Fetch the needed Git tag by using BB_GIT_SHALLOW_EXTRA_REFS. This fixes
the following autotools configuration error:
| build-aux/git-version-gen: WARNING: .gitarchivever doesn't contain valid version tag
| build-aux/git-version-gen: ERROR: Can't find valid version. Please use valid git repository, released tarball or version tagged archive
| configure.ac:22: error: AC_INIT should be called with package and version arguments
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I removed the CVE_STATUS setting for CVE-2016-4983 when this recipe was
updated to 2.4.1-4 - but that was a mistake, the CVE database considers
(incorrectly) even the latest version as vulnerable.
Revert that mistake by adding back the correct CVE_STATUS to the recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop the "datacenter" PACKAGECONFIG, because it became obsolete:
"The --enable-datacenter compile time option is deprecated. Please modify the init script to pass -F datacenter to the daemons instead."
Note: grpc PACKAGECONFIG seems to be broken (it was broken in the previous version also).
At the first sight it looks that the application's Makefile enforces c++11 standard,
but abseil (which is a dependency of grpc) requires at least c++17.
Changelog:
10.4.1:
- bgpd: initialize local variable
- ospfd: Use after free cleanup of lsa
- vtysh: copy config from file should actually apply
- Revert PR #18358: BGP evpn testing and bug fixes related to non default EVPN backbone
- topotests: improve embedded RP test reliability
- lib, zebra: mark singleton nexthops inactive/active on link state changes for wecmp
- bgpd: LL next-hop capabilty fixes
- eigrp: validate hello packets and tlvs better
- bgpd: Fix compilation error in bgpd module: Update TP_ARGS for bgp
- bgpd: Ensure addpath does not withdraw selected route in some situations
- bgpd: [GR] fixed selectionDeferralTimer to display select_defer_time val
- bgpd: LL next-hop capabilty fixes (round 2)
- lib: compute link-state zapi message size
- zebra: Fix buffer overflows found by fuzzing.
10.4:
- BGP BFD Strict-Mode
- BGP Link-Local Next Hop Capability [draft-ietf-idr-linklocal-capability]
- BGP Transparent mode
- BGP Next Hop Dependent Characteristics Attribute [draft-ietf-idr-entropy-label]
- IGMP and MLD group/source limits
- PIM dense and sparse-dense mode support [RFC3973]
- IGMPv2/MLDv1 immediate leave
- v4-via-v6 nexthop support for static routes
- Timeout for vtysh
- Discover PREF64 in Router Advertisements [RFC8781]
10.3.2:
- bgpd: correct no form commands
- bgpd: fix to show exist/non-exist-map in 'show run' properly
- redhat: make FRR RPM build to work on RedHat 10
- build: check for libunwind.h, not unwind.h
- bgpd: use AS4B format for BGP loc-rib messages.
- bgpd: fix for the validity and the presence of prefixes in the BGP VPN table.
