summaryrefslogtreecommitdiff
path: root/meta/recipes-connectivity
AgeCommit message (Collapse)AuthorFiles
2016-05-09openssl: Security fix via update to 1.0.2hArmin Kuster2
CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176 https://www.openssl.org/news/secadv/20160503.txt fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-09iproute2: upgrade to version 4.5.0Maxin B. John3
4.4.0 -> 4.5.0 Refreshed iproute2 musl build fix patch for 4.5.0 Remove backported patch: iproute2-fix-building-with-musl.patch Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-09bluez5: upgrade to 5.39Maxin B. John1
5.37 -> 5.39 Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-29bluez5: enable out-of-tree buildsRoss Burton2
A patch is needed to fix a race in out-of-tree builds, and the install-ptest logic can be simplified. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-29openssh: Security Fix CVE-2016-3115Armin Kuster2
opehssh <= 7.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-29connman-gnome: Depend on dbus-glib-nativeJussi Kukkonen1
This is required for dbus-binding-tool. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-18dhcp: CVE-2016-2774Catalin Enache2
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2774 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-18bind: CVE-2016-2088Jussi Kukkonen2
Duplicate EDNS COOKIE options in a response could trigger an assertion failure: Fix with a backport. bind as built with the oe-core recipe is not at risk: Only servers which are built with DNS cookie support (--enable-sit) are vulnerable to denial of service. Fixes [YOCTO #9438] Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-15dhcp: Enable update-rc.d serviceFabio Berton1
do_install_append function installs init scripts but to enable this service we need to inherit update-rc.d class and set INITSCRIPT name and params. Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-14bind: CVE-2016-1285 CVE-2016-1286Sona Sarmadi4
Fixes following vulnerabilities: CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: =========================================================== CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=70037e040e587329cec82123e12b9f4f7c945f67 CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=a3d327bf1ceaaeabb20223d8de85166e940b9f12 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=7602be276a73a6eb5431c5acd9718e68a55e8b61 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-14socat: Use c_ispeed and c_ospeed based upon libcKhem Raj1
musl calls them __c_ispeed and __c_ospeed and we can not use get/set APIs because the get APIs will return the value from iflags and not from *speed element from termios struct Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-08openssl.inc: minor packaging cleanupAndre McCurdy1
libcrypto.so was explicitly added to FILES_${PN}-dev as part of moving libcrypto from libdir -> base_libdir to support dhclient [1]. However, the line has been unnecessary since ${base_libdir}/lib*.so files started to be included in FILES_${PN}-dev by default [2] (and it's still unnecessary now, after moving libcrypto from back to libdir to support ntp [3]). [1] http://git.openembedded.org/openembedded-core/commit/?id=01ea85f7f6c53c66c76d6f832518b28bf06ec072 [2] http://git.openembedded.org/openembedded-core/commit/?id=66c36bcb7d9368718453265e58bd5e3c854c786a [3] http://git.openembedded.org/openembedded-core/commit/?id=0be2ab32f690a2fcba0e821abe11460958bbc6dc Also define FILES_libssl using SOLIBS instead of a hardcoded pattern. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-05bluez5.inc: remove obsolete workaroundPatrick Ohly1
Bluez 5.37 itself correctly installs bluetooth.conf, and honors the path settings in dbus-1.pc. Removing the obsolete workaround is necessary for compiling "stateless" (= read-only system configuration moved out of /etc). Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-03bluez5: add ptest supportAlexander Kanavin3
[YOCTO #5134] Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-24bind: /var/cache/bindJoe Slater1
Change the ownership of /var/cache/bind to bind rather than root. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20dhcpd: create dhcpd user for dhcp dameonAlexandru Moise2
