summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* avahi: refresh patchesRoss Burton2018-03-111-10/+16
| | | | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 6c0329389ffd82552c9302d70c8b2a1dfc94ce00) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* irda-utils: refresh patchesRoss Burton2018-03-091-26/+38
| | | | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: a3221aa92fa4423da3b70b8d673cf68be08ad922) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: refresh patchesRoss Burton2018-03-092-40/+46
| | | | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 9f2ce622866c9766dc861561671ebb3f1c407e0b) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: refresh patchesRoss Burton2018-03-071-5/+5
| | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: f369e9dce9dc2bcd89b2492545112da78aca690e) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* neard: refresh patchesRoss Burton2018-03-071-9/+6
| | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 1aa6e504b21d1e7290d81af8fc7863053269a196) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: refresh patchesRoss Burton2018-03-073-25/+20
| | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 0902bef12c815f302f04fa28606ece4b014260d6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: remove unused patchMaxin B. John2018-03-041-33/+0
| | | | | | | | | | | Remove unused patch: 0001-openssh-Fix-syntax-error-on-x32.patch (From OE-Core rev: a752aa31fc8f3a3d283381b7235710af4ece16d8) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: remove dependency on libcheckAnuj Mittal2018-03-041-1/+1
| | | | | | | | | | | | It was removed a while back and isn't needed anymore. https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=292a37990cf0b9517135a4d58c8c1df6b9123cb4 (From OE-Core rev: da8c86e75f5c70be6c18aa278c7b4dcfbd3aec49) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: remove patch from 1.0.2m left behind after update to 1.0.2nDenys Dmytriyenko2018-02-241-4666/+0
| | | | | | | | (From OE-Core rev: 2ccbd281c267d93ab1af854f603f988fc8dd0231) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update to 1.0.2nAlexander Kanavin2018-02-0634-248/+196
| | | | | | | | | | | | Drop upstreamed 0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch Rebase a couple more patches (via devtool upgrade). (From OE-Core rev: 8a79b8619ce797d5395989e7bb804bc2accfbb14) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: use patch sent upstream instead of sedRoss Burton2018-01-303-3/+28
| | | | | | | | | | | Instead of using a sed to fix the hashbang in a test tool send a patch upstream and use that. This way we'll notice when the patch doesn't need to be applied anymore. (From OE-Core rev: 8b6c45dfdd6a7b469f5a0dd7308b25bdd4b1bf56) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: don't use deprecated functions from utils.bbclassRoss Burton2018-01-301-1/+1
| | | | | | | | | | | These functions were moved to meta/lib/oe in 2010 and the base_* functions in utils.bbclass were intended to be a short-term compatibility layer. They're still used in a few places, so update the callers to use the new functions. (From OE-Core rev: c97acbd034532895ce57c6717ed1b3ccc7900b0d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: only depend on pygobject if its going to workRoss Burton2018-01-301-2/+3
| | | | | | | (From OE-Core rev: 5db515593d8a70e58a09e8db9327c5a3616945bf) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: only depend on pygobject if its going to workRoss Burton2018-01-301-3/+3
| | | | | | | (From OE-Core rev: 9a2d15d8360418890c40191644e22e830071b39d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: upgrade to version 1.22Maxin B. John2018-01-262-8/+8
| | | | | | | | | | | | | | | | | | | | | In ver 1.22: Fix issue with GPIO handling and Nokia modems. Fix issue with SIM state callback and AT modems. Fix issue with data mode and DCD for U-Blox modems. Fix issue with SMS receive on QMI based Quectel EC21. Fix issue with HFP support and last call dialed request. Fix issue with PIM retires handling and Gemalto modems. Fix issue with atom registration and SIM state handling. Add support for handling SIM card AID session management. Add support for handling GSM/UMTS and IMS authentication. Add support for IP Multimedia Subsystem (IMS) atom. Add support for MBIM based modems. (From OE-Core rev: 7f96371566d00d44abf5cbfa012dd11dfa47187d) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iw: 4.9 -> 4.14Changhyeok Bae2018-01-231-2/+2
| | | | | | | | | | Upgrade iw from 4.9 to 4.14 (From OE-Core rev: 712d7acd5dada55f980d46788e8dd129570a9d61) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Disable wtmp when using musl libcPaul Barker2018-01-221-0/+3
| | | | | | | | | | musl doesn't implement wtmp/utmp. (From OE-Core rev: 2065bb297ff3e48801bc8458d85f4f66a3e69daf) Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Implement subnet route in sessionJian Liang2018-01-225-0/+281