- bgpd: Force adj-rib-out updates if MRAI is kicked in
- zebra: Provide SID value when sending SRv6 SID release notify message
- bgpd: Fix crash when fetching statistics for bgp instance
- nhrpd: fix crash when accessing invalid memory zone
- zebra: Initialize RB tree for router tables
- zebra: fix null pointer dereference in zebra_evpn_sync_neigh_del
- zebra: fix stale NHG in kernel
- bgpd: Fix incorrect stripping of transitive extended communities
- lib: Fix no on-match goto NUM command
- bgpd: Fix extended community check for IP non-transitive type
- bgpd: Fix DEREF_OF_NULL.EX.COND in bgp_updgrp_packet
- lib: revert addition of vtysh_flush() call in vty_out()
- bgpd: Extract link bandwidth value from extcommunity before using for WCMP
- Use ipv4 class E addresses (240.0.0.0/4) as connected routes by default
- bfdd: Set bfd.LocalDiag when transitioning to AdminDown
- zebra: clean up a json object leak
- bgpd: Do not try to reuse freed route-maps
- lib: fix routemap crash
- bgpd: initialize local variable
- ospfd: Use after free cleanup of lsa
- vtysh: copy config from file should actually apply
- bgpd : Fix compilation error in bgpd module: Update TP_ARGS for bgp
- bgpd: Ensure addpath does not withdraw selected route in some situations
- lib, zebra: mark singleton nexthops inactive/active on link state changes for wecmp
- eigrp: validate hello packets and tlvs better
- bgpd: [GR] fixed selectionDeferralTimer to display select_defer_time val
10.3.1:
- Check valid babel port
- Fix incorrect type assignment in parse_request_subtlv
- Fix `set evpn gateway-ip ipv[46]` route-map
- Fix bmp heap use after free on non connected session
- Fix evpn attributes being dropped on input
- Fix holdtime not working properly when busy
- Fix leaked memory when showing some bgp routes
- Fixed crash upon bgp network import-check command
- On shutdown free up memory leak found by topotest
- Prevent crash when issuing a show rpki connections
- Remove unused defines from bgp_label.h
- Retain the routes if we do a clear with n-bit set for graceful-restart
- Set the label for mp_unreach_nlri 0x800000 instead of 0x000000
- Treat the peer as not active due to bfd down only if established
- Fix incorrect bestpath reasoning in some situations
- Fix show bgp vpn rd json
- Add total path count for bgp net in json output
- Fix import all adj-rib-in and loc-rib after bmp connects
- On shutdown prefix/access list memory was being leaked
- Fix srv6_sid memory leak
- Free up leaked prefix-list memory on shutdown
- Create vrf if needed
- Return duplicate ipv6 prefix-list entry test
- Return duplicate prefix-list entry test
- Add hop count validation before forwarding in nhrp_peer_recv()
- Disable and delete ospfv3 areas that no longer have interfaces or configuration.
- Fix lsa memory leaks related to graceful restart
- Fix crash when ospf client connects before doing 'router ospf'
- Fix for crash during networking restart
- Fix memory leak on shutdown
- Initialize gm proxy to false
- Make docs and rpki optional for rpm package build
- Make sure zeromq is always disabled
- Revert - Add option to build pkg without docs and rpki support
- Add Workaround for inet_ntop replacement which breaks rpms
- Avoid requesting srv6 sid from zebra when loc and sid block dont match
- Add more tests to bgp_rpki_topo1 test
- Add nb test binary to .gitignore
- Add route-map evpn set gateway-ip topotest
- Check if routes are marked as stale and retained with n-bit for gr
- Fix typo when configuring delayopen timer
- Fix wait times in test_ospf6_gr_topo1 topotest
- Use label 0x800000 instead of 0x000000 for bmp tests
- Use little-endian order for libyang api
- Fix reload script for srv6 locators and formats
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
After commit 1997d3d6c4 (net-snmp: Do not
pass LDFLAGS to compiler), some linker flags, like "-Wl,--as-needed",
appear too late on the linker command line. Backport a patch that
corrects the order of the arguments given to the linker.
Unfortunately, the patch is not enough. libtool reorders the arguments
given to libtool --mode=link so that any lib dependencies appear before
other linker arguments. Therefore it is needed to inject -Wl,--as-needed
on the linker command line that libtool produces.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh all patches.
ptest patches needed larger rework for new test testHeader.
License-Update: copyright years refreshed
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Devtool could not find latest versions before.
Download page [1] shows message
"Squid sources are released through GitHub. Please refer to the Releases
Page to find all released versions."
Note that also squid security advisories were moved to Github.
[1] https://www.squid-cache.org/Versions/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
this release addressed below CVE:
CVE-2025-41244
Drop 0001-Fix-build-when-compiling-with-std-c23.patch which have been
merged upstream.
