3617]
Don't enforce the jemalloc use on NetBSD. [GL #3634]
Fix an inheritance bug when setting the port on
remote servers in configuration. [GL #3627]
Fix a resolver prefetch bug when the record's TTL value
is equal to the configured prefetch eligibility value,
but the record was erroneously not treated as eligible
for prefetching. [GL #3603]
Always call dns_adb_endudpfetch() after calling
dns_adb_beginudpfetch() for UDP queries in resolver.c,
in order to adjust back the quota. [GL #3598]
Fix a startup issue on Solaris systems with many
(reportedly > 510) CPUs. Thanks to Stacey Marshall from
Oracle for deep investigation of the problem. [GL #3563]
rpz-ip rules could be ineffective in some scenarios
with CD=1 queries. [GL #3247]
The RecursClients statistics counter could overflow
in certain resolution scenarios. [GL #3584]
Less ceremonial UNEXPECTED_ERROR() and FATAL_ERROR()
reporting macros. [GL !6914]
Fix a couple of bugs in cfg_print_duration(), which
could result in generating incomplete duration values
when printing the configuration using named-checkconf.
[GL !6880]
Refactor the isc_httpd implementation used in the
statistics channel. [GL !6879]
(From OE-Core rev: e57fe26b3f85ebfabdc8b574caa5c97602e4d771)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add selinux PACKAGECONFIG logic in selinux layer[1] to conform
to yocto compliance.
[1] https://git.yoctoproject.org/meta-selinux/commit/?id=31325005e4409e08b7f68eed44a9c4086453e4dd
(From OE-Core rev: 067ce90494bc370fc7a271c6a036c414358f0f38)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, dhcpcd does not work well with systemd. When using dhcpcd
to configure network, the /etc/resolv.conf contents are not correct.
This issue could easily be reproduced by using 'qemu + slirp' to
start a systemd based image and using dhcpcd to configure network.
The expected 'nameserver 10.0.2.3' is not in /etc/resolv.conf.
The root cause of this problem is that dhcpcd assumes the resolvconf
should recognize .protocol suffix[1]. But systemd's resolvconf (which
is a symlink to resolvectl) has a limited support for traditional
resolvconf interface[2], and "may not work with all clients"[3]. This
of cource includes the clients that use the .protocol suffix.
The current situation is:
1. systemd is not going to support the .protocol suffix in the foreseeable
near future[4].
2. dhcpcd does not want to merge systemd specific patch and insists
systemd needs to consider the .protocol suffix[5][6].
It's a normal thing that people have different opinions. As a build system
that supports such combination, however, we do need to come up with a
solution to fix this typical integration problem, making dhcpcd and systemd
work together.
This patch solves this integration problem by relying on dhcpcd's ability
to manage its own resolv.conf contents. But instead of letting it to write
to /etc/resolv.conf directly, we supply the generated contents to resolvconf.
In this way, the resolvconf still stands in the central place and dhcpcd remains
a supplier to it. And the /etc/resolv.conf can get the correct contents.
With this patch, dhcpcd could work with both sysvinit and systemd.
[1] https://man.archlinux.org/man/resolvconf.8.en
[2] https://man.archlinux.org/man/resolvectl.1#COMPATIBILITY_WITH_RESOLVCONF(8)
[3] https://wiki.archlinux.org/title/systemd-resolved
[4] https://github.com/systemd/systemd/issues/25032
[5] https://github.com/NetworkConfiguration/dhcpcd/pull/152
[6] https://github.com/NetworkConfiguration/dhcpcd/issues/146
(From OE-Core rev: 935ae419f51d911c73f5dc7b4a2e5e9a7b206985)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current resolvconf does not work. Make it work with the
following changes.
1. Install normalize-resolvconf, which is used by resolvconf.
2. Add dependencies: sed, util-linux-flock.
util-linux-flock is needed by our busybox does not support '-w'
by default. sed is needed because we want to avoid package
QA issue complaining sed is needed by no one provides it.
3. Add a patch to replace 'readlink -m' with 'readlink -l'.
This could avoid the runtime dependency on coreutils. The replacement
is safe as /etc always exits in OE's system.
4. Remove allarch inheritage. This is because the above RDEPENDS
change does not allow this any more. test_sstate_allarch_samesigs
would fail if we don't do this.
(From OE-Core rev: 1b0581fd241cc9de2feda896aefbf055dc0099dc)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 7e12fa1e6250fc358ba159a6b626458d871f7ccf)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add the trailing '.git' to git repo uri in SRC_URI then it could share
source code repo on premirror with grpc which uses libuv as a git
submodule with fixed revision.
(From OE-Core rev: cecdf616e7cf192cdc723a446be1d14c197c980d)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch
removed since it's included in 1.7.4.4
(From OE-Core rev: c00e9d66f0b8449ff1bf24546f232345eb6feebd)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2022-39028.patch
removed since it's included in 2.4
Changelog:
==========
ifconfig
------------
Support specifying prefix netmask lengths in -A.
Hurd: tell pfinet translator interfaces to configure
ftp
----------
Avoid crash caused by signed integer overflow resulting in out-of-bounds buffer access.
Avoid crash caused by heap buffer overflow.
Avoid crash caused by NULL pointer dereference.
Avoid crash caused by infinite macro recursion.
telnetd
-----------
Avoid crash on 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL). CVE-2022-39028
telnet
-----------
Fix a buffer overflow problem. CVE-2019-0053
tftp
-----------
Avoid crashing when given unexpected or invalid commands from tty.
Various bugs fixes, internal improvements and clean ups.
(From OE-Core rev: fec6ec179b97b768d32fbd782338450edc1a5344)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18_8/CHANGES
(From OE-Core rev: 1d87d2652f7f6640dda85e037c580c83f99a8ba8)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the hciattach bcm43xx firmware loader looks up the firmware
blob in /etc/firmware . Change this to /lib/firmware instead, so that
the path is consistent with Linux kernel which also looks up firmware
for the WiFi part in /lib/firmware .
(From OE-Core rev: 72b3b79ad8b980e8dd9470d16b72c2c70072bbc0)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 3.0.5 includes a HIGH level security vulnerability [1].
Upgrade the recipe to point to 3.0.7.
CVE-2022-3358 is reported fixed in 3.0.6, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
Fixes CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
(From OE-Core rev: a69ea1f7db96ec8b853573bd581438edd42ad6e0)
Signed-off-by: Ed Tanous <edtanous@google.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: e8f0e3a01262ecb83185ec5e84e6f359d7d64d1d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Two patches are in upstream.
(From OE-Core rev: 9acd3f210f63156d5fd9acbf4477aef2bb4c9de8)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
