aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support
AgeCommit message (Collapse)Author
2019-10-19tcpdump: Delete unused patchwarrior-nextwarriorPeiran Hong
Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch" since it is not used in the tcpdump recipe anymore. Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 01b55a8a552d460acbe3673268733a78b47c5c03) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-19tcpdump: upgrade 4.9.2 -> 4.9.3Peiran Hong
This upgrade adds some new features and fixes numerous bugs including the following CVEs: CVE: CVE-2017-16808 (AoE) CVE: CVE-2018-14468 (FrameRelay) CVE: CVE-2018-14469 (IKEv1) CVE: CVE-2018-14470 (BABEL) CVE: CVE-2018-14466 (AFS/RX) CVE: CVE-2018-14461 (LDP) CVE: CVE-2018-14462 (ICMP) CVE: CVE-2018-14465 (RSVP) CVE: CVE-2018-14881 (BGP) CVE: CVE-2018-14464 (LMP) CVE: CVE-2018-14463 (VRRP) CVE: CVE-2018-14467 (BGP) CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) CVE: CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled) CVE: CVE-2018-14880 (OSPF6) CVE: CVE-2018-16451 (SMB) CVE: CVE-2018-14882 (RPL) CVE: CVE-2018-16227 (802.11) CVE: CVE-2018-16229 (DCCP) CVE: CVE-2018-16301 (was fixed in libpcap) CVE: CVE-2018-16230 (BGP) CVE: CVE-2018-16452 (SMB) CVE: CVE-2018-16300 (BGP) CVE: CVE-2018-16228 (HNCP) CVE: CVE-2019-15166 (LMP) CVE: CVE-2019-15167 (VRRP) CVE: CVE-2018-14879 (tcpdump -V) Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch" since the fix is included in the upgrade. Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch", "unnecessary-to-check-libpcap.patch", and "add-ptest.path" since the upgrade renamed configure.in to configure.ac and made changes to the file. Added PACKAGECONFIG for smb. It is disabled by default in the upgraded version in both the package's configure script and this bitbake recipe since it is insecure. Modified the parsing of ptest result to align with the new output format. With core-image-minimal on qemux86-64/kvm: Recipe | Passed | Failed | Skipped | Time(s) Before | 408 | 0 | 2 | 4 After | 431 | 11 | 2 | 10 11 test failed after the upgrade since libpcap is not upgraded alongside with tcpdump. Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 71535e2f0ea76d39d2911e022905ec8ee9843872) [Upgrade is a resonable path do to the # of patches needed to address all this issues] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-05tcpdump: Fix CVE-2017-16808Peiran Hong
Backport selected parts of three upstream commits to fix CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read. Upstream-Status: Backport [ several ] Upstream commits fully backported: 46aead6 [CVE-2017-16808/AoE: Add a missing bounds check] Upstream commits partially backported: 7068209 [Use nd_ types in 802.x and FDDI headers.] 84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)] 46aead6 fixes the vulnerability and requires two macros defined in 7068209 and 84ef17a, which are committed after the release of 4.9.2. Only the definition of the macros are taken from the two commits as they impact a wide range of code and are difficult to integrate. CVE: CVE-2017-16808 Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 62fc26075afc2d56a73777aad753a643fbdafbfa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-04wireshark: upgrade 3.0.2 -> 3.0.3Zang Ruochen
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 05250418cb48699c555ee111b84603641ab34edd) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-04wireshark: upgrade 3.0.1 -> 3.0.2Zang Ruochen
-Upgrade from wireshark_3.0.1.bb to wireshark_3.0.2.bb. Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b3a2ad2060dd0980e2a33bb0e6fd618a4a22ebf8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-02wireshark: Use an upstream URL that stays valid longerAdrian Bunk
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-02ntop: fix missing return from non-void functionMartin Jansa
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-02openvpn: respect pid file in init.d service startFabian Klemp
openvpn only provides options to update a pid file but not to check it for running processes. Consecutive issued start commands therefore lead to multiple running processes with the same configurations, which is the origin of all kinds of problems of which unnecessary resource usage is the least. Using start-stop-daemon the pid file is inspected for running processes before start. Signed-off-by: Fabian Klemp <fabian.klemp@axino-group.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-23openvpn: update to 2.4.7Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-23ipsec-tools: fix CVE tag in patchQi.Chen@windriver.com
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-04-29nuttcp: update to 8.2.2Oleksandr Kravchuk
License checksum was changed due to updated copyright years. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-29traceroute: add UPSTREAM_CHECK_URIOleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-29uftp: update to 4.9.9Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-29wpan-tools: update to 0.9Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-29ntp: upgrade 4.2.8p12 -> 4.2.8p13Andrej Valek
License has been changed due to reformatting, no new stuff added. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-27nghttp2: update to 1.38Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-18drbd-utils: fix file conflict with base-filesKai Kang
drbd-utils installs directory /var/run but is a link file installed by package base-files. Remove /var/run to fix the file conflict issue. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-18drbd: fix compile errorsKai Kang