This patch enables the functionality for dhcpd service to be started with dhcp uid and gid. Test steps: Step 1: Assign ip to interface ifconfig eth0 192.168.1.1 Step 2: Edit /etc/dhcp/dhcpd.conf: default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; subnet 192.168.1.0 netmask 255.255.255.0 { option broadcast-address 192.168.1.255; range 192.168.1.88 192.168.1.88; option routers 192.168.1.0; } Step 3: Edit /etc/default/dhcp-server: INTERFACES="eth0" Step 4: Check uid and gid of running dhcpd process $ ps -eo user:19,group:19,cmd | grep dhcpd dhcp dhcp /usr/sbin/dhcpd eth0 -user dhcp -group dhcp Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20bluez5: allow D-Bus to spawn obexd in systems without systemdJavier Viguera2
This includes a proper D-Bus service file for obexd in systems that do not support systemd. Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20socat: Access c_ispeed and c_ospeed via APIsKhem Raj2
make it more portable across libc implementations Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20openssl: don't move libcrypto to base_libdirChen Qi1
For now, if 'openssl' is enabled for ntp, ntp would still be built without openssl & libcrypto. This is because that ntp thinks openssl and libcrypto locates under the same directory. This patch removes the codes of moving libcrypto to base_libdir. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-20dhcp: enable gentle shutdownChen Qi2
For now, `systemctl stop dhcpd' cannot stop dhcpd correctly, the SIGTERM signal would time out, causing a SIGKILL signal sent to dhcpd. Patch site.h to enable gentle shutdown to so that dhcpd could be stopped by SIGTERM. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-03-12avahi: enable gobject-introspectionAlexander Kanavin2
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-12avahi-ui: remove the dependency on python-pygtk by disabling avahi-discoverAlexander Kanavin1
python-pygtk is removed in a separate commit; the reasons for that are explained in that commit's message. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-09avahi-ui: add dbus to PACKAGECONFIGRoss Burton1
Now that avahi has a dbus PACKAGECONFIG we need to ensure it's enabled as otherwise the avahi-ui module won't build. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-09avahi: add missing intltool-native build dependencyRoss Burton1
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-09avahi: make dbus optional but defaultJens Rehsack1
Since do_install fails when dbus is removed by .bbappend, add packageconfig to allow users to get rid of desktop ipc helper dbus. Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-06openssl: add a patch to fix parallel buildsRoss Burton2
Apply a patch taken from Gentoo to hopefully fix the remaining parallel make races. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-03openssl: Security fix Drown via 1.0.2g updateArmin Kuster3
CVE-2016-0800 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 https://www.openssl.org/news/secadv/20160301.txt Updated 2 debian patches to match changes in 1.0.2g Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-02dhcp: CVE-2015-8605Mariano Lopez2
ISC DHCP allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-18avahi: update to version 0.6.32Maxin B. John9
0.6.31 -> 0.6.32 a. Switched to the new repository hosted in github. b. Removed the following Upstreamed/Backported patches 1. 0001-Don-t-log-warnings-about-invalid-packets-Fixes-lathi.patch 2. 0001-avahi-fix-avahi-status-command-error-prompt.patch 3. avahi_fix_install_issue.patch 4. fix_for_automake_1.12.x.patch 5. out-of-tree.patch 6. reuseport-check.patch c. Added UPSTREAM_CHECK_URI [YOCTO #7553] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-18nfs-utils: bugfix: adjust name of statd service unitUlrich Ölmann2
Upstream nfs-utils use 'rpc-statd.service' and Yocto introduced 'nfs-statd.service' instead but forgot to update the mount.nfs helper 'start-statd' accordingly. Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-18socat: Fix build with muslKhem Raj2
NETDB_INTERNAL is a glibc define Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-11iproute2: update to version 4.4.0Maxin B. John1
4.3.0 -> 4.4.0 a) Added iproute2-fix-building-with-musl.patch to fix build with musl. b) Include below listed utilities that are not yet enabled/packaged in the iproute2 recipe: 1. lnstat 2. ifstat 3. genl 4. rtacct 5. nstat 6. ss Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-11iproute2: update to version 4.4.0Maxin B. John2
4.3.0 -> 4.4.0 Added iproute2-fix-building-with-musl.patch to fix build with musl. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-11openssh: Properly skip ptrace test if tools are missingJussi Kukkonen1
