summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* openssl: Use linux-aarch64 target for aarch64Fabio Berton2017-01-191-1/+1
| | | | | | | | | | | aarch64 target was being configured for linux-generic64 but openssl has linux-aarch64 target. Change to use linux-aarch64 as default. (From OE-Core rev: 13e9a692510151383bc3243c3917154896b0e049) Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2 4.7->4.9Zheng Ruoqin2017-01-163-88/+135
| | | | | | | | | | Upgrade iproute2 from 4.7 to 4.9 (From OE-Core rev: c6e7db1446a4c94caf3df0b8a9758888d1b8b7f9) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: remove -f exports from nfsserverSaul Wold2017-01-161-1/+1
| | | | | | | | | | | | | The upstream project remove that option as it was quote: It is completely ineffective. [YOCTO #10843] (From OE-Core rev: 52a12c6e5360f3f60b5610eb9ad6edaa076427c1) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: Add patch to fix build with musl and 4.9 headersJussi Kukkonen2017-01-092-0/+44
| | | | | | | | | | | | Removing unused includes fixes the build. Fixes [YOCTO #10853]. (From OE-Core rev: c580d2938286d62d092496e699f12b03fa065546) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: Partly remove patch that doesn't make sense any moreJussi Kukkonen2017-01-091-48/+3
| | | | | | | | | | | ppp no longer provides the duplicate if_pppox.h header so no need to patch that out of the Makefile. (From OE-Core rev: 015574ac9335799e0a3da00cf882b103177c3744) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add support for many MIPS configurationsZubair Lutfullah Kakakhel2016-12-221-9/+15
| | | | | | | | | | Add more case statements to catch MIPS tune configurations (From OE-Core rev: cd1f6fbf9a2113cf510c25de2eb3895468e79149) Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl-native: Compile with -fPICKhem Raj2016-12-201-0/+1
| | | | | | | | | | | Fixes | /usr/bin/ld: libcrypto.a(sha1-x86_64.o): relocation R_X86_64_PC32 against undefined symbol `OPENSSL_ia32cap_P' can not be used when making a shared object; recompile with -fPIC | /usr/bin/ld: final link failed: Bad value (From OE-Core rev: 0a19e72081771fca8ed94fb2a2a8996fd3dce00c) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: 2.5 -> 2.6Zheng Ruoqin2016-12-176-357/+5
| | | | | | | | | | | | | | | | | | | 1)Upgrade wpa-supplicant from 2.5 to 2.6. 2)Delete 5 patches below, since they are integrated upstream. 0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch 0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch 0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch 0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch 0003-Reject-SET-commands-with-newline-characters-in-the-s.patch 3)License checksum changes are not related to license changes. (From OE-Core rev: 878d411eb53e96bf78e902cc2345eccda8807bfc) (From OE-Core rev: 8751dbde2736a4dbea83f6f581fe90f0c60def76) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove True option to getVar callsJoshua Lock2016-12-162-4/+4
| | | | | | | | | | | | | getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Search made with the following regex: getVar ?\(( ?[^,()]*), True\) (From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcap: Disable exposed bits of WinPCAP remote capture supportFabio Berton2016-12-132-0/+37
| | | | | | | | | | | Disable bits of remote capture support inherited from the WinPCAP merge which cause applications to fails to build if they define HAVE_REMOTE. (From OE-Core rev: 4e412234c37efec42b3962c11d44903c0c58c92e) Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: sync systemd unit files with nfs-utils.gitAndreas Oberritter2016-12-083-9/+18
| | | | | | | | | | nfs-server failed to start after installation from a package feed. (From OE-Core rev: c4d276f9f639a1a534789de12a4783ae931e6aa4) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: don't try to load kernel moduleAndreas Oberritter2016-12-081-2/+0
| | | | | | | | | | This conflicts with KERNEL_MODULE_AUTOLOAD += "nfsd". (From OE-Core rev: 759b7536756ac6fb6ad431ab8e48a03283f9ec29) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: create package nfs-utils-mountAndreas Oberritter2016-12-081-3/+6
