Drop 0001-GitHub-Issue-367.-Remove-references-to-deprecated-G_.patch
since it was a backport.
Drop 0001-pollGtk-Drop-volatile-qualifier.patch
since it's covered by:
f48efc8e Make pollGtk resetable.
Drop 0001-utilBacktrace-Ignore-Warray-bounds.patch
since it's covered by:
0cfda58a Make peeking back into the stack work for back traces
Drop 0002-add-include-sys-sysmacros.h.patch
since it's covered by:
69b7e1f9 Include sysmacros.h directly as mandated by glibc-2.25.
Refit:
0005-Use-configure-to-test-for-feature-instead-of-platfor.patch
0009-Rename-poll.h-to-vm_poll.h.patch
0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch
0011-Use-uintmax_t-for-handling-rlim_t.patch
Add:
0001-Add-resolv_compat.h-for-musl-builds.patch
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Trevor Gamblin <Trevor.Gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.30.2:
- 0004-fix_reallocarray_check.patch removed because the current
version of nm already includes boths malloc.h and stdlib.h
- musl/0002-Fix-build-with-musl.patch removed because the commit
c50da167bc of nm solves the build issue with musl
- musl/0001-Fix-build-with-musl-systemd-specific.patch modified
to avoid conflicts when applied to current version of nm
- musl/0003-Fix-build-with-musl-systemd-specific.patch renamed
to musl/0002-Fix-build-with-musl-systemd-specific.patch and
modified to avoid conflicts when applied to current version of nm
Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop one patch at the issue is already fixed in new version
(307678b268 Fix rlm_python3 build)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* and make it skipped only when meta-filesystem is missing as well
* depends on libdnet from meta-networking and nothing in meta-oe depends on open-vm-tools
* update packagegroup-meta-oe to match this, without either of these layers packagegroup-meta-oe is currently failing with:
ERROR: Nothing RPROVIDES 'open-vm-tools' (but meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb RDEPENDS on or otherwise requires it)
open-vm-tools was skipped: Requires meta-networking and meta-filesystems to be present.
NOTE: Runtime target 'open-vm-tools' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['open-vm-tools']
ERROR: Required build target 'packagegroup-meta-oe' has no buildable providers.
Missing or unbuildable dependency chain was: ['packagegroup-meta-oe', 'open-vm-tools']
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It does not have to maintain two patch directories files and atftp,
merge them.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update the SRC_URI as the previous is unaccessible to fix the below
warning:
WARNING: quagga-1.2.4-r0 do_fetch: Failed to fetch URL https://download.savannah.gnu.org/releases/quagga/quagga-1.2.4.tar.gz;, attemptin MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The systemd can not open the pid file because it is locked by quagga
daemon.
Fixes:
$ systemctl status ospf6d.service
Feb 25 05:53:26 intel-x86-64 systemd[1]: Starting OSPF routing daemon for IPv6...
Feb 25 05:53:26 intel-x86-64 systemd[1]: ospf6d.service: Can't open PID file /run/quagga/ospf6d.pid (yet?) after start: Operation not permitted
Feb 25 05:53:26 intel-x86-64 systemd[1]: Started OSPF routing daemon for IPv6.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2.0.8 - 2021-02-25
==================
Broker:
- Fix incorrect datatypes in `struct mosquitto_evt_tick`. This changes the
size and offset of two of the members of this struct, and changes the size
of the struct. This is an ABI break, but is considered to be acceptable
because plugins should never be allocating their own instance of this
struct, and currently none of the struct members are used for anything, so a
plugin should not be accessing them. It would also be safe to read/write
from the existing struct parameters.
- Give compile time warning if libwebsockets compiled without external poll
support. Closes#2060.
- Fix memory tracking not being available on FreeBSD or macOS. Closes#2096.
Client library:
- Fix mosquitto_{pub|sub}_topic_check() functions not returning MOSQ_ERR_INVAL
on topic == NULL.
Clients:
- Fix possible loss of data in `mosquitto_pub -l` when sending multiple long
lines. Closes#2078.
Build:
- Provide a mechanism for Docker users to run a broker that doesn't use
authentication, without having to provide their own configuration file.
Closes#2040.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Allow newfstatat and pselect6 in the seccomp sanbox for glibc 2.33.
Fixes the following OOPS error:
root@qemux86-64:~# tnftp 192.168.1.1
Connected to 192.168.1.1.
220 (vsFTPd 3.0.3)
Name (192.168.1.1:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
OOPS: priv_sock_get_cmd
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Removed patches:
* avoid-absolute-path-when-searching-for-libdlpi.patch
reason: this is a solaris specific patch,
It no longer generates QA error.
