Versions 2.16 to 2.69 have now also moved into the archives folder.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
(cherry picked from commit d338d219df)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This update fixes a number of bugs including the following
vulnerabilities:
CVE-2017-13704
CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
Further details can be found in the changelog here:
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The newly split "libopencv-ts" package is empty (and thus not created),
because all ts files are installed in the development package. So, do
not add a runtime dependency to libopencv-ts.
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Needed for PyQt-5.8.2, a recipe I am looking at again.
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 229f824568)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Note, hostapd and wpa_supplicant use the same sources. This commit is based
on Ross Burton's change to OpenEmbedded-core. Below is Ross's commit message
from OpenEmbedded-Core.
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.
* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
* CVE-2017-13078: reinstallation of the group key in the Four-way handshake
* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
* CVE-2017-13080: reinstallation of the group key in the Group Key handshake
* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame
Backport patches from upstream to resolve these CVEs.
Signed-off-by: Ross Burton <ross.burton@intel.com>
The hunk:
[PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request
does not apply to hostapd and was removed from the patch.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ed6b5da874)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
(cherry picked from commit 3ca10e7d92)
Bug fix only:
Including these security fixes:
wnpa-sec-2017-13
WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410
Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12.
wnpa-sec-2017-28
openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411
Note: This is an update for a fix in Wireshark 2.2.7.
wnpa-sec-2017-34
AMQP dissector crash. (Bug 13780) CVE-2017-11408
wnpa-sec-2017-35
MQ dissector crash. (Bug 13792) CVE-2017-11407
wnpa-sec-2017-36
DOCSIS infinite loop. (Bug 13797) CVE-2017-11406
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Summary for 4.9.1 tcpdump release
CVE-2017-11108/Fix bounds checking for STP.
Make assorted documentation updates and fix a few typos in tcpdump output.
Fixup -C for file size >2GB (GH #488).
Show AddressSanitizer presence in version output.
Fix a bug in test scripts (exposed in GH #613).
On FreeBSD adjust Capsicum capabilities for netmap.
On Linux fix a use-after-free when the requested interface does not exist.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
(cherry picked from commit 60b4163172)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
/ld: error: pipeline.o: requires dynamic R_X86_64_PC32 reloc against '_ZTVN3tbb8pipelineE' which may overflow at runtime; recompile with -fPIC
idea taken from Master
Signed-off-by: Armin Kuster <akuster808@gmail.com>
repo moved and got renamed
WARNING: synergy-1.7.3+1.7.4-rc8+AUTOINC+588fb4b805-r0 do_fetch: Failed to fetch URL git://github.com/synergy/synergy.git;protocol=http, attempting MIRRORS if available
Signed-off-by: Armin Kuster <akuster808@gmail.com>
`inherit externalsrc gitver` is a very useful combo to get development trees
in your workspace having a ${PN}_git.bb with PV=${GITVER} coexisting with a regular
${PN}_${PV}.bb
but not everyone wants to checkout all developments sources and managinging different
layers for each options is quite troublesome.
making `gitver` skip the .bb instead of panic()ing every time EXTERNALSRC is missing
allows people to have a single development layer where packages get enabled if
the right sources are present or falling back to the last release if not
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport patch to fix CVE-2017-11368 for krb5.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit d9f7ef40d7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Replace ${systemd_unitdir}/system with ${systemd_system_unitdir}
* Remove the upstar settings and don't install upstar config files
* Add volatile for sysvinit and tmpfiles for systemd
* Set the correct bash path for init scripts to avoid QA issue:
| corosync-2.4.2: /usr/share/corosync/corosync contained in package corosync
requires /tmp/hosttools/bash, but no providers found in RDEPENDS_corosync?
[file-rdeps]
* The systemd services are intalled properly by "make install",
no need to install manually.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 8ca8ec9be3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
LDFLAGS += "-pthread" adds the flag both for native and target builds,
however the openldap-native build overwrites the variable inside
native.bbclass causing "undefined reference to `pthread_getspecific'"
and other linker errors.
Change the append to happen after parsing by using the override
syntax and thus make sure it executes after native.bbclass (bitbake -e
reports pre-expansion value "${BUILD_LDFLAGS} -pthread").
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 9d06ee2622)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2013-7459: Heap-based buffer overflow in the ALGnew function in
block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows
remote attackers to execute arbitrary code as demonstrated by a crafted
iv parameter to cryptmsg.py.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2013-7459
Patch from:
8dbe0dc3ee
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit e4af9cf961)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Immediate expansion for PERLVERSION(in perl-version.bbclass)
is too early, it will result in 'None' before perl is built,
then the module file is installed incorrectly:
$ rpm -ql adduser|grep Common
/usr/lib/perl/None/Debian/AdduserCommon.pm
So use get_perl_version directly instead of PERLVERSION.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This fixes following errors when compiling with clang:
| ../json_spirit/libjson_spirit.so.4.0.8: error: undefined reference to '__atomic_load_4'
| ../json_spirit/libjson_spirit.so.4.0.8: error: undefined reference to '__atomic_compare_exchange_4'
| ../json_spirit/libjson_spirit.so.4.0.8: error: undefined reference to '__atomic_fetch_sub_4'
| ../json_spirit/libjson_spirit.so.4.0.8: error: undefined reference to '__atomic_fetch_add_4'
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ac2a6d2b5d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Dont hardcode cpp to point to gcc collection, helps
compiling with clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
License checksum changed due to opyright year changed to 2017
Fix build with clang/hardening
ak] 7.1.x updates are bug or security fixes only. no new functions. Per PHP policy.
so update makes sence IMHO
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ad9df2b36a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The uim-anthy package is created that empty.
To avoid this problem by defining a packages with a rough PATH list after the uim-anthy package.
Signed-off-by: Yusuke Mitsuki <mickey.happygolucky@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit f1d6a48684)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It is used in NVD database for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2016-3120
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 236ca5e37c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gnu_fribidi is used in NVD for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2010-3444
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 854b98c05a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It is used in NVD for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2014-0004
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 57fac9d8ac)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
