summaryrefslogtreecommitdiff
path: root/meta/recipes-connectivity
AgeCommit message (Collapse)AuthorFiles
2016-03-24bind: /var/cache/bindJoe Slater1
Change the ownership of /var/cache/bind to bind rather than root. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20dhcpd: create dhcpd user for dhcp dameonAlexandru Moise2
This patch enables the functionality for dhcpd service to be started with dhcp uid and gid. Test steps: Step 1: Assign ip to interface ifconfig eth0 192.168.1.1 Step 2: Edit /etc/dhcp/dhcpd.conf: default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; subnet 192.168.1.0 netmask 255.255.255.0 { option broadcast-address 192.168.1.255; range 192.168.1.88 192.168.1.88; option routers 192.168.1.0; } Step 3: Edit /etc/default/dhcp-server: INTERFACES="eth0" Step 4: Check uid and gid of running dhcpd process $ ps -eo user:19,group:19,cmd | grep dhcpd dhcp dhcp /usr/sbin/dhcpd eth0 -user dhcp -group dhcp Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20bluez5: allow D-Bus to spawn obexd in systems without systemdJavier Viguera2
This includes a proper D-Bus service file for obexd in systems that do not support systemd. Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20socat: Access c_ispeed and c_ospeed via APIsKhem Raj2
make it more portable across libc implementations Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20openssl: don't move libcrypto to base_libdirChen Qi1
For now, if 'openssl' is enabled for ntp, ntp would still be built without openssl & libcrypto. This is because that ntp thinks openssl and libcrypto locates under the same directory. This patch removes the codes of moving libcrypto to base_libdir. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20dhcp: enable gentle shutdownChen Qi2
For now, `systemctl stop dhcpd' cannot stop dhcpd correctly, the SIGTERM signal would time out, causing a SIGKILL signal sent to dhcpd. Patch site.h to enable gentle shutdown to so that dhcpd could be stopped by SIGTERM. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-12avahi: enable gobject-introspectionAlexander Kanavin2
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-12avahi-ui: remove the dependency on python-pygtk by disabling avahi-discoverAlexander Kanavin1
python-pygtk is removed in a separate commit; the reasons for that are explained in that commit's message. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-09avahi-ui: add dbus to PACKAGECONFIGRoss Burton1
Now that avahi has a dbus PACKAGECONFIG we need to ensure it's enabled as otherwise the avahi-ui module won't build. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-09avahi: add missing intltool-native build dependencyRoss Burton1
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-09avahi: make dbus optional but defaultJens Rehsack1
Since do_install fails when dbus is removed by .bbappend, add packageconfig to allow users to get rid of desktop ipc helper dbus. Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-06openssl: add a patch to fix parallel buildsRoss Burton2
Apply a patch taken from Gentoo to hopefully fix the remaining parallel make races. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-03openssl: Security fix Drown via 1.0.2g updateArmin Kuster3
CVE-2016-0800 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 https://www.openssl.org/news/secadv/20160301.txt Updated 2 debian patches to match changes in 1.0.2g Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-02dhcp: CVE-2015-8605Mariano Lopez2
ISC DHCP allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-18avahi: update to version 0.6.32Maxin B. John9
0.6.31 -> 0.6.32 a. Switched to the new repository hosted in github. b. Removed the following Upstreamed/Backported patches 1. 0001-Don-t-log-warnings-about-invalid-packets-Fixes-lathi.patch 2. 0001-avahi-fix-avahi-status-command-error-prompt.patch 3. avahi_fix_install_issue.patch 4. fix_for_automake_1.12.x.patch 5. out-of-tree.patch 6. reuseport-check.patch c. Added UPSTREAM_CHECK_URI [YOCTO #7553] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-18nfs-utils: bugfix: adjust name of statd service unitUlrich Ölmann2
Upstream nfs-utils use 'rpc-statd.service' and Yocto introduced 'nfs-statd.service' instead but forgot to update the mount.nfs helper 'start-statd' accordingly. Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-18socat: Fix build with muslKhem Raj2
NETDB_INTERNAL is a glibc define Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-11iproute2: update to version 4.4.0Maxin B. John1
4.3.0 -> 4.4.0 a) Added iproute2-fix-building-with-musl.patch to fix build with musl. b) Include below listed utilities that are not yet enabled/packaged in the iproute2 recipe: 1. lnstat 2. ifstat 3. genl 4. rtacct 5. nstat 6. ss Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-11iproute2: update to version 4.4.0Maxin B. John2
4.3.0 -> 4.4.0 Added iproute2-fix-building-with-musl.patch to fix build with musl. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-11openssh: Properly skip ptrace test if tools are missingJussi Kukkonen1
Without the exit there will be a SKIP and a FAIL for the same test. Also fix typo in a message. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-11openssh: Fix regex that sets sftp-server path for testsJussi Kukkonen1
[YOCTO #9049] Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-11wpa-supplicant: Only depend on libgcrypt when neededJussi Kukkonen1
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-06openssl.inc: drop obsolete mtx-1 and mtx-2 over-ridesAndre McCurdy1
Machine specific over-rides for mtx-1 (aka MeshCube) and mtx-2 (aka SurfBox 2nd generation) don't belong in oe-core. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-04socat: upgrade to 1.7.3.1Ross Burton1
This fixes Socat Security Advisory 7 (MSVR-1499) and 8. [ YOCTO #9024 ] Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-02openssl: Explicitly set EXTRA_OEMAKE as requiredMike Crowe1
The openssl recipe currently relies on EXTRA_OEMAKE having been set to "-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this explicit so that the default in bitbake.conf can be changed. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-02libnss-mdns: Check for nss.h before usingKhem Raj2
