| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant
before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
It could result in denial of service or other impact
(potentially execution of arbitrary code), for an attacker within radio range.
Upstream-Status: Acepted [https://w1.fi/cgit/hostap/commit/?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32]
CVE: CVE-2021-27803
(From OE-Core rev: 2877d0d42ffb656a6afa1f99084490ec4d84115b)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
(From OE-Core rev: a2658937bcb987b061cd9866d726d9d66623e93c)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ecf8922e6bb12a2facc59bbe794b575101fce1dc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write
due to a missing bounds check. This could lead to remote code execution
if the target device is performing a Wi-Fi Direct search, with no
additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android-10 Android-11
Android-8.1 Android-9 Android ID: A-172937525
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-0326
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e<links_for_CVE_patches>
(From OE-Core rev: 629a275bbafe7436f73ace59ab06d44e316b6b9d)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b7940edabe100512e8f558cc37f9da836feae74d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BIND Operational Notification: Zone journal (.jnl) file incompatibility
Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
CVE: CVE-2020-8625
(From OE-Core rev: dcce323a1b651a875da8e51f02f015de442d7d49)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: c3b4d7500366092d99f7bb6f30555424e66bddba)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a67635ca2c7a016efcf450e4011f2032883e995d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: b2feaf6826f4ead7b7ea141bdd27e9c96147b6f2)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17df664a32a74f17baaef8c31ac23adec2d6255f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE only applies to the load_ppp_generic_if_needed patch applied by
Ubuntu. This patch is not used by OpenEmbedded, so the CVE does not
apply.
(From OE-Core rev: 897822233faef0f8f35dc1d8a39e1c4bc0550f1e)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 72431ee8de5e3a53d259cebf420a7713ac9e1f14)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 812eb3121e0aabe4e3de9a8c61b1e62c87f55aa4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a NULL pointer dereference in GENERAL_NAME_cmp function.
CVE: CVE-2020-1971
(From OE-Core rev: fcd335e2a721d8db6e2fdac483798ced0ff3e1ad)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The OpenSSH server, as used in Fedora and Red Hat Enterprise
Linux 7 and when running in a Kerberos environment, allows remote
authenticated users to log in as another user when they are listed
in the .k5users file of that user, which might bypass intended
authentication requirements that would force a local login.
Whitelist the CVE since this issue is Redhat specific.
(From OE-Core rev: 49955248b6011450a8767496783fb9f4738c9a99)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 309132e50d23b1e3f15ef8db1a101166b35f7ca4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
remove some extra whitespaces
(From OE-Core rev: 3ac10faff7ef00f68031400e86a6882ce0d5090a)
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 32ce3716761165b9df12306249418645724122cc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version 5.55 is a security/bug fix release
Release note:
https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
CVE reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-27153
(From OE-Core rev: 698c0cbf77ebce6b336f823f826aaece0cc9ca32)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c2895e3e4eabca64cbcc8682e72d25026df5e5f0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are adding a new PACKAGECONFIG option ('rng-tools') to control if we
wish the openssh-sshd to RRECOMMENDS the 'rng-tools' package. We are
enabling it by default so there is no behavior change.
(From OE-Core rev: ff61cf5777c63a7ebecde5ada1cf01d7bafe265d)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe99349c1bd72b69d22ab0dc52b8825d3157b8e7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Host keys are getting bigger and taking an ever increasing amount of time
to generate. Whilst we do need to test that works, we don't need to test
it in every image. Add a recipe which can be added to images with
pre-generated keys, allowing us to speed up tests on the autobuilder
where it makes sense to.
(From OE-Core rev: 130695364281f62b9e00d311c21f7acb5a1204a1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6c7d16437cbd5ccbee1b99a2154c33fdbac9299)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Where we have images with PAM+systemd, serial login can be extremely
slow. The load generated by key generation does slow down the rest
of the boot process.
Lower the priority level of these systemd services, since we'd
prefer to have the rest of the system boot more effectively.
This doesn't "solve" the slow systemd boot issues but does help.
