summaryrefslogtreecommitdiff
path: root/meta/recipes-connectivity
AgeCommit message (Collapse)AuthorFiles
2016-07-20openssl: Security fix CVE-2016-2178Armin Kuster2
affects openssl <= 1.0.2h CVSS v2 Base Score: 2.1 LOW Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-07-20openssl: Security fix CVE-2016-2177Armin Kuster2
Affects openssl <= 1.0.2h CVSS v2 Base Score: 7.5 HIGH Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-07-20neard: upgrade to 0.16Maxin B. John1
0.15 -> 0.16 Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-07-08socat: remove the hardcoded shifting offsetZhenhua Luo1
The hardcoded shifting offset causes the following runtime error: | socat: xioinitialize.c:41: xioinitialize: Assertion `3 << | opt_crdly.arg3 == 00030000' failed. Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-07-08meta: update patch metadataRoss Burton5
Enforce the correct tag names across all of oe-core for consistency. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-07-01connman-gnome: StatusIcon adapts to size changesJussi Kukkonen1
Update the Gtk3 patch to make the StatusIcon load pixbufs at (more) correct sizes -- Gtk3 does not seem to reliably position the icon otherwise. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-07-01openssl: prevent warnings from openssl-c_rehash.shJoshua Lock1
The openssl-c_rehash.sh script reports duplicate files and files which don't contain a certificate or CRL by echoing a WARNING to stdout. This warning gets picked up by the log checker during rootfs and results in several warnings getting reported to the console during an image build. To prevent the log from being overrun by warnings related to certificates change these messages in openssl-c_rehash.sh to be prefixed with NOTE not WARNING. Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-06-23openssh: fix init script restart with read-only-rootfsMatthew Campbell1
restart in the init script uses the check_config() function which doesn't have the $SSHD_OPTS passed through. This causes it to check the wrong config (and fail when read-only-rootfs is enabled. Signed-off-by: Matthew Campbell <mcampbell@izotope.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-06-15avahi-ui: Build with Gtk+3Jussi Kukkonen2
Add patch to install GtkBuilder ui files for GTK+3. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-06-15connman-gnome: Add patch to port to Gtk+3Jussi Kukkonen2
Upstream is not really active anymore: patch the Gtk+3 upgrade in for now (long term solution is to change to another UI). Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-06-14dhcp: upgrade to 4.3.4Hongxu Jia12
- Drop fix-external-bind.patch, which dhcp 4.3.4 supports option --with-libbind=PATH - Add tweak-to-support-external-bind.patch, tweak the external bind to oe-core's sysroot rather than external bind source build. - Drop CVE-2015-8605.patch, CVE-2016-2774.patch, dhcp 4.3.4 has fixed them - Add configure option --with-randomdev=/dev/random Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-14resolvconf: upgrade to 1.79Chen Qi1
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-12avahi: add extra path to GIR_EXTRA_LIBS_PATHDmitriy Falko1
Signed-off-by: Dmitriy Falko <d.falko.work@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-06-03ofono: update to 1.18Maxin B. John1
1.17 -> 1.18 Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-02nfs-utils: switch to Python 3Alexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-02ofono: drop the custom-made revert to Python 2 from Python 3Alexander Kanavin3
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-02connman: do not install Python test scriptsAlexander Kanavin1
They are not compatible with python 3, and require python-dbus and python-gobject (which are provided only for Python 3). Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-02bluez5: switch to Python 3Alexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-02neard: do not package python test scriptsAlexander Kanavin1
They require python-dbus and python-gobject (which are only provided for Python 3), and have not been ported to Python 3. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-02bind: switch Python dependency to Python 3.xAlexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-02iw: update to version 4.7Maxin B. John2
4.3 -> 4.7 Refreshed the patch for new version: 1) 0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-01openssl: fix the dangling libcrypto.a symlinkMaxin B. John1
Update libcrypto.a symlink to the proper location. [YOCTO #9523] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-06-01bluez5: update to 5.40Maxin B. John1
5.39 -> 5.40 Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-30avahi-ui: remove support for building a python moduleAlexander Kanavin1
It's not used by anything and hasn't been ported to Python 3. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
2016-05-30dhcp: fix non-deterministic libxml2 dependencyChristopher Larson2
This dependency was floating, which results in non-deterministic builds. Add a configure argument and associated PACKAGECONFIG to fix this. The libxml dep is only needed when bind was built with a dep on libxml due to its httpstats feature. So, when you enable the httpstats config in bind, and want to build dhcp, be sure to also enable the bind-httpstats config in dhcp. Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-25iproute2: upgrade to 4.6.0Maxin B. John3
1. Refreshed musl build fix patch for 4.6.0 2. Use the bash-completion class to package the completion files. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-25openssl: Ensure SSL certificates are stored on sysconfdirOtavio Salvador1
Debian and other generic distributions has moved the certificates for sysconfdir (/etc/ssl) and made the libdir content to link for it. This provides several advantages specially for read-only rootfs. Another benefit is that it ensures foreign implementations (e.g: BoringSSL, from Chromium, when running with OpenSSL backend for the certificates) to find the content correctly. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-25openssl: Add Shell-Script based c_rehash utilityOtavio Salvador3
