summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* openssl: update to 1.1.1k to fix CVE-2021-3450 and CVE-2021-3449Mikko Rapeli2021-04-061-1/+1
| | | | | | | | | | | Only security issues fixed in this release according to https://www.openssl.org/news/cl111.txt (From OE-Core rev: 0826a41940da14631043e2a496854dbb5da9a15f) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: fix CVE-2021-26675, CVE-2021-26676Catalin Enache2021-04-064-0/+329
| | | | | | | | | | | | | | | | | | | | | | | | | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. gdhcp in ConnMan before 1.39 could be used by network-adjacent. attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. References: https://nvd.nist.gov/vuln/detail/CVE-2021-26675 https://nvd.nist.gov/vuln/detail/CVE-2021-26676 Upstream patches: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 (From OE-Core rev: 3c78000aaf8e4ee8ffb7674f5c286e2c110f167b) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: update CVE-2021-27803.patchMartin Jansa2021-03-281-4/+8
| | | | | | | | | | | * update to match what was merged in master branch (and I have now sent for gatesgarth) * fixes Upstream-Status (there is a missing 'c' in 'Acepted' and 'Backport' is more accurate) (From OE-Core rev: 060587ae477d785db017f4d8a2152206c258da42) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: fix CVE-2021-27803Minjae Kim2021-03-182-0/+55
| | | | | | | | | | | | | | | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Upstream-Status: Acepted [https://w1.fi/cgit/hostap/commit/?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32] CVE: CVE-2021-27803 (From OE-Core rev: 2877d0d42ffb656a6afa1f99084490ec4d84115b) Signed-off-by: Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/recipes-connectivity: Add HOMEPAGE / DESCRIPTIONDorinda2021-03-105-0/+5
| | | | | | | | | | | | | | Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage [YOCTO #13471] (From OE-Core rev: a2658937bcb987b061cd9866d726d9d66623e93c) Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ecf8922e6bb12a2facc59bbe794b575101fce1dc) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: fix CVE-2021-0326Stefan Ghinea2021-03-102-0/+46
| | | | | | | | | | | | | | | | | | | | | | | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9 Android ID: A-172937525 References: https://nvd.nist.gov/vuln/detail/CVE-2021-0326 Upstream patches: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e<links_for_CVE_patches> (From OE-Core rev: 629a275bbafe7436f73ace59ab06d44e316b6b9d) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b7940edabe100512e8f558cc37f9da836feae74d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix CVE-2020-8625Minjae Kim2021-03-102-0/+18
| | | | | | | | | | | | BIND Operational Notification: Zone journal (.jnl) file incompatibility Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch] CVE: CVE-2020-8625 (From OE-Core rev: dcce323a1b651a875da8e51f02f015de442d7d49) Signed-off-by: Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade 1.1.1i -> 1.1.1jWang Mingyu2021-03-101-1/+1
| | | | | | | | | | (From OE-Core rev: c3b4d7500366092d99f7bb6f30555424e66bddba) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a67635ca2c7a016efcf450e4011f2032883e995d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: set CVE_VERSION_SUFFIXLee Chee Yang2021-02-101-0/+2
| | | | | | | | | | (From OE-Core rev: b2feaf6826f4ead7b7ea141bdd27e9c96147b6f2) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 17df664a32a74f17baaef8c31ac23adec2d6255f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: Whitelist CVE-2020-15704Robert Joslyn2021-01-211-0/+4
| | | | | | | | | | | | This CVE only applies to the load_ppp_generic_if_needed patch applied by Ubuntu. This patch is not used by OpenEmbedded, so the CVE does not apply. (From OE-Core rev: 897822233faef0f8f35dc1d8a39e1c4bc0550f1e) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mobile-broadband-provider-info: upgrade 20190618 ->20201225Wang Mingyu2021-01-131-2/+2
| | | | | | | | | | (From OE-Core rev: 72431ee8de5e3a53d259cebf420a7713ac9e1f14) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 812eb3121e0aabe4e3de9a8c61b1e62c87f55aa4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Update to 1.1.1iRobert Joslyn2021-01-011-1/+1
| | | | | | | | | | | | This fixes a NULL pointer dereference in GENERAL_NAME_cmp function. CVE: CVE-2020-1971 (From OE-Core rev: fcd335e2a721d8db6e2fdac483798ced0ff3e1ad) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: whitelist CVE-2014-9278Steve Sakoman2020-11-201-0/+4
| | | | | | | | | | | | | | | | | | The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. Whitelist the CVE since this issue is Redhat specific. (From OE-Core rev: 49955248b6011450a8767496783fb9f4738c9a99) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 309132e50d23b1e3f15ef8db1a101166b35f7ca4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: fix some unresponsive homepages and bugtracker linksMaxime Roussin-Bélanger2020-11-122-2/+2
