| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 7fa10f29b31f8aae572026a00a6354aec539d044)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 42337d49cdd4f4598236f996a5db8517fd9e8ca8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
-Fix issue with handling SMS submit report sizes.
-Fix issue with handling operator name and ISI modems.
(From OE-Core rev: b9b0e4967845baac137905e12e63535046bf7256)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 569285695e43128dafd77ad33d12a8eeb29fd88d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bind-ensure-searching-for-json-headers-searches-sysr.patch
refreshed for 9.18.21
Changelog:
==========
-Improve LRU cleaning behaviour.
-The "resolver-nonbackoff-tries" and "resolver-retry-interval" options are
deprecated; a warning will be logged if they are used.
-BIND might sometimes crash after startup or re-configuration when one 'tls'
entry is used multiple times to connect to remote servers due to initialisation
attempts from contexts of multiple threads. That has been fixed.
-Dig +yaml will now report "no servers could be reached" also for UDP setup
failure when no other servers or tries are left.
-Recognize escapes when reading the public key from file.
-Dig +yaml will now report "no servers could be reached" on TCP connection
failure as well as for UDP timeouts.
-Deprecate AES-based DNS cookies.
(From OE-Core rev: b750d54622a0fa0a35d83ddc59f07661e903360b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Backport a typo fix RISCV_HAS_ZKND_ZKNE -> RISCV_HAS_ZKND_AND_ZKNE
(From OE-Core rev: 2b2bf78c7250a23a476f168d3f1789496c1c27e9)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
52ae965 bump version to 6.7
ac7e46b update nl80211.h
44686ac iw: allow extra cflags
e2224c7 iw: S1G: add 802.11ah support for link command display
7298198 update nl80211.h
a1c9376 iw: connect: Fix segfault during open authentication
ea706b3 iw: fix attribute size mismatch
cb491fa iw: add more extended capa bits
cf26fc9 iw: Fix EHT rates printing.
f2d9f5b iw: S1G: add list command support for 802.11ah
1bc6ab0 iw: S1G: add parsing for 802.11ah scan IE's
a32046b iw: S1G: add frequency set in kHz and offset options
f5e3b43 util: don't print EHT info if not present
7794573 interface: print links
221875e link: update for MLO
5f64b70 link: fix some formatting
29555e1 iw: scan: set NL80211_SCAN_FLAG_COLOCATED_6GHZ in case of full sched scan
997e5f1 util: add support for 320MHz bandwidth without cf1
81d112f util: add support for 320Mhz bandwidth
de3da80 update nl80211.h
d6fd275 iw: event: fix printf format error
cc660cc iw: add support for retrieving keys
c4743bb iw: info: fix bug reading preambles and bandwidths
82e6fba iw: add cac background command
ad2f2f8 iw: info: print PMSR capabilities
(From OE-Core rev: e44ce3000864407b773f64581ba6eac38b8297c6)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: d0139bcbe0499e570f02f8f7b7e364763f7359ec)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add systemd-sshd-socket-mode PACKAGECONFIG option to choose installing
sshd.socket and systemd-sshd-service-mode PACKAGECONFIG option to choose
installing sshd.service.
The systemd-sshd-socket-mode PACKAGECONFIG option is enabled by default
and user can choose the above two PACKAGECONFIG option to customize the
sshd mode.
(From OE-Core rev: bc830ad3c6a11af1a350dca7f33f0682aeee0d21)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The update from 2.4 to 2.5 was almost something AUH could take care of.
However, we had backported two patches to address CVE-2023-40303 and
that threw off AUH. These changes are confirmed to be in 2.5, so drop
them and update to 2.5.
(From OE-Core rev: e1bffeab27b062884f6366cde24ce1c67e7ec03e)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
refreshed for 10.0.6
Changelog:
==========
-privsep: Stop proxying stderr to console and fix some detachment issues
-non-privsep: Fix launcher hangup
-DHCP6: Allow the invalid interface name - to mean don't assign an address from a delegated prefix
-DHCP6: Load the configuration for the interface being activated from prefix delegation
(From OE-Core rev: 9f813cdbb789423219cb83affd40cd0f3c377485)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
-The library version numbers have been bumped up for the Kea 2.4.1 stable release.
