| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
replace to run "make install" with directly calling install command,
since "make install" asks "bin" user and group, and maybe fail when
system has not;
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libsmi is autodetected in configure, but in most cases disabled because of
cross-compilation so keep it explicitly disabled
* resolves following difference in builds with and without libsmi built
before tcpdump:
4.7.4-r0-with/temp/log.do_configure:checking smi.h usability... yes
4.7.4-r0-with/temp/log.do_configure:checking smi.h presence... yes
4.7.4-r0-with/temp/log.do_configure:checking for smi.h... yes
4.7.4-r0-with/temp/log.do_configure:checking for smiInit in -lsmi... yes
4.7.4-r0-with/temp/log.do_configure:checking whether to enable libsmi... not when cross-compiling
4.7.4-r0-without/temp/log.do_configure:checking smi.h usability... no
4.7.4-r0-without/temp/log.do_configure:checking smi.h presence... no
4.7.4-r0-without/temp/log.do_configure:checking for smi.h... no
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This fixed the CVE-2015-4047:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The previous do_install is empty and do nothing.
Unset variables datadir and mandir, use pimd's default set.
So it could install doc files correctly.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-06
The ATN-CPDLC dissector could crash. ([2]Bug 9952) [3]CVE-2015-2187
* [4]wnpa-sec-2015-07
The WCP dissector could crash. ([5]Bug 10844) [6]CVE-2015-2188
* [7]wnpa-sec-2015-08
The pcapng file parser could crash. ([8]Bug 10895) [9]CVE-2015-2189
* [10]wnpa-sec-2015-09
The LLDP dissector could crash. ([11]Bug 10983) [12]CVE-2015-2190
* [13]wnpa-sec-2015-10
The TNEF dissector could go into an infinite loop. Discovered by
Vlad Tsyrklevich. ([14]Bug 11023) [15]CVE-2015-2191
* [16]wnpa-sec-2015-11
The SCSI OSD dissector could go into an infinite loop. Discovered
by Vlad Tsyrklevich. ([17]Bug 11024) [18]CVE-2015-2192
For more information see
https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
configure: error: Header file pcap.h not found; if you installed libpcap
don't use pcap. Use the internal version.
And minor configure cleanups
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Added a few more PACKAGECONF options
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-01
The WCCP dissector could crash. ([2]Bug 10720, ws-buglink:10806)
CVE-2015-0559, CVE-2015-0560
* [3]wnpa-sec-2015-02
The LPP dissector could crash. ([4]Bug 10773)
CVE-2015-0561
* [5]wnpa-sec-2015-03
The DEC DNA Routing Protocol dissector could crash. ([6]Bug 10724)
CVE-2015-0562
* [7]wnpa-sec-2015-04
The SMTP dissector could crash. ([8]Bug 10823)
CVE-2015-0563
* wnpa-sec-2015-05
Wireshark could crash while decypting TLS/SSL sessions.
Discovered by Noam Rathaus.
CVE-2015-0564
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296.
For more details please see:
https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
* this makes it easier to unblacklist it from local.conf which
is parsed before the recipes
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662)
CVE-2014-8710
* wnpa-sec-2014-21
AMQP crash. (Bug 10582)
CVE-2014-8711
* wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628)
CVE-2014-8712, CVE-2014-8713
* wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596)
CVE-2014-8714
Reference:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the commit 'openvpn: use default iproute2 path', the configure flag
to explicitly set the iproute2 path was removed, since busybox now
provides the 'ip' applet at the default path. However, setting this
flag is necessary to bypass the configure-time check for /sbin/ip on the
host, which will otherwise fail if iproute2 is not installed on the
host. Add back the flag (pointing to the correct path), and add a
comment to describe why this is necessary.
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
Add ptest supports for tcpdump
Signed-off-by: Hongjun.Yang <hongjun.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
* fixes floating dependency:
WARNING: QA Issue: wireshark rdepends on krb5, but it isn't a build dependency? [build-deps]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The default path of ntp drift file is /etc/ntp.drift, ntp daemon
maybe fails to create this file since the user ntp is not always
permitted to write /etc.
