summaryrefslogtreecommitdiff
path: root/meta/recipes-connectivity
AgeCommit message (Collapse)AuthorFiles
2014-06-13nfs-utils: Do not pass CFLAGS to gcc while buildingChong Lu3
Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD). Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-10nfs-utils: unset CFLAGS for testlk buildChong Lu2
testlk is built with host gcc at do_compile stage, which leads to unrecognized some flags for special architecture. So unset CFLAGS for testlk to make sure it passed. Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-06-09openssl: fix ptestsPaul Eggleton3
Add some missing dependencies and fix the Makefile in order to get most of the ptest tests working (specifically test_bn, test_verify, test_cms, test_srp and test_heartbeat). test_verify still fails for unknown reasons (perhaps some of the now expired certificates weren't meant to have expired as far as the test is concerned?) but at least it has the certificates to run now. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2014-06-09openssl: upgrade to 1.0.1hPaul Eggleton5
Fixes the following security issues: * CVE-2014-0224 * CVE-2014-0221 * CVE-2014-0195 * CVE-2014-3470 The patch for CVE-2010-5298, CVE-2014-0198 and a fix for building the documentation are integrated upstream in this release and so were dropped. Additionally, a patch from upstream was added in order to fix a failure during do_compile_ptest_base. A similar upgrade was also submitted by Yao Xinpan <yaoxp@cn.fujitsu.com> and Lei Maohui <leimaohui@cn.fujitsu.com>. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2014-06-06neard: fix for parallel buildRichard Purdie2
for neard tools/snep-send object might cause a parallel build failure,due to undetected dependency on dbus.h header file. Patch will be submitted upstream. Fixes [YOCTO #6389]. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-03resolvconf: Update to 1.75Saul Wold1
Archive compression changed to xz Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-03recipes: Add missing pkgconfig class inheritsRichard Purdie3
These recipes all use pkg-config in some way but were missing dependencies on the tool, this patch adds them. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-01socat: upgrade to 1.7.2.4Ross Burton4
socat manually maintains config.h.in instead of using autoheader, so exclude autoheader from autoreconf and remove all patches that are intended to enable use of autoheader. The license checksum changed, because the company address changed. Based on a upgrade by Hongxu Jia <hongxu.jia@windriver.com>, with cleanup after noticing that config.h.in was hand-maintained. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-29openssl: add openssl-CVE-2010-5298.patch SRC_URIRoy Li2
make openssl-CVE-2010-5298.patch truely work Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-23bluez5: upgrade to 5.19Cristian Iorga2
- Fixes to OBEX, AVRCP browsing, HID over GATT and handling of device unpaired events for dual-mode devices. - New features: user space based HID host implementation (for BR/EDR). Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21openssl: fix for CVE-2010-5298Yue Tao1
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-15nfs-utils: upgrade to 1.3.0Paul Eggleton1
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-15openssh: move packaging definitions to the endPaul Eggleton1
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-15openssh: update to 6.6p1Paul Eggleton1
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-15bluez5: Update the bluetooth.confYasir-Khan1
In bluez5, agent interface has been renamed from org.bluez.Agent to org.bluez.Agent1. Reflect this change in bluetooth.conf to allow sending of dbus messages to agent interface. *Resolves no PIN prompt bug while pairing *Resolves bluetooth keyboard connection problem Signed-off-by: Yasir-Khan <yasir_khan@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-13openssh: fix for CVE-2014-2653Chen Qi2
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-13openssh: fix for CVE-2014-2532Chen Qi2
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-08openssh: add /var/log/lastlog to volatile listSaul Wold1
The /var/log/messages reports /var/log/lastlog as missing, since openssh needs this file, create it as a volatile. [YOCTO #6172] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-08openssl: update upstream status for a patchCristiana Voicu1
The patch is not included in 1.0.1g, but it is included on 1.0.2 branch. Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-08openssl: fix CVE-2014-0198Maxin B. John2
A null pointer dereference bug was discovered in do_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. https://access.redhat.com/security/cve/CVE-2014-0198 Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-06wpa-supplicant: add libgcrypt as a dependencieValentin Popa1
gnutls doesn't depend on libgcrypt anymore but wpa-supplicant does. So add it as a dependencie. Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-04-30telepathy-glib: upgrade to 0.24.0Cristian Iorga1
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-04-28openssl: enable ptest supportMaxin B. John4
Install openssl test suite and run it as ptest. Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-04-25Upstream-Status CleanupsSaul Wold1
Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25bind: add support for read-only rootfsChen Qi2
This patch adds support for read-only rootfs to the bind service. Basically it just bind mounts several directories so that the bind service could start correctly without reporting any error. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador13