Changelog:
https://github.com/vmware/open-vm-tools/releases
Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 0001-fix-compiling-on-32-bit-systems.patch, and change to another
patch that solves the same issue in OE, but is more likely to be
adapted by upstream (after discussion with upstream in
https://github.com/pgpool/pgpool2/pull/128)
Shortlog: https://github.com/pgpool/pgpool2/compare/V4_5_5...V4_6_3
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
While working on it, also ignore CVE-2025-47711 and CVE-2025-47712.
Both vulnerabilities are fixed already (they were fixed before the
upgrade also, but there is no version-range associated with the CVE report).
CVE-2025-47711: e6f96bd1b7
CVE-2025-47712: a486f88d1e
Shortlog:
Merge branch '2025-optional-qemu-img' into 'master'
build: Check for qemu-img and disable some tests if not present
tests/curl: Skip test if 'disk' was not created
server/public.c: Use common/include parse_bool function
common/include: Extra bool parsing into a mini-library
docs: Shorter title and tweaks to the description
indexed-gzip: Include <stddef.h> to get ptrdiff_t
indexed-gzip: Move variable decl outside for loop
vddk: Sort synopsis into alphabetical order
ext2: Update docs since filter supports concurrent connections
docs: Move --short/--long-options to right place in synopsis
(origin/rhel-10.2) docs: Document how to probe for server command line options
server: Document --long-options and --short-options
docs/nbdkit-probing.pod: Rearrange synopsis to match description
server: Add --name parameter
docs: Fix bolding of --log=/path option
tests/test-python-plugin.py: Remove unused variables
python: Add binding for nbdkit_parse_bool
tests/test-python-plugin.py: Add name of test for test_parse_size
(tag: v1.45.6) Version 1.45.6.
Merge branch '2025-rounding' into 'master'
server/public.c: Use lrint() instead of implicit conversion to int
indexed-gzip: Fixes for 32-bit support
indexed-gzip: More editorially neutral content
Merge branch 'add-indexed-gzip-filter' into 'master'
Introduce index-gzip filter
Move unmodified index build/extract to ig_zran.h/c
Add serialize/deserialize fn for zran structs
Restructure zran.h, zran.c for use as library
Import zran.c/zran.h v1.6 (2 Aug 2024) from zlib
Merge branch '2025-delay-trigger' into 'master'
delay: Add new delay-trigger option
delay: Rearrange the options in alphabetical order in the documentation
tests/test-map.sh: Fix "nbd_pread: count cannot be 0: Invalid argument"
docs/nbdkit-client.pod: Document attaching NBD devices to QEMU VMs
docs/nbdkit-client.pod: Combine and rename "LIMITATIONS" section
Merge branch '2025-fix-golang-test' into 'master'
tests/test-golang-fork-warning.sh: Fix hanging test
Merge branch '2025-misc-fixes' into 'master'
tests: Use 'define script' in a few more places
tests: Modify make-pki and make-psk scripts to be atomic
tests: Define common functions for requiring TLS certs and PSK
tests/test-tls.sh: Remove unused export of pkidir
tests: Generate make-psk.sh
tests/make-psk.sh: Fix typo "pkstool" -> "psktool"
tests: Fix typo "An good" -> "A good"
map: Implement map-size feature
tests/test-at-file.sh: Fix srcdir != builddir
tests: Work around realpath error on BSDs
Merge branch '2025-eq-file' into 'master'
Merge branch '2025-server-debug' into 'master'
server: Use debug() instead of nbdkit_debug() consistently in the server
map: Refer to @PATH syntax in documentation
server: Add @PATH syntax
server/main.c: Factor out the function that parses key=value
server/main.c: Fix comment
server/main.c: Move key=value parsing to a new function
server/options.h: Reject empty string ("") as a short name
server/options.h: Add comment to is_short_name
server/main.c: Reject empty string as a plugin name or filter name
common: utils: Add const to <vector>_duplicate variable decls
data: Use new vector_append_array in a couple of places
map: Use new vector_append_array function instead of loop
common: utils: vector: Fix vector_uniq prototype and add a test
common: utils: vector: Add range functions for insert, append and remove
common: utils: vector: Prefer vector_reset over free()
Merge branch '2025-map-filter' into 'master'
New filter: map for remapping arbitrary blocks
common: utils: vector: Add new vector_uniq function
tests/functions: Factor out 2^63-1 constant used by a few tests
tests/test-cache-block-size.sh: Remove unused socket
data: Minor revisions to the documentation for clarity
full: Remove reference to equivalence of nbdkit-readonly-filter
tests/test-floppy.sh: Simplify this test
count: Add an example to the documentation
common/include/test-once.c: Further fixes for pthread_barrier_t
common/include/test-once.c: Skip test on macOS which lacks pthread_barrier_t
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For Samba's Active Directory Domain Controller functionality, it needs
to have python3-markdown listed as an RDEPENDS as well as a DEPENDS.
