<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-connectivity, branch pyro-enea</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=pyro-enea</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=pyro-enea'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2018-03-08T18:31:20+00:00</updated>
<entry>
<title>openssh: Atomically generate host keys</title>
<updated>2018-03-08T18:31:20+00:00</updated>
<author>
<name>Joshua Watt</name>
<email>jpewhacker@gmail.com</email>
</author>
<published>2018-02-28T18:30:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ff5bedcaf0a97d30ffa33ae4f090881b0fe2d37a'/>
<id>urn:sha1:ff5bedcaf0a97d30ffa33ae4f090881b0fe2d37a</id>
<content type='text'>
Generating the host keys atomically prevents power interruptions during the
first boot from leaving the key files incomplete, which often prevents users
from being able to ssh into the device.

[YOCTO #11671]

(From OE-Core rev: d532735e608e32ef1f5a7307c344e528e8fa2f01)

Signed-off-by: Joshua Watt &lt;JPEWhacker@gmail.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 43fc3d8e180c168dbe5dd5faa577e69a279bd1bd)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Upgrade from 1.0.2k to 1.0.2n</title>
<updated>2018-03-04T11:11:58+00:00</updated>
<author>
<name>robert_joslyn@selinc.com</name>
<email>robert_joslyn@selinc.com</email>
</author>
<published>2018-02-22T06:29:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=927e4bbe49d78a4e3ade669843cbd4d4a01b53ca'/>
<id>urn:sha1:927e4bbe49d78a4e3ade669843cbd4d4a01b53ca</id>
<content type='text'>
Drop patches already applied upstream. Refresh parallel.patch using
latest version from master.

Remove x86-64 test binaries included in source code for ptest.

License-Update: Updated copyright years and a minor wording change

(From OE-Core rev: 76020de1afc7f7643bc35de2d49bce6da0c7b879)

Signed-off-by: Robert Joslyn &lt;robert_joslyn@selinc.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>portmaper: checkuri fails.</title>
<updated>2018-01-07T17:07:57+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2018-01-06T06:29:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5a12c6ee93df7715d6eb13c7af1e62ffa123f5f2'/>
<id>urn:sha1:5a12c6ee93df7715d6eb13c7af1e62ffa123f5f2</id>
<content type='text'>
ERROR: portmap-6.0-r9 do_checkuri: Fetcher failure for URL: 'http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz'. URL http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz doesn't work

change to fossies

[ Yocto #12453 ]

(From OE-Core rev: 1c98acf52b702a2bc39e20c8a27850c830063bb4)

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250)</title>
<updated>2018-01-07T17:07:57+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2017-09-13T15:59:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=4992fc465d074ca04552080bf45d4efbfd61958e'/>
<id>urn:sha1:4992fc465d074ca04552080bf45d4efbfd61958e</id>
<content type='text'>
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an
information disclosure vulnerability which allows remote attackers to obtain
sensitive information from the bluetoothd process memory. This vulnerability
lies in the processing of SDP search attribute requests.

(From OE-Core rev: d25716ceb3ffcdfcfa54516596bd94bf5c050bac)

(From OE-Core rev: c8f4cd337b9cc5c5c3fc40c6a6d8d2394fdc9ea3)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssh: Fix key generation with systemd</title>
<updated>2017-11-05T22:39:48+00:00</updated>
<author>
<name>Joshua Watt</name>
<email>jpewhacker@gmail.com</email>
</author>
<published>2017-10-06T14:19:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ebb625a140ef67d65dca1b262304377814eb8ed4'/>
<id>urn:sha1:ebb625a140ef67d65dca1b262304377814eb8ed4</id>
<content type='text'>
106b59d9 broke SSH host key generation when systemd and a read-only root file
system are in use because there isn't a way for systemd to get the optional
weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default
value if it is not specified. Instead, move the logic for determining if keys
need to be created to a helper script that both the SysV init script and the
systemd unit file can reference.

