Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
(From OE-Core master rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)
(From OE-Core rev: 3cc799213e6528fc9fb4a0c40a01a1817484f499)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
(Patch borrowed from Fedora.)
(From OE-Core rev: fe4e278f1794dda2e1aded56360556fe933614ca)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
(From OE-Core rev: f19dbbc864b12b0f87248d3199296b41a0dcd5b0)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 6506f8993c84b966642ef857bb15cf96eada32e8)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c
(From OE-Core rev: 21fa437a37dad14145b6c8c8c16c95f1b074e09c)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: c707b3ea9e1fbff2c6a82670e4b1af2b4f53d5e2)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
osmo-sgsn was installing a sysvinit script but it wasn't inside
the INITSCRIPT_PACKAGES so it would not be started by default.
Use the already existing INITSCRIPT_PARAMS/INITSCRIPT_NAME variables
for the osmo-sgsn.
Fixes: SYS#366
We need to reduce the usage of ttyS0 to not conflict with the
sysmobts-mgr that opens and controls the power amplifier. This
is done by instructing systemd by config file to not log much
and disable the getty target.
Backported patch for CVE-2014-3466.
This patch is for dora.
(From OE-Core rev: 68da848e0f7f026bf18707d8d59143177ff66f9b)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The FILESEXTRAPATH was not getting used correctly since our distro
OVERRIDE is for poky-tiny, not poky, so just remove it, also we are
not using a version directory so ensure we get correct BPN (Base Package
Name).
[YOCTO #6353]
(From meta-yocto rev: 43e5c7a92dc06f95ef3110fb404bd07eccc2140a)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* archiver discard the source providing
for all native and shared-work recipes,
so we whitelist gcc-cross, which covers
the source code for the runtime libgcc
package
Fixes: SYS#372
* to be able to mount vfat formatted
usbsticks we need the nls subsystem
* providing nls as modules is a bad idea because
you need to add them at image creation
* better include them into the kernel,
like the kernel for bts and bts-2050 does
Let's flash multiple copies of UBL and U-Boot to cope better with
NAND bits flipping in these sectors. To fit multiple copies of
U-Boot into the flash we had to move the rootfs a bit to the end.
* setting APPEND in the image file overwrites
the APPEND from boot-directdisk.bbclass in edison, which
creates the syslinux.cfg without "root=" stanza
* for dora we do not use syslinux or the image-directdisk
so revert this paticular changes
Fixes: SYS#373
Daniel noticed that on upgrade his /etc/osmocom/osmo-bts.cfg
was overwritten. This was due the addition of the sysmobts-mgr
config file and using an assignment instead of an append.
A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.
https://access.redhat.com/security/cve/CVE-2014-0198
(From OE-Core rev: 4c58fe468790822fe48e0a570779979c831d0f10)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We will change the MTD partitioning for our devices soon. The
kernel needs to honor the cmdline given by the kernel for that.
The rootfs will move a few pages to the back with newer bootloaders.
If we don't provide a DNS server via DHCP to the BTSs, then their
ntpdate will not succeed in contacting pool.ntp.org (resolver failure),
which in turn means they have the wrong date, which again in turn leads
to failing opkg update or openvpn certificate verification failures.
Update to current master of lcr, which includes support for AMR
and RTP-bridge. Master openbsc doesn't support RTP-bridge yet,
but it will work with a transcoding LCR getting all TCH frames
in all codecs (HR/FR/EFR/AMR) via MNCC.
The .pc files were already covered by the normal -dev package
glob. No need to do more work here.
Addresses:
WARNING: Variable key FILES_${PN}-dev (${includedir} ${FILES_SOLIBSDEV} ${libdir}/*.la ${libdir}/*.o ${libdir}/pkgconfig ${datadir}/pkgconfig ${datadir}/aclocal ${base_libdir}/*.o ${libdir}/${BPN}/*.la ${base_libdir}/*.la) replaces original key FILES_gpsd-dev ( ${libdir}/pkgconfdir/libgpsd.pc ${libdir}/pkgconfdir/libgps.pc).
Holger Hans Peter Freyther
Yue Tao
Paul Eggleton
Henning Heinold
Valentin Popa
Saul Wold
Richard Purdie
Maxin B. John
Harald Welte