| | | | | | | | | | | | remove some extra whitespaces (From OE-Core rev: 3ac10faff7ef00f68031400e86a6882ce0d5090a) Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 32ce3716761165b9df12306249418645724122cc) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: update to 5.55 to fix CVE-2020-27153Chee Yang Lee2020-11-121-2/+2
| | | | | | | | | | | | | | | | | | | Version 5.55 is a security/bug fix release Release note: https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07 CVE reference: https://nvd.nist.gov/vuln/detail/CVE-2020-27153 (From OE-Core rev: 698c0cbf77ebce6b336f823f826aaece0cc9ca32) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c2895e3e4eabca64cbcc8682e72d25026df5e5f0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Allow enable/disable of rng-tools recommendation on sshdOtavio Salvador2020-10-061-2/+8
| | | | | | | | | | | | | | We are adding a new PACKAGECONFIG option ('rng-tools') to control if we wish the openssh-sshd to RRECOMMENDS the 'rng-tools' package. We are enabling it by default so there is no behavior change. (From OE-Core rev: ff61cf5777c63a7ebecde5ada1cf01d7bafe265d) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fe99349c1bd72b69d22ab0dc52b8825d3157b8e7) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keysRichard Purdie2020-10-068-0/+76
| | | | | | | | | | | | | | | Host keys are getting bigger and taking an ever increasing amount of time to generate. Whilst we do need to test that works, we don't need to test it in every image. Add a recipe which can be added to images with pre-generated keys, allowing us to speed up tests on the autobuilder where it makes sense to. (From OE-Core rev: 130695364281f62b9e00d311c21f7acb5a1204a1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c6c7d16437cbd5ccbee1b99a2154c33fdbac9299) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dropbear/openssh: Lower priority of key generationRichard Purdie2020-10-061-0/+1
| | | | | | | | | | | | | | | | | | Where we have images with PAM+systemd, serial login can be extremely slow. The load generated by key generation does slow down the rest of the boot process. Lower the priority level of these systemd services, since we'd prefer to have the rest of the system boot more effectively. This doesn't "solve" the slow systemd boot issues but does help. (From OE-Core rev: c5394e65972ac21b1c7f68db100754939ecaef8c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 087700665284c08ba846e52b6b86276629f5f1cd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: fix builds that require ell supportPeter A. Bigot2020-09-021-2/+2
| | | | | | | | | | | | | | | | | | | | | Shortly after the recipe was updated to add ell as a mesh dependency the way ell was integrated into bluez5 was changed. BlueZ requires ell only for mesh and for btpclient (external test programs). It will be ignored unless either mesh or btpclient are selected. ell can be supplied externally, or it can be copied into the bluez build directory from an existing sibling source directory. Since bitbake builds do not provide a sibling source directory tell bluez to look for it as an external library in the conditions where it's required. (From OE-Core rev: a29eac72da3579edd9eebc3358498146000a491a) Signed-off-by: Peter A. Bigot <pab@pabigot.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f22b4eba98b3707d7f6daa4277414cecb3e5ee6b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.22 ESVArmin Kuster2020-09-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Source: isc.org MR: 105232, 105246, 105260 Type: Security Fix Disposition: Backport from https://www.isc.org/bind/ ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366 Description: Bug fix only update Three CVE fixes CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 For more information see: https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.pdf (From OE-Core rev: 08e362ebd65816106afbc594cbbc552b9a6c32c6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1c85f26b1bd3475699d54f18c6b5b4924bcd8eb2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: upgrade 9.11.19 -> 9.11.21Yi Zhao2020-08-071-1/+1
| | | | | | | | | | | | | | | Bug and CVE fixes only Detailed list of changes at: https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11_21/CHANGES (From OE-Core rev: dc916547041b8d7636e5234f7e3150036bbbde4a) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c6749532f94f435e6771d66d3fa225e676753478) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: openssl-bin requires openssl-conf to runRobert Yang2020-07-311-0/+2
