Age | Commit message (Collapse) | Author | Files |
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
In bluez5, agent interface has been renamed from org.bluez.Agent
to org.bluez.Agent1. Reflect this change in bluetooth.conf to
allow sending of dbus messages to agent interface.
*Resolves no PIN prompt bug while pairing
*Resolves bluetooth keyboard connection problem
Signed-off-by: Yasir-Khan <yasir_khan@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and
earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking
by presenting an unacceptable HostCertificate.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The /var/log/messages reports /var/log/lastlog as missing, since openssh
needs this file, create it as a volatile.
[YOCTO #6172]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The patch is not included in 1.0.1g, but it is included on 1.0.2
branch.
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.
https://access.redhat.com/security/cve/CVE-2014-0198
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
gnutls doesn't depend on libgcrypt anymore but
wpa-supplicant does. So add it as a dependencie.
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Install openssl test suite and run it as ptest.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch adds support for read-only rootfs to the bind service.
Basically it just bind mounts several directories so that the bind
service could start correctly without reporting any error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Install openssh test-suite and run it as ptest.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- switched to ${BP} variable;
- removed parallel make restriction;
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- License file copyright years updated;
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add systemd support for ppp.
The unit file mostly comes from ArchLinux.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add systemd support for bind.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Resolves warnings of this kind in the OpenPLi layer:
WARNING: Use of PRINC * was detected in the recipe *
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If you do a readelf -x .rodata /path/.../to/openssh/6.5p1-r0/packages-split/openssh-sshd/usr/sbin/sshd
You'll see two references to OE's sysroots/${BUILD_SYS} login and passwd binaries.
First one can be overridden with LOGIN_PROGRAM environment variable (see configure.ac),
second needs a cached variable definition.
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The readonly sshd config sshd_config_readonly needs to be created from
the installed sshd_config as make install will adjust the paths in
the config file. This fixes the path for sftp-server being correct
in sshd_config but incorrect in sshd_config_readonly.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a formatting fix, '=back' is required before
'=head1' on Ubuntu 12.04.
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We do not DEPEND on libbsd, so we do not want to
build with it just because libutil.h is found by configure.
As noted in the patch, specifying --disable-libutil to
configure does not work, so we provide "cached" configure
variables.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add --with-libnl autoconfig parameter and dependency
between libpcap and libnl1.
Disable libnl1 by default to avoid libpcap build error
when libnl1 is involved.
Signed-off-by: Hu Yadi <Yadi.hu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ocf-linux only provides header file and no kernel module is built. We
can't use ocf-linux without its implementation. And linux-yocto uses an
alternative project cryptodev-linux, so we remove ocf-linux and use
cryptodev-linux instead.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ocf-linux only provides header files but no implementation in kernel.
And Yocto kernel linux-yocto use cryptodev-linux to implement
/dev/crypto interface. So replace dependency ocf-linux with
cryptodev-linux for openssl.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Yocto kernel linux-yocto uses cryptodev-linux to use device /dev/crypto.
So add cryptodev-linux which is one alternative of ocf-linux and then
remove ocf-linux later.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The nslookup had been disabled from 2010 (or earlier), but it still in
FILES_${PN}-utils, we need remove it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the typo:
PACKAGES_preprend -> PACKAGES_prepend
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Highlights:
- If VPN is split routed and not the default service, then allow
DNS queries also to be sent to VPN DNS server.
- Session API fixes
- Memory leak fixes
- Crash fixes
- NTP kiss-of-death packet support
- Support for full USB gadget networking. Now USB gadget network can
be used without tethering.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #5983]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove CVE patches that are in bind
Updated COPYRIGHT includes date changes the NetBSD Copyright
Modifies the Base BSD License to 3-Clause (removes advertising clause)w
Add patch to disable running tests on host
Add python-core to RDEPENDS for dnssec-checkds and dnssec-coverage and fix path to python
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Rebase fix-external-bind patch
LICENSE file has date update to 2014
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In read-only file system, '/etc' is on the readonly partition,
and '/etc/resolv.conf' is symlinked to a separate writable
partition.
In this situation, we should use shell variable to instead of
the temp file '/etc/resolv.conf.dhclient'.
[YOCTO #5624]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
For security policy, change the group of running rpc.stdtd to rpcuser,
just like Radhat does.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
* resolves following warnings:
WARNING: Use of PRINC 17 was detected in the recipe meta-openembedded/meta-systemd/recipes-core/systemd/systemd-machine-units_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_0.12.10.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-multimedia/recipes-multimedia/sox/sox_14.4.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer-common.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-smartphone/meta-android/recipes-bsp/chroot-script/chroot-script_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/bind/bind_9.8.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-serialgetty.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/screen/screen_4.0.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-support/libcap/libcap_2.22.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-bsp/keymaps/keymaps_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-compat-units.bb (or one of its .bbappends)
WARNING: Use of PRINC 12 was detected in the recipe openembedded-core/meta/recipes-core/initscripts/initscripts_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 13 was detected in the recipe openembedded-core/meta/recipes-core/base-files/base-files_3.0.14.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/navit/navit_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.02.97.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-connectivity/portmap/portmap_6.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-extended/pam/libpam_1.1.6.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-efl/recipes-efl/efl/entrance_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer2_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-bsp/formfactor/formfactor_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/dhcp/dhcp_4.2.5-P1.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe openembedded-core/meta/recipes-connectivity/bluez/bluez4_4.101.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-base.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-core-boot.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.7.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe openembedded-core/meta/recipes-core/udev/udev-extraconf_1.0.bb (or one of its .bbappends)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The old version of Linux if_pppol2tp.h was removed, so droped the
related patches.
Here is the commit from git://github.com/paulusmack/ppp.git
...
commit c41092dd4c49267f232f6cba3d31c6c68bfdf68d
Author: Paul Mackerras <paulus@samba.org>
Date: Sun May 20 16:48:17 2012 +1000
Remove old version of Linux if_pppol2tp.h
This has been in the Linux kernel source now for long enough that we
can rely on getting a usable version from /usr/include on all
distributions that we care about. The version we have here had started
to lag behind what is in the Linux kernel, causing compilation errors
due to struct pppol2tpv3_addr being undefined. Removing our local
version means we will use what is in /usr/include instead.
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
IPV6 has been enabled by default in 2.4.6
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- USE {BP} variable;
- Updated naming scheme;
- Updated copyright owners.
- Update defconfig file, is now in
sync with current version;
as such, more functionality can
be enabled for wpa-supplicant.
- removed register-autoscan-correctly.patch,
included in upstream.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch goes through the OE-Core recipes and marks those which use autotools
but don't support a separate build directory (${S} != ${B}). A new class,
autotools-brokensep is used for this purpose.
This doesn't introduce any change in behaviour in its own right.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|