| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
(From OE-Core rev: f8c665ca16bf643039bd3f0a918ea9cf9d1a3726)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: a2c5b2cad7857250b4a1b36ba792a8110989733a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Whilst our default toolchain has modern kernel headers (6.12, at time of
writing), some external toolchains may use old kernel headers.
As ofono's rmnet module uses kernel defines which were added in 5.14,
add some compatibility defines in case they are not set.
(From OE-Core rev: 0313ea48a75480c2bcc6d35035f74a4dcf22f263)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
bind-ensure-searching-for-json-headers-searches-sysr.patch
refreshed for 9.20.4
(From OE-Core rev: 5da817ca4d58eb70ad42fc1fa0f7f4edf696585d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 5a6232b730e8d791cd270267cb32bbe15cc1ce14)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: f95be557c3087597df6179455294dd143ccdb07d)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Fix issue with STK and buffer length checks.
- Fix issue with SMS and buffer length checks.
- Fix issue with QMI and handling RAT detection.
- Fix issue with QMI and handling call forwarding.
- Add support for handling MHI network interfaces.
(From OE-Core rev: e57e032bd504d2bc2cb1dbb6ed0182acea39e36a)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 328d2e3a48267eba60e949d0a7b0a0643093b642)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
__NR_riscv_hwprobe is not exported in musl's hwprobe.h
this fails to build with newer kernels
Fixes
| :85:20: error: use of undeclared identifier '__NR_riscv_hwprobe'; did you mean 'riscv_hwprobe'?
| 85 | return syscall(__NR_riscv_hwprobe, pairs, pair_count, cpu_count, cpus, flags);
| | ^~~~~~~~~~~~~~~~~~
(From OE-Core rev: 5271f24643c303d0e6d3d9c12c722f5d818252fe)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the users specifically asks for inetutils-hostname, it's likely they
want it to take precedence over busybox' implementation. Increase the
alternative priority for this package's version.
(From OE-Core rev: 36f718a8cd04d1098eca06fed1e83a0e6f43ab64)
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release information:
https://github.com/openssl/openssl/blob/openssl-3.4/NEWS.md#major-changes-between-openssl-33-and-openssl-340-22-oct-2024
Handles CVE-2024-9143
Refreshed patches.
(From OE-Core rev: 45c6b85ccc8157f0dd31eb3d5138832ced7966d5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Rebase 0001-fix-compile-procan.c-failed.patch to 1.8.0.1
(From OE-Core rev: d9b9f3d5e034fa5fb92beb050a03856bbddf0383)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Add support for handling QMI PIN and Lock methods.
- Add support for handling QMI WWAN interfaces.
- Add support for handling RMNet interfaces.
(From OE-Core rev: 212c449f369c8e640d637566a4a236c2f8df52a5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Fix issue with access technology reporting.
- Fix issue with detecting Phonet devices.
(From OE-Core rev: 9705971a48e866765ea5f4e41f53f4d327b798ac)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script does not work if the connman service is already stopped.
The start-stop-daemon checks for the existence of a specified process.
If such a process exists, start-stop-daemon sends it the signal specified
by --signal, and exits with error status 0. If such a process does
not exist, start-stop-daemon exits with error status 1 (0 if --oknodo is specified).
The script uses set -e so we need to add --oknodo option to stop
(From OE-Core rev: b1c1b67166049181136d5eb68740f3bf98bf670d)
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove patches already merged by upstream:
0001-support-include-junction.h-Define-macros-for-musl.patch
0001-support-junction-path.c-Fix-build-for-musl.patch
* Add PACKAGECONFIG[nfsdctl]
(From OE-Core rev: 2dda60516bc6be173d299c44aab92f096fd960c3)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dropped two patches which are now merged upstream.
Added one new patch to resolve a build error when using musl.
Changelog
* Fix issue with handling address type while pairing.
* Add support for allowing to set A2DP transport delay.
* Add support for persistent userspace HID operation.
* Add support for handling syncing to multiple BISes.