* unnecessary-to-check-libpcap.patch
reason: upstream changed the logic, a new patch was needed.
New patch:
* 0001-aclocal.m4-Skip-checking-for-pcap-config.patch
reason: configure shouldn't look for pcap-config.
upstream reference: cfc4c750a
Modified patch:
* add-ptest.patch
reason: Makefile had slight change.
new unrelated perl script was introduced,
removed to make package QA happy.
License:
upstream removed some whitespace
Ptest:
binaries are now present in /usr/bin not /usr/sbin
upstream commit: 95096be4f
add perl libraries dependencies
tests passed: 571 (qemux86-64)
tests failed: 0
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The licenses were renamed to match their SPDX names, fix the
references in LIC_FILES_CHKSUM
Correct the checksums where they were wrong
Signed-off-by: Khem Raj <raj.khem@gmail.com>
What was done:
- add --noline option to flex, --no-line to bison
and -l to lemon generators to prevent
adding #line directives with absolute path.
- eliminate absolute source path in python code generator
and use baseline instead.
Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
While DEBUG_BUILD != 1, Yocto adds option _FORTIFY_SOURCE to CPP and CC [1],
since _FORTIFY_SOURCE requires -O1 or higher, if no -O1 or higher then
results in a compiler warning.
The configure.ac of ndpi uses macro AC_PROG_CC to test toolchain, since
CPPFLAGS does not have the option -O<level> [1], while building with autoconf
2.71+, the toolchain test will report a warning.
The configure.ac of ndpi uses macro AC_LANG_WERROR to treat the warning as
error. Then it broke the build
...
|configure: error: C preprocessor "i686-wrs-linux-gcc -E --sysroot=tmp-glibc/
work/core2-32-wrs-linux/ndpi/3.4-r0/recipe-sysroot -m32 -march=core2
-mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -D_FORTIFY_SOURCE=2
-Wformat -Wformat-security -Werror=format-security" fails sanity check
...
The SELECTED_OPTIMIZATION contains option -O<level>, add SELECTED_OPTIMIZATION
to CPPFLAGS to could fix the issue
[1] The definition of CPP and CC and XXXFLAGS in bitbake.conf
[snip]
export CPP = "${HOST_PREFIX}gcc -E${TOOLCHAIN_OPTIONS} ${HOST_CC_ARCH}"
export CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}"
...
export CFLAGS = "${TARGET_CFLAGS}"
TARGET_CFLAGS = "${TARGET_CPPFLAGS} ${SELECTED_OPTIMIZATION}"
...
export CPPFLAGS = "${TARGET_CPPFLAGS}"
TARGET_CPPFLAGS = ""
[snip]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- drop patch install-protocol.patch: upstream
- add new cjson and dlt-daemon dependencies
- update copyright and license
- add build of manpages optionally via PACKAGECONFIG
- also install the new mosquitto_ctrl and mosquitto_dynamic_security.so tools
2.0.7 - 2021-02-04
==================
Broker:
- Fix exporting of executable symbols on BSD when building via makefile.
- Fix some minor memory leaks on exit only.
- Fix possible memory leak on connect. Closes#2057.
- Fix openssl engine not being able to load private key. Closes#2066.
Clients:
- Fix config files truncating options after the first space. Closes#2059.
Build:
- Fix man page building to not absolutely require xsltproc when using CMake.
This now handles the case where we are building from the released tar, or
building from git if xsltproc is available, or building from git if xsltproc
is not available.
1.6.13 - 2021-02-04
===================
Broker:
- Fix crash on Windows if loading a plugin fails. Closes#1866.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes#1925. Closes#1476.
- Fix local bridges being disconnected on SIGHUP. Closes#1942.
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
messages. Closes#1968.
- Fix listener not being reassociated with client when reloading a persistence
file and `per_listener_settings true` is set and the client did not set a
username. Closes#1891.
- Fix file logging on Windows. Closes#1880.
- Fix bridge sock not being removed from sock hash on error. Closes#1897.
Client library:
- Fix build on Mac Big Sur. Closes#1905.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes#1925. Closes#1476.
Clients:
- mosquitto_sub will now quit with an error if the %U option is used on
Windows, rather than just quitting. Closes#1908.
- Fix config files truncating options after the first space. Closes#2059.
Apps:
- Perform stricter parsing of input username in mosquitto_passwd. Closes
#570126 (Eclipse bugzilla).
Build:
- Enable epoll support in CMake builds.
2.0.6 - 2021-01-28
==================
Broker:
- Fix calculation of remaining length parameter for websockets clients that
send fragmented packets. Closes#1974.
Broker:
- Fix potential duplicate Will messages being sent when a will delay interval
has been set.
