<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-connectivity, branch pyro-nfvaccess</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=pyro-nfvaccess</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=pyro-nfvaccess'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2017-04-29T10:17:23+00:00</updated>
<entry>
<title>bind: Security fix CVE-2016-6170</title>
<updated>2017-04-29T10:17:23+00:00</updated>
<author>
<name>Yi Zhao</name>
<email>yi.zhao@windriver.com</email>
</author>
<published>2017-04-13T05:48:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8913e94511812c44a9847bb9ea17af2469923187'/>
<id>urn:sha1:8913e94511812c44a9847bb9ea17af2469923187</id>
<content type='text'>
CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and
9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of
service (secondary DNS server crash) via a large AXFR response, and
possibly allows IXFR servers to cause a denial of service (IXFR client
crash) via a large IXFR response and allows remote authenticated users
to cause a denial of service (primary DNS server crash) via a large
UPDATE message.

External References:
https://nvd.nist.gov/vuln/detail/CVE-2016-6170

Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f

(From OE-Core rev: 14abd767349bc868ca59838f1af3aaf17dfe4350)

Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bind: Security fix CVE-2016-8864</title>
<updated>2017-04-29T10:17:23+00:00</updated>
<author>
<name>Yi Zhao</name>
<email>yi.zhao@windriver.com</email>
</author>
<published>2017-04-13T05:48:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e9c8cbdf020296325b275b10e36e5227173339ee'/>
<id>urn:sha1:e9c8cbdf020296325b275b10e36e5227173339ee</id>
<content type='text'>
CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before
9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via a DNAME
record in the answer section of a response to a recursive query,
related to db.c and resolver.c.

External References:
https://nvd.nist.gov/vuln/detail/CVE-2016-8864

Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8

(From OE-Core rev: c06f3a5993c7d63d91840c2a4d5b621e946ef78f)

Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Bump SONAME to match the ABI</title>
<updated>2017-04-21T07:22:09+00:00</updated>
<author>
<name>Jussi Kukkonen</name>
<email>jussi.kukkonen@intel.com</email>
</author>
<published>2017-04-20T13:32:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a59bfd05d15085a3dc5669b47fd19867246c846b'/>
<id>urn:sha1:a59bfd05d15085a3dc5669b47fd19867246c846b</id>
<content type='text'>
Commit 7933fbbc637 "Security fix Drown via 1.0.2g update" included
a version-script change from Debian that was an ABI change. It did
not include the soname change that Debian did so we have been calling
our ABI 1.0.0 but it really matches what others call 1.0.2.

Bump SONAME to match the ABI. In practice this changes both libcrypto
and libssl sonames from 1.0.0 to 1.0.2.

For background: Upstream does not do sonames so these are set by
distros. In this case the ABI changes based on a build time
configuration! Debian took the ABI changing configuration and bumped
soname but e.g. Ubuntu kept the deprecated API and just made it not
work, keeping soname. So both have same version of openssl but support
different ABI (and expose different SONAME).

Fixes [YOCTO #11396].

Thanks to Alexander Larsson et al for detective work.

(From OE-Core rev: 1b430eef7131876bc735c22d66358379b0516821)

Signed-off-by: Jussi Kukkonen &lt;jussi.kukkonen@intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>Revert "openssl: Fix symlink creation"</title>
<updated>2017-04-19T09:18:43+00:00</updated>
<author>
<name>Jussi Kukkonen</name>
<email>jussi.kukkonen@intel.com</email>
</author>
<published>2017-04-18T10:08:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7fe30a5df4ad25275492f241a69553693af1fd3f'/>
<id>urn:sha1:7fe30a5df4ad25275492f241a69553693af1fd3f</id>
<content type='text'>
This reverts commit 991620f3962a9917fa99abb5582f4b72ebd42a3d.

The commit breaks openssl-native (you can no longer generate keys
because it can't find the configuration file). Also the idea that we
would install configuration files normally but then add the symlinks
pointing to them in a postinstall feels wrong.

Fixes [YOCTO #11296]. The bug contains an alternative fix but I'm
sending a revert as I cannot fully understand the motive of the
original patch. See also discussion in
http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135176.html

(From OE-Core rev: b192daef5d1e7f3501c533b92dc75e2d996afc13)

Signed-off-by: Jussi Kukkonen &lt;jussi.kukkonen@intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: fix the reference to native perl in ptests</title>
<updated>2017-04-11T17:10:18+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alexander.kanavin@linux.intel.com</email>
</author>
<published>2017-04-10T19:16:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=124b3ea99b0c45e891dc2f01235e315871756b49'/>
<id>urn:sha1:124b3ea99b0c45e891dc2f01235e315871756b49</id>
<content type='text'>
This was causing a couple of ptest failures.

[YOCTO #10840]

(From OE-Core rev: 2e8e72790d3cc3236b6a785f3e04702e71e1ac3f)

Signed-off-by: Alexander Kanavin &lt;alexander.kanavin@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: add a "openssl10" PROVIDES</title>
<updated>2017-04-01T07:14:57+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alexander.kanavin@linux.intel.com</email>
</author>
<published>2017-03-31T09:31:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=34a7654689ca96ceb6fbe0753d650270189710eb'/>
<id>urn:sha1:34a7654689ca96ceb6fbe0753d650270189710eb</id>
<content type='text'>
In 2.4 development cycle openssl 1.1 will replace openssl 1.0 as the
default openssl version. Openssl 1.0 will stay but will be renamed
to openssl10, and eventually it will be removed (hopefully much
sooner than the official end of support date of Dec 2019, as we do not
want an unsupported openssl version in supported Yocto releases).

