Changes:
Automatically extract new version from GIT tag
Fixes:
Avoid trying to delete inactive VIFs. Fixing an annoying bogus error:
"Failed deleting VIF for iface lo: Resource temporarily unavailable"
Fix#171: too small string buffer for IPv6 address causing garbled
output in periodic expiry callback
Fix too small buffer for IPv6 address in mroute display functions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change makes the server use AES-256-GCM instead of BF-CBC as the default
cipher for the VPN tunnel. To avoid breaking existing running configurations
defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains
the BF-CBC in addition to AES-CBC. This makes it possible to migrate
existing older client configurations one-by-one to use at least AES-CBC unless
the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically)
Upstream-Status: Backport [https://src.fedoraproject.org/rpms/openvpn/blob/rawhide/f/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Strongswan failed to startup because there is no kernel module named
ipsec. Add basic kernel modules required by strongswan per [1].
[1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules,
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fetchmail-6.4.23 (released 2021-10-31, 30206 LoC):
For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
- no matter its contents - and that set auth ssh), change the STARTTLS
error message to suggest sslproto '' instead.
This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
Fixes Redhat Bugzilla 2008160. Fixes GitLab #39.
License-Update:
Add "SSL library considerations" to COPYING.
Format of COPYING changed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It seems to require asciidoctor and currently does not build
until someone fixes it, disable it for cosnsitency.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NTPsec, "a secure, hardened, and improved implementation of Network Time
Protocol derived from NTP Classic, Dave Mills’s original."
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rename /etc/init.d/opensafd to /usr/lib/opensaf/opensafd-init as it is
needed by opensafd.service, but /etc/init.d is removed by
systemd.bbclass if sysvinit is not in DISTRO_FEATURES.
Note that this will not actually make the initscript and service file
work since they depend on /lib/lsb/init-functions, which does not exist
since the lsb recipe was removed from OE-Core.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
/var/log/cluster will be created in runtime.
This also drops the removal of the /var/run directory as it is no
longer created in the first place.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These features were removed in commit 5c051f84 (corosync: Update to
3.0.3), but some code still remained.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The hardcoded path /lib/netplan causes a runtime error on multilib
image:
$ netplan try
An error occurred: [Errno 2] No such file or directory: '/lib/netplan/generate'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
atftp-0.7.5
===========
README: update contributors list
text files: mark/convert all textfiles to UTF-8
fix some compiler warnings
fix buffer overflow in atftpd (CVE-2021-41054)
insert typos.patch
insert atftp-0.7-ack_heuristic.patch
insert atftp-0.7-server_receive_race.patch
insert patch atftp-0.7-sorcerers_apprentice.patch
test.sh: check for root no longer necessary
Merge commits from https://github.com/srett/atftp
=================================================
tftpd.c: Only drop privs if requested or running as root + check for failure
fix invalid read of 1 byte in tftp_send_request.
Check return value of fseek(), abort if != 0
options.c: Proper fix for the read-past-end-of-array
configure.ac: Add -std=gnu89 if gcc/clang is detected
tftpd.c: Fix memleak if thread spawning fails
atftp: Check return value of fgets, buffer might be uninitialized on NULL
Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H)
replace LICENSE with current version
License-Update:
1. Address changed
2. "the GNU Library General Public License" changed to
"the GNU Lesser General Public License"
3. Format of LICENSE changed
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change adds a recipe for the Management Component Transport
Protocol userspace utilities. This contains:
- the command-line 'mctp' tool, similar to 'ip', for setting up links,
assigning local address and configuring routing.
- an optional 'mctpd' daemon, which implements the MCTP control
protocol, and manages remote address assignment.
The latter depends on systemd (for sdbus), so use a
PACKAGECONFIG[systemd] for the conditional service installation.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
autofs-5.1.8 changelog:
- add xdr_exports().
- remove mount.x and rpcgen dependencies.
- dont use realloc in host exports list processing.
- use sprintf() when constructing hosts mapent.
- fix mnts_remove_amdmount() uses wrong list.
- Fix option for master read wait.
- eliminate cache_lookup_offset() usage.
- fix is mounted check on non existent path.
- simplify cache_get_parent().
- set offset parent in update_offset_entry().
- remove redundant variables from mount_autofs_offset().
- remove unused parameter form do_mount_autofs_offset().
- refactor umount_multi_triggers().
- eliminate clean_stale_multi_triggers().
- simplify mount_subtree() mount check.
- fix mnts_get_expire_list() expire list construction.
- fix inconsistent locking in umount_subtree_mounts().
- fix return from umount_subtree_mounts() on offset list delete.
- pass mapent_cache to update_offset_entry().
- fix inconsistent locking in parse_mount().
- remove unused mount offset list lock functions.
- eliminate count_mounts() from expire_proc_indirect().
- eliminate some strlen calls in offset handling.
- don't add offset mounts to mounted mounts table.
- reduce umount EBUSY check delay.
- cleanup cache_delete() a little.
- rename path to m_offset in update_offset_entry().
- don't pass root to do_mount_autofs_offset().