It fails to build drbd with errors: | LD [M] .../tmp/work/qemux86_64-poky-linux/drbd/9.0.17-1-r0/drbd-9.0.17-1/drbd/drbd.o | x86_64-poky-linux-ld.bfd: cannot find | .../tmp/work/qemux86_64-poky-linux/drbd/9.0.17-1-r0/drbd-9.0.17-1/drbd/drbd_bitmap.o: No such file or directory Backport patch from upstream to fix the issue. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-16linux-atm: Replace bogus on_exit removal with musl-specific hackAdrian Bunk
Functions registered by atexit and on_exit have different signatures, if registered with atexit no parameters are passed. The function only prints a trace on nonzero exit(), so can safely be disabled in musl builds. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-16linux-atm: Remove DEPENDS on virtual/kernel and PACKAGE_ARCHAdrian Bunk
Only userspace utilities and firmware are in the packages. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-11wireshark: upgrade 3.0.0 -> 3.0.1Zang Ruochen
-Upgrade from wireshark_3.0.0.bb to wireshark_3.0.1.bb. Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-11chrony: update to 3.4Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09macchanger: update to 1.7.0Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09drbd: update to 9.0.17-1Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09drbd-utils: update to 9.8.0Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09stunnel: update to 5.51Oleksandr Kravchuk
COPYING checksum was changed due to modified copyright years. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09open-isns: update to 0.99Oleksandr Kravchuk
Removed patch has been upstreammed. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09usbredir: update to 0.8.0Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09cifs-utils: update to 6.9Oleksandr Kravchuk
Removed patch has been upstreammed. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09fwknop: update to 2.6.10Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-08phytool: update to v2Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-08smcroute: update to 2.4.4Oleksandr Kravchuk
COPYING md5sum updated to to minor cleanup (see @0ae4003f714218c371). Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-08nuttcp: update to 7.3.3Oleksandr Kravchuk
License md5sum changed due to modified copyright years. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-07fping: update to 4.2Oleksandr Kravchuk
md5sum of COPYING was changed since info about project contributors was added to the file (see @85abf34b0a38ca6). Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-06ipsec-tools: add missing CVE tags to patchesQi.Chen@windriver.com
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-06tcpreplay: update to version 4.3.2Slater, Joseph
Includes fixes for CVE-20198376, -8377, and -8381. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-03-15nghttp2: update to 1.37Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-03-14dnsmasq: avoid conflict with systemd-resolvedQi.Chen@windriver.com
Add a drop-in configuration file for systemd-resolved to avoid conflict about port 53. The error message is as below. failed to create listening socket for port 53: Address already in us Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-03-10wireshark: upgrade to 3.0.0Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-03-08linux-atm: Fix build with linux 5.x headersKhem Raj
Fixes error: 'IFNAMSIZ' undeclared here Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-03-07wireshark: upgrade to 3.0.0Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-03-03nghttp2: update to 1.36Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-02-25dovecot:upgrade to 2.2.36Hong Liu
1.Upgrade dovecot from 2.2.33 to 2.2.36. Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-02-22cim-schema-final: remove do_unpackChangqing Li
Use subdir=${BP} rather than write do_unpack manually. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-02-22cim-schema-docs: remove do_unpackChangqing Li
Use subdir=${BP}, rather than write do_unpack manually. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-30Split ntpq into an own packageAdrian Bunk
ntpq is the standard query program for ntp, but ntp-utils depends on perl. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-28libtdb: upgrade from 1.3.16 -> 1.3.17Changqing Li
Fix 3 problems after upgrade to 1.3.17 1. Disable prefork of process 2. Fix problem of waf cannot be found 3. Fix problem of cross-compile not support well Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-15tcpdump: misc recipe cleanup + drop obsolete workaroundsAndre McCurdy
Remove obsolete workarounds and improve the workarounds that remain. For example, it hasn't been necessary to set ac_cv_linux_vers since tcpdump 4.6.0: https://github.com/the-tcpdump-group/tcpdump/commit/a42fc6e764abfe4a99eef993784733f735f6c874 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-13meta-networking: remove True option to getVar calls (again)André Draszik
A couple have still been missed in the past despite multiple attempts at doing so (or simply have re-appeared?). Search & replace made using the following command: sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \ -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \ | cut -d':' -f1 \ | sort -u) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-13wireshark: update to 2.6.6Armin Kuster
includes: wnpa-sec-2019-01 The 6LoWPAN dissector could crash. Bug 15217. CVE-2019-5716. wnpa-sec-2019-02 The P_MUL dissector could crash. Bug 15337. CVE-2019-5717. wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. Bug 15373. CVE-2019-5718. wnpa-sec-2019-04 The ISAKMP dissector could crash. Bug 15374. CVE-2019-5719. For more info see: https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>