| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
git.gnome.org is no more. It has ceased to be. It's an ex-git.
Please see here:
https://about.gitlab.com/2018/05/31/welcome-gnome-to-gitlab/
Note that gitlab does not support git://, only https:// (and ssh).
[Commit message from Alexander Kanavin]
(From OE-Core rev: 8382cdc0888ca645a44aacaac1155afb8dcde979)
(From OE-Core rev: d40c87b003b290a1739039156b27f194f68f12c2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for sumo context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix CVE-2017-3144
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144
https://kb.isc.org/article/AA-01541
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4
(From OE-Core rev: bcbe9025560dee658c0ead566384e1a8647cebf9)
(From OE-Core rev: cf029db42a6bb96203d2d6bb64a62e6eeec9be8d)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Please see this security advisory:
https://www.openssl.org/news/secadv/20180327.txt
Remove 0001-Remove-test-that-requires-running-as-non-root.patch
(issue fixed upstream)
Remove 0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
(backport)
License-Update: copyright years
(From OE-Core rev: 96d5e9c186fb83f1b5d9b38ace0b1222c3c04c54)
(From OE-Core rev: a4f7a637d9a2c738f217c67394a98f6081149022)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Please see this security advisory:
https://www.openssl.org/news/secadv/20180327.txt
License-Update: copyright years
(From OE-Core rev: 13542282e34c078296c46a98721b31ed9a69a980)
(From OE-Core rev: 9460cdd9227edcca425b919d5b9061d1da55528b)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipes were using 'basename' to turn '/usr/lib' into 'lib', which breaks when libdir is '/usr/lib/tuple', leading to libraries ending up in '/usr/tuple', which isn't in FILES_*. Change the logic to use sed to strip the prefix instead.
(From OE-Core rev: e58d5521c7bae8daafdac85754545be176550a02)
(From OE-Core rev: 373763d4f6668c3e324edf8d699c8c15d0267278)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch was applied in a completely incorrect spot (due to fuzz),
no one noticed or complained. Meanwhile upstream says the issue
has been resolved differently:
https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
(From OE-Core rev: 325e516b59e677dc8e2c5756589fa8037b3e9392)
(From OE-Core rev: d7f682f592538073eefd24bf06c32e8e2e685f05)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 7baba7a19c5610a63ccbfd6a2238667772b32118)
(From OE-Core rev: 95b5ec1d6d614ebd1ea3a57bbbcef33b08966265)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improve reproducible build of:
openssl-staticdev
openssl-dbg
libcrypto
There are two main causes that prevent reproducible build, both related to
the generated file "buildinf.h":
1. "buildinf.h" contains build host CFLAGS, containing various build
host references. We need to pass sanitized CFLAGS to the script
generating this file ("mkbuildinf.pl". )
2. We also need to modify the script "mkbuildinf.pl" itsel in order to
generate a build timestamp based on SOURCE_DATE_EPOCH, if present in
the environment.
(From OE-Core rev: 6c556ed3553d8f5e75d65cd7db92b26df43846b7)
(From OE-Core rev: 5a7cf3296715ac6543a171984fd09168bf73d1af)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 2ccbd281c267d93ab1af854f603f988fc8dd0231)
(From OE-Core rev: b90c5c98b97582e6f1cadaf67a3bdcba05a3d038)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop upstreamed 0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch
Rebase a couple more patches (via devtool upgrade).
(From OE-Core rev: a69526f9cd7682d8a8ff49fd8101b46616e3c05f)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 8a79b8619ce797d5395989e7bb804bc2accfbb14)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove buildhost references from Makefile and Configure.
(From OE-Core rev: d2ddc9986371c816cefee726e72aba6f09a816d7)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 891e33f4ad0919f5b3be77cd63260121d62b6ee7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recipes can't rely on IMAGE_FEATURES to determine whether the
resulting packages will be used in an image with read/write or
read-only rootfs because IMAGE_FEATURES is a per-image recipe
variable.
The connman.inc code checked IMAGE_FEATURES to determine whether
/var/run/connman needs to be created via tmpfiles.d when booting a
read-only rootfs. In my tests that is not necessary (anymore?),
something (connman itself?) creates the missing directory.
(From OE-Core rev: ded2a1eef3345f88df0ca00f120eeba4c8f80553)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 577585375efac8f86223d7549ce39cd70877cbd9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The WPA_COMMON_CTRL_IFACE definition is missing, which leads to obvious
problems since there is no way to access the ctrl socket. So add it in.