This does mean that the systemd unit file can't check for file existence to
know if it should start the service, but it wasn't able to do that correctly
anyway anymore. This should be a problem since the serivce is only run once per
power cycle by systemd, and should exit quickly if the keys already exist

(From OE-Core rev: 73f1397d86f33abace089cc9a28e859b47bb7b6c)

Signed-off-by: Joshua Watt &lt;JPEWhacker@gmail.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;

(cherry picked from commit 7e49c5879862253ae1b6a26535d07a2740a95798)
Signed-off-by: André Draszik &lt;adraszik@tycoint.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssh: allow to override OpenSSL HostKeys when read-only-rootfs</title>
<updated>2017-11-05T22:39:47+00:00</updated>
<author>
<name>André Draszik</name>
<email>adraszik@tycoint.com</email>
</author>
<published>2017-10-06T12:12:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=28b8850356cb6325e0ef8cf5ed83e20a22044a9e'/>
<id>urn:sha1:28b8850356cb6325e0ef8cf5ed83e20a22044a9e</id>
<content type='text'>
With these changes it is possible to have a .bbappend that
- sets SYSCONFDIR to some persistent storage
- modifies SYSCONFDIR/sshd_config to use ssh host keys from
  the (writable) sysconfdir

(From OE-Core rev: 79c7c8342859306750f0af17210a183fdc543caf)

Signed-off-by: André Draszik &lt;adraszik@tycoint.com&gt;
Reviewed-by: Stephane Ayotte &lt;sayotte@tycoint.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;

(cherry picked from commit 106b59d9f96f70d133fa1421091ad280d27a5b6a)
Signed-off-by: André Draszik &lt;adraszik@tycoint.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>wpa_supplicant: fix WPA2 key replay security bug</title>
<updated>2017-10-16T22:47:01+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2017-10-16T18:52:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=827eb5b232d54909377e2b18d39d34d6c1c21413'/>
<id>urn:sha1:827eb5b232d54909377e2b18d39d34d6c1c21413</id>
<content type='text'>
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.

* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake

* CVE-2017-13078: reinstallation of the group key in the Four-way handshake

* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake

* CVE-2017-13080: reinstallation of the group key in the Group Key handshake

* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake

* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it

* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake

* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame

* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame

Backport patches from upstream to resolve these CVEs.

(From OE-Core rev: 28d2d47f2a4fc3eb649cf58e82bce0525ab0bc74)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bind: Use correct python interpreter path</title>
<updated>2017-08-31T16:57:12+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2017-08-29T21:21:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3afca26b11f534506f68d50c12ed7a7b72081a9d'/>
<id>urn:sha1:3afca26b11f534506f68d50c12ed7a7b72081a9d</id>
<content type='text'>
The scripts currently reference "python33", fix this so they reference
python3. The move the python3 likely broke these.

(From OE-Core rev: 37a40fead443e211f0947d9d9bf2180d95630485)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Peter Kjellerstedt &lt;peter.kjellerstedt@axis.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>connman: Fix for CVE-2017-12865</title>
<updated>2017-08-30T10:12:30+00:00</updated>
<author>
<name>Sona Sarmadi</name>
<email>sona.sarmadi@enea.com</email>
</author>
<published>2017-08-30T10:10:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5fd01704b96f045d7857af0db86b3487ac66b52f'/>
<id>urn:sha1:5fd01704b96f045d7857af0db86b3487ac66b52f</id>
<content type='text'>
dnsproxy: Fix crash on malformed DNS response
If the response query string is malformed, we might access memory
pass the end of "name" variable in parse_response().

[YOCTO #11959]

(From OE-Core rev: fb3e30e45eea2042fdb0b667cbc2c79ae3f5a1a9)

(From OE-Core rev: cf1099babe7291d6f3f4d30eb503e1736437cfe0)

Signed-off-by: Sona Sarmadi &lt;sona.sarmadi@enea.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Sona Sarmadi &lt;sona.sarmadi@enea.com&gt;

Conflicts:
	meta/recipes-connectivity/connman/connman_1.33.bb
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>wpa-supplicant_2.6.bb: set CVE_PRODUCT to wpa_supplicant</title>
<updated>2017-08-29T10:57:28+00:00</updated>
<author>
<name>Mikko Rapeli</name>
<email>mikko.rapeli@bmw.de</email>
</author>
<published>2017-07-20T13:23:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=90acac9f21e9ec541e20769581a5f18d84db04ee'/>
<id>urn:sha1:90acac9f21e9ec541e20769581a5f18d84db04ee</id>
<content type='text'>
It is used in NVD database CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2015-1863

(From OE-Core rev: cabacf6ad5a2511f6eb93259a81ab14279fd96bb)

Signed-off-by: Mikko Rapeli &lt;mikko.rapeli@bmw.de&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
(cherry picked from commit cc3882ca2fea2c5a8830311eeb7840ae98da9b3c)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
