diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-08-16 22:03:13 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-08-17 03:53:26 +0300 |
| commit | 0ca19ccf045e022d8a24d26afbf346ab7f2f519f (patch) | |
| tree | 2732b2bd7700fba730c034a547a2e0751696f2ce /meta-openembedded/meta-networking | |
| parent | 23ca3ffa9de533fecc0fcd48fea85e365c323370 (diff) | |
| download | openbmc-0ca19ccf045e022d8a24d26afbf346ab7f2f519f.tar.xz | |
subtree updates
poky: 492205ea83..94dfcaff64:
Alejandro Hernandez Samaniego (1):
baremetal-helloworld: Enable RISC-V 32 port
Alexandre Belloni (1):
oeqa/runtime/cases: make date.DateTest.test_date more reliable
Anton Blanchard (3):
libjpeg-turbo: Handle powerpc64le without Altivec
kmod: use nonarch_base_libdir for depmod.d and modprobe.d
pixman: Handle PowerPC without Altivec
Changqing Li (1):
libconvert-asn1-perl: 0.27 -> 0.31
Chen Qi (4):
convert-overrides.py: also convert comments without a leading whitespace
meta: use new override syntax in comments
multilib.bbclass: fix new override syntax for virtclass-multilib
util-linux: add back manpages related settings
Daniel Gomez (1):
docs: fix typo in releases
Dmitry Baryshkov (1):
linux-firmware: add more Qualcomm firmware packages
Dragos-Marian Panait (1):
util-linux: fix CVE-2021-37600
Joe Slater (1):
terminal.bbclass: force bash for devshell
Jon Mason (1):
tune-cortexm*: add support for all Arm Cortex-M processors
Jose Quaresma (1):
sstate.bbclass: fix error handling when sstate mirrors is ro
Joshua Watt (2):
classes/cve-check: Move get_patches_cves to library
lib/packagedata: Fix for new overrides
Khem Raj (4):
glibc: Upgrade to 2.34 release
glibc: Remove obsolete --enable-stackguard-randomization
glibc: Drop DUMMY_LOCALE_T define patch
glibc: Add missing symlinks for libpthread and librt dev files
Michael Halstead (1):
releases: update to include 3.1.10
Michael Opdenacker (12):
manuals: mention license information in footer
manuals: further documentation for cve-check
cve-check: remove deprecated CVE_CHECK_CVE_WHITELIST
bsp-guide: overrides syntax updates
dev-manual: overrides syntax updates
kernel-dev manual: overrides syntax updates
ref-manual: overrides syntax updates
sdk-manual: overrides syntax updates
test-manual: overrides syntax updates
sdk-manual: reference obsolete reference to ADT
Manuals: replace "file name" by "filename"
dev-manual: fix grammar in post-install script explanations
Nisha Parrakat (1):
dbus_%.bbappend: stop using selinux_set_mapping
Olaf Mandel (1):
kickstart: document which options accept units
Patrick Williams (3):
pixman: re-disable iwmmxt
systemd: add zstd PACKAGECONFIG
systemd: set zstd as default PACKAGECONFIG
Paul Barker (2):
u-boot: Package extlinux.conf separately
pypi: Allow override of PyPI archive name
Quentin Schulz (3):
insane.bbclass: fix new override syntax migration
docs: fix new override syntax migration
docs: overview-manual: concepts: remove long-gone BBHASHDEPS variable
Richard Purdie (6):
test-manual: Add extra detail to YP Compatible section
migration-3.4: Add extra notes to override syntax changes
ruby: Fix DEBUG_PREFIX_MAP in LDFLAGS issue
gettext: Fix reproducibility issue with LDFLAGS
curl: Fix reproducibility issue with LDFLAGS
libtool: Fix lto option passing for reproducible builds
Ross Burton (11):
e2fsprogs: ensure small images have 256-byte inodes
wic: don't forcibly pass -T default
parted: drop unneeded ld-is-gold patch
parted: update patch status
buildtools-tarball: add testsdk task
oeqa/sdk: add some buildtools tests
bitbake: utils: add environment updating context manager
bitbake: fetch2: expose environment variable names that need to be exported