| | | | | | | | | | | | | Implement subnet route creation/deletion in session, e.g. default via 192.168.100.1 dev eth0 192.168.100.0/24 dev eth0 (From OE-Core rev: d6ac8a53d05124cbe34bc6673cb46091b50c7643) Signed-off-by: Jian Liang <jianliang@tycoint.com> Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Fix a crash using wispr over TLSJian Liang2018-01-222-0/+42
| | | | | | | | | | | | | | | | | | | | | | This is happened when doing wispr against a HTTPS URL rather than the default one, i.e. http://ipv4.connman.net/online/status.html When gnutls_channel is instantiated, the gnutls_channel->established has to be initiated as FALSE. Otherwise, check_handshake function won't work. A random initial value 1 of gnutls_channel->established will make check_handshake return G_IO_STATUS_NORMAL, when the channel is actually not ready to be used. The observed behaviours are, - wispr is getting random errors in wispr_portal_web_result - ConnMan crashes on exit after those random errors - when wispr is luckly working, ConnMan doesn't crash on exit (From OE-Core rev: 2ea983d4a187ac62e703e85dce622f70e309be05) Signed-off-by: Jian Liang <jianliang@tycoint.com> Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: fix nat-postrouting not update issueJian Liang2018-01-222-0/+113
| | | | | | | | | | | | When more than one session are created with the same "AllowedInterface", connman failed to update nat- postrouting rules when new IP address was got (From OE-Core rev: 918754c8e855dea07a49e30b6ff1d3e3dd7530c7) Signed-off-by: Jian Liang <jianliang@tycoint.com> Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: 4.13.0 -> 4.14.1Changhyeok Bae2018-01-193-7/+7
| | | | | | | | | | | | | - This release features JSON output for many commands and greater support of offloading to hardware. - Config is changed to config.mk (From OE-Core rev: d633f99cbb4b72876953667b23076ade51c063f0) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: 5.47 -> 5.48Huang Qiyu2018-01-141-2/+2
| | | | | | | | | | Upgrade bluez5 form 5.47 to 5.48 (From OE-Core rev: 61444fd318c266800ef8fb308a5c16f90d5e3a3f) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: remove explicit avahi-dev RDEPENDSRoss Burton2018-01-111-5/+0
| | | | | | | | | | | | | | | | These were added to the avahi-dev package back in 2011 before avahi-ui existed at all. The problem of GTK+ being pulled in via avahi-dev was finally solved with the avahi-ui split, so these explicit (and by being manually maintained, incomplete) dependencies can be removed. This also results in gettext-dev being removed from the dependency tree (the gettext library API is provided by glibc/musl), which means that for a standard image we don't need to build target gettext at all anymore. (From OE-Core rev: 00ae3e03185f1044f3610dc7ba7da7bd3beb868a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl-ptest: improve reproducibilityJuro Bystricky2018-01-051-0/+6
| | | | | | | | | Remove buildhost references from Makefile and Configure. (From OE-Core rev: 891e33f4ad0919f5b3be77cd63260121d62b6ee7) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: upgrade to 0.7Dengke Du2018-01-025-77/+8
| | | | | | | | | | | | | | | | Delete the unneeded patch, because the upstream contains the needed changes. The new version of avahi 0.7 use "/run" directory to place some run-time variable data, not /var/run, so in avahi.inc, we should remove the "/run" not "/var/run". Remove PACKAGECONFIG for pygtk which already dropped in upstream. (From OE-Core rev: 80b408ae48eb091fc2af8b1570a7aac3cdc0b009) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: fix malformed/missing Upstream-Status tagsRoss Burton2017-12-101-1/+1
| | | | | | | (From OE-Core rev: 9e7aed823d3035b8429d3c5fc537cacadf16f675) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: don't do aclocal/acinclude danceRoss Burton2017-12-101-4/+2
| | | | | | | | | Instead, just stop running aclocal. (From OE-Core rev: 0582396081b638811174f9371feacbbf4593bd1a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman.inc: do not check IMAGE_FEATURESPatrick Ohly2017-12-101-3/+0
| | | | | | | | | | | | | | | | | | Recipes can't rely on IMAGE_FEATURES to determine whether the resulting packages will be used in an image with read/write or read-only rootfs because IMAGE_FEATURES is a per-image recipe variable. The connman.inc code checked IMAGE_FEATURES to determine whether /var/run/connman needs to be created via tmpfiles.d when booting a read-only rootfs. In my tests that is not necessary (anymore?), something (connman itself?) creates the missing directory. (From OE-Core rev: 577585375efac8f86223d7549ce39cd70877cbd9) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: add a missing WPA_COMMON_CTRL_IFACE definitionMing Liu2017-12-021-0/+1
