linux/poky.git/meta/recipes-connectivity, branch yocto-2.5Mirror of git.yoctoproject.org/pokyhttps://git.enea.com/cgit/linux/poky.git/atom?h=yocto-2.52018-04-20T07:12:16+00:00openssh: disable ciphers not supported by OpenSSL DES2018-04-20T07:12:16+00:00Hongxu Jiahongxu.jia@windriver.com2018-04-18T14:32:54+00:00urn:sha1:06f4699036f453f5c942599466054580c4389ead
While compiling openssl with option `no-des', it caused the openssh
build failure
...
cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function);
...
OpenSSL configured that way defines OPENSSL_NO_DES to disable des
(From OE-Core rev: 08a5cda85594fca8b352841a26131bfac39c8417)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dhcp: Security Advisory - CVE-2017-31442018-04-13T15:58:07+00:00Yue TaoYue.Tao@windriver.com2018-04-11T00:21:18+00:00urn:sha1:f91523b22ffe3e8662d24fcdcd9fdde62b9485c4
Fix CVE-2017-3144
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144
https://kb.isc.org/article/AA-01541
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4
(From OE-Core rev: bcbe9025560dee658c0ead566384e1a8647cebf9)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: update 1.1.0g -> 1.1.0h2018-03-29T23:31:18+00:00Alexander Kanavinalexander.kanavin@linux.intel.com2018-03-28T12:43:08+00:00urn:sha1:81407cf84e0d4045c004ed2d43664d3cfc507283
Please see this security advisory:
https://www.openssl.org/news/secadv/20180327.txt
Remove 0001-Remove-test-that-requires-running-as-non-root.patch
(issue fixed upstream)
Remove 0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
(backport)
License-Update: copyright years
(From OE-Core rev: 96d5e9c186fb83f1b5d9b38ace0b1222c3c04c54)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: update 1.0.2n -> 1.0.2o2018-03-29T23:31:18+00:00Alexander Kanavinalexander.kanavin@linux.intel.com2018-03-28T12:43:07+00:00urn:sha1:51088f1bcd9a62068f63cc00b1a9920c15488867
Please see this security advisory:
https://www.openssl.org/news/secadv/20180327.txt
License-Update: copyright years
(From OE-Core rev: 13542282e34c078296c46a98721b31ed9a69a980)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: fix libdir logic to allow multiarch style paths2018-03-15T13:27:19+00:00Koen Kooikoen@dominion.thruhere.net2018-03-09T10:55:14+00:00urn:sha1:4712f75761ed093b03262a928539deb33470ae90
The recipes were using 'basename' to turn '/usr/lib' into 'lib', which breaks when libdir is '/usr/lib/tuple', leading to libraries ending up in '/usr/tuple', which isn't in FILES_*. Change the logic to use sed to strip the prefix instead.
(From OE-Core rev: e58d5521c7bae8daafdac85754545be176550a02)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta: remove some EXCLUDE_FROM_WORLD assignments2018-03-15T13:27:19+00:00Ross Burtonross.burton@intel.com2018-03-12T16:38:57+00:00urn:sha1:a5c274b4511636870d1955d79b0eb2e94a966597
Now that we have recipe-specific-sysroots we don't need to exclude recipes from
world builds because they conflict with other recipes, as they'll all be built
with their own sysroots.
(From OE-Core rev: b2f3ac4d994a1921791f6bd0cdb3591586733694)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
iproute2: fix rebuild failures2018-03-15T13:27:19+00:00Trevor Woernertwoerner@gmail.com2018-03-12T15:22:33+00:00urn:sha1:960b58eae324bc61c0763b336be10df24c00c7a1
When rebuilding iproute2, many such instances of the following build failure
occur:
| make[1]: Entering directory '.../iproute2/4.14.1-r0/iproute2-4.14.1/lib'
| Makefile:1: ../config.mk: No such file or directory
| make[1]: *** No rule to make target '../config.mk'. Stop.
(From OE-Core rev: f2e56f6e0da27c70781e51b5486ca6c731013f1c)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl_1.0.2n: improve reproducibility2018-03-15T13:27:18+00:00Juro Bystrickyjuro.bystricky@intel.com2018-03-10T19:27:29+00:00urn:sha1:459f177c9e8f888e93663e1fddb16bb499ee9a0b
Improve reproducible build of:
openssl-staticdev
openssl-dbg
libcrypto
There are two main causes that prevent reproducible build, both related to
the generated file "buildinf.h":
1. "buildinf.h" contains build host CFLAGS, containing various build
host references. We need to pass sanitized CFLAGS to the script
generating this file ("mkbuildinf.pl". )
2. We also need to modify the script "mkbuildinf.pl" itsel in order to
generate a build timestamp based on SOURCE_DATE_EPOCH, if present in
the environment.
(From OE-Core rev: 6c556ed3553d8f5e75d65cd7db92b26df43846b7)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: drop openssl-1.0.2a-x32-asm.patch2018-03-11T13:27:00+00:00Alexander Kanavinalexander.kanavin@linux.intel.com2018-03-09T18:55:45+00:00urn:sha1:60681b118a88fdbc6d231e93463bdd60cdfdf8e5
The patch was applied in a completely incorrect spot (due to fuzz),
no one noticed or complained. Meanwhile upstream says the issue
has been resolved differently:
https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
(From OE-Core rev: 325e516b59e677dc8e2c5756589fa8037b3e9392)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: refresh patches2018-03-11T13:27:00+00:00Ross Burtonross.burton@intel.com2018-03-09T18:55:44+00:00urn:sha1:5a78036d08b2c3255ad5ccd1bfb4080e13c9f317
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 7baba7a19c5610a63ccbfd6a2238667772b32118)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>