nss.h is not available on all libcs so check for it and if its not there provide the needed data types. Fixed buil with musl ../../nss-mdns-0.10/src/nss.c:32:17: fatal error: nss.h: No such file or directory compilation terminated. make[2]: *** [libnss_mdns4_la-nss.lo] Error 1 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-29openssl: update 1.0.2e -> 1.0.2f ( CVE-2016-0701 CVE-2015-3197 )Andre McCurdy1
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] o DH small subgroups (CVE-2016-0701) o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) Updated LICENSE hash due to change in copyright year. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-29connman: fix crash with iptables 1.6Maxin B. John2
The struct of xtables_globals has been modified in iptables 1.6. If connman runs with iptables 1.6, it can crash. Program received signal SIGSEGV, Segmentation fault. 0x00000000 in ?? () 0xb7dea89c in xtables_find_target () from /usr/lib/libxtables.so.11 0xb7deac1c in ?? () from /usr/lib/libxtables.so.11 0xb7dea793 in xtables_find_target () from /usr/lib/libxtables.so.11 The the missing function item of xtables is added to xtables_globals. It can fix the above issue. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-29connman: tidy up connman-conf usageJoshua Lock1
connman-conf is now a systemd oneshot and therefore doesn't need to be sed'ed in to the ConnMan service file. Note: this doesn't affect sysvinit where we provide a ConnMan init script which checks for the presence of the wired-networking script and, if it exists, executes it as part of the connman init. [YOCTO #8399] Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-29connman-conf: convert to systemd oneshotJoshua Lock2
Install a oneshot unit file that is started before ConnMan to configure a wired network inteface with the wired-setup script, rather than requiring this script to be manually run some how. Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-26meta: fix capitalisation in Upstream-StatusRoss Burton1
Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-26avahi: Add patch to fix Win10 mDNS issuesbmouring@ni.com2
Windows 10 will respond to mDNS messages when it really shouldn't, resulting in a lot of logging. Pulling the change from avahi upstream. This will be fixed in avahi 0.6.32 External References: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1342400 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794145 https://bugzilla.redhat.com/show_bug.cgi?id=1240711 https://social.technet.microsoft.com/Forums/en-US/b334e797-ef80-4525-b74a-b4830420a14e/windows-10-spams-network-with-invalid-mdns-response-packets?forum=win10itpronetworking Signed-off-by: Brad Mouring <brad.mouring@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-26bind: update to 9.10.3-P3Derek Straka1
Addresses CVE-2015-8704 and CVE-2015-8705 CVE-2015-8704 Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record CVE-2015-8705: When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option [YOCTO 8966] References: https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-22portmap: Point to tirpc headers and libraries on muslKhem Raj1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2016-01-22nfs-utils: Disable tcp-wrappers for muslKhem Raj1
Doesnt build with musl Signed-off-by: Khem Raj <raj.khem@gmail.com>
2016-01-22irda-utils: Fix header inclusionsKhem Raj2
Helps compile with musl Signed-off-by: Khem Raj <raj.khem@gmail.com>
2016-01-22iproute2: Fix build with muslKhem Raj2
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2016-01-22connman: include config.h for HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDRKhem Raj1
We now check at configure time of libc has pktinfo struct Signed-off-by: Khem Raj <raj.khem@gmail.com>
2016-01-22ppp: Fix build with muslKhem Raj2
Therer are assumptions about glibc headers and features which needs to be addressed for musl Signed-off-by: Khem Raj <raj.khem@gmail.com>
2016-01-17openssh: CVE-2016-1907Armin Kuster4
This issue requires three commits: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-17connman: upgrade to 1.31Maxin B. John2
1.30 -> 1.31 Included newly introduced connman-wait-online service. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-15openssh: update to 7.1p2Alexander Kanavin1
This fixes a number of security issues. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-13resolvconf: upgrade to 1.78Chen Qi1
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-13dhcp: 4.3.2 -> 4.3.3Hongxu Jia3
- Rebase: fix-external-bind.patch and fixsepbuild.patch for 4.3.3 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-13dhcp: search libxml2 for bindAwais Belal2
libdns requires libxml2 if bind was built with libxml2 support enabled. Compilation will fail for omapip/test.c in case -lxml2 isn't used during the build. So, we add losely coupled search path which will pick up the lib if it is present. Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-11Add "CVE:" tag to current patches in OE-coreMariano Lopez1
The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-11connman.inc: add missing RDEPENDSHongxu Jia1
All of the connman-tools, connman-tests and connman-client runtime depends connman. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-11meta: rename perl-native-runtimeEd Bartosh1
The code in native.bbclass adds -native suffix to the package names that don't have it. perl-native-runtime becomes perl-native-runtime-native because of this. Renamed perl-native-runtime -> hostperl-runtime-native to avoid mangling it and to conform with the naming convetion for native packages. Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-11bluez5: upgrade to 5.37Maxin B. John3
5.36 -> 5.37 Remove the backported patch: core-profile-Fix-possible-crash-when-registering-pro.patch Build bluez5 only when DISTRO_FEATURES include bluez5 Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-12-28bluez5: include the patch only for 5.36Martin Jansa2
* it's backport so it probably won't be needed for newer version and it doesn't apply for older versions, so it just prevents to easily use bluez5.inc Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>