- Fix message expiry interval property not being honoured in
`mosquitto_broker_publish` and `mosquitto_broker_publish_copy`.
- Fix websockets listeners with TLS not responding. Closes#2020.
- Add notes that libsystemd-dev or similar is needed if building with systemd
support. Closes#2019.
- Improve logging in obscure cases when a client disconnects. Closes#2017.
- Fix reloading of listeners where multiple listeners have been defined with
the same port but different bind addresses. Closes#2029.
- Fix `message_size_limit` not applying to the Will payload. Closes#2022.
- The error topic-alias-invalid was being sent if an MQTT v5 client published
a message with empty topic and topic alias set, but the topic alias hadn't
already been configured on the broker. This has been fixed to send a
protocol error, as per section 3.3.4 of the specification.
- Note in the man pages that SIGHUP reloads TLS certificates. Closes#2037.
- Fix bridges not always connecting on Windows. Closes#2043.
Apps:
- Allow command line arguments to override config file options in
mosquitto_ctrl. Closes#2010.
- mosquitto_ctrl: produce an error when requesting a new password if both
attempts do not match. Closes#2011.
Build:
- Fix cmake builds using `WITH_CJSON=no` not working if cJSON not found.
Closes#2026.
Other:
- The SPDX identifiers for EDL-1.0 have been changed to BSD-3-Clause as per
The Eclipse legal documentation generator. The licenses are identical.
2.0.5 - 2021-01-11
==================
Broker:
- Fix `auth_method` not being provided to the extended auth plugin event.
Closes#1975.
- Fix large packets not being completely published to slow clients.
Closes#1977.
- Fix bridge connection not relinquishing POLLOUT after messages are sent.
Closes#1979.
- Fix apparmor incorrectly denying access to
/var/lib/mosquitto/mosquitto.db.new. Closes#1978.
- Fix potential intermittent initial bridge connections when using poll().
- Fix `bind_interface` option. Closes#1999.
- Fix invalid behaviour in dynsec plugin if a group or client is deleted
before a role that was attached to the group or client is deleted.
Closes#1998.
- Improve logging in dynsec addGroupRole command. Closes#2005.
- Improve logging in dynsec addGroupClient command. Closes#2008.
Client library:
- Improve documentation around the `_v5()` and non-v5 functions, e.g.
`mosquitto_publish()` and `mosquitto_publish_v5().
Build:
- `install` Makefile target should depend on `all`, not `mosquitto`, to ensure
that man pages are always built. Closes#1989.
- Fixes for lots of minor build warnings highlighted by Visual Studio.
Apps:
- Disallow control characters in mosquitto_passwd usernames.
- Fix incorrect description in mosquitto_ctrl man page. Closes#1995.
- Fix `mosquitto_ctrl dynsec getGroup` not showing roles. Closes#1997.
2.0.4 - 2020-12-22
==================
Broker:
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
messages. Closes#1968.
- mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() should not
reset the bind address option if called with bind_address == NULL.
- Fix dynamic security configuration possibly not being reloaded on Windows
only. Closes#1962.
- Add more log messages for dynsec load/save error conditions.
- Fix websockets connections blocking non-websockets connections on Windows.
Closes#1934.
Build:
- Fix man pages not being built when using CMake. Closes#1969.
2.0.3 - 2020-12-17
==================
Security:
- Running mosquitto_passwd with the following arguments only
`mosquitto_passwd -b password_file username password` would cause the
username to be used as the password.
Broker:
- Fix excessive CPU use on non-Linux systems when the open file limit is set
high. Closes#1947.
- Fix LWT not being sent on client takeover when the existing session wasn't
being continued. Closes#1946.
- Fix bridges possibly not completing connections when WITH_ADNS is in use.
Closes#1960.
- Fix QoS 0 messages not being delivered if max_queued_messages was set to 0.
Closes#1956.
- Fix local bridges being disconnected on SIGHUP. Closes#1942.
- Fix slow initial bridge connections for WITH_ADNS=no.
- Fix persistence_location not appending a '/'.
Clients:
- Fix mosquitto_sub being unable to terminate with Ctrl-C if a successful
connection is not made. Closes#1957.
Apps:
- Fix `mosquitto_passwd -b` using username as password (not if `-c` is also
used). Closes#1949.
Build:
- Fix `install` target when using WITH_CJSON=no. Closes#1938.
- Fix `generic` docker build. Closes#1945.
2.0.2 - 2020-12-10
==================
Broker:
- Fix build regression for WITH_WEBSOCKETS=yes on non-Linux systems.
2.0.1 - 2020-12-10
==================
Broker:
- Fix websockets connections on Windows blocking subsequent connections.
Closes#1934.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes#1925. Closes#1476.