When trying to provision a domain with samba-tool without this change
then it will error out like:
$ samba-tool domain provision --realm=EXAMPLE.COM --domain=EXAMPLE \
--adminpass='YourPassword123!' --server-role=dc \
--dns-backend=SAMBA_INTERNAL --use-rfc2307
<snip>
Temporarily overriding 'dsdb:schema update allowed' setting
ERROR(<class 'ModuleNotFoundError'>): uncaught exception - No module named 'markdown'
File "/usr/lib/python3.13/site-packages/samba/netcmd/init.py", line 279, in _run
return self.run(*args, **kwargs)
~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/samba/netcmd/domain/provision.py", line 343, in run
result = provision(self.logger,
session, smbconf=smbconf, targetdir=targetdir,
...<16 lines>...
backend_store=backend_store,
backend_store_size=backend_store_size)
File "/usr/lib/python3.13/site-packages/samba/provision/init.py", line 2404, in provision
raise e
File "/usr/lib/python3.13/site-packages/samba/provision/init.py", line 2394, in provision
forest = ForestUpdate(samdb, fix=True)
File "/usr/lib/python3.13/site-packages/samba/forest_update.py", line 212, in init
from samba.ms_forest_updates_markdown import read_ms_markdown
File "/usr/lib/python3.13/site-packages/samba/ms_forest_updates_markdown.py", line 27, in <module>
import markdown
Signed-off-by: Andrew Bradford <andrew.bradford@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove obsolete CVE_STATUS variable: CVE-2016-4983 is marked for v2.3.
Drop 0001-not-check-pandoc.patch because it became obsolete, pandoc is
not used anymore.
Drop 1ccd5b54a408d12fce0c94ab0bbaedbb5ef69830.patch, because it is
included in this release.
Add a backported patch to fix compiling with musl.
Changelog:
2.4: https://github.com/dovecot/core/releases/tag/2.4.0
2.4.1: https://github.com/dovecot/core/releases/tag/2.4.1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This update contains a fix for CVE-2025-55763.
License-Update: copyright year bump to 2025.
Shortlog since last update:
5864b55a94...b6ef58f4c4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When enabling multilib with lib32, the radiusd will use etc file for lib32 as default
#systemctl status radiusd
......
/usr/sbin/radiusd -d /etc/lib32-raddb
It should be lib64 as default.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The project has switched to cmake since the last update.
The changelog is long, but there is a link:
https://github.com/znc/znc/blob/master/ChangeLog.md
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- dig wrapper function was broken since 2.1.2
- No longer send nslookup/dig stderr to /dev/null
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/appneta/tcpreplay/releases/tag/v4.5.2
Drop patches that have been merged upstream.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The patches were submitted to upstream, they are not pending anymore.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When compiling for 32-bit targets, two issues came to surface:
1. gcc was complaining that math.h is not included in snprintf, and some
calls were implicitly defined. Added a patch that includes the required
headers in snprintf.c file:
| snprintf.c: In function 'fmtfloat':
| snprintf.c:1232:13: error: implicit declaration of function 'isnan' [-Wimplicit-function-declaration]
| 1232 | if (isnan(value))
| | ^~~~~
| snprintf.c:50:1: note: include '<math.h>' or provide a declaration of 'isnan'
2. The code passes a time_t argument to a function that expects a long. This works for
64-bit targets, because on those usually time_t is long.