| | | | | | | | | | | | | | | Fixed: $ dnf install openssl-bin $ openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes -batch Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory (From OE-Core rev: 2a4980cd8bfd829bab1ba081588eb0bdbd285b97) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e93cd3b83a255294c9ab728adc7e237eb1321dab) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: Fix typo in recipeChristian Eggers2020-07-221-1/+1
| | | | | | | | | | | | | | According to the PACKAGES variable, LICENSE_avahi-client is misspelled. Additionally, the libavahi-client package actually only includes LGPLv2.1+ software (as opposed to the global LICENSE variable). (From OE-Core rev: 683fb53c94e63e4f5acf4c2efd04977cc10bed49) Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d8837b4735b5e96ae0f5542319e711dbda8c3849) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-confHannu Lounento2020-07-161-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some openssl command line operations like creating an X.509 CSR require the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes -keyout my.key Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory 140289168594176:error:02001002:system library:fopen:No such file or directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r') 140289168594176:error:2006D080:BIO routines:BIO_new_file:no such file:../openssl-1.1.1g/crypto/bio/bss_file.c:76: which is the case e.g. in core-image-minimal with just the package openssl-bin added to the image by declaring IMAGE_INSTALL_append = " openssl-bin" e.g. in local.conf. The file did not exist in the aforementioned image / configuration because it was packaged to the main openssl package FILES_${PN} =+ "${libdir}/ssl-1.1/*" (there is no other FILES specification that would match the file either) and path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm [...] /usr/lib/ssl-1.1/openssl.cnf [...] Hence move /usr/lib/ssl-1.1/openssl.cnf (and openssl.cnf.dist as it seems closely related) to the ${PN}-conf package to have it installed with ${PN}-bin, which already (indirectly) depends on ${PN}-conf. Note that the openssl recipe has the comment Add the openssl.cnf file to the openssl-conf package. Make the libcrypto package RRECOMMENDS on this package. This will enable the configuration file to be installed for both the openssl-bin package and the libcrypto package since the openssl-bin package depends on the libcrypto package. but openssl-conf only contained /etc/ssl/openssl.cnf path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm /etc /etc/ssl /etc/ssl/openssl.cnf /usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to ../../../etc/ssl/openssl.cnf. Other files and directories in /usr/lib/ssl-1.1/ were considered as well because they seem to be configuration files and / or related to (symlinks pointing to) /etc. They were not moved though, because based on our use case and testing moving the openssl.cnf symlink is sufficient for fixing the immediate problem and we lack knowledge about the other files in order to make a decision to change their packaging. (From OE-Core rev: e5405189e6d1b3b3b236aa8fe7a577c72f6af8d8) Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c1632d7041fe0c18ec61abfa79a9c025af43c033) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Security fix CVE-2020-12695Armin Kuster2020-07-024-1/+267
| | | | | | | | | | | | | | | Source: http://w1.fi/security/ Disposition: Backport from http://w1.fi/security/2020-1/ Affects <= 2.9 wpa-supplicant (From OE-Core rev: 720d29cbfce34375402c6a4c17e440ffbb2659bf) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e9c696397ae1b4344b8329a13076f265980ee74d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.19akuster2020-06-263-240/+2
| | | | | | | | | | | | | | | | | | | Bug fix only updates. suitable for Stable branch updates where applicable. Drop CVE patches included in update LIC_FILES_CHKSUM update copyright year to 2020 Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES (From OE-Core rev: c672d2b6c98607f1fda917f4a3189a53712e8fc2) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a6ba66cf5e754cdcd41f01d233fbef7b94a10225) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: remove service templates from SYSTEMD_SERVICEKai Kang2020-06-261-3/+3
| | | | | | | | | | | | | | Remove service templates wpa_supplicant-nl80211@.service and wpa_supplicant-wired@.service from SYSTEMD_SERVICE that they should NOT be started/stopped by calling 'systemctl' in postinst and prerm scripts. (From OE-Core rev: 7910a0d6f332253608767a9576a0d521dd87efd7) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fe9b8e50461ab00ab3ad8b065ebd32f0eea2a255) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: Remove -fcommonAdrian Bunk2020-06-231-1/+1