-Fixed interface redetection which had stopped working since Kea 2.3.6.
-Fixed a race condition in free lease queue allocator
fix-multilib-conflict.patch
fix_pid_keactrl.patch
refreshed for 2.4.
(From OE-Core rev: 7afab39fd1c3239df3bb2fa49b79a5efaaaf9db6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The assembler sections in OpenSSL were not marked as valid call targets,
so branch protection could not be enabled for libcrypto.so.
(From OE-Core rev: 4bf06bc5487da05e6b4a4895e5ca2da65cdc25d8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
import patches from ubuntu to fix
CVE-2023-1981
CVE-2023-38469-2
CVE-2023-38470-2
CVE-2023-38471-2
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
&
https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237
&
https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
&
https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460]
Ref: https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/nanbield-nut&id=a9203c46cd64c3ec5e5b00e381bbac85733f85df
(From OE-Core rev: 2b0d8a63a212897b33e85cc3694cd9a3d6e09ca8)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Update Upstream-Status for 0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch.
(From OE-Core rev: 7189d1ea5c066b9ffc52103160bb34945fd779d7)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: cb1b191fa4a275dab1f7f66a0e60563696c6d64d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Remove backported patch 0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch.
* Add 0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch to fix build with musl
(From OE-Core rev: ff416e9fd6a1a65cf59ecd662613581b6190e05e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role
HID Device to initiate and establish an encrypted connection, and accept HID
keyboard reports,potentially permitting injection of HID messages when no user
interaction has occurred in the Central role to authorize such access. An example
affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases,
a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45866
Upstream patches:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
(From OE-Core rev: ef93aa6a815f2732dadf14e2d7e62c15c46b6007)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. No chagne on license [1], original md5 is not right because
beginline=241 does not match
2. Fix two compile and one install failures
[1] https://repo.or.cz/socat.git/blobdiff/c9ff62744f4140418f4edce7e395d1a30e9161b1..2da070164d454971d5c970b5278e645051f0d0f7:/README
(From OE-Core rev: a8cb052a78d0422acb52c402a3836f4ee174ee66)
Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Avahi has moved to a new parent organisation on GitHub, so update the
URLs to match.
(From OE-Core rev: 02caef1567186f250e64ae3ef84fcff33d7323e4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
upgrade include fix for CVE-2023-5678.
Changes in 3.2.0
https://www.openssl.org/news/cl32.txt
drop upstreamed 0001-Link-libatomic-on-riscv32.patch.
drop fix_random_labels.patch as fixed by
https://github.com/openssl/openssl/commit/0fbc50ef0cb8894973d4739af62e95be825b7ccf
(From OE-Core rev: 5a40f27051a1d40af41e7260b9f693a3c27c321f)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
* resolvconf(8): Fix new paragraph.
* Move binaries to /usr.
(From OE-Core rev: 38d558ea63c66fd02d2c3fab79dae8ce65e4aa13)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
-Fix issue with udev tracking of devices.
-Fix issue with QMI WDA initialization.
-Fix issue with handling QMI premultiplexed contexts.
-Fix issue with additional context types in MBPI.
-Remove CDMA support.
(From OE-Core rev: 574d113dd56098e08fad9bfff79e93f0d35ca0b9)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bluez 5.69 added a regression. Bluetooth connection for playstation controllers
stopped working. This adds a backport patch for the issue
(From OE-Core rev: be05a177f943e9c8ce6c0fdbd157ee6f9103eef9)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
-Fix missing newlines in the output of "rndc nta -dump".
-Take into account local authoritative zones when falling back to serve-stale.
-Fix assertion failure when using lock-file configuration option together -X
argument to named.
-The 'lock-file' file was being removed when it shouldn't have been making it
ineffective if named was started 3 or more times.
-Fix a shutdown race in dns__catz_update_cb().
-B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b.
-The timeouts for resending zone refresh queries over UDP were lowered to enable
named to more quickly determine that a primary is down.
-Don't schedule resign operations on the raw version of an inline-signing zone.
-Fix a possible assertion failure on an error path in resolver.c:fctx_query(),
when using an uninitialized link.
-Add semantic patch to do an explicit cast from char to unsigned char in ctype.h
class of functions.