The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25openssh: enable ptest supportMaxin B. John3
Install openssh test-suite and run it as ptest. Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25iproute2: upgrade to 3.14Cristian Iorga2
- switched to ${BP} variable; - removed parallel make restriction; Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25bluez5: upgrade to 5.18Cristian Iorga2
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25connman: upgrade to 1.23Cristian Iorga2
- License file copyright years updated; Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-24cryptodev-linux: move to recipes-kernel to be shared with module and testsDenys Dmytriyenko1
Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-24ppp: add systemd supportChen Qi2
Add systemd support for ppp. The unit file mostly comes from ArchLinux. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-24bind: add systemd supportChen Qi3
Add systemd support for bind. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-24PR bumps to remove PRINC use in meta-openpliMike Looijmans3
Resolves warnings of this kind in the OpenPLi layer: WARNING: Use of PRINC * was detected in the recipe * Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-23openssh-sshd: host contamination fixMatthieu Crapet1
If you do a readelf -x .rodata /path/.../to/openssh/6.5p1-r0/packages-split/openssh-sshd/usr/sbin/sshd You'll see two references to OE's sysroots/${BUILD_SYS} login and passwd binaries. First one can be overridden with LOGIN_PROGRAM environment variable (see configure.ac), second needs a cached variable definition. Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-10openssh: fix sshd_config_readonly creationJonathan Liu1
The readonly sshd config sshd_config_readonly needs to be created from the installed sshd_config as make install will adjust the paths in the config file. This fixes the path for sftp-server being correct in sshd_config but incorrect in sshd_config_readonly. Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-08openssl: Upgrade to v1.0.1gCristiana Voicu30
The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160). More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx Dropped obsolete patches, because the new version contains them: 0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch 0001-Fix-DTLS-retransmission-from-previous-session.patch 0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Modified 2 patches (small changes), in order to apply properly: initial-aarch64-bits.patch openssl-fix-doc.patch Addresses CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-01openssl: Fix pod2man des.pod error on Ubuntu 12.04Baogen Shang2
This is a formatting fix, '=back' is required before '=head1' on Ubuntu 12.04. Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-31openssh: build without libbsdJoe Slater1
We do not DEPEND on libbsd, so we do not want to build with it just because libutil.h is found by configure. As noted in the patch, specifying --disable-libutil to configure does not work, so we provide "cached" configure variables. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-30libpcap: add PACKAGECONFIG for libnl1Hu Yadi1
Add --with-libnl autoconfig parameter and dependency between libpcap and libnl1. Disable libnl1 by default to avoid libpcap build error when libnl1 is involved. Signed-off-by: Hu Yadi <Yadi.hu@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-27ocf-linux: remove recipeKai Kang2
ocf-linux only provides header file and no kernel module is built. We can't use ocf-linux without its implementation. And linux-yocto uses an alternative project cryptodev-linux, so we remove ocf-linux and use cryptodev-linux instead. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-27openssl: replace dependency ocf-linux with cryptodev-linuxKai Kang1
ocf-linux only provides header files but no implementation in kernel. And Yocto kernel linux-yocto use cryptodev-linux to implement /dev/crypto interface. So replace dependency ocf-linux with cryptodev-linux for openssl. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-27cryptodev-linux: add recipeKai Kang1
Yocto kernel linux-yocto uses cryptodev-linux to use device /dev/crypto. So add cryptodev-linux which is one alternative of ocf-linux and then remove ocf-linux later. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-26Security Advisory - openssl - CVE-2013-6449Yue Tao2
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-26Security Advisory - openssl - CVE-2013-6450Yue Tao2
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-26Security Advisory - openssl - CVE-2013-4353Yue Tao2
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-25bind: remove nslookup from FILESRobert Yang1
The nslookup had been disabled from 2010 (or earlier), but it still in FILES_${PN}-utils, we need remove it. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-25bind: fix no bind-utils packageRobert Yang1
Fix the typo: PACKAGES_preprend -> PACKAGES_prepend Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-24connman: upgrade to 1.22Jonathan Liu1
Highlights: - If VPN is split routed and not the default service, then allow DNS queries also to be sent to VPN DNS server. - Session API fixes - Memory leak fixes - Crash fixes - NTP kiss-of-death packet support - Support for full USB gadget networking. Now USB gadget network can be used without tethering. Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-19openssh: Update init file to add ED25519 Key generationSaul Wold1
[YOCTO #5983] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>