(From OE-Core rev: 52d4168f66dd3c4d68e63c8ee17d186b4bdd0e55)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Explicitly enable pam support, otherwise it goes into
detection mode and ends up poking at build host
Turn openssl into packageconfig as well
cc1: warning: include location "/usr/include" is unsafe for cross-compilation [-Wpoison-system-directories]
conftest.c: In function 'main':
conftest.c:68:1: warning: argument 1 null where non-null expected [-Wnonnull]
68 | pam_authenticate(NULL, 0);
| ^~~~~~~~~~~~~~~~
In file included from conftest.c:63:
/usr/include/security/pam_appl.h:38:1: note: in a call to function 'pam_authenticate' declared 'nonnull'
38 | pam_authenticate(pam_handle_t *pamh, int flags);
| ^~~~~~~~~~~~~~~~
(From OE-Core rev: 9b0c69a0bac18627cc6190f64bf9cabc518e4777)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog: https://downloads.isc.org/isc/bind9/cur/9.20/CHANGES
(From OE-Core rev: 3cc322100734e9494af47a88498a6085de382bc6)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Avoid errors like:
buildtools/sysroots/x86_64-pokysdk-linux/environment-setup.d/openssl.sh: line 6: BB_ENV_PASSTHROUGH_ADDITIONS: unbound variable
by setting an explicit empty default value.
(From OE-Core rev: 5a2a4910a22668f25679a47deaa9e2ed28665efa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Add support for SIMCom A7672E-FASE modem.
- Add support for Quectel EG916Q-GL modem.
(From OE-Core rev: b680e9740daaa8d75466c3502b05e451a5e5655a)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
* win,fs: remove trailing slash in junctions
* Revert "linux: eliminate a read on eventfd per wakeup"
* win: Fix linked list logic in getaddrinfo
* win: fix compilation against Windows 24H2 SDK
* win: remap ERROR_NOACCESS and ERROR_BUFFER_OVERFLOW
* win,fs: match trailing slash presence in junctions to user input
* build: add darwin-syscalls.h to release tarball
* linux: use IORING_SETUP_NO_SQARRAY when available
* linux: use IORING_OP_FTRUNCATE when available
* win: fix pNtQueryDirectoryFile check
* win: fix WriteFile() error translation
* win,fs: uv_fs_rmdir() to return ENOENT on file
* win,pipe: ipc code does not support async read
* netbsd: fix build
* win,fs: fix bug in fs__readdir
* unix: workaround gcc bug on armv7
* unix: work around arm-linux-gnueabihf-gcc bug
* unix: fix uv_tcp_keepalive in smartOS
* unix: fix uv_getrusage ru_maxrss on solaris
(From OE-Core rev: a5a347efe3d557033f87b9978999a2b704c02fc1)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
The license on chat.c was clarified to MIT with a license identifier
so add to LICENSE as such. The ccp.c change was an email address.
(From OE-Core rev: 980c5c8b8b4354c0caa4f41f701eb3005d6c8e3f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is regular release of iproute2 corresponding to the 6.11 kernel.
Most of the changes are to the man pages.
Release is smaller than usual less activity during summer vacations
The two musl build fixes have been backported from upstream.
(From OE-Core rev: 1d826f145d0704f6981f6cccb5754fc41f2f2e33)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes default permissions on filesystems can be more permissive
e.g. 0644, this can make the private key file created here to inherit
those permissions and these permissions can then cause ssh server to
not allow ssh connections due to non-secure permissions on file.