-Python system tests have to be executed by invoking pytest directly. Executing
them with the legacy test runner is no longer supported.
-The wrong covered value was being set by dns_ncache_current for RRSIG records
in the returned rdataset structure. This resulted in TYPE0 being reported as
the covered value of the RRSIG when dumping the cache contents.
(From OE-Core rev: 9b34124561d926d9273c52163853161515e5666a)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_alternative_host_name() function.
(From OE-Core rev: fbe506e7af1ce47f6d04c122cb77573e0527ab91)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_rdata_parse() function.
(From OE-Core rev: 988d115ca18db1872d7a4dab39040029e5c61d6b)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in Avahi. A reachable assertion exists
in the dbus_set_host_name function.
(From OE-Core rev: 292956cd7b2ea909a0cb39973536ddd007f7e47d)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_escape_label() function.
(From OE-Core rev: 93b4489c84f5f21e3fbcd66a39d50b5d64001a58)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in Avahi, where a reachable assertion exists
in avahi_dns_packet_append_record.
(From OE-Core rev: 885d64f067b9ddaf890d9bdef7b76898ff90b04e)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
* test: fix license blurb
* linux: fix harmless warn_unused_result warning
* darwin: fix build warnings
* linux: don't use io_uring on pre-5.10.186 kernels
* fs: fix WTF-8 decoding issue
* test: enable disabled tcp_connect6_error_fault
* test: enable disabled fs_link
* test: enable disabled spawn_same_stdout_stderr
* linux: handle UNAME26 personality
* build: move cmake_minimum_required version to 3.9
* unix: set ipv6 scope id for link-local addresses
* unix: match kqueue and epoll code
* win,spawn: allow `%PATH%` to be unset
* doc: switch to Furo, a more modern Sphinx theme
* darwin: make TCP_KEEPINTVL and TCP_KEEPCNT available
* win,fs: avoid winapi macro redefinition
* linux: add missing riscv syscall numbers
* doc: fix broken "Shared library" Wikipedia link
* unix: get mainline kernel version in Ubuntu
* unix: get mainline kernel version in Debian
* build: fix qemu install in CI-unix workflow
* unix: disable io_uring close on selected kernels
* test: skip tests when ipv6 is not available
* ibmi: implement ifaddrs, getifaddrs, freeifaddrs
* unix: reset signal counters after fork
* win,process: avoid assert after spawning Store app
* unix: remove pread/preadv conditionals
* unix: remove pwrite/pwritev conditionals
* darwin: remove workaround for data corruption bug
* src: default to stream=stderr in handle printer
* test: switch to new-style ASSERT_EQ macros
* zos: correctly get cpu model in uv_cpu_info
* test: fix get_passwd2 on IBM i
* unix: don't malloc on sync uv_fs_read
* freebsd: get fs event path with fcntl
* test: switch from ASSERT_* to ASSERT_PTR_*
* darwin: workaround apple pthread_cond_wait bug
* doc: uv_close should be called after exit callback
* test: 192.0.2.0/24 is the actual -TEST-NET-1
* unix: add back preadv/pwritev fallback
* unix: rename variable for consistency
* unix: merge read/write code into single functions
* doc: filename arg to uv_fs_event_cb can be NULL
* build,win: we need to link against shell32.lib
* unix: no preadv/pwritev workaround if not needed
* build: add CI for Windows ARM64
* linux: disable io_uring on 32 bits arm systems
* build: run sanitizers on macos ci
* misc: export WTF8 conversion utilities
* build: fix libuv.a file name for cmake
* build: add windows ubsan and clang ci
* win: improve accuracy of ProductName between arch
(From OE-Core rev: a9a634e37c9af42b54b3bf09cb94553c641d6cf4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 3ab71c67746754098b79af25c05c6bf0747d558d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
DHCP: re-enter DISCOVER phase if server doesn't reply to our REQUEST
privsep: Allow __NR_dup3 syscall as some libc's use that instead of the dup2 dhcpcd uses
dev: Fix an issue where not opening the dev plugin folder if configured returned the wrong fd
privsep: Harden the launcher process detecting daemonisation.
compat: arc4random uses explicit_bzero if available
(From OE-Core rev: 4d2adb1112e24f8d3b22433d08d6ed4664bb8e8d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sshd keeps on terminating and restarting in servel minutes, we can observe
log from journalctl that the sshd was killed by systemd with signal 15:
systemd[1]: sshd.service start operation timed out. Terminating.
sshd[374]: Received signal 15; terminating.
