<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-connectivity, branch krogoth</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=krogoth</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=krogoth'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2017-10-16T22:47:12+00:00</updated>
<entry>
<title>wpa_supplicant: fix WPA2 key replay security bug</title>
<updated>2017-10-16T22:47:12+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2017-10-16T22:23:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=54e3f82bd77203c3d578e26c86506e6ef5c27000'/>
<id>urn:sha1:54e3f82bd77203c3d578e26c86506e6ef5c27000</id>
<content type='text'>
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.

* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake

* CVE-2017-13078: reinstallation of the group key in the Four-way handshake

* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake

* CVE-2017-13080: reinstallation of the group key in the Group Key handshake

* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake

* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it

* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake

* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame

* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame

Backport patches from upstream to resolve these CVEs.

(From OE-Core rev: bfa04fa71c47e8fe9528208848cfcec2e232777d)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl.inc: avoid random ptest failures</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Patrick Ohly</name>
<email>patrick.ohly@intel.com</email>
</author>
<published>2016-09-23T13:23:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=dd20601980a8709acddb159000cc8d880dc9e047'/>
<id>urn:sha1:dd20601980a8709acddb159000cc8d880dc9e047</id>
<content type='text'>
"make alltests" is sensitive to the timestamps of the installed
files. Depending on the order in which cp copies files, .o and/or
executables may end up with time stamps older than the source files.
Running tests then triggers recompilation attempts, which typically
will fail because dev tools and files are not installed.

"cp -a" is not enough because the files also have to be newer than
the installed header files. Setting the file time stamps to
the current time explicitly after copying solves the problem because
do_install_ptest_base is guaranteed to run after do_install.

(From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b)

(From OE-Core rev: b309bfa265456cda7269ff67e9df5f5c05a9a5a5)

Signed-off-by: Patrick Ohly &lt;patrick.ohly@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: fix do_configure error when cwd is not in @INC</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Robert Yang</name>
<email>liezhi.yang@windriver.com</email>
</author>
<published>2016-09-20T05:34:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d3c0a560a8d82e7a3ec03410a1a5e83eaa6fdbf2'/>
<id>urn:sha1:d3c0a560a8d82e7a3ec03410a1a5e83eaa6fdbf2</id>
<content type='text'>
Fixed when building on Debian-testing:
| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.

(From OE-Core rev: c28065671b582c140d5971c73791d2ac8bdebe69)

(From OE-Core rev: d0500320747608783b41f0035bf962b877a6a1c0)

Signed-off-by: Robert Yang &lt;liezhi.yang@windriver.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;

fixed merge conflict
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Security fix CVE-2016-2177</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster@mvista.com</email>
</author>
<published>2016-07-16T23:04:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=62685cbff555adfffa1e059ce2fba61ca4caee45'/>
<id>urn:sha1:62685cbff555adfffa1e059ce2fba61ca4caee45</id>
<content type='text'>
Affects openssl &lt;= 1.0.2h
CVSS v2 Base Score: 7.5 HIGH

(From OE-Core rev: 2848c7d3e454cbc84cba9183f23ccdf3e9200ec9)

(From OE-Core rev: 217d245bdb7b19f92fa5f6f93c371094353d6da6)

Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;

fixed merge conflicts
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: prevent warnings from openssl-c_rehash.sh</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Joshua Lock</name>
<email>joshua.g.lock@intel.com</email>
</author>
<published>2016-06-22T10:22:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3d9f6dc16397e5c71a9b53555aa0d119bd0ab093'/>
<id>urn:sha1:3d9f6dc16397e5c71a9b53555aa0d119bd0ab093</id>
<content type='text'>
The openssl-c_rehash.sh script reports duplicate files and files which
don't contain a certificate or CRL by echoing a WARNING to stdout.
This warning gets picked up by the log checker during rootfs and results
in several warnings getting reported to the console during an image build.

To prevent the log from being overrun by warnings related to certificates
change these messages in openssl-c_rehash.sh to be prefixed with NOTE not
WARNING.