- rename tree implementation functions.
- add some multi-mount macros.
- remove unused functions cache_dump_multi() and cache_dump_cache().
- add a len field to struct autofs_point.
- make tree implementation data independent.
- add mapent tree implementation.
- add tree_mapent_add_node().
- add tree_mapent_delete_offsets().
- add tree_mapent_traverse_subtree().
- fix mount_fullpath().
- add tree_mapent_cleanup_offsets().
- add set_offset_tree_catatonic().
- add mount and umount offsets functions.
- switch to use tree implementation for offsets.
- remove obsolete functions.
- remove redundant local var from sun_mount().
- use mount_fullpath() in one spot in parse_mount().
- pass root length to mount_fullpath().
- remove unused function master_submount_list_empty().
- move amd mounts removal into lib/mounts.c.
- check for offset with no mount location.
- remove mounts_mutex.
- remove unused variable from get_exports().
- add missing free in handle_mounts().
- remove redundant if check.
- fix possible memory leak in master_parse().
- fix possible memory leak in mnts_add_amdmount().
- fix double unlock in parse_mount().
- add length check in umount_subtree_mounts().
- fix flags check in umount_multi().
- dont try umount after stat() ENOENT fail.
- remove redundant assignment in master_add_amd_mount_section_mounts().
- fix dead code in mnts_add_mount().
- fix arg not used in error print.
- fix missing lock release in mount_subtree().
- fix double free in parse_mapent().
- refactor lookup_prune_one_cache() a bit.
- cater for empty mounts list in mnts_get_expire_list().
- add ext_mount_hash_mutex lock helpers.
- fix amd section mounts map reload.
- fix dandling symlink creation if nis support is not available.
- dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT.
- fix lookup_prune_one_cache() refactoring change.
- fix amd hosts mount expire.
- fix offset entries order.
- use mapent tree root for tree_mapent_add_node().
- eliminate redundant cache lookup in tree_mapent_add_node().
- fix hosts map offset order.
- fix direct mount deadlock.
- add missing description of null map option.
- fix nonstrict offset mount fail handling.
- fix concat_options() error handling.
- eliminate some more alloca usage.
- use default stack size for threads.
- fix use of possibly NULL var in lookup_program.c:match_key().
- fix incorrect print format specifiers in get_pkt().
- add mapent path length check in handle_packet_expire_direct().
- add copy length check in umount_autofs_indirect().
- add some buffer length checks to master map parser.
- add buffer length check to rmdir_path().
- eliminate buffer usage from handle_mounts_cleanup().
- add buffer length checks to autofs mount_mount().
- make NFS version check flags consistent.
- refactor get_nfs_info().
- also require TCP_REQUESTED when setting NFS port.
0001-Do-not-hardcode-path-for-pkg.m4.patch refreshed.
autofs-5.1.7-use-default-stack-size-for-threads.patch
removed since it is included in 5.1.8.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also organize the recipe to to match OE style
Remove PYTHON_PN from DEPENDS, setuptools should be enough
Correct setting LIC_FILES_CHKSUM
Move setting git SHA to SRCREV
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Marco Cavallini <m.cavallini@koansoftware.com>
Cc: Martin Jansa <martin.jansa@gmail.com>
Add openssl PACKAGECONFIG back as the openssl 3.0 compatibility issue
has been fixed.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ifenslave (2.13) unstable; urgency=medium
* QA upload.
[ Guillem Jover ]
* Fix MAC address setting messed up by udev for bond interfaces.
(Closes: #949062)
* Use ifquery instead of example contrib script ifstate. (Closes: #991930)
* Fix ifquery redirections.
* Bump Standards-Version to 4.6.0 (no changed needed).
* Remove long supported Linux version requirements from Description.
[ Sami Haahtinen ]
* Use correct argument in setup_slave_device(). (Closes: #968368)
[ Oleander Reis ]
* Handle slave definitions of interfaces with no bond settings.
(Closes: #990428)
* Delete bond interfaces on ifdown -a. (Closes: #992102)
-- Guillem Jover <guillem@debian.org> Sun, 17 Oct 2021 06:02:55 +0200
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021.10.04 -- Version 2.5.4
Antonio Quartulli (3):
route.c: pass the right parameter to IN6_IS_ADDR_UNSPECIFIED
configure: search also for rst2{man, html}.py
networking: add networking API net_addr_ll_set() and use it on Linux
Arne Schwabe (1):
Move examples into openvpn-examples(5) man page
David Korczynski (1):
Fix argv leaks in add_route() and add_route_ipv6()
David Sommerseth (2):
doc: Use generic rules for man/html generation
man: Clarify IV_HWADDR
Gert Doering (1):
Add error reporting to get_console_input_win32().
Lev Stipakov (3):
Fix console prompts with redirected log
Add building man page on Windows
GitHub Actions: remove Ubuntu 16.04 environment
Max Fillinger (1):
Update Fox e-mail address in copyright notices
Selva Nair (1):
Minor doc correction: tls-crypt-v2 key generation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