| | | | | | | | | | | The WPA_COMMON_CTRL_IFACE definition is missing, which leads to obvious problems since there is no way to access the ctrl socket. So add it in. (From OE-Core rev: 7baa3137859915fdbaaea0499b442f5d9df3f17b) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix runtime errors with Thumb2 when using binutils 2.29Stefan Agner2017-12-022-0/+89
| | | | | | | | | | | | | | | | | When compiling OpenSSL with binutils 2.29 for ARM with Thumb2 enabled crashes and unexpected behavior occurs. E.g. connecting to a OpenSSH server using the affected binary fails with: ssh_dispatch_run_fatal: Connection to 192.168.10.171 port 22: incorrect signature Backport upstream bugfix: https://github.com/openssl/openssl/issues/4659 (From OE-Core rev: e76dcfbd6e1ad6fc147a0607dcdaf8e7ea98b610) Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Acked-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.1.0f -> 1.1.0gStefan Agner2017-12-021-2/+2
| | | | | | | | | | | | | Deals with two CVEs: * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) (From OE-Core rev: edf9686be28fc321886d48043bcb4ef5b2c00c1d) Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Acked-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl10: fix runtime errors with Thumb2 when using binutils 2.29Stefan Agner2017-12-022-0/+101
| | | | | | | | | | | | | | | | | When compiling OpenSSL with binutils 2.29 for ARM with Thumb2 enabled crashes and unexpected behavior occurs. E.g. connecting to a OpenSSH server using the affected binary fails with: ssh_dispatch_run_fatal: Connection to 192.168.10.171 port 22: incorrect signature Backport upstream bugfix: https://github.com/openssl/openssl/issues/4659 (From OE-Core rev: 977db3843b629112539d3eb766c845127c0de497) Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Acked-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl10: Upgrade 1.0.2l -> 1.0.2mStefan Agner2017-12-0233-2/+2
| | | | | | | | | | | | | Deals with two CVEs: * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) (From OE-Core rev: a200115c769eff4b9b0241d54ed5ad86da08fdbc) Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Acked-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: include netinet/in.h before linux/in.h in pppoe.hYi Zhao2017-12-023-45/+55
| | | | | | | | | | | | | The patch ppp-fix-building-with-linux-4.8.patch tries to fix build error with 4.8 or newer linux headers, but it would break building with kernel < 4.8. There is a better solution to fix this issue in upstream. Backport the upstream patch and replace the old one. (From OE-Core rev: 85095edfc4bbf23d853fc21fbfb454e598206a24) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: upgrade to 4.13Changhyeok Bae2017-11-214-49/+15
| | | | | | | | | | | | - 0001-include-stdint.h-explicitly-for-UINT16_MAX.patch is already applied to upstream. - Rebase two patches. (From OE-Core rev: 9839de8861c5fb2067664542045c0728653bbcb4) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: upgrade to 1.21Maxin B. John2017-11-212-8/+8
| | | | | | | | | | 1.20 -> 1.21 (From OE-Core rev: 24fe10634c5e6f17bab2fb5235eb96a2700663cd) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: fix build issue with libxml2 supportAwais Belal2017-11-112-0/+38
| | | | | | | | | | | | | | | | | A missing case breaks the build when libxml2 is required and found appropriately. The third argument to the function AC_SEARCH_LIB is action-if-found which was mistakenly been used for the case where the library is not found and hence breaks the configure phase where it shoud actually pass. We now pass on silently when action-if-found is executed. (From OE-Core rev: a17f3ec910366e9e7551fa24fbc07929b9584341) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: use ${BPN} instead of ${PN} for userDan Dedrick2017-11-111-1/+1
| | | | | | | | | | | | | ${PN} will include additional prefixes, such as lib32-, which are not actually a part of the user that is being added. This was creating an unused user and possibly missing the actually intended user. By using ${BPN} this will remove all additional extra information and consistently be "dhcp". (From OE-Core rev: 77375b50e23555c3a2d24f2b41771e4d43c5b026) Signed-off-by: Dan Dedrick <ddedrick@lexmark.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: move libraries to own packageandreas.kling@peiker-cee.de2017-11-081-0/+3
| | | | | | | | (From OE-Core rev: d74ebc91388941295a2321a295cdb06ee87fc38b) Signed-off-by: Andy Kling <andreas.kling@peiker-cee.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Convert from ftp to https urlsRichard Purdie2017-11-071-2/+2
| | | | | | | | | The ftp protocol is dated and problematic. Since https is available, lets use that instead, making new users chances of successful builds higher. (From OE-Core rev: f24a29fcba98ceff08c13b0f029be93995f1deed) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update to 7.6Armin Kuster2017-11-074-239/+25