- Fix websockets listeners not causing the main loop not to wake up.
Closes#1936.
Client library:
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes#1925. Closes#1476.
Apps:
- Fix `mosquitto_passwd -U`
Build:
- Fix cjson include paths.
- Fix build using WITH_TLS=no when the openssl headers aren't available.
- Distribute cmake/ and snap/ directories in tar.
2.0.0 - 2020-12-03
==================
Breaking changes:
- When the Mosquitto broker is run without configuring any listeners it will
now bind to the loopback interfaces 127.0.0.1 and/or ::1. This means that
only connections from the local host will be possible.
Running the broker as `mosquitto` or `mosquitto -p 1883` will bind to the
loopback interface.
Running the broker with a configuration file with no listeners configured
will bind to the loopback interface with port 1883.
Running the broker with a listener defined will bind by default to `0.0.0.0`
/ `::` and so will be accessible from any interface. It is still possible to
bind to a specific address/interface.
If the broker is run as `mosquitto -c mosquitto.conf -p 1884`, and a
listener is defined in the configuration file, then the port defined on the
command line will be IGNORED, and no listener configured for it.
- All listeners now default to `allow_anonymous false` unless explicitly set
to true in the configuration file. This means that when configuring a
listener the user must either configure an authentication and access control
method, or set `allow_anonymous true`. When the broker is run without a
configured listener, and so binds to the loopback interface, anonymous
connections are allowed.
- If Mosquitto is run on as root on a unix like system, it will attempt to
drop privileges as soon as the configuration file has been read. This is in
contrast to the previous behaviour where elevated privileges were only
dropped after listeners had been started (and hence TLS certificates loaded)
and logging had been started. The change means that clients will never be
able to connect to the broker when it is running as root, unless the user
explicitly sets it to run as root, which is not advised. It also means that
all locations that the broker needs to access must be available to the
unprivileged user. In particular those people using TLS certificates from
Lets Encrypt will need to do something to allow Mosquitto to access
those certificates. An example deploy renewal hook script to help with this
is at `misc/letsencrypt/mosquitto-copy.sh`.
The user that Mosquitto will change to are the one provided in the
configuration, `mosquitto`, or `nobody`, in order of availability.
- The `pid_file` option will now always attempt to write a pid file,
regardless of whether the `-d` argument is used when running the broker.
- The `tls_version` option now defines the *minimum* TLS protocol version to
be used, rather than the exact version. Closes#1258.
- The `max_queued_messages` option has been increased from 100 to 1000 by
default, and now also applies to QoS 0 messages, when a client is connected.
- The mosquitto_sub, mosquitto_pub, and mosquitto_rr clients will now load
OS provided CA certificates by default if `-L mqtts://...` is used, or if
the port is set to 8883 and no other CA certificates are loaded.
- Minimum support libwebsockets version is now 2.4.0
- The license has changed from "EPL-1.0 OR EDL-1.0" to "EPL-2.0 OR EDL-1.0".
Broker features:
- New plugin interface which is more flexible, easier to develop for and
easier to extend.
- New dynamic security plugin, which allows clients, groups, and roles to be
defined and updated as the broker is running.
- Performance improvements, particularly for higher numbers of clients.
- When running as root, if dropping privileges to the "mosquitto" user fails,
then try "nobody" instead. This reduces the burden on users installing
Mosquitto themselves.
- Add support for Unix domain socket listeners.
- Add `bridge_outgoing_retain` option, to allow outgoing messages from a
bridge to have the retain bit completely disabled, which is useful when
bridging to e.g. Amazon or Google.
- Add support for MQTT v5 bridges to handle the "retain-available" property
being false.
- Allow MQTT v5.0 outgoing bridges to fall back to MQTT v3.1.1 if connecting
to a v3.x only broker.
- DLT logging is now configurable at runtime with `log_dest dlt`.
Closes#1735.
- Add `mosquitto_broker_publish()` and `mosquitto_broker_publish_copy()`
functions, which can be used by plugins to publish messages.
- Add `mosquitto_client_protocol_version()` function which can be used by
plugins to determine which version of MQTT a client has connected with.
- Add `mosquitto_kick_client_by_clientid()` and `mosquitto_kick_client_by_username()`
functions, which can be used by plugins to disconnect clients.
- Add support for handling $CONTROL/ topics in plugins.
- Add support for PBKDF2-SHA512 password hashing.
- Enabling certificate based TLS encryption is now through certfile and
keyfile, not capath or cafile.
- Added support for controlling UNSUBSCRIBE calls in v5 plugin ACL checks.
- Add "deny" acl type. Closes#1611.
- The broker now sends the receive-maximum property for MQTT v5 CONNACKs.