Without the exit there will be a SKIP and a FAIL for the same test. Also fix typo in a message. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-11openssh: Fix regex that sets sftp-server path for testsJussi Kukkonen1
[YOCTO #9049] Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-11wpa-supplicant: Only depend on libgcrypt when neededJussi Kukkonen1
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-02-06openssl.inc: drop obsolete mtx-1 and mtx-2 over-ridesAndre McCurdy1
Machine specific over-rides for mtx-1 (aka MeshCube) and mtx-2 (aka SurfBox 2nd generation) don't belong in oe-core. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-04socat: upgrade to 1.7.3.1Ross Burton1
This fixes Socat Security Advisory 7 (MSVR-1499) and 8. [ YOCTO #9024 ] Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-02openssl: Explicitly set EXTRA_OEMAKE as requiredMike Crowe1
The openssl recipe currently relies on EXTRA_OEMAKE having been set to "-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this explicit so that the default in bitbake.conf can be changed. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-02libnss-mdns: Check for nss.h before usingKhem Raj2
nss.h is not available on all libcs so check for it and if its not there provide the needed data types. Fixed buil with musl ../../nss-mdns-0.10/src/nss.c:32:17: fatal error: nss.h: No such file or directory compilation terminated. make[2]: *** [libnss_mdns4_la-nss.lo] Error 1 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-29openssl: update 1.0.2e -> 1.0.2f ( CVE-2016-0701 CVE-2015-3197 )Andre McCurdy1
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] o DH small subgroups (CVE-2016-0701) o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) Updated LICENSE hash due to change in copyright year. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-29connman: fix crash with iptables 1.6Maxin B. John2
The struct of xtables_globals has been modified in iptables 1.6. If connman runs with iptables 1.6, it can crash. Program received signal SIGSEGV, Segmentation fault. 0x00000000 in ?? () 0xb7dea89c in xtables_find_target () from /usr/lib/libxtables.so.11 0xb7deac1c in ?? () from /usr/lib/libxtables.so.11 0xb7dea793 in xtables_find_target () from /usr/lib/libxtables.so.11 The the missing function item of xtables is added to xtables_globals. It can fix the above issue. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-29connman: tidy up connman-conf usageJoshua Lock1
connman-conf is now a systemd oneshot and therefore doesn't need to be sed'ed in to the ConnMan service file. Note: this doesn't affect sysvinit where we provide a ConnMan init script which checks for the presence of the wired-networking script and, if it exists, executes it as part of the connman init. [YOCTO #8399] Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-29connman-conf: convert to systemd oneshotJoshua Lock2
Install a oneshot unit file that is started before ConnMan to configure a wired network inteface with the wired-setup script, rather than requiring this script to be manually run some how. Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-26meta: fix capitalisation in Upstream-StatusRoss Burton1
Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-26avahi: Add patch to fix Win10 mDNS issuesbmouring@ni.com2
Windows 10 will respond to mDNS messages when it really shouldn't, resulting in a lot of logging. Pulling the change from avahi upstream. This will be fixed in avahi 0.6.32 External References: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1342400 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794145 https://bugzilla.redhat.com/show_bug.cgi?id=1240711 https://social.technet.microsoft.com/Forums/en-US/b334e797-ef80-4525-b74a-b4830420a14e/windows-10-spams-network-with-invalid-mdns-response-packets?forum=win10itpronetworking Signed-off-by: Brad Mouring <brad.mouring@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-26bind: update to 9.10.3-P3Derek Straka1
Addresses CVE-2015-8704 and CVE-2015-8705 CVE-2015-8704 Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record CVE-2015-8705: When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option [YOCTO 8966] References: https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-22portmap: Point to tirpc headers and libraries on muslKhem Raj1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2016-01-22nfs-utils: Disable tcp-wrappers for muslKhem Raj1
Doesnt build with musl Signed-off-by: Khem Raj <raj.khem@gmail.com>
2016-01-22irda-utils: Fix header inclusionsKhem Raj2
Helps compile with musl Signed-off-by: Khem Raj <raj.khem@gmail.com>