Reported-by: Jean-Michel Papy <jean-michel.papy@exail.com>
(From OE-Core rev: 5c9f456cc39ca25123249ecb32b311736bd4e1f8)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes since version 1.48.0:
==============================
* test: fix -Wpointer-to-int-cast on 32 bits systems
* build: add alias for libuv to CMakeLists.txt
* linux: create io_uring sqpoll ring lazily
* misc: run sample CI when code changes
* linux: fix uv_available_parallelism using cgroup
* doc: fix tty example segfault
* udp,unix: fix sendmsg use-after-free
* cygwin: implement uv_resident_set_memory
* win: almost fix race detecting ESRCH in uv_kill
* test: disable env var test under win32+asan
* unix,fs: fix realpath calls that use the system allocator
* linux: fix /proc/self/stat executable name parsing
* test,ci: fix [AM]San, disable ASLR
* win: remove _alloca usage
* unix: reinstate preadv/pwritev fallback code
* linux: don't delay EPOLL_CTL_DEL operations
* doc: fix typos in ChangeLog
* unix,win: error on zero delay tcp keepalive
* win: simplify uv_once implementation
* doc: correct udp socket options documentation
* linux: don't use sendmmsg() for single datagrams
* unix: fix fd leaks in SCM_RIGHTS error path
* win: robustify uv_os_getenv() error checking
* test: use newer ASSERT_MEM_EQ macro
* unix: de-duplicate conditions for using kqueue
* darwin: simplify uv_hrtime
* mailmap: update saghul's main email address
* win: remove no longer needed define
* doc: fix some typos
* linux,darwin: make `uv_fs_copyfile` behaves like `cp -r`
* dragonfly: disable SO_REUSEPORT for UDP socket bindings
* test: remove the obsolete HAVE_KQUEUE macro
* unix: use the presence of SOCK_* instead of OS macros for socketpair
* bsd: support pipe2() on *BSD
* unix: support SO_REUSEPORT with load balancing for TCP
* doc: add entries for extended getpw
* test: fix the flaky test-tcp-reuseport
* aix,ibmi: fix compilation errors in fs_copyfile
* unix: support SO_REUSEPORT with load balancing for UDP
* tcpkeepalive: distinguish OS versions and use proper time units
* win: map ERROR_BAD_EXE_FORMAT to UV_EFTYPE
* doc: add instruction how to install with Conan
* unix,win: remove unused req parameter from macros
* build: fix android ci build
* unix,win: export wtf8 functions properly
* hurd: add includes and macro prerequisites
* hurd: stub uv_thread_setpriority()
* ci: use macOS 12 for macOS and iOS builds
* darwin: fix crash on iOS(arm64)
* Create dependabot.yml for updating github-actions
* doc: correct names of Win32 APIs in fs.rst
* ci: bump upload and download-artifact versions
* ci: bump actions/setup-python from 4 to 5
* ci: bump KyleMayes/install-llvm-action from 1 to 2
* win,error: remap ERROR_NO_DATA to EAGAIN
* test: handle zero-length udp datagram
* misc: remove splay trees macros
* test,openbsd: remove superfluous ifdef guard
* win,fs: use posix delete semantics, if supported
* win: fix env var in uv_os_homedir and uv_os_tmpdir
* fsevents: detect watched directory removal
* ci: bump actions/checkout to 4
* linux: eliminate a read on eventfd per wakeup
* test: pipe_overlong_path handle ENAMETOOLONG
* win,fs: use the new Windows fast stat API
* win,pipe: fix race with concurrent readers
* win,signal: fix data race dispatching SIGWINCH
* build: ubsan fixes
* linux: disable SQPOLL io_uring by default
* win: fix fs.c ubsan failure
* test: rmdir can return `EEXIST` or `ENOTEMPTY`
* test: check for `UV_CHANGE` or `UV_RENAME` event
* unix,fs: silence -Wunused-result warning
* linux: support abstract unix socket autobinding
* kqueue: use EVFILT_USER for async if available
* win: remove deprecated GetVersionExW call
* doc: document uv_loop_option
* doc: fix the `uv_*_set_data` series of functions
* doc: properly label enumerations and types
* doc: document specific macOS fs_event behavior
* win,pipe: restore fallback handling for blocking pipes
* unix,win: remove unused rb-tree macro parameters
* win: compute parallelism from process cpu affinity
* win: use NtQueryInformationProcess in uv_os_getppid
* win,pipe: fix missing assignment to success
* win: fix uv_available_parallelism on win32
* win,pipe: fix another missing assignment to success
* kqueue: disallow ill-suited file descriptor kinds
* unix: restore tty attributes on handle close
* test: delete test with invalid assumption
* dragonflybsd: fix compilation failure
* test: run android tests on ci
* darwin: add udp mmsg support
* unix: work around arm-linux-gnueabihf-gcc bug
* unix: expand uv_available_parallelism() to support more platforms
* doc: add known issue in armv7
(From OE-Core rev: 5ba5cee38a6fb792eb85bc479e0af80f81aa0a9a)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 70525e444ef6d83d765d6ae79c4082e5552e2580)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NVD CVE report [1] links Ubuntu bug [2] which has a very good
description/discussion about this issue.