- Add the `bridge_max_packet_size` option. Closes#265.
- Add the `bridge_bind_address` option. Closes#1311.
- TLS certificates for the server are now reloaded on SIGHUP.
- Default for max_queued_messages has been changed to 1000.
- Add `ciphers_tls1.3` option, to allow setting TLS v1.3 ciphersuites.
Closes#1825.
- Bridges now obey MQTT v5 server-keepalive.
- Add bridge support for the MQTT v5 maximum-qos property.
- Log client port on new connections. Closes#1911.
Broker fixes:
- Send DISCONNECT with `malformed-packet` reason code on invalid PUBLISH,
SUBSCRIBE, and UNSUBSCRIBE packets.
- Document that X509_free() must be called after using
mosquitto_client_certificate(). Closes#1842.
- Fix listener not being reassociated with client when reloading a persistence
file and `per_listener_settings true` is set and the client did not set a
username. Closes#1891.
- Fix bridge sock not being removed from sock hash on error. Closes#1897.
- mosquitto_password now forbids the : character. Closes#1833.
- Fix `log_timestamp_format` not applying to `log_dest topic`. Closes#1862.
- Fix crash on Windows if loading a plugin fails. Closes#1866.
- Fix file logging on Windows. Closes#1880.
- Report an error if the config file is set to a directory. Closes#1814.
- Fix bridges incorrectly setting Wills to manage remote notifications when
`notifications_local_only` was set true. Closes#1902.
Client library features:
- Client no longer generates random client ids for v3.1.1 clients, these are
now expected to be generated on the broker. This matches the behaviour for
v5 clients. Closes#291.
- Add support for connecting to brokers through Unix domain sockets.
- Add `mosquitto_property_identifier()`, for retrieving the identifier integer
for a property.
- Add `mosquitto_property_identifier_to_string()` for converting a property
identifier integer to the corresponding property name string.
- Add `mosquitto_property_next()` to retrieve the next property in a list, for
iterating over property lists.
- mosquitto_pub now handles the MQTT v5 retain-available property by never
setting the retain bit.
- Added MOSQ_OPT_TCP_NODELAY, to allow disabling Nagle's algorithm on client
sockets. Closes#1526.
- Add `mosquitto_ssl_get()` to allow clients to access their SSL structure and
perform additional verification.
- Add MOSQ_OPT_BIND_ADDRESS to allow setting of a bind address independently
of the `mosquitto_connect*()` call.
- Add `MOSQ_OPT_TLS_USE_OS_CERTS` option, to instruct the client to load and
trust OS provided CA certificates for use with TLS connections.
Client library fixes:
- Fix send quota being incorrecly reset on reconnect. Closes#1822.
- Don't use logging until log mutex is initialised. Closes#1819.
- Fix missing mach/mach_time.h header on OS X. Closes#1831.
- Fix connect properties not being sent when the client automatically
reconnects. Closes#1846.
Client features:
- Add timeout return code (27) for `mosquitto_sub -W <secs>` and
`mosquitto_rr -W <secs>`. Closes#275.
- Add support for connecting to brokers through Unix domain sockets with the
`--unix` argument.
- Use cJSON library for producing JSON output, where available. Closes#1222.
- Add support for outputting MQTT v5 property information to mosquitto_sub/rr
JSON output. Closes#1416.
- Add `--pretty` option to mosquitto_sub/rr for formatted/unformatted JSON
output.
- Add support for v5 property printing to mosquitto_sub/rr in non-JSON mode.
Closes#1416.
- Add `--nodelay` to all clients to allow them to use the MOSQ_OPT_TCP_NODELAY
option.
- Add `-x` to all clients to all the session-expiry-interval property to be
easily set for MQTT v5 clients.
- Add `--random-filter` to mosquitto_sub, to allow only a certain proportion
of received messages to be printed.
- mosquitto_sub %j and %J timestamps are now in a ISO 8601 compatible format.
- mosquitto_sub now supports extra format specifiers for field width and
precision for some parameters.
- Add `--version` for all clients.
- All clients now load OS provided CA certificates if used with `-L
mqtts://...`, or if port is set to 8883 and no other CA certificates are
used. Closes#1824.
- Add the `--tls-use-os-certs` option to all clients.
Client fixes:
- mosquitto_sub will now exit if all subscriptions were denied.
- mosquitto_pub now sends 0 length files without an error when using `-f`.
- Fix description of `-e` and `-t` arguments in mosquitto_rr. Closes#1881.
- mosquitto_sub will now quit with an error if the %U option is used on
Windows, rather than just quitting. Closes#1908.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
While using autoconf 2.71, the AM_MISSING_PROG caused unexpected error:
...
configure.ac: error: required file 'missing' not found
...
