Backport patch from debian to fix CVE-2016-10396 for ipsec-tools.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This fixed the CVE-2015-4047:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ipsec-tools-0.8.2: ipsec-tools: Files/directories were installed but not shipped
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/racoon.service [installed-vs-shipped]
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
While kernel is processing the UPDATE message which is sent from racoon,
it maybe interrupted by certain system signal and if this case happens,
kernel responds with an EINTR message to racoon and kernel fails to
establish the corresponding SA.
Fix this problem by resend the UPDATE message when EINTR(Interrupted
system call) error happens.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Remove 0001-Fix-warning-with-gcc-4.8.patch, it has been in 0.8.2
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Dead peer detection (DPD) is a method that network devices use to verify
the current existence and availability of other peer devices.
* NAT traversal (sometimes abbreviated as NAT-T) is a general term for
techniques that establish and maintain Internet protocol connections
traversing network address translation (NAT) gateways
Signed-off-by: Ting Liu <b28495@freescale.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
1. use PACKAGECONFIG
2. add three patches which will add the address check, to avoid SEGFAULT
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
We can remove all references to yywrap by adding "%option noyywrap" statements
to each flex source file which doesn't override yywrap. After this, we no longer
need to link against libfl and so no longer get errors about undefined
references to yylex.
Also change the dependency on flex to flex-native as we no longer need libfl
compiled for the target - the lexer is now self-contained.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Joe MacDonald <joe@deserted.net>
ipsec-tools depends on bison-native
enable ipv6 support by DISTRO_FEATURE, and enable shared library support.
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
* Add purpose and Upstream-Status to patch
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