| | | | | | | | | | | | | | | | Contains just enough to mount and unmount nfs volumes, i.e. the same as nfs-utils-client before commit 39bb7e3 ("nfs-utils: separate package as Debain style"). Drop nfs-utils-client's dependency on bash. It contains two shell scripts, /etc/init.d/nfscommon and /usr/sbin/start-statd, both using /bin/sh. (From OE-Core rev: e21bba827e06f4d6574bbb2b0f453dd0bb627d2c) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: systemd fixesAndreas Oberritter2016-12-083-1/+3
| | | | | | | | | | | | - Start daemons by default like the initscripts do, but only if /etc/exports exists. - Inform systemd.bbclass about nfs-utils-client package. (From OE-Core rev: 94602d8ced3a8fd033de93b47320c94db6de8755) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: 4.3.4 -> 4.3.5Huang Qiyu2016-12-081-2/+2
| | | | | | | | | | Upgrade dhcp from 4.3.4 to 4.3.5. (From OE-Core rev: 7cc95c2992cc45b74a9b81b56b1c1e7c097d4fe1) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: 1.3.3 -> 1.3.4Mariano Lopez2016-11-304-183/+14
| | | | | | | | (From OE-Core rev: 844c63050e849c68fc9b40ada2068309e5e37e16) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: remove non-existant variable INHIBIT_AUTO_STAGERoss Burton2016-11-301-2/+0
| | | | | | | | | | This variable doesn't exist anywhere else in meta/ so presumably this is historical legacy. (From OE-Core rev: 6da14a9713dd37935d8918e40faeccd37b084ee4) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iw: upgrade to 4.9Maxin B. John2016-11-301-2/+2
| | | | | | | | (From OE-Core rev: 9a04243d307a5bf86a127cf504bec78ee963671c) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade to 5.43Maxin B. John2016-11-301-2/+2
| | | | | | | | (From OE-Core rev: 2b59c5f90c7d8325ab8893c629b42fb333f3b583) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: update 1.18 -> 1.19André Draszik2016-11-301-2/+2
| | | | | | | | | | | | | | | | | | | | | In particular, this fixes a crash on shutdown. From upstream's ChangeLog: ver 1.19: Fix issue with DHCP parsing and Huawei modems. Fix issue with detecting Huawei E3372 modem. Fix issue with handling serving cell info. Fix issue with handling SIM SC facility lock. Fix issue with Android RIL PIN retry logic. Fix issue with Android RIL and RAT handling. Add support for Android RIL cell broadcast. Add support for SoFIA 3GR thermal management. (From OE-Core rev: a09810ef738ea1d2d643deeb255c8e6dd01ef306) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcap: Fix build when PACKAGECONFIG ipv6 is not enableFabio Berton2016-11-233-0/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add patches to fix error: / | ERROR: oe_runmake failed | config.status: creating pcap-config.tmp | mv pcap-config.tmp pcap-config | chmod a+x pcap-config | ../libpcap-1.8.1/gencode.c: In function 'pcap_compile': | ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t | {aka struct _compiler_state}' has no member named 'ai' | cstate.ai = NULL; | ^ | ../libpcap-1.8.1/gencode.c: In function 'gen_gateway': | ../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared | (first use in this function) | bpf_error(cstate, "direction applied to 'gateway'"); | ^~~~~~ | ../libpcap-1.8.1/gencode.c:4914:13: note: each undeclared identifier is | reported only once for each function it appears in \ Patches were submitted to upstream [1] [1] https://github.com/the-tcpdump-group/libpcap/pull/541 (From OE-Core rev: 9f1fe76727e98e58fc9e46ea2b49cf5c0cb48e6c) Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: fix protocol minor version fall-backYi Zhao2016-11-232-0/+56
| | | | | | | | | | | | | | | | | | | Mount nfs directory would fail if no specific nfsvers: mount -t nfs IP:/foo/bar/ /mnt/ mount.nfs: an incorrect mount option was specified mount.nfs currently expects mount(2) to fail with EPROTONOSUPPORT if the kernel doesn't understand the requested NFS version. Unfortunately if the requested minor is not known to the kernel it returns -EINVAL. Backport patch from nfs-utils-1.3.4 to fix this issue. (From OE-Core rev: 332596628697d28ae6e8c2271c9658aaf5e54796) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-7055Yi Zhao2016-11-232-0/+44
| | | | | | | | | | | | | | | | | | | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. External References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055 https://www.openssl.org/news/secadv/20161110.txt Patch from: https://github.com/openssl/openssl/commit/57c4b9f6a2f800b41ce2836986fe33640f6c3f8a (From OE-Core rev: 07cfa9e2bceb07f3baf40681f8c57f4d3da0aee5) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* OpenSSL: CVE-2004-2761 replace MD5 hash algorithmT.O. Radzy Radzykewycz2016-11-231-0/+69