Since these tools were explicitly added by autotools bbclass,
remove the testing to workaround the error with autoconf 2.7
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In order to build with autoconf 2.7, explicitly link to jpeg lib
since lib jpeg is already in DEPENDS
...
| checking for jpeglib.h... ../git/configure: line 16008: CPP: command not found
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The openssl already added in DEPENDS and the openssl related library
will be in recipe-sysroot. So it's meanlingless to add the configure
option "--with-openssl=${STAGING_EXECPREFIXDIR}" as the below help message.
$ cd /prj/net-snmp-5.9/
$ ./configure --help
[snip]
--with-openssl=PATH Look for openssl in PATH/lib,
or PATH may be "internal" to build with
minimal copied OpenSSL code for USM only
[snip]
And there is also a side effect after add the above openssl configuration
as the build path is added for NSC_LDFLAGS in /usr/bin/net-snmp-config.
NSC_LDFLAGS="-L/prj/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib64 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now"
To improve reproducibility for netsnmp as below.
$ sed -i -e 's@${STAGING_DIR_HOST}@@g' -i ${D}${bindir}/net-snmp-config
The NSC_LDFLAGS in net-snmp-config will be changed to below:
NSC_LDFLAGS="-L/usr/lib64 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now"
But it will result in other packages which depend on net-snmp such as
corosync, quagga and etc uses the build host library and introduce
below do_configure error.
ERROR: QA Issue: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities.
Rerun configure task after fixing this. [configure-unsafe]
So remove the useless configuration to fix the issue.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Changes v0.100 to v0.101:
Dmitry Bogdanov (1):
Fix parsing of GetNextRsp
Lee Duncan (10):
Ignore common build files
Fix compiler issue when not in security mode
Do not ignore write() return value.
Fix 586 compile issue and remove -Werror
Added a TODO: 'make depend' not worrking
Update version string to "0.100".
Fix broken server authentication initialization.
Add man page for isnssetup.
Added TODO to test "isnsd --init"
Preparing for version 0.101
Leo (1):
socket.c: include poll.h instead of sys/poll.h for POSIX compatibility
Rosen Penev (2):
fix compilation without deprecated OpenSSL APIs
libisns: remove sighold and sigrelse
* Changes v0.99 to v0.100:
Chris Leech (1):
Travis-CI and Coverity Scan setup
Lee Duncan (7):
Fix compiler complaint about possible alignment issue
add tags to ignored list of files
Change isns_portal_string() to return allocated string.
Remove old compiler option, and add "-Werror".
openssl: handle newer version with ifdefs
General cleanup for the compiler.
Fix problem with parsing IPv6 Addresses with brakcets.
Preparing for version v0.100
Added debugging, moved .cvsignore to .gitignore
fixed issues with old openssl usage
Adding python compiled files
Change isns_portal_string() to use static mem
Running make twice should not rebuild everything
Fix mdebug.c so it compiles when enabled.
Handle restarting test harness server correctly
Ignore SO lib
Create and use pythong unittest framework
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
New autconf detects that NSC_LDFLAGS are hardcoded to use -L/usr/lib
therefore edit these variables during build so that they have
cross-compile friendly values when net-snmp-config is used during build
of dependent packages
Signed-off-by: Khem Raj <raj.khem@gmail.com>
...
./configure: line 16398: syntax error: unexpected end of file
...
Backport a commit from upstream to fix it
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a patch to fix the gap between 32bit and 64bit system when
the configure option "--with-openssl=${STAGING_EXECPREFIXDIR}"
passed in.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Open vSwitch support is enabled by default in NetworkManager, but only
useful in the context of several virtualisation environments, e.g. Xen,
KVM, OpenStack and more. Therefore, the ovs PACKAGECONFIG is now disabled by
default.
The jansson dependency is only required for Open vSwitch and teamsdctl
support in NetworkManager. As there is no libteamsdctl recipe around
(and no teamsdctl PACKAGECONFIG), make it dependent on the ovs
PACKAGECONFIG.
Signed-off-by: Nicolas Jeker <n.jeker@gmx.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Introduce PACKAGECONFIG[nmcli] to make building the nmcli utility which
depends on GPLv3 licensed readline library optional.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Linux Wireless Extensions (Wext) support is enabled per default in
NetworkManager. Having Wext enabled without enabling WiFi support, too,
doesn't make much sense. Therefore, instead of creating a separate
PACKAGECONFIG flag, 'wext' was added to the already existing 'wifi'
flag.
Signed-off-by: Nicolas Jeker <n.jeker@gmx.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Systemd service file option 'ExecStopPre' is warned and ignored by
systemd. By replacing 'ExecStopPre' with 'ExecStop', the intended
behavior is realized. The 'ExecStop' commands are executed one after the
other.
Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix new dependencies to nftables-python. Firewalld has been changed to
use python bindings instead of calling the nftables cli utility.
(Has this firewalld recipe been used with firewalld's default
configuration which defaults to nftables backend?)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added missing RDEPENDS to the libnft library from nftables-python to
libnftable.so.1 which is loaded dynamically by LibraryLoader into
python.
Added json to default PACKAGECONFIG which is probably used as well when
compiled with python support. For example firewalld crashes at runtime
if nftables is compiled without json support.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Build tested on aarch64 glibc/musl
* 0003-Fix-build-with-musl-for-n-dhcp4.patch has to go. Grepped nm code for
seed48_r / mrand48_r => no findings
* Since this is a huge version bump no detaile release notes are provided here
* Have tried to move to meson build few months ago but it turned into huge
efforts and ended without success. Maybe situation changed but let's postpone
for now
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Support for smux is always enabled by the recipe, but it can be a
security risk since it makes the snmpd daemon listen on TCP port 199.
This makes it contrallable via PACKAGECONFIG, so that it can be easily
disabled from the distro or local config. The mechanism makes it easy
to add control for other MIB modules via PACKAGECONFIG later if need
be.
For compatibility smux is added to the default PACKAGECONFIG, so there
is no change in the default build configuration.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Module 'time' had been imported in Functions.py by upstream, so not
import in 0002-fix-fail-to-enable-bluetooth.patch and update accordingly.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
original SRC_URI is not valid now, offical CELT repository
moved to gitlab
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-doveadm-Fix-parallel-build.patch
removed since it is included in 2.3.13
refresh 0001-configure.ac-convert-AC_TRY_RUN-to-AC_TRY_LINK-state.patch
add 0001-not-check-pandoc.patch to not check pandoc of configure
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Bugfix-Modify-the-dir-of-install-exec-hook-and.patch
Removed since this is included in 6.12.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security release, see GHSA-jpc9-mgw6-2xwx/CVE-2020-15238 [1]
Changes
Force cython to use python language version 3
Do not use exitcode 1 when we expect to fail
Mark more strings translatable (@cwendling)
Bugs fixed
Unstranslated strings
Searching (with Ctrl+F in manager device list) did not work
Default PIN lookup
Fix device removal handling (@Yannik)
Only use LaunchContext when we have proper event time
[1] https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Make-ByteReverseWords-available-for-big-and-little-e.patch
Removed since this is included in 4.6.0
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The original /sbin/ebtables has been moved to /usr/sbin/ebtables-legacy.
But the old path is still used by some other software libvirt.
libvirtd[809]: direct firewall backend requested,
but /sbin/ebtables is not available: No such file or directory
As stated in the related change in ebtable git repo:
The new -legacy binary has no problem if called via a symlink with the
'ebtables' name, so users can still name this binary with whatever name.
So we add a symbol link from /usr/sbin/ebtables-legacy to /sbin/ebtables.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refer to Debian, patch the Makefile to prevent /etc/ethertypes
installation instead of removing it in do_install_append.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove the upstream ebtables-legacy-save before we install the local
ones. And install it to ${sbindir} rather than ${base_sbindir}.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The ebtables.common is required by ebtables.service. Add it back.
Fixes:
systemd[660]: ebtables.service: Failed to locate executable /usr/sbin/ebtables.common: No such file or directory
systemd[660]: ebtables.service: Failed at step EXEC spawning /usr/sbin/ebtables.common: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh the following patch:
0001-dbus-Remove-unused-variabes.patch
0002-Makefile-Exclude-.h-files-from-target-rule.patch
Add 0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch to solve the
compilation errors on musl.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh the following patch:
avoid-attr-unless-wanted.patch
options-0.10.0.patch
0001-waf-add-support-of-cross_compile.patch
Removed since this is included in 0.10.2
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-waf-add-support-of-cross_compile.patch
Removed since this is included in 2.3.1.
Refresh the following patch:
avoid-attr-unless-wanted.patch
options-2.2.0.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Both inetutils-tftp and tftp-hpa provide the tftp command and
the ALTERNATIVE_PRIORITY of inetutils-tftp is 79 until now.
Increase the ALTERNATIVE_PRIORITY of tftp-hpa to 100 to guarantee
the tftp command provided by tftp-hpa when both of the packages
installed.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-libopeniscsiusr-Compare-with-max-int-instead-of-max-.patch
Removed since this is included in 2.1.3
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh the following patch:
0010-Adjust-header-include-sequence.patch
Referring to Fedora style, ebtables-legacy-save and ebtables.service are retained.