There are several recipes that are not API compatible with 1.1; some
of them will eventually be fixed, but others will never be (such as Qt4).
To avoid breaking such recipes when openssl 1.1 is added to oe-core,
let's provide "openssl10" already now and change the recipes to depend
on that where necessary; Qt4 is a particularly pressing issue as it is
causing failures on the autobuilder with my work in progress
openssl 1.1 branch, and so I'm not able to see what else would fail
later in the build process.

(From OE-Core rev: cffc3a88608bd295eb1220fadae56eb4676414df)

Signed-off-by: Alexander Kanavin &lt;alexander.kanavin@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Fix regression when building for thumb2</title>
<updated>2017-03-31T09:10:29+00:00</updated>
<author>
<name>Max Krummenacher</name>
<email>max.oss.09@gmail.com</email>
</author>
<published>2017-03-24T15:01:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=43832aa6c1d542d0be729ec475d1a37ca15d216a'/>
<id>urn:sha1:43832aa6c1d542d0be729ec475d1a37ca15d216a</id>
<content type='text'>
Commit 'c8da8ce openssl: Fix build with clang' introduced a regression.
do_compile fails when building with gcc/thumb2.

Note that I did not test if it still builds with clang.

Prevents the following when building with thumb2:

| ghash-armv4.S: Assembler messages:
| ghash-armv4.S:88: Error: thumb conditional instruction should be in IT block -- `ldrplb r12,[r2,r3]'
| ghash-armv4.S:98: conditional infixes are deprecated in unified syntax
| ghash-armv4.S:98: Error: thumb conditional instruction should be in IT block -- `ldrplb r8,[r0,r3]'
| ghash-armv4.S:105: Error: thumb conditional instruction should be in IT block -- `eorpl r12,r12,r8'
| ghash-armv4.S:107: Error: thumb conditional instruction should be in IT block -- `andpl r14,r12,#0xf0'
| ghash-armv4.S:108: Error: thumb conditional instruction should be in IT block -- `andpl r12,r12,#0x0f'
| ghash-armv4.S:144: conditional infixes are deprecated in unified syntax
| ghash-armv4.S:144: Error: thumb conditional instruction should be in IT block -- `ldrneb r12,[r2,#15]'
| ghash-armv4.S:231: conditional infixes are deprecated in unified syntax
| ghash-armv4.S:231: Error: thumb conditional instruction should be in IT block -- `ldrplb r12,[r0,r3]'
| ghash-armv4.S:248: Error: thumb conditional instruction should be in IT block -- `andpl r14,r12,#0xf0'
| ghash-armv4.S:249: Error: thumb conditional instruction should be in IT block -- `andpl r12,r12,#0x0f'

(From OE-Core rev: 65cfb24033278fd4fb27013d3272394197649ca2)

Signed-off-by: Max Krummenacher &lt;max.krummenacher@toradex.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Fix build with clang</title>
<updated>2017-03-22T11:35:21+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2017-03-20T16:47:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=231fae32d319b7325a38d19cc9681a67f7083dd9'/>
<id>urn:sha1:231fae32d319b7325a38d19cc9681a67f7083dd9</id>
<content type='text'>
(From OE-Core rev: c8da8cec9007f77396f873f1cd56fc78bf83b19a)

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>neard: Fix parallel build issue</title>
<updated>2017-03-21T22:39:17+00:00</updated>
<author>
<name>Jussi Kukkonen</name>
<email>jussi.kukkonen@intel.com</email>
</author>
<published>2017-03-17T13:14:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a1eb378771bcb427a60c56b8bfdbc93948917213'/>
<id>urn:sha1:a1eb378771bcb427a60c56b8bfdbc93948917213</id>
<content type='text'>
This only started showing up now for some reason but it does seem like
a legitimate bug in Makefile.am.

(From OE-Core rev: f43290f6e302dbacf5581d1fe1c6c991dd387779)

Signed-off-by: Jussi Kukkonen &lt;jussi.kukkonen@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Disable make's -e flag without breaking ${AR}</title>
<updated>2017-03-17T16:53:05+00:00</updated>
<author>
<name>Olof Johansson</name>
<email>olof.johansson@axis.com</email>
</author>
<published>2017-03-11T05:28:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8f1d763adc0f283a0c3f2fb7247c14b0777cfbd9'/>
<id>urn:sha1:8f1d763adc0f283a0c3f2fb7247c14b0777cfbd9</id>
<content type='text'>
The OpenSSL recipe tried to workaround the -e make flag (overriding
variables from the environment). And when the -e flag was dropped as
the global default, it was specifically added for OpenSSL. This is
unnecessary, as only the value of ${AR} seems to be affected, and that
can be handled correctly by OpenSSL's build system if we just let it.

(From OE-Core rev: 537a404cfbb811fcb526cdb5f2e059257de6ef13)

Signed-off-by: Olof Johansson &lt;olof.johansson@axis.com&gt;
Signed-off-by: Peter Kjellerstedt &lt;peter.kjellerstedt@axis.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