| | | | | | | | | | | LICENSE changed do to name being added removed patches included in some form (From OE-Core rev: 88770be201678bf1906e27d72e840de2cd4c43f0) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.10.6Armin Kuster2017-11-071-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fixes * An error in TSIG handling could permit unauthorized zone transfers or zone updates. These flaws are disclosed in CVE-2017-3142 and CVE-2017-3143. [RT #45383] * The BIND installer on Windows used an unquoted service path, which can enable privilege escalation. This flaw is disclosed in CVE-2017-3141. [RT #45229] * With certain RPZ configurations, a response with TTL 0 could cause named to go into an infinite query loop. This flaw is disclosed in CVE-2017-3140. [RT #45181] End of Life The end of life for BIND 9.10 is yet to be determined but will not be before BIND 9.12.0 has been released for 6 months. https://www.isc.org/downloads/software-support-policy/ more info see https://lists.isc.org/pipermail/bind-announce/2017-July/001063.html (From OE-Core rev: 96e9adb60320b2e2f0bb7a04d9ed49ddc53649bb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: upgrade 1.34 -> 1.35Changhyeok Bae2017-11-053-163/+2
| | | | | | | | | | | | Below two patches are applied in v1.35 - 0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch - CVE-2017-12865.patch (From OE-Core rev: f4b9c5dba4ca0c0242284eb8148e25e89f02d988) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: force soft link to avoid rare raceRandy MacLeod2017-11-052-0/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch works around a rare parallel build race condition using the force option when soft linking. The error seen is: ln: failed to create symbolic link 'libssl.so': File exists make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1 make[4]: Leaving directory '/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k' Just add the -f flag to the platform independent soft link code to avoid the collision. This is reasonable since this Makefile removes the link target before creating a new soft link. The Makefile was written this way to support platforms that don't allow forcing a softlink to overwrite an existing link. Only builds on Linux are supported so that's not a requirement for oe-core recipes. The openssl team is rewriting their build files so it's not appropriate for openssl upstream and fixing the root cause of the race condition was also not pursued. (From OE-Core rev: c60288aba70635238094c6b813228b31e0715db9) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: Add switch for NFSv4.1Joshua Watt2017-11-051-1/+2
| | | | | | | | | | NFS version 4.1 support can now be enabled via PACKAGECONFIG (From OE-Core rev: a99947274de16d712cfa661d2d7386bf0e28a01d) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add support for riscv32/riscv64Khem Raj2017-11-052-0/+12
| | | | | | | | (From OE-Core rev: ba6e739ca9099a6d3603e197474e16c75013106b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: Upgrade 5.46 -> 5.47Marc Ferland2017-11-054-74/+3
| | | | | | | | | | | | | | | | | | | | This release includes: - SDP fix for CVE-2017-1000250. - New bluetooth mesh profile. - Various fixes to GATT, A2DP and BR/EDR vs LE bearer handling. This commit also drops the following two patches which are included in 5.47: - 0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch - cve-2017-1000250.patch (From OE-Core rev: cf25d927b2deadc11688b9dab2c366eaa57c54e6) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa_supplicant: fix WPA2 key replay security bugRoss Burton2017-10-162-0/+1026
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. (From OE-Core rev: 1c46e201ef486395ec047f29af272f8c3dfd9611) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Atomically generate host keysJoshua Watt2017-10-071-8/+34
| | | | | | | | | | | | | | Generating the host keys atomically prevents power interruptions during the first boot from leaving the key files incomplete, which often prevents users from being able to ssh into the device. [YOCTO #11671] (From OE-Core rev: 221b40f1f08ee23511ba078a1efd01686922e932) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Fix key generation with systemdJoshua Watt2017-09-254-81/+76
| | | | | | | | | | | | | | | | | | | | 106b59d9 broke SSH host key generation when systemd and a read-only root file system are in use because there isn't a way for systemd to get the optional weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default value if it is not specified. Instead, move the logic for determining if keys need to be created to a helper script that both the SysV init script and the systemd unit file can reference. This does mean that the systemd unit file can't check for file existence to know if it should start the service, but it wasn't able to do that correctly anyway anymore. This should be a problem since the serivce is only run once per power cycle by systemd, and should exit quickly if the keys already exist (From OE-Core rev: 7e49c5879862253ae1b6a26535d07a2740a95798) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>