bitbake: fetch2/wget: ensure all variables are set when calling urllib
bitbake: fetch2/wget: fetch securely by default
tar: ignore node-tar CVEs
Thomas Perrot (2):
kernel-fitimage: images should not be signed with the same keys as the configurations
oeqa/selftest/fitimage: update tests to use two keys
Tim Orling (3):
python3-scons{-native}: upgrade 4.1.0 -> 4.2.0
perl: do_create_rdepends_inc override syntax
package.bbclass: FILER* override syntax
Tom Rini (2):
common-tasks: Add a summary to the end of the bbappend example
manuals: Rename the "Using .bbappend Files in Your Layer" section
Tony Battersby (2):
bitbake.conf: add DEBUG_PREFIX_MAP to TARGET_LDFLAGS
ruby: Fix reproducibility issue with LDFLAGS
Tony Tascioglu (1):
valgrind: skip broken ptests for glibc 2.34
Vyacheslav Yurkov (7):
lib/oe: add generic functions for overlayfs
overlayfs.bbclass: generate overlayfs mount units
rootfs-postcommands: add QA check for overlayfs
systemd-machine-units: add bbappend for meta-selftest
overlayfs: meta-selftest recipe
oeqa/selftest: overlayfs unit tests
MAINTAINERS: add overlayfs maintainer
Yi Zhao (3):
dbus: add PACKAGECONFIG for audit and selinux
glib-2.0: add PACKAGECONFIG for selinux
shadow: add PACKAGECONFIG for audit and selinux
hongxu (1):
sdk: fix relocate symlink failed
wangmy (1):
ell: upgrade 0.41 -> 0.42
meta-raspberrypi: c7f4c739a3..32921fc9bd:
Omer Akram (1):
linux-firmware-rpidistro: fix wifi driver loading on cm4
Otavio Salvador (1):
rpi-config: Allow setting hdmi_cvt
meta-openembedded: 3cf2475ea0..a13db91f19:
Changqing Li (1):
ndpi: fix CVE-2021-36082
Chen Qi (1):
Convert to new override syntax using latest convert-overrides.py script
Dmitry Baryshkov (1):
image_types_sparse: fix sparse image generation
Geoff Parker (1):
cifs-utils: typo fix fakse --> false
Kai Kang (2):
libdbi-perl: fix CVE-2014-10402
python3-m2crypto: fix for new overrides syntax
Khem Raj (1):
packagegroup-meta-oe: Add ttf-ipa
Leon Anavi (15):
python3-astroid: Upgrade 2.6.5 -> 2.6.6
python3-gast: Upgrade 0.5.1 -> 0.5.2
python3-greenlet: Upgrade 1.1.0 -> 1.1.1
python3-bitarray: Upgrade 2.2.3 -> 2.2.5
python3-send2trash: Upgrade 1.7.1 -> 1.8.0
python3-zeroconf: Upgrade 0.33.2 -> 0.34.3
python3-aiohue: Upgrade 2.5.1 -> 2.6.1
python3-configargparse: Upgrade 1.5.1 -> 1.5.2
python3-pycurl: Upgrade 7.43.0.6 -> 7.44.0
python3-distro: Upgrade 1.5.0 -> 1.6.0
python3-google-api-core: Upgrade 1.30.0 -> 1.31.1
python3-google-auth: Upgrade 1.32.0 -> 1.34.0
python3-google-api-python-client: Upgrade 2.12.0 -> 2.15.0
python3-huey: Upgrade 2.3.2 -> 2.4.0
python3-apply-defaults: Upgrade 0.1.4 -> 0.1.6
Martin Jansa (1):
python3-grpcio: make sure that GRPC_CFLAGS is expanded to empty
Michael Opdenacker (3):
vorbis-tools: update to 1.4.2 (latest in 1.4.x series)
bigbuckbunny-1080p: fix sample video URL
opus-tools: update to 0.2, move to meta-multimedia and fix license
Mingli Yu (3):
jemalloc: fix the race during do_install
jemalloc: add ptest support
jemalloc: improve the ptest output
Naveen Saini (1):
python3-defusedxml: extend recipe to add native support
Philippe Coval (1):
mycroft: Install more tools needed by scripts
Tony Battersby (3):
curlpp: fix QA Issue after LDFLAGS change
ldns: fix QA Issue after LDFLAGS change
tcsh: fix compile error after LDFLAGS change
Yi Zhao (5):
audit: upgrade 3.0.3 -> 3.0.4
augeas: rename PACKAGECONFIG[libselinux] to PACKAGECONFIG[selinux]
network-manager-applet: add selinux to PACKAGECONFIG if enable selinux distro feature
networkmanager: add PACKAGECONFIG for audit and selinux
augeas: add selinux to PACKAGECONFIG if enable selinux distro feature
leimaohui (1):
ttf-ipa: Added a new font.