(From OE-Core rev: 06cd7db573bb1293ca3baf214c046d7deb5ed058)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 7baa3137859915fdbaaea0499b442f5d9df3f17b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When compiling OpenSSL with binutils 2.29 for ARM with Thumb2 enabled
crashes and unexpected behavior occurs. E.g. connecting to a OpenSSH
server using the affected binary fails with:
ssh_dispatch_run_fatal: Connection to 192.168.10.171 port 22: incorrect signature
Backport upstream bugfix:
https://github.com/openssl/openssl/issues/4659
(From OE-Core rev: 0dba9ac4414a31e341840da3cca12a9ec0658abe)
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Deals with two CVEs:
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
(From OE-Core rev: 3cfbf7d020b12ef70ba1e1bd4a538b4b8f6e7251)
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When compiling OpenSSL with binutils 2.29 for ARM with Thumb2 enabled
crashes and unexpected behavior occurs. E.g. connecting to a OpenSSH
server using the affected binary fails with:
ssh_dispatch_run_fatal: Connection to 192.168.10.171 port 22: incorrect signature
Backport upstream bugfix:
https://github.com/openssl/openssl/issues/4659
(From OE-Core rev: 7310bdb8709a8cb9a5653f10d0be1c024daf6f03)
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Deals with two CVEs:
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
(From OE-Core rev: 7767625370b106bd493fdd5264181a7159e5c300)
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A missing case breaks the build when libxml2 is
required and found appropriately. The third argument
to the function AC_SEARCH_LIB is action-if-found which
was mistakenly been used for the case where the library
is not found and hence breaks the configure phase
where it shoud actually pass.
We now pass on silently when action-if-found is
executed.
(From OE-Core rev: cc4e419eea46e9cdaa321aff4c37fdf8bb74b883)
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
${PN} will include additional prefixes, such as lib32-, which are not
actually a part of the user that is being added. This was creating an unused
user and possibly missing the actually intended user. By using ${BPN} this
will remove all additional extra information and consistently be "dhcp".
(From OE-Core rev: 69d1a48b403d588516cf149559169ee5a0d44b67)
Signed-off-by: Dan Dedrick <ddedrick@lexmark.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ftp protocol is dated and problematic. Since https is available, lets
use that instead, making new users chances of successful builds higher.
(From OE-Core rev: 3dcb052eb4aeca60389c45801d1598fcbe8898d0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f24a29fcba98ceff08c13b0f029be93995f1deed)
Fix merge conflict do to version diff
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch works around a rare parallel build race condition using
the force option when soft linking.
The error seen is:
ln: failed to create symbolic link 'libssl.so': File exists
make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1
make[4]: Leaving directory
'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k'
Just add the -f flag to the platform independent soft link code to
avoid the collision. This is reasonable since this Makefile removes
the link target before creating a new soft link. The Makefile was
written this way to support platforms that don't allow forcing a
softlink to overwrite an existing link. Only builds on Linux are
supported so that's not a requirement for oe-core recipes.
The openssl team is rewriting their build files so it's not appropriate
for openssl upstream and fixing the root cause of the race condition
was also not pursued.
(From OE-Core rev: f6be81b1dddc7adc2e97fefb2bd6c296d4dce8c6)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit c60288aba70635238094c6b813228b31e0715db9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.
* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
* CVE-2017-13078: reinstallation of the group key in the Four-way handshake
* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
* CVE-2017-13080: reinstallation of the group key in the Group Key handshake
* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame
Backport patches from upstream to resolve these CVEs.
(From OE-Core rev: 1c46e201ef486395ec047f29af272f8c3dfd9611)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generating the host keys atomically prevents power interruptions during the
first boot from leaving the key files incomplete, which often prevents users
from being able to ssh into the device.
[YOCTO #11671]
(From OE-Core rev: 221b40f1f08ee23511ba078a1efd01686922e932)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
106b59d9 broke SSH host key generation when systemd and a read-only root file
system are in use because there isn't a way for systemd to get the optional
weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default
value if it is not specified. Instead, move the logic for determining if keys
need to be created to a helper script that both the SysV init script and the
systemd unit file can reference.
This does mean that the systemd unit file can't check for file existence to
know if it should start the service, but it wasn't able to do that correctly
anyway anymore. This should be a problem since the serivce is only run once per
power cycle by systemd, and should exit quickly if the keys already exist
(From OE-Core rev: 7e49c5879862253ae1b6a26535d07a2740a95798)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids the following error when the systemd DISTRO_FEATURE is
enabled, but the systemd PACKAGECONFIG is not:
ERROR: bluez5-5.46-r0 do_package: SYSTEMD_SERVICE_bluez5 value
bluetooth.service does not exist
(From OE-Core rev: a751a1f4ab0625cbfedb6445b0da080fc455848f)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: d29b4a1167d27c466727e8f4183fd99d0dd05a6f)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an
information disclosure vulnerability which allows remote attackers to obtain
sensitive information from the bluetoothd process memory. This vulnerability
lies in the processing of SDP search attribute requests.
