linux/meta-openembedded.git/meta-networking, branch warrior

tcpdump: Delete unused patch

2019-10-19T15:25:27+00:00

Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch" since it is not used in the tcpdump recipe anymore. Signed-off-by: Peiran Hong Signed-off-by: Khem Raj (cherry picked from commit 01b55a8a552d460acbe3673268733a78b47c5c03) Signed-off-by: Armin Kuster

tcpdump: upgrade 4.9.2 -> 4.9.3

2019-10-19T15:23:16+00:00

This upgrade adds some new features and fixes numerous bugs including the following CVEs: CVE: CVE-2017-16808 (AoE) CVE: CVE-2018-14468 (FrameRelay) CVE: CVE-2018-14469 (IKEv1) CVE: CVE-2018-14470 (BABEL) CVE: CVE-2018-14466 (AFS/RX) CVE: CVE-2018-14461 (LDP) CVE: CVE-2018-14462 (ICMP) CVE: CVE-2018-14465 (RSVP) CVE: CVE-2018-14881 (BGP) CVE: CVE-2018-14464 (LMP) CVE: CVE-2018-14463 (VRRP) CVE: CVE-2018-14467 (BGP) CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) CVE: CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled) CVE: CVE-2018-14880 (OSPF6) CVE: CVE-2018-16451 (SMB) CVE: CVE-2018-14882 (RPL) CVE: CVE-2018-16227 (802.11) CVE: CVE-2018-16229 (DCCP) CVE: CVE-2018-16301 (was fixed in libpcap) CVE: CVE-2018-16230 (BGP) CVE: CVE-2018-16452 (SMB) CVE: CVE-2018-16300 (BGP) CVE: CVE-2018-16228 (HNCP) CVE: CVE-2019-15166 (LMP) CVE: CVE-2019-15167 (VRRP) CVE: CVE-2018-14879 (tcpdump -V) Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch" since the fix is included in the upgrade. Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch", "unnecessary-to-check-libpcap.patch", and "add-ptest.path" since the upgrade renamed configure.in to configure.ac and made changes to the file. Added PACKAGECONFIG for smb. It is disabled by default in the upgraded version in both the package's configure script and this bitbake recipe since it is insecure. Modified the parsing of ptest result to align with the new output format. With core-image-minimal on qemux86-64/kvm: Recipe | Passed | Failed | Skipped | Time(s) Before | 408 | 0 | 2 | 4 After | 431 | 11 | 2 | 10 11 test failed after the upgrade since libpcap is not upgraded alongside with tcpdump. Signed-off-by: Peiran Hong Signed-off-by: Khem Raj (cherry picked from commit 71535e2f0ea76d39d2911e022905ec8ee9843872) [Upgrade is a resonable path do to the # of patches needed to address all this issues] Signed-off-by: Armin Kuster

tcpdump: Fix CVE-2017-16808

2019-10-05T14:45:13+00:00

Backport selected parts of three upstream commits to fix CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read. Upstream-Status: Backport [ several ] Upstream commits fully backported: 46aead6 [CVE-2017-16808/AoE: Add a missing bounds check] Upstream commits partially backported: 7068209 [Use nd_ types in 802.x and FDDI headers.] 84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)] 46aead6 fixes the vulnerability and requires two macros defined in 7068209 and 84ef17a, which are committed after the release of 4.9.2. Only the definition of the macros are taken from the two commits as they impact a wide range of code and are difficult to integrate. CVE: CVE-2017-16808 Signed-off-by: Peiran Hong Signed-off-by: Khem Raj (cherry picked from commit 62fc26075afc2d56a73777aad753a643fbdafbfa) Signed-off-by: Armin Kuster

wireshark: upgrade 3.0.2 -> 3.0.3

2019-09-04T16:26:25+00:00

Signed-off-by: Zang Ruochen Signed-off-by: Khem Raj (cherry picked from commit 05250418cb48699c555ee111b84603641ab34edd) Signed-off-by: Armin Kuster

wireshark: upgrade 3.0.1 -> 3.0.2

2019-09-04T16:26:10+00:00

-Upgrade from wireshark_3.0.1.bb to wireshark_3.0.2.bb. Signed-off-by: Zang Ruochen Signed-off-by: Khem Raj (cherry picked from commit b3a2ad2060dd0980e2a33bb0e6fd618a4a22ebf8) Signed-off-by: Armin Kuster

wireshark: Use an upstream URL that stays valid longer

2019-09-03T02:39:52+00:00

Signed-off-by: Adrian Bunk Signed-off-by: Khem Raj Signed-off-by: Armin Kuster

freeradius: add runtime dependency on perl

2019-09-03T02:39:45+00:00

* fixes: ERROR: QA Issue: /usr/bin/radcrypt contained in package freeradius-utils requires /usr/bin/perl, but no providers found in RDEPENDS_freeradius-utils? [file-rdeps] Signed-off-by: Martin Jansa Signed-off-by: Khem Raj Signed-off-by: Armin Kuster

ntop: fix missing return from non-void function

2019-09-03T02:39:29+00:00

Signed-off-by: Martin Jansa Signed-off-by: Khem Raj Signed-off-by: Armin Kuster

net-snmp: update SRC_URI

2019-09-03T02:39:29+00:00

Replace source zip ball with tarball for net-snmp to avoid zip bomb issue. Signed-off-by: Kai Kang Signed-off-by: Khem Raj Signed-off-by: Armin Kuster

openvpn: respect pid file in init.d service start

2019-09-03T02:39:29+00:00

openvpn only provides options to update a pid file but not to check it for running processes. Consecutive issued start commands therefore lead to multiple running processes with the same configurations, which is the origin of all kinds of problems of which unnecessary resource usage is the least. Using start-stop-daemon the pid file is inspected for running processes before start. Signed-off-by: Fabian Klemp Signed-off-by: Khem Raj Signed-off-by: Armin Kuster