openembedded-core.git/meta/recipes-connectivity, branch 2016-10 Mirror of openembedded-core bind: fix two CVEs 2016-10-15T08:58:56+00:00 Zheng Ruoqin zhengrq.fnst@cn.fujitsu.com 2016-10-14T14:11:04+00:00 5f4588d675e400f13bb6001df04790c867a95230 Add two CVE patches from upstream git: https://www.isc.org/git/ 1.CVE-2016-2775.patch 2.CVE-2016-2776.patch Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Add two CVE patches from upstream
git: https://www.isc.org/git/

1.CVE-2016-2775.patch
2.CVE-2016-2776.patch

Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
ppp: fix building with linux-4.8 2016-10-15T08:57:09+00:00 Jackie Huang jackie.huang@windriver.com 2016-10-14T00:50:11+00:00 68e917aa778742da104c038a6e1ffa789fe95410 Fix a build error when using the linux-4.8 headers that results in: In file included from pppoe.h:87:0, from plugin.c:29: ../usr/include/netinet/in.h:211:8: note: originally defined here struct in6_addr ^~~~~~~~ In file included from ../usr/include/linux/if_pppol2tp.h:20:0, from ../usr/include/linux/if_pppox.h:26, from plugin.c:52: ../usr/include/linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6' struct sockaddr_in6 { ^~~~~~~~~~~~ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Fix a build error when using the linux-4.8 headers that results in:

In file included from pppoe.h:87:0,
                 from plugin.c:29:
../usr/include/netinet/in.h:211:8: note: originally defined here
 struct in6_addr
        ^~~~~~~~
In file included from ../usr/include/linux/if_pppol2tp.h:20:0,
                 from ../usr/include/linux/if_pppox.h:26,
                 from plugin.c:52:
../usr/include/linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6'
 struct sockaddr_in6 {
        ^~~~~~~~~~~~

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Revert "connman-gnome: StatusIcon adapts to size changes" 2016-10-04T23:12:43+00:00 Jussi Kukkonen jussi.kukkonen@intel.com 2016-10-04T11:27:25+00:00 82a34a770ad36fb370fff4dca66956fb47f1140c The aim of the original commit was to make connman-gnome load the icons at the exact size of the systray. There are two problems with this: * There are not enough icon sizes provided to make the scaling look good at most sizes (including current panel size) * Both connman-gnome and mb-panel have bugs in the icon size update code and using scaling to exact size makes these much more visible (See bug 9995 for example). The problems the original commit tried to fix can be worked around with better packing in matchbox-panel-2. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The aim of the original commit was to make connman-gnome load the icons
at the exact size of the systray. There are two problems with this:
* There are not enough icon sizes provided to make the scaling
  look good at most sizes (including current panel size)
* Both connman-gnome and mb-panel have bugs in the icon size update
  code and using scaling to exact size makes these much more visible
  (See bug 9995 for example).

The problems the original commit tried to fix can be worked around
with better packing in matchbox-panel-2.

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: Upgrade 1.0.2i -> 1.0.2j 2016-09-28T09:15:54+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-09-27T17:10:14+00:00 ee590ac736ca2a378605fa1272a1c57a1dbc7a57 Deals with a CVE issue Drops a patch applied upstream and no longer needed. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Deals with a CVE issue
Drops a patch applied upstream and no longer needed.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl.inc: avoid random ptest failures 2016-09-23T17:06:10+00:00 Patrick Ohly patrick.ohly@intel.com 2016-09-23T13:23:20+00:00 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b "make alltests" is sensitive to the timestamps of the installed files. Depending on the order in which cp copies files, .o and/or executables may end up with time stamps older than the source files. Running tests then triggers recompilation attempts, which typically will fail because dev tools and files are not installed. "cp -a" is not enough because the files also have to be newer than the installed header files. Setting the file time stamps to the current time explicitly after copying solves the problem because do_install_ptest_base is guaranteed to run after do_install. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
"make alltests" is sensitive to the timestamps of the installed
files. Depending on the order in which cp copies files, .o and/or
executables may end up with time stamps older than the source files.
Running tests then triggers recompilation attempts, which typically
will fail because dev tools and files are not installed.

"cp -a" is not enough because the files also have to be newer than
the installed header files. Setting the file time stamps to
the current time explicitly after copying solves the problem because
do_install_ptest_base is guaranteed to run after do_install.

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23T17:06:10+00:00 Patrick Ohly patrick.ohly@intel.com 2016-09-23T13:26:05+00:00 d6b69279b5d1370d9c4982d5b1842a471cfd2b0e This update fixes several CVEs: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Of these, only CVE-2016-6304 is considered of high severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were already fixed via local patches, which can be removed now. See https://www.openssl.org/news/secadv/20160922.txt for details. Some patches had to be refreshed and one compile error fix from upstream's OpenSSL_1_0_2-stable was required. The server.pem file is needed for test_dtls. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This update fixes several CVEs:
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)

Of these, only CVE-2016-6304 is considered of high
severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were
already fixed via local patches, which can be removed now.

See https://www.openssl.org/news/secadv/20160922.txt for details.

Some patches had to be refreshed and one compile error fix from
upstream's OpenSSL_1_0_2-stable was required. The server.pem
file is needed for test_dtls.

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bluez5: remove duplicated udev setting from FILES_${PN} 2016-09-23T17:06:10+00:00 Robert Yang liezhi.yang@windriver.com 2016-07-27T07:03:10+00:00 73d138be52c7f7c55ec4ea1cda2d7c8ead85deec bitbake.conf already sets it. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
bitbake.conf already sets it.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
ofono: remove duplicated udev setting from FILES_${PN} 2016-09-23T17:06:10+00:00 Robert Yang liezhi.yang@windriver.com 2016-07-21T09:29:56+00:00 10dbf13c86ce7f10ff84547fee8c4c5f15fe91fb It doesn't have files in udev dir, and bitbake.conf already sets it. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
It doesn't have files in udev dir, and bitbake.conf already sets it.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
wpa_supplicant: Security Advisory-CVE-2016-4477 2016-09-23T13:55:25+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2016-09-22T07:54:27+00:00 d4d4ed5f31c687b2b2b716ff0fb8ca6c7aa29853 Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. Patches came from http://w1.fi/security/2016-1/ Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
wpa_supplicant: Security Advisory-CVE-2016-4476 2016-09-23T13:55:24+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2016-09-22T07:54:20+00:00 ed610b68f7e19644c89d7131e34c990a02403c62 Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. Patches came from http://w1.fi/security/2016-1/ Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>