(From OE-Core rev: c5394e65972ac21b1c7f68db100754939ecaef8c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 087700665284c08ba846e52b6b86276629f5f1cd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shortly after the recipe was updated to add ell as a mesh dependency
the way ell was integrated into bluez5 was changed. BlueZ requires
ell only for mesh and for btpclient (external test programs). It will
be ignored unless either mesh or btpclient are selected.
ell can be supplied externally, or it can be copied into the bluez
build directory from an existing sibling source directory. Since
bitbake builds do not provide a sibling source directory tell bluez to
look for it as an external library in the conditions where it's
required.
(From OE-Core rev: a29eac72da3579edd9eebc3358498146000a491a)
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f22b4eba98b3707d7f6daa4277414cecb3e5ee6b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: isc.org
MR: 105232, 105246, 105260
Type: Security Fix
Disposition: Backport from https://www.isc.org/bind/
ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366
Description:
Bug fix only update
Three CVE fixes
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
For more information see: https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.pdf
(From OE-Core rev: 08e362ebd65816106afbc594cbbc552b9a6c32c6)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c85f26b1bd3475699d54f18c6b5b4924bcd8eb2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug and CVE fixes only
Detailed list of changes at:
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11_21/CHANGES
(From OE-Core rev: dc916547041b8d7636e5234f7e3150036bbbde4a)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6749532f94f435e6771d66d3fa225e676753478)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
$ dnf install openssl-bin
$ openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes -batch
Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory
(From OE-Core rev: 2a4980cd8bfd829bab1ba081588eb0bdbd285b97)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e93cd3b83a255294c9ab728adc7e237eb1321dab)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the PACKAGES variable, LICENSE_avahi-client is misspelled.
Additionally, the libavahi-client package actually only includes
LGPLv2.1+ software (as opposed to the global LICENSE variable).
(From OE-Core rev: 683fb53c94e63e4f5acf4c2efd04977cc10bed49)
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8837b4735b5e96ae0f5542319e711dbda8c3849)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some openssl command line operations like creating an X.509 CSR require
the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't
root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes -keyout my.key
Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory
140289168594176:error:02001002:system library:fopen:No such file or directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r')
140289168594176:error:2006D080:BIO routines:BIO_new_file:no such file:../openssl-1.1.1g/crypto/bio/bss_file.c:76:
which is the case e.g. in core-image-minimal with just the
package openssl-bin added to the image by declaring
IMAGE_INSTALL_append = " openssl-bin"
e.g. in local.conf.
The file did not exist in the aforementioned image / configuration
because it was packaged to the main openssl package
FILES_${PN} =+ "${libdir}/ssl-1.1/*"
(there is no other FILES specification that would match the file either)
and
path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm
[...]
/usr/lib/ssl-1.1/openssl.cnf
[...]
Hence move /usr/lib/ssl-1.1/openssl.cnf (and openssl.cnf.dist as it
seems closely related) to the ${PN}-conf package to have it installed
with ${PN}-bin, which already (indirectly) depends on ${PN}-conf.
Note that the openssl recipe has the comment
Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
package RRECOMMENDS on this package. This will enable the configuration
file to be installed for both the openssl-bin package and the libcrypto
package since the openssl-bin package depends on the libcrypto package.
but openssl-conf only contained /etc/ssl/openssl.cnf
path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm
/etc
/etc/ssl
/etc/ssl/openssl.cnf
/usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to
../../../etc/ssl/openssl.cnf.
Other files and directories in /usr/lib/ssl-1.1/ were considered as well
because they seem to be configuration files and / or related to
(symlinks pointing to) /etc. They were not moved though, because based
on our use case and testing moving the openssl.cnf symlink is sufficient
for fixing the immediate problem and we lack knowledge about the other
files in order to make a decision to change their packaging.
(From OE-Core rev: e5405189e6d1b3b3b236aa8fe7a577c72f6af8d8)
Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c1632d7041fe0c18ec61abfa79a9c025af43c033)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: http://w1.fi/security/
Disposition: Backport from http://w1.fi/security/2020-1/
Affects <= 2.9 wpa-supplicant
(From OE-Core rev: 720d29cbfce34375402c6a4c17e440ffbb2659bf)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9c696397ae1b4344b8329a13076f265980ee74d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug fix only updates.
suitable for Stable branch updates where applicable.