| | | | | | | | | | | | | | | | | | | | | | | Use SHA256 as default digest for OpenSSL instead of MD5. CVE: CVE-2004-2761 The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. Upstream-Status: Backport Backport from OpenSSL 2.0 to OpenSSL 1.0.2 Commit f8547f62c212837dbf44fb7e2755e5774a59a57b Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (From OE-Core rev: f924428cf0c22a0b62769f8f31f11f173f25014f) Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix CVE-2016-8858Kai Kang2016-11-232-0/+40
| | | | | | | | | | | | | Backport patch to fix CVE-2016-8858 of openssh. Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1384860 (From OE-Core rev: 134a05616839d002970b2e7124ea38348d10209b) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix bashism in c_rehash shell scriptAndré Draszik2016-11-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This script claims to be a /bin/sh script, but it uses a bashism: from checkbashisms: possible bashism in meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh line 151 (should be 'b = a'): if [ "x/" == "x$( echo ${FILE} | cut -c1 -)" ] This causes build issues on systems that don't have /bin/sh symlinked to bash: Updating certificates in ${WORKDIR}/rootfs/etc/ssl/certs... <builddir>/tmp/sysroots/x86_64-linux/usr/bin/c_rehash: 151: [: x/: unexpected operator ... Fix this by using POSIX shell syntax for the comparison. (From OE-Core rev: 0526524c74d4c9019fb014a2984119987f6ce9d3) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Sylvain Lemieux <slemieux@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcap: Update to version 1.8.1Fabio Berton2016-11-154-192/+25
| | | | | | | | | | | | | | - Option --enable-canusb was removed on commit: https://github.com/the-tcpdump-group/libpcap/commit/93ca5ff7030aaf1219e1de05ec89a68384bfc50b - Autotools class was improved and we can now stop aclocal from running at all. - File configure.in was renamed to configure.ac, rework libpcap-pkgconfig-support patch and do_configure_prepend task to use configure.ac file. (From OE-Core rev: 62771b5a426e4b7d38e4997dc3f252a547f481ce) Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: Upgrade 5.41 -> 5.42Maxin B. John2016-11-061-2/+2
| | | | | | | | | | | Bug fixes, add support for new management tracing capability and marking GATT D-Bus APIs as stable interfaces (From OE-Core rev: 03f0b46520e6a6df7cde37fdb4c27ac6145dff4f) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: rehash actual mozilla certificates inside rootfsDmitry Rozhkov2016-11-061-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | The c_rehash utility is supposed to be run in the folder /etc/ssl/certs of a rootfs where the package ca-certificates puts symlinks to various CA certificates stored in /usr/share/ca-certificates/mozilla/. These symlinks are absolute. This means that when c_rehash is run at rootfs creation time it can't hash the actual files since they actually reside in the build host's directory $SYSROOT/usr/share/ca-certificates/mozilla/. This problem doesn't reproduce when building on Debian or Ubuntu hosts though, because these OSs have the certificates installed in the same /usr/share/ca-certificates/mozilla/ folder. Images built in other distros, e.g. Fedora, have problems with connecting to https servers when using e.g. python's http lib. The patch fixes c_rehash to check if it runs on a build host by testing $SYSROOT and to translate the paths to certificates accordingly. (From OE-Core rev: 5199b990edf4d9784c19137d0ce9ef141cd85e46) Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* connman: fix bad file descriptor initialisationLukasz Nowak2016-11-062-0/+103
| | | | | | | | | | | Import a patch from upstream, which fixes a connman daemon freeze under certain conditions (multiple active interfaces, no r/w storage). (From OE-Core rev: bba18cdce6fb6c5ff2f7161198d46607a72747d6) Signed-off-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: Don't remove users/groups in postrmJussi Kukkonen2016-11-041-10/+0
| | | | | | | | | | | | | | There's no way to ensure that files owned by the users aren't left on the system at postrm time: Removing the user would mean those files are now owned by a non-existing user, and later may be owned by a completely unrelated new user. [YOCTO #10442] (From OE-Core rev: c1be2196e7ffb23b7b243ecd8aca1827cbdfa443) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: enable manpagesAlexander Kanavin2016-10-281-1/+1