(From OE-Core rev: 7351e0b260876b9bbc8660c2bb4173ab4c130f8b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
iproute2 has the ability to include a tipc tool. When enabled this requires
the libmnl package (formerly supplied by meta-openembedded). So both are
needed at the same time.
The change itself is needed because of the tipc-utils package (in
meta-openembedded) which RDEPENDS on iproute2-tipc. Without this package
the yocto-compat-layer script indicates there is no way for me to have
meta-openembedded pass the checker. This is because meta-openembedded is
not allowed to just enable 'tipc' on it's own. (A layer may not make distro
wide changes without a user saying to do it.) The checker script invokes
bitbake -S none world, which will fail on dependency resolution due to there
being no iproute2-tipc package. The tipc-utils package does not have a way
to check the PACKAGECONFIG of the iproute2 package so disable itself if the
dependency can not be met. So the default system behavior needs to be:
iproute2 w/ tipc enabled
tipc-utils RDEPENDS on iproute2-tipc
(From OE-Core rev: b40f42e69de47af4f627432e284038c645efbaec)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: b6a1c7ed0a5955fb15dcd9e14431cb11a5e2e3a0)
Signed-off-by: Vishal Bhoj <vishal.bhoj@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix booting messages wrapped over two different lines:
Starting bluetooth
bluetoothd
Stopping bluetooth
/usr/libexec/bluetooth/bluetoothd
Also reworked whitespace (removed some empty lines).
(From OE-Core rev: 62f1122ef166eba56441d669c6b3b3fe5f367418)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Fix compilation error during openssh x32 build due to syntax error.
(From OE-Core rev: 74d41b4870bec88015c079444daad0a68f69abe9)
Signed-off-by: sweeaun <swee.aun.khor@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
dnsproxy: Fix crash on malformed DNS response
If the response query string is malformed, we might access memory
pass the end of "name" variable in parse_response().
[YOCTO #11959]
(From OE-Core rev: fb3e30e45eea2042fdb0b667cbc2c79ae3f5a1a9)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssl 1.1 broke 3rd party layers a lot more than was expected; let's flip
the switch at the start of next development cycle.
Add a PROVIDES = "openssl10" to openssl 1.0 recipe; any dependency that is
not compatible with 1.1 should use that in its DEPENDS, as the 1.0
recipe will later be renamed back to openssl10. This does not always work:
http://lists.openembedded.org/pipermail/openembedded-core/2017-August/140957.html
but for many recipes it does.
(From OE-Core rev: 5585103c195104e85ed7ac1455bef91b2e88a04d)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Use PACKAGECONFIG to add cryptodev.
(From OE-Core rev: dddf15804f69757278abe175543e74332a978139)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
libc headers now have a backported patch that fixes this.
(From OE-Core rev: 5dc1700ec6ff15aefb8ca540e5b7d3e89a14945b)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Rebase patches to 4.3.6
- define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch -> 0001
- dhcp-3.0.3-dhclient-dbus.patch -> 0002
- link-with-lcrypto.patch -> 0003
- fixsepbuild.patch -> 0004
- dhclient-script-drop-resolv.conf.dhclient.patch -> 0005
- 0001-site.h-enable-gentle-shutdown.patch -> 0006
- libxml2-configure-argument.patch -> 0007
- tweak-to-support-external-bind.patch -> 0008
- remove-dhclient-script-bash-dependency.patch -> 0009
- build-shared-libs.patch -> 0010
- Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch -> 0011
2. Drop search-for-libxml2.patch
It is overrided by libxml2-configure-argument.patch
3. Rework dhclient-script-drop-resolv.conf.dhclient.patch and
Drop replace-ifconfig-route.patch.
vim client/scripts/linux
...
Script refresh in 2017. The aliasing code was too convoluted and needs
to go away. Migrated DHCPv4 script to ip command from iproute2 suite.
This is based on Debian script with some tweaks. ifconfig is no longer
used. Everything is done using ip tool from ip-route2.
...