The PLD Linux distribution has ported the c_rehash[1] utility from Perl to Shell-Script, allowing it to be shipped by default. 1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761 The OpenSSL upstream intends[2] to convert the utility for C however did not yet finished the conversion. 2. https://rt.openssl.org/Ticket/Display.html?id=2324 This patch adds this script and thus removed the Perl requirement for it. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-20bluez5: fixed path to bluetoothd in sysvinit scriptChristian Ege2
Within the sysvinit script the path to bluetoothd is wrong. Because of this the init scripts silently terminates without any message Signed-off-by: Christian Ege <k4230r6@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-20openssh: update homepage and summaryStephano Cetola1
The homepage variable is out of date and the summary does not mention ssh, making the recipe difficult to find. [ YOCTO #9610 ] Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-20bluez5: move btmgmt to common READLINE sectionNicolas Dechesne1
Upstream in 5.33 btmgmt was moved from experimental to common READLINE section, in commit e4f0c5582f1fe3451d5588243adba9de1ed68b80, but this was never updated in the recipe. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-19openssh: Backport fix for CVE-2015-8325Jussi Kukkonen2
PAM environment vars must be ignored when UseLogin=yes Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-19openssh: Upgrade 7.1p2 -> 7.2p2Jussi Kukkonen5
Remove patches that are in the release. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-17openssh: change URI to http:Ross Burton1
The OpenBSD FTP server isn't accepting connections from wget, which breaks fetches. Luckily they also have a HTTP server on the same host. [ YOCTO #9628 ] Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-14connman: update to version 1.32Maxin B. John4
Removed following upstreamed/backported patches: a) 0001-Detect-backtrace-API-availability-before-using-it.patch b) 0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch Rearranged musl related patches. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-09openssl: Security fix via update to 1.0.2hArmin Kuster2
CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176 https://www.openssl.org/news/secadv/20160503.txt fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-09iproute2: upgrade to version 4.5.0Maxin B. John3
4.4.0 -> 4.5.0 Refreshed iproute2 musl build fix patch for 4.5.0 Remove backported patch: iproute2-fix-building-with-musl.patch Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-09bluez5: upgrade to 5.39Maxin B. John1
5.37 -> 5.39 Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-29bluez5: enable out-of-tree buildsRoss Burton2
A patch is needed to fix a race in out-of-tree builds, and the install-ptest logic can be simplified. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-29openssh: Security Fix CVE-2016-3115Armin Kuster2
opehssh <= 7.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-29connman-gnome: Depend on dbus-glib-nativeJussi Kukkonen1
This is required for dbus-binding-tool. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-18dhcp: CVE-2016-2774Catalin Enache2
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2774 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-18bind: CVE-2016-2088Jussi Kukkonen2
Duplicate EDNS COOKIE options in a response could trigger an assertion failure: Fix with a backport. bind as built with the oe-core recipe is not at risk: Only servers which are built with DNS cookie support (--enable-sit) are vulnerable to denial of service. Fixes [YOCTO #9438] Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-15dhcp: Enable update-rc.d serviceFabio Berton1
do_install_append function installs init scripts but to enable this service we need to inherit update-rc.d class and set INITSCRIPT name and params. Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-14bind: CVE-2016-1285 CVE-2016-1286Sona Sarmadi4
Fixes following vulnerabilities: CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: =========================================================== CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=70037e040e587329cec82123e12b9f4f7c945f67 CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=a3d327bf1ceaaeabb20223d8de85166e940b9f12 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=7602be276a73a6eb5431c5acd9718e68a55e8b61 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-14socat: Use c_ispeed and c_ospeed based upon libcKhem Raj1
musl calls them __c_ispeed and __c_ospeed and we can not use get/set APIs because the get APIs will return the value from iflags and not from *speed element from termios struct Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-04-08openssl.inc: minor packaging cleanupAndre McCurdy1
libcrypto.so was explicitly added to FILES_${PN}-dev as part of moving libcrypto from libdir -> base_libdir to support dhclient [1]. However, the line has been unnecessary since ${base_libdir}/lib*.so files started to be included in FILES_${PN}-dev by default [2] (and it's still unnecessary now, after moving libcrypto from back to libdir to support ntp [3]). [1] http://git.openembedded.org/openembedded-core/commit/?id=01ea85f7f6c53c66c76d6f832518b28bf06ec072 [2] http://git.openembedded.org/openembedded-core/commit/?id=66c36bcb7d9368718453265e58bd5e3c854c786a [3] http://git.openembedded.org/openembedded-core/commit/?id=0be2ab32f690a2fcba0e821abe11460958bbc6dc Also define FILES_libssl using SOLIBS instead of a hardcoded pattern. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-05bluez5.inc: remove obsolete workaroundPatrick Ohly1
Bluez 5.37 itself correctly installs bluetooth.conf, and honors the path settings in dbus-1.pc. Removing the obsolete workaround is necessary for compiling "stateless" (= read-only system configuration moved out of /etc). Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-03bluez5: add ptest supportAlexander Kanavin3
[YOCTO #5134] Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-24bind: /var/cache/bindJoe Slater1
Change the ownership of /var/cache/bind to bind rather than root. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>