It applies only to distros patching wpa-supplicant to allow non-root
users (e.g. via netdev group) to load modules.
This is not the case of Yocto.
Quote:
So upstream isn't vulnerable as they only expose the dbus interface to
root. Downstreams like Ubuntu and Chromium added a patch that grants
access to the netdev group. The patch is the problem, not the upstream
code IMHO.
There is also a commit [3] associated with this CVE, however that only
provides build-time configuration to limit paths which can be accessed
but it acts only as a mitigation for distros which allow non-root users
to load crafted modules.
The patch is included in version 2.11, however NVD has this CVE
version-less, so explicit ignore is necessary.
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-5290
[2] https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
[3] https://w1.fi/cgit/hostap/commit/?id=c84388ee4c66bcd310db57489eac4a75fc600747
(From OE-Core rev: 6cb794d44a8624784ec0f76dca764616d81ffbf5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update:
include openbsd-compat/base64.c license in LICENSE
0001-Cast-to-sockaddr-in-systemd-interface.patch
removed since it's included in 9.9p1
Changelog:
http://www.openssh.com/releasenotes.html
(From OE-Core rev: 26fb4541ffb471fc5a2e2d1ad4c2f3534890fed7)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Release Notes:
https://downloads.isc.org/isc/bind9/9.20.2/doc/arm/html/notes.html
(From OE-Core rev: fcfcaafc48b08c8cf12a65fdabf5a834bb4ee52e)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove 0001-tools-locktest-Use-intmax_t-to-print-off_t.patch, upstream has
fixed it with %lld.
* Remove 0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch, it builds well
with musl without this patch.
* Add libxml2 to DEPENDS to fix:
configure: error: libxml2 not found.
* Add the following 2 patches to fix build errors with musl:
0001-support-include-junction.h-Define-macros-for-musl.patch
0001-support-junction-path.c-Fix-buld-for-musl.patch
(From OE-Core rev: 5e79a26b4188f562fe349ccb4523f60ad6f9c2a0)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
When mesh is enabled on musl the build fails with conflicting basename
calls.
(From OE-Core rev: 2db90c6508e350d35782db973291bbf5ffdfd3a5)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changlog:
- Fix issue with device creation when using LTE.
- Fix issue with regulatory domain when powering up.
- Fix issue with resolving ISO3166 code from timezone data.
- Fix issue with handling DNS proxy zero termination of buffers.
- Fix issue with handling DHCP packet length in L3 mode.
- Fix issue with handling DHCP upper length checks.
- Fix issue with handling IPv6 and URL parsing.
- Fix issue with handling online check updates.
- Fix issue with handling proxy method and WISPr.
- Fix issue with handling default gateway setup.
- Add support for low-priority default routes.
(From OE-Core rev: 467d28f5d243d821722cf8dcdbb9675a2820cd4f)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
macsec
When using Arm binary toolchain, version 2.11 of wpa-supplicant is
failing to compile with the following error:
| ../src/drivers/driver_macsec_linux.c:81:29: error: field ‘offload’ has incomplete type
| 81 | enum macsec_offload offload;
| |
Backport a recent patch that corrects the issue by adding a check for
the version of kernel headers being used in compilation and disabling
that enum if too old a version is being used (or is used by the
binary toolchain).
(From OE-Core rev: 373d8d4f5316416d70eb2c0733d9838e57419ac3)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The solution to the problem upstream was fixed by the following commit:
https://github.com/bluez/bluez/commit/ca6546fe521360fcf905bc115b893f322e706cb2
Now MAX_INPUT is defined for non-glibc systems such as musl.
This fix was added in BlueZ 5.67.
(From OE-Core rev: fea1bb917ebb1f99c83dbbc87a6f0ffc3627879a)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
------C65ED3E1A5DE826CA595746785F6AF6F
To: openembedded-core@lists.openembedded.org
CC: Alban Bedel <alban.bedel@aerq.com>
Subject: [PATCH] bind: Fix build with the `httpstats` package config enabled
Date: Wed, 11 Sep 2024 08:26:47 +0200
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
MIME-Version: 1.0
When the `httpstats` package config is enabled configure fails with
the error:
> configure: error: Specifying libxml2 installation path is not
> supported, adjust PKG_CONFIG_PATH instead
Drop the explicit path from `--with-libxml2` to solve this issue.