(From OE-Core rev: 77878d2e6e8f36afa9a0fde8a6f0f955c84a5e5c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
ERROR: openssl-1.1.0f-r0 do_package_qa: QA Issue: /usr/lib/openssl/ptest/fuzz/helper.py contained in package openssl-ptest requires /usr/bin/python, but no providers found in RDEPENDS_openssl-ptest? [file-rdeps]
ERROR: openssl-1.1.0f-r0 do_package_qa: QA Issue: /usr/lib/openssl/ptest/test/certs/mkcert.sh contained in package openssl-ptest requires /bin/bash, but no providers found in RDEPENDS_openssl-ptest? [file-rdeps]
(From OE-Core rev: 7e70d0673df20669edd18b79ae065d8c2f655b8a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
The scripts currently reference "python33", fix this so they reference
python3. The move the python3 likely broke these.
(From OE-Core rev: 1a734f037da37d14f780970a9532d1e2e3683bf8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package resolver failes to assemble images because some of the man
pages in openssl10 conflict with the openssl package. In the case
where you want openssl, openssh and the documentation installed in the
same system you will see the failure.
The work around is to rename all the openssl10 man pages and symlinks
to have a prefix of openssl10-.
(From OE-Core rev: bb837cae92472b294ac886b121b2249e4314439f)
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tipcutils 2.2 in meta-oe removed the tipc-config tool and
recommended to use the new configuration tool named "tipc" in iproute2
package for configuring the tipc, which utilizes the new tipc netlink
kernel API.
Add tipc support and split it out into its own package.
(From OE-Core rev: 944ef0de241de77429ab0e5cb1dd4a7f355cf3fd)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The proposed openssl 1.1 patches are here:
https://github.com/openssh/openssh-portable/pull/48
Openssl maintainers are not in a hurry to get 1.1 support in;
if it doesn't show up within reasonable time, we can take a patch
from Fedora:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-November/035454.html
(From OE-Core rev: 5ccf4a9786fc607a5838edb3bf409f83d7483ba6)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Existing openssl 1.0 recipe is renamed to openssl10; it will
continue to be provided for as long as upstream supports it
(and there are still several recipes which do not work with openssl
1.1 due to API differences).
A few files (such as openssl binary) are no longer installed by openssl 1.0,
because they clash with openssl 1.1.
(From OE-Core rev: da1183f9fa5e06fbe66b5b31eb3313d5d35d11e3)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Support musl-x32 build which to build openssl with 32 bits.
(From OE-Core rev: a072d4620db462c5d3459441d5684cfd99938400)
Signed-off-by: sweeaun <swee.aun.khor@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is used in NVD database CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2015-1863
(From OE-Core rev: cc3882ca2fea2c5a8830311eeb7840ae98da9b3c)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
bluez is the product name in NVD database for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2016-7837
(From OE-Core rev: aade84aa54bb2f958572623ed6464184efd19862)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add dhclient.service. This service file mainly comes from meta-systemd,
with modifications to take nfs boot into consideration.
While using eth0 as the nfsboot interface, we'd like dhclient service
to skip it like what ifup and connman do in sysvinit.
(From OE-Core rev: faa8d0f5e8db4a99367d42ba8c8de5b2e339d8d2)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
5.45 -> 5.46
This includes the new testing utility "advtest"
(From OE-Core rev: 514e9be6b00cd39bb8b2eaf117125109fba17910)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Update the status of following patch from Pending to Accepted:
a) 0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch
(From OE-Core rev: f9ccac5dd359e9b874a39cd879ea23c841085eab)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In https://source.isc.org/git/bind9.git, since the following
commit applied:
...
commit b99bfa184bc9375421b5df915eea7dfac6a68a99
Author: Evan Hunt <each@isc.org>
Date: Wed Apr 10 13:49:57 2013 -0700
[master] unify internal and export libraries
3550. [func] Unified the internal and export versions of the
BIND libraries, allowing external clients to use
the same libraries as BIND. [RT #33131]
...
(git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c)
In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS),
it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart.
Which caused dhclient/dhcpd could not be stopped by SIGTERM.
It caused systemd's reboot hung which send SIGTERM by default.
(From OE-Core rev: 7d3e734481e5d400d03ffd0a12669913fd264c5f)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade bind from 9.10.3-P3 to 9.10.5-P3
* Update md5sum of LIC_FILES_CHKSUM that it update year in file COPYRIGHT
* Remvoe mips1-not-support-opcode.diff which has been merged
* Remove CVE patches that there are backported from upstream
* Use python3 for build and make sure install .py files to right directory
(From OE-Core rev: 9ee6a0a6599d081767b63382a576e67aed12cf4d)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
