Bug fixes
=========
* core: force key "return" to command "/input return" when migrating
legacy keys
* core: display actual key name and command with key kbd:[Alt+k],
remove key kbd:[Alt+K] (grab raw key) and associated commands
'/input grab_raw_key' and '/input grab_raw_key_command'
* core: check for newline characters in string_is_whitespace_char
* api: do not convert option name to lower case in API functions
config_set_plugin and config_set_desc_plugin
* guile: fix crash on quit with Guile < 3 (issue #1965)
* irc: reply to a CTCP request sent to self nick (issue #1966)
* irc: sent "QUIT" message to servers connected with TLS on '/upgrade'
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Add support for ppp 2.5.0.
* Fix nft rules for balance-slb bonding.
* Support port priority for bonding.
* Fix regression handling the PKEY_ID for infiniband profiles
in ifcfg-rh format.
* Fix race in nm-cloud-setup that caused partial configuration
and loss of connectivity with multiple interfaces.
* Don't touch "net.ipv6.conf.$IFACE.forwarding" unless explicitly
required for IPv6 sharing.
* Various bugfixes related to team, Wi-Fi P2P, IPv6LL.
* Automatically unblock autoconnect of profiles during reapply.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since we autoreconf, it should be better to build the linker map file
too, which requires ctags during build. This is otherwise flagged as
error by lld linker where we specify a linker symbol file on cmdline
but the file is not there.
Fixes
| libtool: error: symbol file './libcoap-3.sym' does not exist
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This release contains bug fixes only.
The following CVEs have been addressed:
CVE-2023-27783
CVE-2023-27784
CVE-2023-27785
CVE-2023-27786
CVE-2023-27787
CVE-2023-27788
CVE-2023-27789
Changelog:
=========
dlt_jnpr_ether_cleanup: check subctx before cleanup by @Marsman1996 in #781
Bug #780 assert tcpedit dlt cleanup by @fklassen in #800
Fix bugs caused by strtok_r by @Marsman1996 in #783
Bug #782#784#785#786#787#788 strtok r isuses by @fklassen in #801
Update en10mb.c by @david-guti in #793
PR #793 ip6 unicast flood by @fklassen in #802
Bug #719 fix overflow check for parse_mpls() by @fklassen in #804
PR #793 - update tests for corrected IPv6 MAC by @fklassen in #805
PR #793 - update tests for vlandel by @fklassen in #806
Feature #773 gh actions ci by @fklassen in #807
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 3.4.0 adds a lot of improvements and fixes (a notable one
being initial support for PKCS7 CMS), but since this is a pretty
big jump, let's keep both versions for a while, so the v2.x users
can upgrade to 3.x in a timely manner if needed.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- A deadlock in the vici plugin has been fixed that could get triggered when
multiple connections were initiated/terminated concurrently and control-log
events were raised by the watcher_t component.
- CRLs have to be signed by a certificate that has the cRLSign keyUsage bit
encoded (even if it's a CA), or a CA certificate without keyUsage extension.
- Optional CA labels in EST server URIs are supported by `pki --est/estca`.
- CMS-style signatures in PKCS#7 containers are supported by the pkcs7 and
openssl plugins, which allows verifying RSA-PSS and ECDSA signatures.
- Fixed a regression in the server implementation of EAP-TLS with TLS 1.2 or
earlier that was introduced with 5.9.10.
- Ensure the TLS handshake is complete in the EAP-TLS client with TLS <= 1.2.
- kernel-libipsec can process raw ESP packets on Linux (disabled by default) and
gained support for trap policies.
- The dhcp plugin uses an alternate method to determine the source address
for unicast DHCP requests that's not affected by interface filtering.
- Certificate and trust chain selection as initiator has been improved in case
the local trust chain is incomplete and an unrelated certreq is received.
- ECDSA and EdDSA keys in IPSECKEY RRs are supported by the ipseckey plugin.
- To bypass tunnel mode SAs/policies, the kernel-wfp plugin installs bypass
policies also on the FWPM_SUBLAYER_IPSEC_TUNNEL sublayer.
- Stale OCSP responses are now replace in-place in the certificate cache.
- Fixed parsing of SCEP server capabilities by `pki --scep/scepca`.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The READMEs are often viewed from websites markdown format which is
much as readable as text and yet friendlier in browsers.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Type=forking means systemd waits untill the main process, /usr/sbin/ntpd
in this case, has exited. However, the ntpd daemon does not seem to call
fork() or vfork() and runs endlessly untill killed. Eventually, this
causes systemd to trigger a timeout, and the ntpd service is killed. All
the while, "systemctl status ntpd" shows "activating (start)" instead of
"active (running)". This is fixed by switching Type=forking to
Type=simple.
Reading ntpd(8) shows that the "-n" option requests ntpd not to fork, so
also use that to be safe.
Finally, there is no need anymore to keep a pidfile around.
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
By default, subscriptions are turned on.
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
By default, open62541 is built without multithreading support. Make this
configurable.
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- When --no-decorate is given the default output will
include no colors (#28)
- Correctly split networks with /31 (#25)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
lld flags errors when checking for --version-script linker option since
the export file specifies symbols which do not exist during link, so in
a way it is right, however bfd linker works fine and ignores this error.
perhaps the meson check should be improved but until them lets add
--undefined-version option to linker when using lld
Fixes
aarch64-yoe-linux-ld.lld: error: TOPDIR/build/tmp/work/cortexa72-cortexa53-crypto-mx8-yoe-linux/spice-gtk/0.42-r0/git/src/spice-glib-sym-file:1: unknown directive: spice_audio_get
>>> spice_audio_get
>>> ^
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop CVE patch as its included.
