Age | Commit message (Collapse) | Author |
|
* CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296.
For more details please see:
https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* this makes it easier to unblacklist it from local.conf which
is parsed before the recipes
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Clean INCLUDES to fix the host contamination errors:
In file included from /usr/src/linux/include/linux/posix_types.h:47:0,
from /usr/src/linux/include/linux/types.h:17,
from /usr/src/linux/include/linux/if.h:22,
from sethdlc.c:23:
/usr/src/linux/include/asm-generic/posix_types.h:91:3: \
error: conflicting types for '__kernel_fsid_t'
} __kernel_fsid_t;
^
.../tmp/sysroots/qemumips/usr/include/asm/posix_types.h:26:3: \
note: previous declaration of '__kernel_fsid_t' was here
} __kernel_fsid_t;
^
* Correct LIC_FILES_CHKSUM to checkout license infos from sethdl.c
instead of Makefile.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixed the buildpaths QA issue:
ERROR: QA Issue: File
/work/core2-64-wrs-linux/postfix/2.11.1-r0/packages-split/postfix/etc/postfix/makedefs.out
in package contained reference to tmpdir [buildpaths]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
polarssl compiles with openssl to build unit test cases. If openssl
doesn't exist, native libssl.so will be used. Then causes error:
| .../bitbake_build/tmp/sysroots/x86_64-linux/usr/lib/libssl.so: error adding symbols: File in wrong format
Add dependency openssl for polarssl to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662)
CVE-2014-8710
* wnpa-sec-2014-21
AMQP crash. (Bug 10582)
CVE-2014-8711
* wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628)
CVE-2014-8712, CVE-2014-8713
* wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596)
CVE-2014-8714
Reference:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used,
allows remote attackers to cause a denial of service (snmptrapd crash) via
a crafted SNMP trap message, which triggers a conversion to the variable
type designated in the MIB file, as demonstrated by a NULL type in an ifMtu
trap message.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3565
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In the commit 'openvpn: use default iproute2 path', the configure flag
to explicitly set the iproute2 path was removed, since busybox now
provides the 'ip' applet at the default path. However, setting this
flag is necessary to bypass the configure-time check for /sbin/ip on the
host, which will otherwise fail if iproute2 is not installed on the
host. Add back the flag (pointing to the correct path), and add a
comment to describe why this is necessary.
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* This is the first time meta-python is being taged with a release
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
inherit texinfo to use native command instead of host command
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This solves the following warning:
WARNING: QA Issue: squid rdepends on libnetfilter-conntrack, but it isn't a
build dependency? [build-deps]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Add ptest supports for tcpdump
Signed-off-by: Hongjun.Yang <hongjun.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1. Fix radvd.service to start daemon correctly.
2. Make the daemon run under 'radvd' user by default.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
* fixes floating dependency:
WARNING: QA Issue: wireshark rdepends on krb5, but it isn't a build dependency? [build-deps]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
There have been occasions that net-snmp sees valgrind and then later it's
not available, adding this setting ensures determinism by disabling it by
default
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
make write_behind to return 0 if a empty file is written, to
distinguish a true writing failure[on which the write_behind
will return -1], then the annoying wrong log will disappear.
____
|Error code 3: Disk full or allocation exceeded
-----
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This reverts commit b2eb21a5fbcb065e84ed582e87de21bdc3082f00.
It make 3d8520a0b411[tftp-hpa: add error check for disk filled up]
unable to work
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
postfix 2.11.1 adds overriding config check. In postinstall script, it
calls command newaliases to read configure file main.cf_2.0.
config_directory is set in config main.cf_2.0, but it is an overriding
config and warning shows when build an image:
WARNING: log_check: There is a warn message in the logfile
WARNING: log_check: Matched keyword: [warn]
WARNING: log_check: newaliases: warning:
/buildarea3/kkang/poky/qemuarm-build/tmp/work/qemuarm-poky-linux-gnueabi/core-
image-minimal/1.0-r0/rootfs/etc/postfix/main.cf, line 27: overriding
earlier entry: config_directory=/buildarea3/kkang/
poky/qemuarm-build/tmp/work/qemuarm-poky-linux-gnueabi/core-image-minimal/1.0-r0/rootfs/etc/postfix
Remove config_directory setting in main.cf_2.0 to avoid this warning.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
When we start with sysvinit, watchquagga uses quagga init script to
monitor zebra daemon. But we need not do this in systemd environment.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The solution mainly references Fedora20.
Extract the common part of the code and install it into ${sbindir}.