(From OE-Core rev: 88c25318db9f8091719b317bacd636b03d50a411)

(From OE-Core rev: c270ebf9235c5414de1bf80ff40253f5a98dca2a)

Signed-off-by: Joshua Lock &lt;joshua.g.lock@intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Ensure SSL certificates are stored on sysconfdir</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Otavio Salvador</name>
<email>otavio@ossystems.com.br</email>
</author>
<published>2016-05-23T20:45:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8aea6ad597063fce98aefdd0b13cd834b718247a'/>
<id>urn:sha1:8aea6ad597063fce98aefdd0b13cd834b718247a</id>
<content type='text'>
Debian and other generic distributions has moved the certificates for
sysconfdir (/etc/ssl) and made the libdir content to link for it.

This provides several advantages specially for read-only
rootfs. Another benefit is that it ensures foreign implementations
(e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
the certificates) to find the content correctly.

(From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)

(From OE-Core rev: 735f4528b5046024f118658cda8ee340ff8aa082)

Signed-off-by: Otavio Salvador &lt;otavio@ossystems.com.br&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Add Shell-Script based c_rehash utility</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Otavio Salvador</name>
<email>otavio@ossystems.com.br</email>
</author>
<published>2016-05-23T20:45:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=051883f8776c895841f6d274e81b3f9691ca4b3a'/>
<id>urn:sha1:051883f8776c895841f6d274e81b3f9691ca4b3a</id>
<content type='text'>
The PLD Linux distribution has ported the c_rehash[1] utility from Perl
to Shell-Script, allowing it to be shipped by default.

1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761

The OpenSSL upstream intends[2] to convert the utility for C however
did not yet finished the conversion.

2. https://rt.openssl.org/Ticket/Display.html?id=2324

This patch adds this script and thus removed the Perl requirement for
it.

(From OE-Core rev: cb6150f1a779e356f120d5e45c91fda75789970a)

(From OE-Core rev: 9ae6e105bb689faf004f60bb4f9f0ea56e3b8fde)

Signed-off-by: Otavio Salvador &lt;otavio@ossystems.com.br&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: fix add missing dependencies building for test directory</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2016-08-19T10:51:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0c78f81485a6993f2123a88ebb7b0a76e09e8632'/>
<id>urn:sha1:0c78f81485a6993f2123a88ebb7b0a76e09e8632</id>
<content type='text'>
Regarding the last commit about missing dependencies, another issue
was found. The problem was found, while ptest has been built with some
set extra settings. It means, when ptest is going to be built,
it is necessary to rebuild dependencies for test directory too.

(From OE-Core rev: 030142d0410bec85aeacfff6be27d5fed41ce808)

(From OE-Core rev: 28419a4e9ad9430e477c1eb7f2a2d1f328bcacaf)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Pascal Bach &lt;pascal.bach@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: fix add missing `make depend` command before `make` library</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2016-08-05T11:16:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=98f3e83884421fa8a51d07a149603454faa2b0f9'/>
<id>urn:sha1:98f3e83884421fa8a51d07a149603454faa2b0f9</id>
<content type='text'>
Settings from EXTRA_OECONF like en/disable no-ssl3, are transferred
only into DEPFLAGS. It means that settings have no effect on output files.
DEPFLAGS will be transferred into output files with make depend command.

https://wiki.openssl.org/index.php/Compilation_and_Installation#Dependencies

(From OE-Core rev: e3c251427a305780d3257a011260bd978de273d5)

(From OE-Core rev: 11c388226399ec703f4f67ae7cf11c1e4e332710)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Pascal Bach &lt;pascal.bach@siemens.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Fix MIPS64be and add MIPS64le</title>
<updated>2017-05-18T12:14:22+00:00</updated>
<author>
<name>Zubair Lutfullah Kakakhel</name>
<email>Zubair.Kakakhel@imgtec.com</email>
</author>
<published>2016-09-14T16:53:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=819f7c3d038e19cc022a882955ea3eb9a7e6590e'/>
<id>urn:sha1:819f7c3d038e19cc022a882955ea3eb9a7e6590e</id>
<content type='text'>
MIPS64 target was being configured for linux-mips which defaults to
MIPS32. Doesn't cause any issue as far as I can see but it would be
wiser to use the correct target configuration.

Also add MIPS64le configuration which is missing.

(From OE-Core rev: 0afec72913bc31d315cba079da317e8b28755ded)

(From OE-Core rev: e2b2fbe05fe97a512265d9978011650415e1589a)

Signed-off-by: Zubair Lutfullah Kakakhel &lt;Zubair.Kakakhel@imgtec.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