When the sshd as a systemd service, it need to tell systemd with a "READY" status,
and when it is restarted, it need to tell systemd with a "RELOADING" status, otherwise,
systemd would treat it as failing service and restart it again.
Taken a patch from openssh upstream PR[1], that after using a signal to tell systemd
it is ready or reload now.
Ref:
[1] https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56
(From OE-Core rev: 4090dca8e44ec79ccb9a674db31e835d20b51888)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
privsep: allow __NR_mmap2 call
privsep: allow __NR_clock_gettime32 syscall
compat/arc4random.c: use memset instead of explicit_bzero
privsep: avoid SIGPIPE errors when scripts write to stderr/stdout after dhcpcd is daemonised
(From OE-Core rev: 26d3af5232a49ca6a0def9c2fbbd2f83842937a0)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes [YOCTO #15225]
Yocto Bug #15255 is not reproducible. To obtain more useful information
for debugging, the OpenSSL test code is improved so that more detailed
state information in the handshake loop is printed when an error occurs.
(From OE-Core rev: 5bf9a70f580357badd01f39822998985654b0bfc)
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Don't hardcode the directory of the binary in sshd.service.
(From OE-Core rev: 977820725c39736061b649389864a53e112e213d)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/openssl/openssl/blob/openssl-3.1/NEWS.md#major-changes-between-openssl-313-and-openssl-314-24-oct-2023
Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
(From OE-Core rev: 104ba16de434a08b0c8ba4208be187f0ad1a2cf8)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
We still need this option for riscv32, the patch is also submitted
upstream
(From OE-Core rev: 2e923a5a67e51463dcf938079c4a199873ccba85)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is updated in openssl [1] [2] since opensssl 3.2 onwards
[1] https://github.com/openssl/openssl/commit/42ee6e7be43c57136d71e5612fed22a06f7f5d0e
[2] https://github.com/openssl/openssl/commit/c29554245ae107c87d71c8463eef0134391da318
(From OE-Core rev: ed280618b40e5c67d475f74569183a11619b52c2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
the usage of /var/kea was dropped in the 1.6 release (see
https://gitlab.isc.org/isc-projects/kea/-/issues/538 ).
Creating the directory fails on systems with read-only rootfs.
(From OE-Core rev: 24ee9ea30d1fdee8801bab521db227708f5600e2)
Signed-off-by: Thomas Wolber <Thomas.Wolber@bruker.com>
Signed-off-by: Vyacheslav Yurkov <vyacheslav.yurkov@bruker.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch
removed since it's included in 10.0.3
Changelog:
===========
Do not crash on dhcpcd test run
Add automated CI builds for Ubuntu, OpenBSD, FreeBSD and NetBSD
dhcpcd: Fix off-by-one overflow when read() writes full BUFSIZ
privsep: fix strlcpy overflow in psp_ifname
ci: execute tests after successful build
compat: update arc4random() to newer chacha20 based version from OpenBSD
Support libcrypto for hmac and sha256
Use a local variable instead of the optind
Send correct amount of used buffer for prefix exclude option
compat: use OpenSSL RAND_priv_bytes() for entropy
(From OE-Core rev: fcb9ac0f1c6cac0841d7b7a29b7180c4c580920f)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: b051bf5e7706e36b40452cecb6b9149e9b364ef1)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For systems with a large amount of SSH traffic, it shoule be better to
run a single SSH server for all incoming connections.
And both sshd.socket and sshd.service are deployed on other distros
like ubuntu, fedora and etc.
So add sshd.service to make it possible to run a standalone SSH server.
(From OE-Core rev: 3ecebc70f957e53e3dcf1cc835ff359115db6e56)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
Potentially incompatible changes
--------------------------------
* ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys
are very convenient due to their small size. Ed25519 keys are
specified in RFC 8709 and OpenSSH has supported them since version 6.5
(January 2014).
