OpenSAF uses OpenHPI if available. If openhpi happens to be in
PACKAGECONFIG from the build, turn on support in OpenSAF and add it to the
DEPENDS list.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Remove three very minor bashisms, all about redirecting stdout/stderr.
The initscript identifies as /bin/sh, this change ensures that the script
should work with a non-bash /bin/sh as well.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
tcpd from tcp-wrapper is installed into /usr/sbin/, not /usr/bin/
using sed to dynamical update the path to add the robust
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
1) WARNING: The recipe opensaf is trying to install files into a
shared area when those files already exist,so set
--libdir=${libdir}/opensaf
2) Add systemd service file plmcboot.service and plmcd.service.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
1.Remove postfix-add-db6-support.patch which is not needed,
since it is backported from upstream.
2.update install.patch and makedefs.patch that context changes.
3.Install smtp-sink which listens on the named host (or address) and port.
It takes SMTP messages from the network and throws them away.
Ref: http://www.postfix.org/smtp-sink.1.html
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
the snmp_pdu_parse() function could leave incompletely parsed varBind
variables in the list of variables in case the parsing of the SNMP
PDU failed. If later processing tries to operate on the stale and
incompletely processed varBind (e.g. when printing the variables),
this can lead to e.g. crashes or, possibly, execution of arbitrary
code.
The snmp_pdu_parse() function stores varBind variables in a list of
netsnmp_variable_list structures. Each time the function parses a new
varBind, a new netsnmp_variable_list item is allocated on the heap
and linked to the list of variables. The problem is that this item
is not removed from the list, even if snmp_pdu_parse() fails to
complete the parsing.
The "type" member of the stale netsnmp_variable_list is not
properly initialized in case snmp_pdu_parse() returns early from the
parsing. However, the "type" member is used to determine later code
paths, which is why we see crashes in a variety of functions,
although the root cause for all of these is the same.
This patch come from
f23bcd3ac6/
Written-by: Robert Story
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Bitbake is likely to require this parameter in future, add
the default value.
Patch generated with the command:
sed -e 's:\(getVar([^,()]*\)\s*):\1, False):g' -i `grep -ril getVar *`
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The named packages explicitly install some items under /lib,
but the recipes assume they are in base_libdir. We change
the recipes.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
daemon_directory is set to /usr/lib/postfix which causes daemon postfix
fails to start on 64 bits target if enable multilib. Set daemon_directory
with libexecdir to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
include a security fixes but no CVE #
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-19
WCCP dissector crash. ([2]Bug 11153)
* [3]wnpa-sec-2015-20
GSM DTAP dissector crash. ([4]Bug 11201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
fixed broken url and cleaned up the PACKAGECONFIG
removed patch as it is included in this release
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-12
The LBMR dissector could go into an infinite loop. ([2]Bug 11036)
[3]CVE-2015-3808 [4]CVE-2015-3809
* [5]wnpa-sec-2015-13
The WebSocket dissector could recurse excessively. ([6]Bug 10989)
[7]CVE-2015-3810
* [8]wnpa-sec-2015-14
The WCP dissector could crash while decompressing data. ([9]Bug
10978) [10]CVE-2015-3811
* [11]wnpa-sec-2015-15
The X11 dissector could leak memory. ([12]Bug 11088)
[13]CVE-2015-3812
* [14]wnpa-sec-2015-16
The packet reassembly code could leak memory. ([15]Bug 11129)
[16]CVE-2015-3813
* [17]wnpa-sec-2015-17
The IEEE 802.11 dissector could go into an infinite loop. ([18]Bug
11110) [19]CVE-2015-3814
* [20]wnpa-sec-2015-18
The Android Logcat file parser could crash. Discovered by Hanno
Böck. ([21]Bug 11188) [22]CVE-2015-3815
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The error is as follows:
error: unrecognized command line option '-V'
conftest.c:9:28: fatal error: ac_nonexistent.h:
No such file or directory #include <ac_nonexistent.h>.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Ntimed is an unreleased ntpd replacement being sponsored by the Linux
Foundation. Currently it only includes a work-in-progress client, but for
future use this recipe emits an ntimed-client package and an ntimed meta
package which will pull in client and server.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
- `geoipupdate` now verifies the MD5 of the new database before deploying it.
If the database MD5 does not match the expected MD5, `geoipupdate` will
exit with an error.
- The copy of `base64.c` and `base64.h` was switched to a version under GPL 2+
to prevent a license conflict.
- The `LICENSE` file was added to the distribution.
- Several issues in the documentation were fixed.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ERROR: Nothing PROVIDES 'libdnet' (but /home/akuster/oss/clean/meta-openembedded/meta-oe/recipes-connectivity/daq/daq_2.0.2.bb DEPENDS on or otherwise requires it). Close matches:
libnet
libnewt
libidn
ERROR: Required build target 'daq' has no buildable providers.
Missing or unbuildable dependency chain was: ['daq', 'libdnet']
world build fails for meta-oe.
move daq to meta-networking where snort and libdnet both reside.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
when check the CC, only compile the object by CC, not run the object.
MCONFIG file includes more configuration, we can not clear it
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in
Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows
remote attackers to cause a denial of service (snmptrapd crash) via an
empty community string in an SNMP trap, which triggers a NULL pointer
dereference within the newSVpv function in Perl.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ipsec-tools-0.8.2: ipsec-tools: Files/directories were installed but not shipped
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/racoon.service [installed-vs-shipped]
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ntp 4.2.8p2 has more CVE fixes, like CVE-2015-1799, CVE-2015-1798;
and remove ntp-4.2.8-ntp-keygen-no-openssl.patch which 4.2.8p2 has integrated
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Neither -utils nor -ptest packages make sense w/o actual kernel support
for SCTP protocol. Make both packages RRECOMMEND kernel-module-sctp.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
CyaSSL is now called wolfSSL. Recipe updates included RPROVIDE and
PROVIDE lines, with updates to sha/md5 sums.
Signed-off-by: lchristina26 <leah@wolfssl.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When building for a system including systemd ypbind-mt will link against
libsystemd creating an implicit dependency. Make that explicit.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