(From OE-Core rev: 9b076fa51f5e6fd685066fb817c47239960778e6)
Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix issue with handling notification of scanned BISes to BASS
* Fix issue with handling checking BIS caps against peer caps.
* Fix issue with handling MGMT Set Device Flags overwrites.
* Fix issue with handling ASE notification order.
* Fix issue with handling BIG Info report events.
* Fix issue with handling PACS Server role.
* Fix issue with registering UHID_START multiple times.
* Fix issue with pairing method not setting auto-connect.
(From OE-Core rev: 77aa3ecaf6ad7fe777a10655542349a1489b7ad3)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This will fix build with libc++ from llvm 19.x
(From OE-Core rev: e3f74aaf3e8bdc6566c6b881e71cfdd3e4eb2c3f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Fix issue with SMS and user data length checks.
- Add support for QMI and Dual-Stack context activation.
(From OE-Core rev: 004572fc7782f1c27a41e9a91b4ed14eee7d1695)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: Copyright year updated to 2024.
0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
refreshed for 10.0.10
Changelog:
==========
- configure: add --enable-ntp
- Force dumplease to parse stdin
- holmanb authored and rsmarples committed
- Improve and document prior.
- linux: Prefer local over address when both in netlink RTA
- IPv6: DUPLICATED could be announced by RTM_DELADDR
- Fix prior patch which might also fix #333
- IPv6: Delay for LL address before delay for start
- IPv6: make more readable (nfc)
- DHCP6: Don't remove delegated prefix addresses on start or fail
- privsep: Sweep ELE_ERROR away for BPF
- DHCP6: Add commentary around why we read leases
- linux: allow roaming without IFF_DORMANT
- DHCP: Remove an assertation in get_lease if ia is NULL
- DHCP6: Persist configuration on confirm/rebind failure
- DHCP6: Don't remove state in DISCOVER
- IPv4LL: Restart ARP probling on address conflict
- DHCP: Handle option 108 correctly when receiving 0.0.0.0 OFFER
- taoyl-g and rsmarples committed on Jul 25
- DHCP: No longer set interface mtu
- IPv4LL: If we are not configuring, abort if address does not exist
- IPv4LL: Harden the noconfigure option.
- DHCP6: Remove the dhcp6_pd_addr packed struct
- Update privsep-linux.c to allow statx
(From OE-Core rev: 8d8e0bc93ed4fed5ce40be929976726fe28177ce)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://git.tcpdump.org/libpcap/blob/HEAD:/CHANGES
(From OE-Core rev: 501906c4cdd4eb409bddbb8a4d10c78fbf81d980)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The contents of the COPYING file included in the source code match
those of ISC license:
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/tree/COPYING?h=v6.9
which seems to have been in effect since 2008 commit
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit?id=622c36ae94a880fb53f7f051f1b26616f5b553c1
("license under ISC").
(From OE-Core rev: 87da7445a2a77fe73e3524cd50112842e91235b6)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 1b4bada6c003ef743df09283e45953e6d9ea4c5a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: e5f9870757bf7ffd009ce4ba999d37e41274982c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: ab979c8cbb698eb1638dd9de562dffff798acad7)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Release Notes:
https://downloads.isc.org/isc/bind9/9.20.1/doc/arm/html/notes.html#notes-for-bind-9-20-1
(From OE-Core rev: 6808ed32cabb00ffb076cb80cf37ad7815815d25)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update:
===============
- README: Change in copyright years as per https://w1.fi/cgit/hostap/commit/README?id=d945ddd368085f255e68328f2d3b020ceea359af
- wpa_supplicant/wpa_supplicant.c: Change in copyright years as per https://w1.fi/cgit/hostap/commit/wpa_supplicant/wpa_supplicant.c?id=d945ddd368085f255e68328f2d3b020ceea359af
CVE's Fixed:
===========
- CVE-2024-5290 wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation
- CVE-2023-52160 wpa_supplicant: potential authorization bypass
Changes between 2.10 -> 2.11:
============================
https://w1.fi/cgit/hostap/commit/wpa_supplicant/ChangeLog?id=d945ddd368085f255e68328f2d3b020ceea359af
Note:
=====
Patches
0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch,
0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch,
0001-Install-wpa_passphrase-when-not-disabled.patch,
0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch (CVE-2023-52160)
are already fixed and hence removing them.