* sshd(8): the Subsystem directive now accurately preserves quoting of
subsystem commands and arguments. This may change behaviour for exotic
configurations, but the most common subsystem configuration
(sftp-server) is unlikely to be affected.
New features
------------
* ssh(1): add keystroke timing obfuscation to the client. This attempts
to hide inter-keystroke timings by sending interactive traffic at
fixed intervals (default: every 20ms) when there is only a small
amount of data being sent. It also sends fake "chaff" keystrokes for
a random interval after the last real keystroke. These are
controlled by a new ssh_config ObscureKeystrokeTiming keyword.
* ssh(1), sshd(8): Introduce a transport-level ping facility. This adds
a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to
implement a ping capability. These messages use numbers in the "local
extensions" number space and are advertised using a "ping@openssh.com"
ext-info message with a string version number of "0".
* sshd(8): allow override of Subsystem directives in sshd Match blocks.
Bugfixes
--------
* scp(1): fix scp in SFTP mode recursive upload and download of
directories that contain symlinks to other directories. In scp mode,
the links would be followed, but in SFTP mode they were not. bz3611
* ssh-keygen(1): handle cr+lf (instead of just cr) line endings in
sshsig signature files.
* ssh(1): interactive mode for ControlPersist sessions if they
originally requested a tty.
* sshd(8): make PerSourceMaxStartups first-match-wins
* sshd(8): limit artificial login delay to a reasonable maximum (5s)
and don't delay at all for the "none" authentication mechanism.cw
bz3602
* sshd(8): Log errors in kex_exchange_identification() with level
verbose instead of error to reduce preauth log spam. All of those
get logged with a more generic error message by sshpkt_fatal().
* sshd(8): correct math for ClientAliveInterval that caused the probes
to be sent less frequently than configured.
* ssh(1): fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
multiplexed sessions to ignore SIGINT under some circumstances.
Portability
-----------
* Avoid clang zero-call-used-regs=all bug on Apple compilers, which
for some reason have version numbers that do not match the upstream
clang version numbers. bz#3584
* Fix configure test for zlib 1.3 and later/development versions. bz3604
(From OE-Core rev: 1f7a8aedecae81339d71c40f4cf7f6d1e5e4286c)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tests don't actually need sudo on core-image-ptest-openssh.
Based on logs seen in
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 it seems
that socket errors from sudo are creeping into stderr which are failing
the banner ptest from openssh. Removing sudo should help removing
the stderr messages and possibly cure the banner test failures.
(From OE-Core rev: 47e754f483b674b207bfddcc8d4c5d9a3008e102)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parsing sshd's config file with 'sed' does not work in for example the
case where somebody has made use of the new ability to add a config
fragment in /etc/ssh/sshd_config.d/ with one or more HostKey
stanzas. Also, sshd_config keywords are case-insensitive, but the
current sed pattern only matches the CamelCase spelling of HostKey.
In openssh 9.3, sshd learnt a new command line flag '-G', which causes
sshd to parse the given configuration file and print the resulting
effective configuration on stdout. So use that instead.
Furthermore, since that "effective configuration" includes the default
set of host keys if the configuration file has no HostKey stanzas, we
also avoid the script needing to know what sshd's default is - that
could plausibly change with some future release.
(From OE-Core rev: dd27f9d869b8aa28dfb18de037a24ab0ec735718)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)
ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]
A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)
ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]
Removed Features
The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]
Feature Changes
If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]
Bug Fixes
The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]
This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.
The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]
The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]
BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]
Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]
Known Issues
There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.
(From OE-Core rev: 29cc2203b06b12d4c93ffc1fb56f1754f6982e80)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set CONF_USR_DIR explicitly as upstream hardcodes 'lib' in it.
Fix up iproute2-ip packaging to reflect that, and fix multilib error
where the executable would end up in the main package.
(From OE-Core rev: c88d6e94c0df3079410930abff9af0a08930ec8c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
https://github.com/openssl/openssl/blob/openssl-3.1/NEWS.md#major-changes-between-openssl-312-and-openssl-313-19-sep-2023
Major changes between OpenSSL 3.1.2 and OpenSSL 3.1.3 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows (CVE-2023-4807)
(From OE-Core rev: eb65fdd971aa30d3fd09a8bc1b33ad2a1197f364)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