| | | | | | | | | | | | This was fixed in upstream version 5.5.0. (From OE-Core rev: 433d3856151e095afb640a567241bebaf2e84b87) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9a9f67b7c50a8c28a75fc48c8abcb8a7bb35f0e6) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix CVE-2020-8616/7Lee Chee Yang2020-06-053-0/+237
| | | | | | | | | | | | fix CVE-2020-8616 and CVE-2020-8617 (From OE-Core rev: 8681058cce46b342c9895819e3a4bc0770934d86) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d0df831830e4c5f8df2343a45ea75c2ab4f57058) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: Don't advertise example services by defaultPaul Barker2020-05-281-0/+5
| | | | | | | | | | | | | | | | The example service files are placed into /etc/avahi/services when we run `make install` for avahi. This results in ssh and sftp-ssh services being announced by default even if no ssh server is installed in an image. These example files should be moved away to another location such as /usr/share/doc/avahi (taking inspiration from Arch Linux). (From OE-Core rev: c88cf750f26f6786d6ba5b4f1f7e5d4f0c800e6e) Signed-off-by: Paul Barker <pbarker@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: Include vpn-script in FILESAlejandro Hernandez2020-05-221-1/+2
| | | | | | | | | | | | | When vpnc support is included through PACKAGECONFIG, there is now an extra vpn-script coming after the atest upgrade, include that script into FILES so it gets packaged. (From OE-Core rev: 8587149c49dd8d1e1a0a0b5cf81e458bfa88547e) Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade 1.1.1f -> 1.1.1gJan Luebbe2020-05-071-1/+1
| | | | | | | | | | | This also fixes CVE-2020-1967. (From OE-Core rev: f0bd52e5b50a1742b767eefe0d9d67facbb6c53a) Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "dhclient: not always skip the nfsroot interface"Mingli Yu2020-04-071-25/+1
| | | | | | | | | | | | | | | | | | | | | This reverts commit[27aec88 dhclient: not always skip the nfsroot interface] which used to address the IP address renew issue when boot a system in a nfsroot fs and altogether boot with ip=dhcp. But reported by some tester, the above commit introduces below issue when run ltp test on a nfsroot system which boot with ip=dhcp: nfs: server 192.168.100.1 not responding, still trying nfs: server 192.168.100.1 not responding, still trying [snip] So revert the above commit now to avoid blocking test. (From OE-Core rev: 5c172e0e8f8d02fe1dacec9d3574671baf9ad075) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: add RDEPENDS for dhcp-clientMingli Yu2020-04-021-0/+1
| | | | | | | | | | | | | Add iproute2 RDEPENDS for dhcp-client as /sbin/dhclient-systemd-wrapper which called by dhclient.service depends on ip command which provided by iproute2 package when systemd enabled in DISTRO_FEATURES. (From OE-Core rev: 0c91fcba446418ad1f71d3df9aa3b186bbd353c7) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhclient: not always skip the nfsroot interfaceMingli Yu2020-04-021-1/+25
| | | | | | | | | | | | Don't skip the nfsroot interface when use dhcp to get the address for nfsroot interface as the nfsroot interface may need dhclient to renew the lease. (From OE-Core rev: 27aec88c2ff4588acacadbe1cd61d7ce233fc817) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* inetutils: Use alternatives to avoid manpage conflictOvidiu Panait2020-04-021-1/+5
| | | | | | | | | | | | | | | Fix the following manpage conflicts: * check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man1/tftp.1 But that file is already provided by package * tftp-hpa-doc * check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man8/tftpd.8 But that file is already provided by package * tftp-hpa-doc * check_data_file_clashes: Package netkit-telnet-doc wants to install file /usr/share/man/man8/telnetd.8 But that file is already provided by package * inetutils-doc (From OE-Core rev: fc14bfd60ad86094f65ebefbd10dbddc112d2698) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update to 1.1.1fAlexander Kanavin2020-04-011-1/+1
| | | | | | | | | | This also un-breaks python3 ptest which got broken with 1.1.1e update. (From OE-Core rev: b4ddf5b9d8cd769b7026663f93c8bc69b55d8cbf) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: add LICENSE for individual packagesMatthew2020-03-291-0/+10