wangmy (1):
iwd: upgrade 1.15 -> 1.16
zangrc (1):
python3-humanize: upgrade 3.10.0 -> 3.11.0
zhengruoqin (3):
python3-engineio: upgrade 4.2.0 -> 4.2.1
python3-ipython: upgrade 7.25.0 -> 7.26.0
python3-isort: upgrade 5.9.2 -> 5.9.3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7a8bd19709f465db51254ed3fcaf2486fe64dcaf
Diffstat (limited to 'meta-openembedded/meta-networking')
6 files changed, 129 insertions, 2 deletions
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.32.4.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.32.4.bb index 0ef525d31..167d81022 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.32.4.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.32.4.bb @@ -59,6 +59,7 @@ PACKAGECONFIG ??= "nss ifupdown dnsmasq nmcli \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'wifi polkit', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \ " inherit ${@bb.utils.contains('PACKAGECONFIG', 'nmcli', 'bash-completion', '', d)} @@ -83,6 +84,8 @@ PACKAGECONFIG[qt4-x11-free] = "--enable-qt,--disable-qt,qt4-x11-free" PACKAGECONFIG[cloud-setup] = "--with-nm-cloud-setup=yes,--with-nm-cloud-setup=no" PACKAGECONFIG[nmcli] = "--with-nmcli=yes,--with-nmcli=no,readline" PACKAGECONFIG[ovs] = "--enable-ovs,--disable-ovs,jansson" +PACKAGECONFIG[audit] = "--with-libaudit,--without-libaudit,audit" +PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" PACKAGES =+ " \ ${PN}-nmcli ${PN}-nmcli-doc \ diff --git a/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb b/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb index d5e9e2c30..cf2b156fe 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb @@ -61,4 +61,4 @@ RDEPENDS:${PN} += "os-release" FILES:${PN}-zsh-completion += "${datadir}/zsh/" # FIXME: zsh is broken in meta-oe so this cannot be enabled for now -#RDEPENDS_${PN}-zsh-completion += "zsh" +#RDEPENDS:${PN}-zsh-completion += "zsh" diff --git a/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.13.bb b/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.13.bb index 54aa3ce19..a8d3e91eb 100644 --- a/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.13.bb +++ b/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.13.bb @@ -26,7 +26,7 @@ do_configure:prepend() { # want installed to /usr/sbin rather than /sbin to be DISTRO_FEATURES usrmerge compliant # must override ROOTSBINDIR (default '/sbin'), # setting --exec-prefix or --prefix in EXTRA_OECONF does not work - if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','fakse',d)}; then + if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then export ROOTSBINDIR=${sbindir} fi } diff --git a/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb b/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb index 6ce52d717..263de81c7 100644 --- a/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb @@ -16,3 +16,10 @@ S = "${WORKDIR}/git" inherit cmake pkgconfig binconfig BBCLASSEXTEND = "native nativesdk" + +do_install:append() { + sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ + -i ${D}${libdir}/pkgconfig/*.pc +} diff --git a/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch b/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch new file mode 100644 index 000000000..8fdd62d18 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch @@ -0,0 +1,116 @@ +From 1ec621c85b9411cc611652fd57a892cfef478af3 Mon Sep 17 00:00:00 2001 +From: Luca Deri <deri@ntop.org> +Date: Sat, 15 May 2021 19:53:46 +0200 +Subject: [PATCH] Added further checks + +Upstream-Status: Backport [https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3] +CVE: CVE-2021-36082 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + src/lib/protocols/netbios.c | 2 +- + src/lib/protocols/tls.c | 32 +++++++++++++++++--------------- + 2 files changed, 18 insertions(+), 16 deletions(-) + +diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c +index 1f3850cb..0d3b705f 100644 +--- a/src/lib/protocols/netbios.c ++++ b/src/lib/protocols/netbios.c +@@ -42,7 +42,7 @@ int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len + int ret = 0, len, idx = inlen; + char *b; + +- len = (*in++)/2; ++ len = (*in++)/2, inlen--; + b = out; + *out = 0; + +diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c +index 5b572cae..c115ac08 100644 +--- a/src/lib/protocols/tls.c ++++ b/src/lib/protocols/tls.c +@@ -994,21 +994,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, + i += 4 + extension_len, offset += 4 + extension_len; + } + +- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); ++ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version); + +- for(i=0; i<ja3.num_cipher; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); ++ for(i=0; (i<ja3.num_cipher) && (JA3_STR_LEN > ja3_str_len); i++) { ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); + + if(rc <= 0) break; else ja3_str_len += rc; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); +- if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; ++ if(JA3_STR_LEN > ja3_str_len) { ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); ++ if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; ++ } + + /* ********** */ + +- for(i=0; i<ja3.num_tls_extension; i++) { +- int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); ++ for(i=0; (i<ja3.num_tls_extension) && (JA3_STR_LEN-ja3_str_len); i++) { ++ int rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); + + if(rc <= 0) break; else ja3_str_len += rc; + } +@@ -1443,41 +1445,41 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, + int rc; + + compute_ja3c: +- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); ++ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version); + + for(i=0; i<ja3.num_cipher; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", + (i > 0) ? "-" : "", ja3.cipher[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + /* ********** */ + + for(i=0; i<ja3.num_tls_extension; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", + (i > 0) ? "-" : "", ja3.tls_extension[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + /* ********** */ + + for(i=0; i<ja3.num_elliptic_curve; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", + (i > 0) ? "-" : "", ja3.elliptic_curve[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + for(i=0; i<ja3.num_elliptic_curve_point_format; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", + (i > 0) ? "-" : "", ja3.elliptic_curve_point_format[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb b/meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb index cfc60a7aa..89450f562 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b52f2d57d10c4f7ee67a7eb9615d5d24" SRCREV = "64929a75e0a7a60d864bd25a9fd97fdf9ac892a2" SRC_URI = "git://github.com/ntop/nDPI.git;branch=3.4-stable \ file://0001-autogen.sh-not-generate-configure.patch \ + file://CVE-2021-36082.patch \ " S = "${WORKDIR}/git" |