(From OE-Core rev: 824eb0641dc6001a5e9ad7a685e60c472c9fdce8)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patch 'fix_pid_keactrl.patch' to apply on new version.
Add an extra sed call to do_install:append() to remove a reference to
TMPDIR from ${D}/usr/sbin/kea-admin.
License-Update: Update copyright year
(From OE-Core rev: 6dbf9466f776eef6513847c5e546e4582203c50e)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
bind now depends on liburcu, so add it to DEPENDS (this was why the AUH
runs were failing at do_compile).
Changelog: https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/arm/changelog.rst
(From OE-Core rev: 6a450da130e78fd45931c67a9e8255d611ae8711)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- drop the CVE-2024-6387 [backported patch]
- drop systemd notify [backported patch]
- fix musl build [backported patch]
- fix ptest regression [submited patch]
- sshd now had the sshd-session
Release notes at https://www.openssh.com/txt/release-9.8
Security
========
This release contains fixes for two security problems, one critical
and one minor.
1) Race condition in sshd(8)
A critical vulnerability in sshd(8) was present in Portable OpenSSH
versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary
code execution with root privileges.
Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to be
possible but has not been demonstrated at this time. It's likely that
these attacks will be improved upon.
Exploitation on non-glibc systems is conceivable but has not been
examined. Systems that lack ASLR or users of downstream Linux
distributions that have modified OpenSSH to disable per-connection
ASLR re-randomisation (yes - this is a thing, no - we don't
understand why) may potentially have an easier path to exploitation.
OpenBSD is not vulnerable.
We thank the Qualys Security Advisory Team for discovering, reporting
and demonstrating exploitability of this problem, and for providing
detailed feedback on additional mitigation measures.
2) Logic error in ssh(1) ObscureKeystrokeTiming
In OpenSSH version 9.5 through 9.7 (inclusive), when connected to an
OpenSSH server version 9.5 or later, a logic error in the ssh(1)
ObscureKeystrokeTiming feature (on by default) rendered this feature
ineffective - a passive observer could still detect which network
packets contained real keystrokes when the countermeasure was active
because both fake and real keystroke packets were being sent
unconditionally.
This bug was found by Philippos Giavridis and also independently by
Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford of the
University of Cambridge Computer Lab.
Worse, the unconditional sending of both fake and real keystroke
packets broke another long-standing timing attack mitigation. Since
OpenSSH 2.9.9 sshd(8) has sent fake keystoke echo packets for
traffic received on TTYs in echo-off mode, such as when entering a
password into su(8) or sudo(8). This bug rendered these fake
keystroke echoes ineffective and could allow a passive observer of
a SSH session to once again detect when echo was off and obtain
fairly limited timing information about keystrokes in this situation
(20ms granularity by default).
This additional implication of the bug was identified by Jacky Wei
En Kung, Daniel Hugenroth and Alastair Beresford and we thank them
for their detailed analysis.
This bug does not affect connections when ObscureKeystrokeTiming
was disabled or sessions where no TTY was requested.
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025. This release disables DSA by default at compile time.
DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is only 80 bits symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has retained
run-time optional support for them. DSA was the only mandatory-to-
implement algorithm in the SSHv2 RFCs, mostly because alternative
algorithms were encumbered by patents when the SSHv2 protocol was
specified.
This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining DSA
in OpenSSH to be justified and hope that removing it from OpenSSH
can accelerate its wider deprecation in supporting cryptography
libraries.
This release, and its deactivation of DSA by default at compile-time,
marks the second step in our timeline to finally deprecate DSA. The
final step of removing DSA support entirely is planned for the first
OpenSSH release of 2025.
DSA support may be re-enabled in OpenBSD by setting "DSAKEY=yes"
in Makefile.inc. To enable DSA support in portable OpenSSH, pass
the "--enable-dsa-keys" option to configure.
Potentially-incompatible changes
--------------------------------
* all: as mentioned above, the DSA signature algorithm is now
disabled at compile time.