Add systemd service file.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
squid is a fully-featured http proxy and web-cache daemon for Linux.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The default path of ntp drift file is /etc/ntp.drift, ntp daemon
maybe fails to create this file since the user ntp is not always
permitted to write /etc.
Refer to other distributions such as RedHat, Debian, just moving
the file to /var/lib/ntp which the home dir of user ntp.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This allows the base recipe and bbappends to reference persistent
mutable state such as a drift file.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Since busybox 1.21, the 'ip' applet has the default
path (/sbin/ip)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
PolarSSL is a lightweight crypto and SSL/TLS library with a strong
focus on embedded systems.
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Add systemd service for quagga.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
We need subpkgs to start quagga, so add them to RDEPENDS.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Add systemd service for vsftpd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Fix pkg_postinst to not exit if "$D" is not empty.
Otherwise, postinsts from update-rc.d.bbclass would not run and the
symlinks under /etc/rc?.d/ would not be created.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The package provides the server daemon for the iSCSI protocol, as
well as the utility programs used to manage it. iSCSI is a protocol
for distributed disk access using SCSI commands sent over Internet
Protocol networks
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Add systemd service for for radvd.
The unit is disabled by default, just as Fedora20 does.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: YangHaibo <b40869@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
With the feature that checking the disk filled up, the return value of
function write_behind was checked and used to detect the disk status.
While for empty file, without data being written, this function will
return -1 thus the disk filled up error was miss-raised. Fix it.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Integrate a patch from proftpd upstream to fix an integer overflow bug
described in the CVE-2013-4359, which allows remote attachers to cause
a denial of service (memory consumption) attack.
Refer: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4359
Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Bashism:
possible bashism in memcached/etc/init.d/memcached line 40 (bash arrays, ${name[0|*|@]}):
if [ -r "${FILES[0]}" ]; then
possible bashism in memcached/etc/init.d/memcached line 42 (bash arrays, ${name[0|*|@]}):
for FILE in "${FILES[@]}";
possible bashism in memcached/etc/init.d/memcached line 53 (should be VAR="${VAR}foo"):
CONFIGS+=($NAME)
possible bashism in memcached/etc/init.d/memcached line 54 (should be 'b = a'):
elif [ "memcached_$2" == "$NAME" ];
possible bashism in memcached/etc/init.d/memcached line 62 (bash arrays, ${name[0|*|@]}):
if [ ${#CONFIGS[@]} == 0 ];
possible bashism in memcached/etc/init.d/memcached line 71 (bash arrays, ${name[0|*|@]}):
CONFIG_NUM=${#CONFIGS[@]}
possible bashism in memcached/etc/init.d/memcached line 72 ('((' should be '$(('):
for ((i=0; i < $CONFIG_NUM; i++)); do
possible bashism in memcached/etc/init.d/memcached line 73 (bash arrays, ${name[0|*|@]}):
NAME=${CONFIGS[${i}]}
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Perl:
proftpd/usr/bin/ftpasswd:#!/usr/bin/perl
proftpd/usr/bin/ftpquota:#!/usr/bin/perl
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Perl:
stunnel/usr/bin/stunnel3:#!/usr/bin/perl
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Perl:
ndisc6-misc/usr/bin/dnssort:#! /usr/bin/perl
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Bashism:
possible bashism in arptables/etc/init.d/arptables line 14 (should be '.', not 'source'):
source /etc/init.d/functions
possible bashism in arptables/etc/init.d/arptables line 96 ($"foo" should be eval_gettext "foo"):
echo $"Usage $0 {start|stop|restart|condrestart|save|status}"
Use "." to replace of "source", and change /bin/bash to /bin/sh, the
echo $"foo" works well in our busybox.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The autofs.init can work with /bin/sh in busybox, so remove bashsim.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
So use /bin/sh.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
No changes except to source version.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: YangHaibo <b40869@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
following security fixes included:
MEGACO dissector infinite loop. (Bug 10333) CVE-2014-6423
Netflow dissector crash. (Bug 10370) CVE-2014-6424
CUPS dissector crash. (Bug 10353) CVE-2014-6425
HIP dissector infinite loop. CVE-2014-6426
RTSP dissector crash. (Bug 10381) CVE-2014-6427
SES dissector crash. (Bug 10454) CVE-2014-6428
Sniffer file parser crash. (Bug 10461) CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432
re-org'd dd file to be more in-line with style guide.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
No changes other than source checksum.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Add a little processing to find correct directory
for source upstream.
Update LIC_FILES_CHKSUM since the latest package
doesn't include a COPYRIGHT file anymore.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
tcpslice is a tool for extracting parts of a tcpdump packet trace,
so put it under tcpdump dir
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|