Drop CVE patches included in update
LIC_FILES_CHKSUM update copyright year to 2020
Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES
(From OE-Core rev: c672d2b6c98607f1fda917f4a3189a53712e8fc2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6ba66cf5e754cdcd41f01d233fbef7b94a10225)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove service templates wpa_supplicant-nl80211@.service and
wpa_supplicant-wired@.service from SYSTEMD_SERVICE that they should NOT
be started/stopped by calling 'systemctl' in postinst and prerm scripts.
(From OE-Core rev: 7910a0d6f332253608767a9576a0d521dd87efd7)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe9b8e50461ab00ab3ad8b065ebd32f0eea2a255)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was fixed in upstream version 5.5.0.
(From OE-Core rev: 433d3856151e095afb640a567241bebaf2e84b87)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9a9f67b7c50a8c28a75fc48c8abcb8a7bb35f0e6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix CVE-2020-8616 and CVE-2020-8617
(From OE-Core rev: 8681058cce46b342c9895819e3a4bc0770934d86)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d0df831830e4c5f8df2343a45ea75c2ab4f57058)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The example service files are placed into /etc/avahi/services when we
run `make install` for avahi. This results in ssh and sftp-ssh services
being announced by default even if no ssh server is installed in an
image.
These example files should be moved away to another location such as
/usr/share/doc/avahi (taking inspiration from Arch Linux).
(From OE-Core rev: c88cf750f26f6786d6ba5b4f1f7e5d4f0c800e6e)
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When vpnc support is included through PACKAGECONFIG, there
is now an extra vpn-script coming after the atest upgrade,
include that script into FILES so it gets packaged.
(From OE-Core rev: 8587149c49dd8d1e1a0a0b5cf81e458bfa88547e)
Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This also fixes CVE-2020-1967.
(From OE-Core rev: f0bd52e5b50a1742b767eefe0d9d67facbb6c53a)
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit[27aec88 dhclient: not always skip
the nfsroot interface] which used to address the IP
address renew issue when boot a system in a nfsroot fs
and altogether boot with ip=dhcp.
But reported by some tester, the above commit introduces
below issue when run ltp test on a nfsroot system which
boot with ip=dhcp:
nfs: server 192.168.100.1 not responding, still trying
nfs: server 192.168.100.1 not responding, still trying
[snip]
So revert the above commit now to avoid blocking test.
(From OE-Core rev: 5c172e0e8f8d02fe1dacec9d3574671baf9ad075)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add iproute2 RDEPENDS for dhcp-client as
/sbin/dhclient-systemd-wrapper which called
by dhclient.service depends on ip command which
provided by iproute2 package when systemd enabled
in DISTRO_FEATURES.
(From OE-Core rev: 0c91fcba446418ad1f71d3df9aa3b186bbd353c7)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't skip the nfsroot interface when use dhcp
to get the address for nfsroot interface as the
nfsroot interface may need dhclient to renew
the lease.
(From OE-Core rev: 27aec88c2ff4588acacadbe1cd61d7ce233fc817)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following manpage conflicts:
* check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man1/tftp.1
But that file is already provided by package * tftp-hpa-doc
* check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man8/tftpd.8
But that file is already provided by package * tftp-hpa-doc
* check_data_file_clashes: Package netkit-telnet-doc wants to install file /usr/share/man/man8/telnetd.8
But that file is already provided by package * inetutils-doc
(From OE-Core rev: fc14bfd60ad86094f65ebefbd10dbddc112d2698)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
This also un-breaks python3 ptest which got broken
with 1.1.1e update.
(From OE-Core rev: b4ddf5b9d8cd769b7026663f93c8bc69b55d8cbf)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes [YOCTO #13609]
avahi_0.7.bb defines 9 PACKAGES. However, avahi.inc generically sets
LICENSE to "GPLv2+ & LGPLv2.1+". The library specific
packages should be LGPLv2.1+ only.
