Age | Commit message (Collapse) | Author |
|
Split libraries and plugins into their own packages. Create packages
for admin-server, kdc, user and examples. Remove some unneeded binaries.
Enable daemons on boot.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* fix CVEs: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631
* update LIC_FILES_CHKSUM, only Copyright changed in NOTICE file:
-Copyright (C) 1985-2015 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-2016 by the Massachusetts Institute of Technology.
* remove useless functions: krb5_do_unpack(), do_unpack()
* remove patches that included by new release:
- 0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch
- Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch
- Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch
- Fix-build_principal-memory-bug-CVE-2015-2697.patch
- Fix-IAKERB-context-export-import-CVE-2015-2698.patch
- krb5-CVE-2016-3119.patch
- krb5-CVE-2016-3120.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 2ed5ad2e40ea29b549c1d39aad70e2e4f7d57b28)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
This is CVE-2016-3120
The validate_as_request function in kdc_util.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before
1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect
client data structure, which allows remote authenticated users to cause
a denial of service (NULL pointer dereference and daemon crash) via an
S4U2Self request.
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 19dc7117fd0e95d1477eb5797fbe2a3cca8f7760)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit c29c8e3a8f8746b2061e3c532f13ae99c55fb42a)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The networkmanager build runs dbus-binding-tool, which only exists if
dbus-glib-native has been built, and will fail otherwise.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit a3d4309facf0ea261adad867e34a262e8db51b16)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Recipes using intltool need this dependency.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 08395623a9eafd31121798892935bfb48992337e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
On some targets clang erroniously detects an uninitialized variable.
Backport the fix from upstream.
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 5da9408672d3929d2f71d0b15a8e06043c5a1109)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Recent GCC optimizations -ftree-dce and -foptimize-sibling-calls are causing
a segfault in the wvstream stackmaster. Fedora had the same problem and
resolved the issue by removing these optimizations.
See: https://bugzilla.redhat.com/show_bug.cgi?id=812651
Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
of bluez being used.
Signed-off-by: Ann Thornton <ann.thornton@nxp.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
version of bluez being used.
Signed-off-by: Ann Thornton <ann.thornton@nxp.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport <commit 08c642c09c38a9c6454ab43a9b53b2a89b9eef99> from krb5
upstream <https://github.com/krb5/krb5> to fix CVE-2016-3119
avoid remote authenticated users to cause a denial of service (NULL pointer
dereference and daemon crash) via a crafted request to modify a principal.
Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The SRC_URI is up again, no need to blacklist the recipe if we disable parallel make
The following error can ocurr in a race condition:
scan.l:38:18: fatal error: gram.h: No such file or directory
http://errors.yoctoproject.org/Errors/Details/56158/
That is, the scan.l file is parsed before the gram.h file is generated.
To avoid this, we clear the PARALLEL_MAKE variable.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
add native and nativesdk extend, curl-native/nativesdk need them.
replace the hardcode /etc with ${sysconfdir}, /var with ${localstatedir}
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
No further updates were required, aside from changing the
checksums and renaming the file.
Signed-off-by: Ruben De Smet <ruben.de.smet@rubdos.be>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* fails to build for hardfloat MACHINEs
http://lists.openembedded.org/pipermail/openembedded-devel/2016-April/106782.html
This reverts commit f4958cfc976ece37784c82392b083ba481f69b8f.
|
|
This recipe is for a TI WiFi calibrator utility [1]. The firmware from
this project is already shipped inside linux-firmware so we do not
package it in this recipe.
[1] http://linuxwireless.sipsolutions.net/en/users/Drivers/wl12xx/#Calibration
Signed-off-by: James Minor <james.minor@ni.com>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* SRC_URI seems to be down:
fatal: unable to connect to git.umip.org:
git.umip.org[0: 77.133.223.36]: errno=Connection timed out
git.umip.org[1: 2a02:8428:26f:b200:221:70ff:fe55:8f78]: errno=Network is unreachable
* and build fails with:
scan.l:38:18: fatal error: gram.h: No such file or directory
http://errors.yoctoproject.org/Errors/Details/56158/
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Now that the real introspection is available, and legacy pygobject is not,
the patch to use the latter should be removed.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* This resolves a build error due to libsodium update.
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
WARNING: /tmp/work/armv5e-poky-linux-gnueabi/krb5/1.12.2-r0/krb5-1.12.2/src/ ('S') doesn't exist, please set 'S' to a proper value
remove extra "/"
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Use bash-completion.bbclass to package bash completions.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
|
|
* it was renamed in oe-core with:
commit 8a474057d86b3ebf6271656d6b9adf384ea9ad6d
Author: Ed Bartosh <ed.bartosh@linux.intel.com>
Date: Wed Jan 13 10:03:04 2016 +0200
bitbake.conf: rename python-native-runtime
The code in native.bbclass adds -native suffix to the package
names that don't have it.
Renamed python-native-runtime -> hostpython-runtime-native to avoid
mangling it and to conform with the naming convetion for native
packages.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* Upgrade networkmanager from 1.0.6 to 1.0.10.
* add patches:
- Apply three bug fix patches from NM git.
- Apply a patch to fix a bug in the header files breaking gnome-panel build.
- fix ppp rdepend: pppd is not on the target if NM does not rdepend on it.
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Upgrade zabbix from 2.4.5 to 2.4.7.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The current recipe make no difference between
the source and the build directory. There are
source files outside this directory and isn't
possible to patch these files.
This changes adds the build directory path to
the recipe, now is possible to patch files in
other directories, if required.
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1. upgrade to 2.5
2. update HOMEPAGE and SRC_URI to use w1.fi instead
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
ModemManager 1.4.12 needs at least qmi-glib version 1.12.4
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c
in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly
accesses a certain pointer, which allows remote authenticated users
to cause a denial of service (memory corruption) or possibly have
unspecified other impact by interacting with an application that calls
the gss_export_sec_context function. NOTE: this vulnerability exists
because of an incorrect fix for CVE-2015-2696.
Backport upstream commit to fix it:
https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT
Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users
to cause a denial of service (out-of-bounds read and KDC crash) via
an initial '\0' character in a long realm field within a TGS request.
Backport upstream commit to fix it:
https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14
relies on an inappropriate context handle, which allows remote
attackers to cause a denial of service (incorrect pointer read and
process crash) via a crafted IAKERB packet that is mishandled during
a gss_inquire_context call.
Backport upstream commit to fix it:
https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before
1.14 relies on an inappropriate context handle, which allows remote
attackers to cause a denial of service (incorrect pointer read and
process crash) via a crafted SPNEGO packet that is mishandled during
a gss_inquire_context call.
Backport upstream commit to fix it:
https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|