Age | Commit message (Collapse) | Author |
|
Drop the patch as issue is addressed upstream.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove 0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch
as code removed upstream.
License-Update: formatting
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These patches are already available in 3.0
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop 0001-skip-test_symbol_presence.patch - testing revealed
no need for it, and I couldn't quite understand what it does.
Drop reproducible.patch - upstream has removed the non-reproducible
bit.
Process lines in run-ptest with sed one by one rather than with
perl after the test completes, avoiding ptest-runner timeout errors.
License-Update: openssl relicense to apache 2.0. Goodbye awkward
gpl exceptions in consumers.
DEPRECATED_CRYPTO_FLAGS is now empty by default but available
by anyone who wants to set it. Trying to come up with a working
set was not a good idea as shown in the deleted comment.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Signed-off-by: Changhyeok <changhyeok.bae@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
This CVE is already fixed in inetutils 2.2
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2021-40491:
The ftp client in GNU Inetutils before 2.2 does not validate addresses
returned by PASV/LSPV responses to make sure they match the server
address. This is similar to CVE-2020-8284 for curl.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-40491
Patch from:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream database uses both "connman" and "connection_manager" to report CVEs
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
intltool was replaced with gettext in the 0.8 release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise licenses BSD-3-Clause-Attribution
and BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The license statement already includes BSD-2-Clause and BSD-3-Clause, so
remove the redundant and ambiguous BSD license.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for:
CVE: CVE-2021-3711
CVE: CVE-2021-3712
as described by:
https://www.openssl.org/news/secadv/20210824.txt
Ptest results on qemux86-64 with kvm:
All tests successful.
Files=158, Tests=2532, 137 wallclock secs \
( 2.59 usr 0.33 sys + 104.71 cusr 44.19 csys = 151.82 CPU)
Result: PASS
DURATION: 137
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
5.61 includes a fix for CVE-2021-3658 (bluez: adapter incorrectly
restores Discoverable state after powered down), as well as other
fixes.
>From the changelog:
ver 5.61:
Fix issue with A2DP while waiting for command response.
Fix issue with A2DP when SetConfiguration fails.
Fix issue with device removal handling.
Fix issue with storing discoverable setting.
Add support for Central Address Resolution characteristic.
Add support for admin policy plugin.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
--- 9.16.19 released ---
5671. [bug] A race condition could occur where two threads were
competing for the same set of key file locks, leading to
a deadlock. This has been fixed. [GL #2786]
5670. [bug] create_keydata() created an invalid placeholder keydata
record upon a refresh failure, which prevented the
database of managed keys from subsequently being read
back. This has been fixed. [GL #2686]
5669. [func] KASP support was extended with the "check DS" feature.
Zones with "dnssec-policy" and "parental-agents"
configured now check for DS presence and can perform
automatic KSK rollovers. [GL #1126]
5668. [bug] Rescheduling a setnsec3param() task when a zone failed
to load on startup caused a hang on shutdown. This has
been fixed. [GL #2791]
5667. [bug] The configuration-checking code failed to account for
the inheritance rules of the "dnssec-policy" option.
This has been fixed. [GL #2780]
5666. [doc] The safe "edns-udp-size" value was tweaked to match the
probing value from BIND 9.16 for better compatibility.
[GL #2183]
5665. [bug] If nsupdate sends an SOA request and receives a REFUSED
response, it now fails over to the next available
server. [GL #2758]
5664. [func] For UDP messages larger than the path MTU, named now
sends an empty response with the TC (TrunCated) bit set.
In addition, setting the DF (Don't Fragment) flag on
outgoing UDP sockets was re-enabled. [GL #2790]
5662. [bug] Views with recursion disabled are now configured with a
default cache size of 2 MB unless "max-cache-size" is
explicitly set. This prevents cache RBT hash tables from
being needlessly preallocated for such views. [GL #2777]
5661. [bug] Change 5644 inadvertently introduced a deadlock: when
locking the key file mutex for each zone structure in a
different view, the "in-view" logic was not considered.
This has been fixed. [GL #2783]
5658. [bug] Increasing "max-cache-size" for a running named instance
(using "rndc reconfig") did not cause the hash tables
used by cache databases to be grown accordingly. This
has been fixed. [GL #2770]
5655. [bug] Signed, insecure delegation responses prepared by named
either lacked the necessary NSEC records or contained
duplicate NSEC records when both wildcard expansion and
CNAME chaining were required to prepare the response.
This has been fixed. [GL #2759]
5653. [bug] A bug that caused the NSEC3 salt to be changed on every
restart for zones using KASP has been fixed. [GL #2725]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This retrofits ARC support from upstream [1].
Should be a part of the next release of "dhcpcd".
https://github.com/NetworkConfiguration/dhcpcd/commit/82386110e67cf75c224e9817fce55e6b0f143266
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Key generation may wait for user input, due to the existence of
temporary keys resulting from power interruption in the first boot.
This prevents users from login via ssh.
Signed-off-by: Asfak Rahman <asfakr@outlook.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 9c42e84c68990b49c71f0fafb3575bf9683414b4)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
(From OE-Core rev: e3e4f7b9c95b7c89ab1542483f1782ae884d4ebb)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Summary for 1.10.1 libpcap release
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
...
rpcap:
Clean up error checking and error messages for server address
lookup.
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch isn't yet upstream but it has been submitted and other distros
are shipping it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This should greatly reduce dependency chains on the autobuilder;
the only affected recipe is remmina, where avahi support will be
disabled by default.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Issue only affects Debian and SUSE.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These CVEs are fixed with kernel changes and don't affect the bluez recipe.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE only applies to some distributed RHEL binaries so irrelavent to us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
so the issue doesn't affect us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We don't build/use the OPIE PAM module, exclude the CVE from this recipe.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|