(From OE-Core rev: bd10fa54a94e9ae44defddae573ce67d33a11979)
Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
ERROR: nfs-utils-2.4.3-r0 do_package: QA Issue: nfs-utils:
Files/directories were installed but not shipped in any package:
/usr/lib/libnfsidmap/nsswitch.so
/usr/lib/libnfsidmap/static.so
Please set FILES such that these items are packaged. Alternatively if
they are unneeded, avoid installing them or delete them within do_install.
nfs-utils: 2 installed and not shipped files. [installed-vs-shipped]
Add rdep on python3-core for PACKAGECONFIG[nfsv4] to fix:
ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/clddb-tool
contained in package nfs-utils requires /usr/bin/python3, but no
providers found in RDEPENDS_nfs-utils? [file-rdeps]
Add rdep on libdevmapper for PACKAGECONFIG[nfsv41] to fix:
ERROR: nfs-utils-2.4.3-r0 do_package_qa: QA Issue: /usr/sbin/blkmapd
contained in package nfs-utils requires libdevmapper.so.1.02()(64bit),
but no providers found in RDEPENDS_nfs-utils? [file-rdeps]
(From OE-Core rev: 17b44d51eaf71ae6d04034454dcb68f508b85258)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Backported patch removed.
(From OE-Core rev: 710bc0f8544f54750c8fb7b8affa243932927a24)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2020-0556-1.patch
CVE-2020-0556-2.patch
removed since they are included in 5.54
(From OE-Core rev: 5552caed72169d397ce0bdf436216ec320a29751)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was discovered that BlueZ's HID and HOGP profiles implementations
don't specifically require bonding between the device and the host.
This creates an opportunity for an malicious device to connect to a
target host to either impersonate an existing HID device without
security or to cause an SDP or GATT service discovery to take place
which would allow HID reports to be injected to the input subsystem from
a non-bonded source.
(From OE-Core rev: d598f8eee0741148416e8660e10c716654205cb5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* passing PERL=perl breaks c_rehash calls from dash (works fine with bash)
dash doesn't like
#!perl
shebang
PERL="/usr/bin/env perl"
unfortunately just passing PERL like this doesn't pass do_configure:
Creating Makefile
sh: 1: /usr/bin/env perl: not found
WARNING: exit code 1 from a shell command.
But passing it as:
HASHBANGPERL="/usr/bin/env perl" PERL=perl
seems to work.
(From OE-Core rev: 79350826396a882d115caafd88b0a49c91a4fa6c)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 57fcf9b517fe95e871122946cb99fe7fa9fd2e26)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In our build environment we use wrapper script
for perl in non-standard configuration with
extra variables set (provided by custom
buildtools-tarball).
In this case openssl fails to build because
by default it's Configure script detects and uses
perl executable directly (with absolute path)
obviously missing extra settings from wrapper
script.
Pass PERL=perl environment variable to Configure,
so it won't try to use perl executable directly
but will use what is provided from environment.
(From OE-Core rev: 2b087fef6820da8a6d86ca763bd7730dcac30849)
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1df5ece4ef6ef49bfeba83a2716ae4e2ce58d20e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-Don-t-build-tools-with-CC_FOR_BUILD.patch
Removed since it is included in 2.4.3.
refresh the following patch:
0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
(From OE-Core rev: fcaca33d458449379eeb2f99b613f8be1e6a44ce)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Add devlink support to iproute2 recipe.
(From OE-Core rev: 00cc9773505b2afd002f9b2d72330e517af97d0c)
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop backports from upstream:
0001-Manually-applied-upstream-fix-for-openssh-test.patch
0001-seccomp-Allow-clock_gettime64-in-sandbox.patch
openssh-8.1p1-seccomp-nanosleep.patch
(From OE-Core rev: c9b5802bbe1de609450f509edf4721ab0a7a70aa)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: cfaaeedcb634b68d0b20a05130fd582df660fef6)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2020-8597: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname
buffer overflow in the eap_request and eap_response functions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-8597
Patch from:
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
(From OE-Core rev: b01505e018ff46f1af34f98219d55f4ca700cd5a)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-Fix-a-NSUPDATE-compiling-issue.patch
0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
Removed since they are included in 4.4.2.
refresh the following patch:
0004-Fix-out-of-tree-builds.patch
(From OE-Core rev: d3c6f7e689a743fd060755eceb60353093013e84)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
There was a build architecture leaking into the target ptest which
could vary depending upon host. Remove it as its cosmetic.
[YOCTO #13770]
(From OE-Core rev: 37db519eedb7eb5cd4f14d05f30f5d580aa7458d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|