| | | | | | | | | | | | | Fixes [YOCTO #13609] avahi_0.7.bb defines 9 PACKAGES. However, avahi.inc generically sets LICENSE to "GPLv2+ & LGPLv2.1+". The library specific packages should be LGPLv2.1+ only. (From OE-Core rev: bd10fa54a94e9ae44defddae573ce67d33a11979) Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: fix do_package error when enable PACKAGECONFIG[nfsv4]Yi Zhao2020-03-241-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: ERROR: nfs-utils-2.4.3-r0 do_package: QA Issue: nfs-utils: Files/directories were installed but not shipped in any package: /usr/lib/libnfsidmap/nsswitch.so /usr/lib/libnfsidmap/static.so Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. nfs-utils: 2 installed and not shipped files. [installed-vs-shipped] Add rdep on python3-core for PACKAGECONFIG[nfsv4] to fix: ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/clddb-tool contained in package nfs-utils requires /usr/bin/python3, but no providers found in RDEPENDS_nfs-utils? [file-rdeps] Add rdep on libdevmapper for PACKAGECONFIG[nfsv41] to fix: ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/blkmapd contained in package nfs-utils requires libdevmapper.so.1.02()(64bit), but no providers found in RDEPENDS_nfs-utils? [file-rdeps] (From OE-Core rev: 17b44d51eaf71ae6d04034454dcb68f508b85258) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.1.1d -> 1.1.1eAdrian Bunk2020-03-242-761/+1
| | | | | | | | | Backported patch removed. (From OE-Core rev: 710bc0f8544f54750c8fb7b8affa243932927a24) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade 5.53 -> 5.54Wang Mingyu2020-03-214-182/+2
| | | | | | | | | | | CVE-2020-0556-1.patch CVE-2020-0556-2.patch removed since they are included in 5.54 (From OE-Core rev: 5552caed72169d397ce0bdf436216ec320a29751) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez: fix CVE-2020-0556Anuj Mittal2020-03-133-0/+180
| | | | | | | | | | | | | | | | It was discovered that BlueZ's HID and HOGP profiles implementations don't specifically require bonding between the device and the host. This creates an opportunity for an malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. (From OE-Core rev: d598f8eee0741148416e8660e10c716654205cb5) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix perl shebang in c_rehashMartin Jansa2020-03-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | * passing PERL=perl breaks c_rehash calls from dash (works fine with bash) dash doesn't like #!perl shebang PERL="/usr/bin/env perl" unfortunately just passing PERL like this doesn't pass do_configure: Creating Makefile sh: 1: /usr/bin/env perl: not found WARNING: exit code 1 from a shell command. But passing it as: HASHBANGPERL="/usr/bin/env perl" PERL=perl seems to work. (From OE-Core rev: 79350826396a882d115caafd88b0a49c91a4fa6c) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: recommend cryptodev-module for corresponding PACKAGECONFIGDenys Dmytriyenko2020-03-081-1/+1
| | | | | | | (From OE-Core rev: 57fcf9b517fe95e871122946cb99fe7fa9fd2e26) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: pass PERL=perl environment variable to configuratorRuslan Bilovol2020-03-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | In our build environment we use wrapper script for perl in non-standard configuration with extra variables set (provided by custom buildtools-tarball). In this case openssl fails to build because by default it's Configure script detects and uses perl executable directly (with absolute path) obviously missing extra settings from wrapper script. Pass PERL=perl environment variable to Configure, so it won't try to use perl executable directly but will use what is provided from environment. (From OE-Core rev: 2b087fef6820da8a6d86ca763bd7730dcac30849) Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade 5.52 -> 5.53Anuj Mittal2020-02-211-2/+2
| | | | | | | (From OE-Core rev: 1df5ece4ef6ef49bfeba83a2716ae4e2ce58d20e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: upgrade 2.4.2 -> 2.4.3Wang Mingyu2020-02-213-47/+10
| | | | | | | | | | | | | 0001-Don-t-build-tools-with-CC_FOR_BUILD.patch Removed since it is included in 2.4.3. refresh the following patch: 0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch (From OE-Core rev: fcaca33d458449379eeb2f99b613f8be1e6a44ce) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: add devlink support to iproute2Scott Branden2020-02-211-11/+23
| | | | | | | | | Add devlink support to iproute2 recipe. (From OE-Core rev: 00cc9773505b2afd002f9b2d72330e517af97d0c) Signed-off-by: Scott Branden <scott.branden@broadcom.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 8.1p1 -> 8.2p1Alex Kiernan2020-02-154-123/+2
| | | | | | | | | | | | | Drop backports from upstream: 0001-Manually-applied-upstream-fix-for-openssh-test.patch 0001-seccomp-Allow-clock_gettime64-in-sandbox.patch openssh-8.1p1-seccomp-nanosleep.patch (From OE-Core rev: c9b5802bbe1de609450f509edf4721ab0a7a70aa) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: add mulitlib_header for platform.hJeremy A. Puhlman2020-02-151-1/+3
| | | | | | | (From OE-Core rev: cfaaeedcb634b68d0b20a05130fd582df660fef6) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-27 01:24:59 +0000