Drop 0003-bison-Remove-line-directives.patch as file is not longer there.
refactor 0001-wireshark-src-improve-reproducibility.patch
LIC_FILES_CHKSUM changed do to re-structuring.
Remove TMPDIR found in some files.
Remove c-ares PACKAGECONFIG as its a required pkg
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There's conflict of config.h between dovecot and lib32-dovecot.
The differences of config-64.h and config-32.h are as follows:
@@ -774,7 +774,7 @@
#define MODULE_SUFFIX ".so"
/* Maximum value of off_t */
-#define OFF_T_MAX LONG_MAX
+#define OFF_T_MAX LLONG_MAX
/* Name of package */
#define PACKAGE "dovecot"
@@ -834,7 +834,7 @@
#define PRIdTIME_T "ld"
/* printf() format for uoff_t */
-#define PRIuUOFF_T "lu"
+#define PRIuUOFF_T "llu"
/* printf() fmt for hex time_t */
#define PRIxTIME_T "lx"
@@ -846,19 +846,19 @@
#define SIZEOF_INT 4
/* The size of `long', as computed by sizeof. */
-#define SIZEOF_LONG 8
+#define SIZEOF_LONG 4
/* The size of `long long', as computed by sizeof. */
#define SIZEOF_LONG_LONG 8
/* The size of `void *', as computed by sizeof. */
-#define SIZEOF_VOID_P 8
+#define SIZEOF_VOID_P 4
/* Build SQL drivers as plugins */
/* #undef SQL_DRIVER_PLUGINS */
/* Maximum value of ssize_t */
-#define SSIZE_T_MAX LONG_MAX
+#define SSIZE_T_MAX INT_MAX
/* C99 static array */
#define STATIC_ARRAY static
@@ -887,13 +887,13 @@
/* #undef UOFF_T_INT */
/* Define if off_t is long */
-#define UOFF_T_LONG /**/
+/* #undef UOFF_T_LONG */
/* Define if off_t is long long */
-/* #undef UOFF_T_LONG_LONG */
+#define UOFF_T_LONG_LONG /**/
/* Maximum value of uoff_t */
-#define UOFF_T_MAX ULONG_MAX
+#define UOFF_T_MAX ULLONG_MAX
/* Build with checkpassword userdb support */
#define USERDB_CHECKPASSWORD /**/
@@ -935,7 +935,7 @@
#endif
/* Number of bits in a file offset, on hosts where this is settable. */
-/* #undef _FILE_OFFSET_BITS */
+#define _FILE_OFFSET_BITS 64
/* Define for large files, on AIX-style hosts. */
/* #undef _LARGE_FILES */
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Without any build type specified, open62541 defaults to "Debug".
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch
0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch
refreshed for new version.
Changelog
=========
- fixes 4 vulnerabilities (3 LOW and 1 None severity),
- fixes 46 bugs
- includes 15 general improvements
- adds support for OpenSSL-3.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts the commit df47d871c7.
The correct DISTRO_FEATURE is gobject-introspection-data,
which shall also be used by firewalld.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes the commit 046ee4bb30.
The correct DISTRO_FEATURE is gobject-introspection-data.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes the commit 1f04864065.
The correct DISTRO_FEATURE is gobject-introspection-data.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since v1.3.4, support for OpenSSL 3.0 has been added.
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This helps in avoiding absolute build time paths in binaries debug info
Fixes
WARNING: ipvsadm-1.31-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/ipvsadm in package ipvsadm-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CCFLAGS is used in Make rules which will ensure file remapping options
are used when compiling
Fixes
WARNING: vlan-1.9-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/vconfig.vlan in package vlan-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The build of NM involves running Python that uses PyGObject, so add that
to DEPENDS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
Merge pull request #1327 from haoyue-Xu/bugfixes
libhns: Disable local invalidate operation
Merge pull request #1330 from amzn/change-maintainer
MAINTAINERS: Update EFA provider maintainer
Merge pull request #1329 from selvintxavier/bnxt_update
bnxt_re/lib: Remove deferred arming logic
bnxt_re/lib: Fix the UD completion reported
Merge pull request #1328 from amzn/tests-fix
tests: Skip rc_flush tests if not supported in kernel
tests: Fix get_net_name for cases there is no net device
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Update SSL configure instructions and license info.
Changelog:
===========
- OpenSSL 1.1.1t and 3.0.8 and wolfSSL 5.5.4 (or newer on the respective compatible branches) remain supported.
- updated translations and bumped SSL/TLS library version requirements.
- fixed a critical softbounce bug
- finds both rst2html5 with and without .py suffix when rebuilding the distribution.
- updated the configure script for --with-ssl properly identifying the right
OpenSSL on a system with multiple OpenSSL versions installed, and updates the
manual page and its HTML conversion process, and adds some error checking to the .netrc parser.
- added a wolfSSL compatibility workaround
- updated the manual page and several other documentation files, adds preliminary
wolfSSL 5.0 support on systems that provide a C99 compiler, fixed up a specific
fix for a compatibility issue with the end-of-life OpenSSL 1.0.2 around the
expiry of the DST Root CA X3 certificate which impairs connectivity to
Let's-Encrypt-certified sites. Supported OpenSSL versions 1.1.1 and newer are unaffected.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
firewalld is only enabled when gobject-introspection is in distro
features which is required package to build system-config-printer
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This project uses gobject-introspection, so depend on the DISTRO_FEATURE.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This project uses gobject-introspection, so depend on the DISTRO_FEATURE.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This project uses gobject-introspection, so depend on the DISTRO_FEATURE.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