| | | | | | | | | | | They come prebuilt and don't require any dependencies, so there is no penalty in enabling them. (From OE-Core rev: aeb8d38cf26794aeff8827161ae1241d8d031d6c) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Remove $COREBASE/LICENSE from LIC_FILES_CHKSUMOlaf Mandel2016-10-281-2/+1
| | | | | | | | | | | | | | | | | | | | | | Several recipes reference the LICENSE file in their LIC_FILES_CHKSUM variable as ${COREBASE}/LICENSE. This forces distribution providers to keep this file verbatim or to overload the affected recipes. The section "Moving to the Yocto Project 1.6 Release" in the Yocto manual suggests removing the LICENSE file where possible. Remove LICENSE in cases where COPYING.MIT is also given and replace LICENSE with COPYING.MIT if the former was the only entry. All modified recipes specify LICENSE = "MIT" and none of the in-tree files specify a different license either. As the packages do not change (the license files are not contained in them), do not increase PR. (From OE-Core rev: 0059e0661826c857a07c862bcb46162671e0e330) Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix two CVEsZheng Ruoqin2016-10-153-0/+215
| | | | | | | | | | | | | | Add two CVE patches from upstream git: https://www.isc.org/git/ 1.CVE-2016-2775.patch 2.CVE-2016-2776.patch (From OE-Core rev: 5f4588d675e400f13bb6001df04790c867a95230) Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ppp: fix building with linux-4.8Jackie Huang2016-10-152-0/+45
| | | | | | | | | | | | | | | | | | | | | | Fix a build error when using the linux-4.8 headers that results in: In file included from pppoe.h:87:0, from plugin.c:29: ../usr/include/netinet/in.h:211:8: note: originally defined here struct in6_addr ^~~~~~~~ In file included from ../usr/include/linux/if_pppol2tp.h:20:0, from ../usr/include/linux/if_pppox.h:26, from plugin.c:52: ../usr/include/linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6' struct sockaddr_in6 { ^~~~~~~~~~~~ (From OE-Core rev: 68e917aa778742da104c038a6e1ffa789fe95410) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "connman-gnome: StatusIcon adapts to size changes"Jussi Kukkonen2016-10-051-121/+15
| | | | | | | | | | | | | | | | | | The aim of the original commit was to make connman-gnome load the icons at the exact size of the systray. There are two problems with this: * There are not enough icon sizes provided to make the scaling look good at most sizes (including current panel size) * Both connman-gnome and mb-panel have bugs in the icon size update code and using scaling to exact size makes these much more visible (See bug 9995 for example). The problems the original commit tried to fix can be worked around with better packing in matchbox-panel-2. (From OE-Core rev: 82a34a770ad36fb370fff4dca66956fb47f1140c) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.0.2i -> 1.0.2jRichard Purdie2016-09-282-32/+2
| | | | | | | | | Deals with a CVE issue Drops a patch applied upstream and no longer needed. (From OE-Core rev: ee590ac736ca2a378605fa1272a1c57a1dbc7a57) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: avoid random ptest failuresPatrick Ohly2016-09-241-0/+13
| | | | | | | | | | | | | | | | | | "make alltests" is sensitive to the timestamps of the installed files. Depending on the order in which cp copies files, .o and/or executables may end up with time stamps older than the source files. Running tests then triggers recompilation attempts, which typically will fail because dev tools and files are not installed. "cp -a" is not enough because the files also have to be newer than the installed header files. Setting the file time stamps to the current time explicitly after copying solves the problem because do_install_ptest_base is guaranteed to run after do_install. (From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update to 1.0.2i (CVE-2016-6304 and more)Patrick Ohly2016-09-247-345/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This update fixes several CVEs: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Of these, only CVE-2016-6304 is considered of high severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were already fixed via local patches, which can be removed now. See https://www.openssl.org/news/secadv/20160922.txt for details. Some patches had to be refreshed and one compile error fix from upstream's OpenSSL_1_0_2-stable was required. The server.pem file is needed for test_dtls. (From OE-Core rev: d6b69279b5d1370d9c4982d5b1842a471cfd2b0e) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: remove duplicated udev setting from FILES_${PN}Robert Yang2016-09-241-1/+1