However on 32-bit systems time_t is usually long long, which makes compilation fail
with the following error:
| wd_json_data.c:540:66: error: passing argument 3 of 'json_get_long_value_for_key' from incompatible pointer type [-Wincompatible-pointer-types]
| 540 | if (json_get_long_value_for_key(root, "StartupTimeSecs", &wdNode->startup_time.tv_sec))
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
To account for this, add a new helper method in a patch that returns the required json value
as a time_t value.
The patches are in pending state, because the mailing list of the project is sufferring from
technical problems - when the site loads, sign up attempts throw internal server errors.
It is planned to submit the patches and to update the status once their infrastructure is back.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
- Memory allocation safety checks for event storage (thanks David.A for bug report)
- Fix off-by-one boundary check in seqmap code
- The minimum value for the period (-p flag) is now 0.001 milliseconds,
since it probably never makes sense to use a smaller value, and to avoid doing
a very large memory allocation for event storage.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The format selected is the automake "simple test" format: "result: testname".
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Fix bug that caused that challenge was incorrectly reused if invalid or expired.
* Add support for "data-ciphers-fallback" option.
* Add GUI support for "data-ciphers" option.
* Fix export for password connection type that was not exporting some fields.
* Fix mnemonics in editor's Identity - Advanced view
* Auth-dialog ported to GTK4
* Import certificates into the XDG_DATA_HOME directory.
* Update translations: Hindi, Slovenian, Catalan, Polish, Brazilian Portuguese, Ukrainian, Georgian,
Swedish, Hebrew, Russian and Danish.
* Skip release 1.12.1 because of a bug in the release pipeline.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
api: add support for handling DIOCTL_SET_INJECT_DROP
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Moved the iproute2 backend enablement into a new PACKAGECONFIG.
It is enabled to keep the current defaults. Added the explicit
runtime dependency on iproute2-ip (the "ip" command) which this
backend requires.
Added a new PACKAGECONFIG[dco] which enables the libnl backend,
which is mutually incompatible with iproute2 backend in OpenVPN.
With these:
PACKAGECONFIG:remove = "iproute2"
PACKAGECONFIG:append = " dco"
the data channel offload is enabled:
checking for LIBNL_GENL... yes
configure: Enabled ovpn-dco support for Linux
With Linux kernel 6.16 or newer, and CONFIG_OVPN enabled,
the data channel offload will be used.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Includes the provided service and defaults files for using the
tailscale daemon on systemd init machines.
Added the other kernel modules necessary for tailscaled to work
without warnings to RRECOMMENDS.
Tested with `core-image-minimal` under qemu with machines
`qemux86-64`, `genericx86-64` and `qemuarm64`. Ping
host on tailscale network using magicDNS host lookup.
Signed-off-by: Dean Sellers <dean@sellers.id.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add opencommands directive to select remote monitoring commands
- Add interval option to driftfile directive
- Add waitsynced and waitunsynced options to local directive
- Add sanity checks for integer values in configuration
- Add support for systemd Type=notify service
- Add RTC refclock driver
- Allow PHC refclock to be specified with network interface name
- Don’t require multiple refclock samples per poll to simplify filter configuration
- Keep refclock reachable when dropping samples with large delay
- Improve quantile-based filtering to adapt faster to larger delay
- Improve logging of selection failures
- Detect clock interference from other processes
- Try to reopen message log (-l option) on cyclelogs command
- Fix sourcedir reloading to not multiply sources
- Fix tracking offset after failed clock step
- Drop support for NTS with Nettle < 3.6 and GnuTLS < 3.6.14
- Drop support for building without POSIX threads
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