Refer to other distributions such as RedHat, Debian, just moving
the file to /var/lib/ntp which the home dir of user ntp.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
This allows the base recipe and bbappends to reference persistent
mutable state such as a drift file.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
Since busybox 1.21, the 'ip' applet has the default
path (/sbin/ip)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: YangHaibo <b40869@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bashism:
possible bashism in memcached/etc/init.d/memcached line 40 (bash arrays, ${name[0|*|@]}):
if [ -r "${FILES[0]}" ]; then
possible bashism in memcached/etc/init.d/memcached line 42 (bash arrays, ${name[0|*|@]}):
for FILE in "${FILES[@]}";
possible bashism in memcached/etc/init.d/memcached line 53 (should be VAR="${VAR}foo"):
CONFIGS+=($NAME)
possible bashism in memcached/etc/init.d/memcached line 54 (should be 'b = a'):
elif [ "memcached_$2" == "$NAME" ];
possible bashism in memcached/etc/init.d/memcached line 62 (bash arrays, ${name[0|*|@]}):
if [ ${#CONFIGS[@]} == 0 ];
possible bashism in memcached/etc/init.d/memcached line 71 (bash arrays, ${name[0|*|@]}):
CONFIG_NUM=${#CONFIGS[@]}
possible bashism in memcached/etc/init.d/memcached line 72 ('((' should be '$(('):
for ((i=0; i < $CONFIG_NUM; i++)); do
possible bashism in memcached/etc/init.d/memcached line 73 (bash arrays, ${name[0|*|@]}):
NAME=${CONFIGS[${i}]}
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
|
| |
Perl:
stunnel/usr/bin/stunnel3:#!/usr/bin/perl
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
|
| |
Perl:
ndisc6-misc/usr/bin/dnssort:#! /usr/bin/perl
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bashism:
possible bashism in arptables/etc/init.d/arptables line 14 (should be '.', not 'source'):
source /etc/init.d/functions
possible bashism in arptables/etc/init.d/arptables line 96 ($"foo" should be eval_gettext "foo"):
echo $"Usage $0 {start|stop|restart|condrestart|save|status}"
Use "." to replace of "source", and change /bin/bash to /bin/sh, the
echo $"foo" works well in our busybox.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
| |
So use /bin/sh.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
| |
Signed-off-by: YangHaibo <b40869@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
following security fixes included:
MEGACO dissector infinite loop. (Bug 10333) CVE-2014-6423
Netflow dissector crash. (Bug 10370) CVE-2014-6424
CUPS dissector crash. (Bug 10353) CVE-2014-6425
HIP dissector infinite loop. CVE-2014-6426
RTSP dissector crash. (Bug 10381) CVE-2014-6427
SES dissector crash. (Bug 10454) CVE-2014-6428
Sniffer file parser crash. (Bug 10461) CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432
re-org'd dd file to be more in-line with style guide.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
tcpslice is a tool for extracting parts of a tcpdump packet trace,
so put it under tcpdump dir
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Refreshed lua.patch due to whitespace changes in top-level Makefile.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
While kernel is processing the UPDATE message which is sent from racoon,
it maybe interrupted by certain system signal and if this case happens,
kernel responds with an EINTR message to racoon and kernel fails to
establish the corresponding SA.
Fix this problem by resend the UPDATE message when EINTR(Interrupted
system call) error happens.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Also fix the git SRC_URI location
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
Add knob to detect whether hugetlbfs are checked or not.
This patch fixed the error:
ld: cannot find -lhugetlbfs
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ntp checks for presence of sys/timepps.h to determine whether the kernel
supports the RFC 2783 KPPS interface. Under Linux the pps-tools package
installs this header. Without this feature the ATOM clock driver does
not work, and other drivers like NMEA have reduced precision. Remove
the feature non-determinism and increase ntpd capabilities by adding an
explicit dependency.
See: http://doc.ntp.org/4.2.6/kernpps.html
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The description in a previous patch to disable debugging is incorrect.
Although the option is default-enabled in configure.ac, configure does
respect the option that disables it.
In ntp 4.2.7 the option code is refactored to ntp_debug.m4 and has an
effect in sntp as well. Adding --disable-debugging to the top-level
configure options overrides the default for both 4.2.6 and 4.2.7 without
patching the distribution.
Make the selection explicit and configurable, but restore the historical
default. Absence of debugging capability in the server makes it
difficult to validate complex configurations.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* removed two patches which were already integrated in 5.2.0:
strongswan-4.3.3-5.1.1_asn1_unwrap.patch
strongswan-5.0.0-5.1.2_reject_child_sa.patch
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. uprev to 2.0.20
2. Update the license md5sum, since the address is changed in COPYING*:
From:
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
To:
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
1. uprev to 4.6.1
2. remove three obsolete patches
3. use PACKAGECONFIG, and the default value is ipv6 openssl
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The monlist feature in ntp_request.c in ntpd in NTP before
4.2.7p26 allows remote attackers to cause a denial of service
(traffic amplification) via forged (1) REQ_MON_GETLIST or
(2) REQ_MON_GETLIST_1 requests, as exploited in the wild
in December 2013.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
There is a problem in configure.ac file that whether or not
'--enable-debugging' is specified in configure cmdline, debugging
is always enabled.
We should disable ntp debugging by default.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The deprecated test code was no longer used, so remove it
to avoid compiling failure with -Werror=unused-function
...
| example21.cpp:51:8: error: 'size_t {anonymous}::readData(char*,
size_t, size_t)' defined but not used [-Werror=unused-function]
| size_t readData(char *buffer, size_t size, size_t nitems)
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
Remove 0001-Fix-warning-with-gcc-4.8.patch, it has been in 0.8.2
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
Patches really belong in the recipe, not the .inc, given patches are generally
version-bound.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
dnsmasq runs pkg-config to get cflags/libs for its dependencies.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