* sshd(8): the server will now block client addresses that
repeatedly fail authentication, repeatedly connect without ever
completing authentication or that crash the server. See the
discussion of PerSourcePenalties below for more information.
Operators of servers that accept connections from many users, or
servers that accept connections from addresses behind NAT or
proxies may need to consider these settings.
* sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
* sshd(8): several log messages have changed. In particular, some
log messages will be tagged with as originating from a process
named "sshd-session" rather than "sshd".
* ssh-keyscan(1): this tool previously emitted comment lines
containing the hostname and SSH protocol banner to standard error.
This release now emits them to standard output, but adds a new
"-q" flag to silence them altogether.
* sshd(8): (portable OpenSSH only) sshd will no longer use argv[0]
as the PAM service name. A new "PAMServiceName" sshd_config(5)
directive allows selecting the service name at runtime. This
defaults to "sshd". bz2101
* (portable OpenSSH only) Automatically-generated files, such as
configure, config.h.in, etc will now be checked in to the portable
OpenSSH git release branch (e.g. V_9_8). This should ensure that
the contents of the signed release branch exactly match the
contents of the signed release tarball.
Changes since OpenSSH 9.7
=========================
This release contains mostly bugfixes.
New features
------------
* sshd(8): as described above, sshd(8) will now penalise client
addresses that, for various reasons, do not successfully complete
authentication. This feature is controlled by a new sshd_config(5)
PerSourcePenalties option and is on by default.
sshd(8) will now identify situations where the session did not
authenticate as expected. These conditions include when the client
repeatedly attempted authentication unsucessfully (possibly
indicating an attack against one or more accounts, e.g. password
guessing), or when client behaviour caused sshd to crash (possibly
indicating attempts to exploit bugs in sshd).
When such a condition is observed, sshd will record a penalty of
some duration (e.g. 30 seconds) against the client's address. If
this time is above a minimum configurable threshold, then all
connections from the client address will be refused (along with any
others in the same PerSourceNetBlockSize CIDR range) until the
penalty expire.
Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. Address ranges may be
fully exempted from penalties, e.g. to guarantee access from a set
of trusted management addresses, using the new sshd_config(5)
PerSourcePenaltyExemptList option.
We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself. This option is enabled by default.
* ssh(8): allow the HostkeyAlgorithms directive to disable the
implicit fallback from certificate host key to plain host keys.
Bugfixes
--------
* misc: fix a number of inaccuracies in the PROTOCOL.*
documentation files. GHPR430 GHPR487
* all: switch to strtonum(3) for more robust integer parsing in most
places.
* ssh(1), sshd(8): correctly restore sigprocmask around ppoll()
* ssh-keysign(8): stricter validation of messaging socket fd GHPR492
* sftp(1): flush stdout after writing "sftp>" prompt when not using
editline. GHPR480
* sftp-server(8): fix home-directory extension implementation, it
previously always returned the current user's home directory
contrary to the spec. GHPR477
* ssh-keyscan(1): do not close stdin to prevent error messages when
stdin is read multiple times. E.g.
echo localhost | ssh-keyscan -f - -f -
* regression tests: fix rekey test that was testing the same KEX
algorithm repeatedly instead of testing all of them. bz3692
* ssh_config(5), sshd_config(5): clarify the KEXAlgorithms directive
documentation, especially around what is supported vs available.
bz3701.
Portability
-----------
* sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
unconditionally. The previous behaviour was to expose it only when
particular authentication methods were in use.
* build: fix OpenSSL ED25519 support detection. An incorrect function
signature in configure.ac previously prevented enabling the recently
added support for ED25519 private keys in PEM PKCS8 format.
* ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
environment variable to enable SSH_ASKPASS, similarly to the X11
DISPLAY environment variable. GHPR479
* build: improve detection of the -fzero-call-used-regs compiler
flag. bz3673.
* build: relax OpenSSL version check to accept all OpenSSL 3.x
versions.
* sshd(8): add support for notifying systemd on server listen and
reload, using a standalone implementation that doesn't depend on
libsystemd. bz2641
(From OE-Core rev: 4e2834f67d32894d1cac5fc9ac5234816765245e)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