| | | | | | | | | bitbake.conf already sets it. (From OE-Core rev: 73d138be52c7f7c55ec4ea1cda2d7c8ead85deec) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: remove duplicated udev setting from FILES_${PN}Robert Yang2016-09-241-1/+1
| | | | | | | | | It doesn't have files in udev dir, and bitbake.conf already sets it. (From OE-Core rev: 10dbf13c86ce7f10ff84547fee8c4c5f15fe91fb) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa_supplicant: Security Advisory-CVE-2016-4477Zhixiong Chi2016-09-234-0/+178
| | | | | | | | | | | | | Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. Patches came from http://w1.fi/security/2016-1/ (From OE-Core rev: d4d4ed5f31c687b2b2b716ff0fb8ca6c7aa29853) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa_supplicant: Security Advisory-CVE-2016-4476Zhixiong Chi2016-09-233-0/+174
| | | | | | | | | | | | | Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. Patches came from http://w1.fi/security/2016-1/ (From OE-Core rev: ed610b68f7e19644c89d7131e34c990a02403c62) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix do_configure error when cwd is not in @INCRobert Yang2016-09-202-0/+35
| | | | | | | | | | | Fixed when building on Debian-testing: | Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7. (From OE-Core rev: c28065671b582c140d5971c73791d2ac8bdebe69) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix potential signed overflow to enable compilation with -ftrapvYuanjie Huang2016-09-202-0/+100
| | | | | | | | | | | | | | | Pointer arithmatic results in implementation defined signed integer type, so that 's - src' in strlcpy and others may trigger signed overflow. In case of compilation by gcc or clang with -ftrapv option, the overflow would lead to program abort. Upstream-status: Submitted [https://bugzilla.mindrot.org/show_bug.cgi?id=2608] (From OE-Core rev: 2ce02941300aa3e826df0c59fd8d4ce19950028e) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix MIPS64be and add MIPS64leZubair Lutfullah Kakakhel2016-09-161-1/+4
| | | | | | | | | | | | | MIPS64 target was being configured for linux-mips which defaults to MIPS32. Doesn't cause any issue as far as I can see but it would be wiser to use the correct target configuration. Also add MIPS64le configuration which is missing. (From OE-Core rev: 0afec72913bc31d315cba079da317e8b28755ded) Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ofono: RRECOMMENDS tun.ko & APN databaseAndré Draszik2016-09-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | - kernel-module-tun is needed so that ofono can create the ppp network interface - mobile-broadband-provider-info is needed as an explicit dependency even though it is in DEPENDS, because it's just an xml database, and the DEPENDS simply allows ofono to figure out its location in the file system (using pkg-config during configure). But there is no shared library dependency or so for bitbake to figure out this runtime dependency. We make it a recommendation only, so that it can still be removed from filesystem images in case people build images that don't need the provider database (and e.g. hard-code APNs for specific use-cases) (From OE-Core rev: 1cb0eb9a013ad8a4092f610faeab2ee2720b9e66) Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: control ipv6 support based on DISTRO_FEATURESJackie Huang2016-09-031-1/+4
| | | | | | | | | | Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. (From OE-Core rev: b72d04985a6e0dba8ab44b6eb55b62914266645c) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcap: control ipv6 support based on DISTRO_FEATURESJackie Huang2016-09-031-1/+4
| | | | | | | | | | Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. (From OE-Core rev: cfa74a2d4f158601a35b96e235484dac14cbf4d5) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 7.2p2 -> 7.3p1Jussi Kukkonen2016-08-233-56/+18
| | | | | | | | | | | Remove CVE-2015-8325.patch as it's included upstream. Rebase another patch. (From OE-Core rev: 4b695379dcf378e8d77deaf7e558e8cbd314683c) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>