The upstream address has been modified.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Both inetutils-traceroute and traceroute provide the traceroute
command and the ALTERNATIVE_PRIORITY of inetutils-traceroute is
79 until now.
Increase the ALTERNATIVE_PRIORITY of traceroute to 100 to guarantee
the traceroute command provided by traceroute when both of the
packages installed.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
gcc-10.patch
Removed since this is included in 25.
Refresh the following patch:
cross.patch
makefile-add-ldflags.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Deleted build fix patch. This is already applied in this release.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The /etc/ethertypes is provided by netbase since 6.0[1].
Do not instal the file in ebtables, otherwise there would be a conflict:
Error: Transaction test error:
file /etc/ethertypes conflicts between attempted installs of netbase-1:6.2-r0.corei7_64 and ebtables-2.0.10+4-r4.corei7_64
[1] 316680c6a2
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Download archives are no longer updated so fetch from Github. Add build
fix from upstream. The file LICENSE now contains the full Apache 2.0
license text.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Solve the memory leak in function NTPDCrequest detected by valgrind tool.
Memory leak log example:
==619== 21 bytes in 1 blocks are still reachable in loss record 1 of 3
==619== at 0x4A09DB0: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==619== by 0x43512E: NTPDCrequest (ntpdcontrol.c:255)
==619== by 0x43512E: NTPDCquery.isra.1 (ntpdcontrol.c:683)
==619== by 0x4359EE: ntpdInControl (ntpdcontrol.c:807)
==619== by 0x4364F5: ntpServiceUpdate (timingdomain.c:622)
==619== by 0x436935: timingDomainUpdate (timingdomain.c:756)
==619== by 0x4334A7: protocol (protocol.c:263)
==619== by 0x402BAE: main (ptpd.c:131)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Relevant changes:
- fe40226 version: bump
- d0bf51b qemu: bump default testing version
- ce8faa3 compat: SYM_FUNC_{START,END} were backported to 5.4
- da5646f qemu: drop build support for rhel 8.2
- 99e954f netns: check that route_me_harder packets use the right sk
- 25320ac noise: take lock when removing handshake entry from table
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-src-parse.c-Initialize-key-to-NULL.patch
Removed since this is included in 0.100.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog is here [1]
Do not install /var/log as it conflicts with basefiles package
Collected errors:
* check_data_file_clashes: Package chrony wants to install file /var/log
But that file is already provided by package * base-files
Remove CVE patch since its upstream
Forward port arm_eabi.patch patch
Make builds reproducible
[1] https://chrony.tuxfamily.org/news.html
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Remove-obsolete-setting-regarding-the-Standard-Outpu.patch
Removed since this is included in 5.9.1
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
configure: error:
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
via the LIBS environment variable.
Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since ldap is not a standard DISTRO_FEATURE, leave it disabled by default.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
to PACKAGECONFIG by default, and remove stroke. When systemd is in DISTRO_FEATURES,
add systemd-charon to PACKAGECONFIG, and add charon when systemd is not in
DISTRO_FEATURES.
While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The ntop project is inactive and there is no new version
since 2012 [1] and it has been replaced by ntopng.
[1] https://sourceforge.net/projects/ntop/files/ntop/Stable/
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ntopng is a web-based network traffic monitoring application
released under GPLv3. It is the new incarnation of the original
ntop written in 1998, and now revamped in terms of performance,
usability, and features.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The libmaxminddb library provides a C library for reading MaxMind
DB files, including the GeoIP2 databases from MaxMind.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nDPI is an open source LGPLv3 library for deep-packet inspection.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Add-configure-time-check-for-gettid-API.patch
Removed since this is included in 5.20.08
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable LTO, its uses ASM constructs for symbol versioning which are incompatible with LTO,
they should migrate to gcc-10's mechanism for symbol versioning which is
compatible with LTO
disable manpages, it needs pandoc to build
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add options for eap-identity and eap-mschapv2 plugins.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- 7a321ce version: bump
- 91fbeb4 Revert "wg-quick: wait on process substitutions"
- 9a0d65e wg-quick: android: use iproute2 to bring up interface instead of ndc
- fbca033 version: bump
- 26683f6 wg-quick: wait on process substitutions
- 13fac76 ctype: use non-locale-specific ctype.h
- cf2bf09 pubkey: isblank is a subset of isspace
- b4a8a18 man: wg-quick: use syncconf instead of addconf for strip example
- a66219f systemd: add reload target to systemd unit
- eb4665e wincompat: fold random into genkey
- 197995d ipc: split into separate files per-platform
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
vnStat is a console-based network traffic monitor for Linux and BSD
that keeps a log of network traffic for the selected interface(s).
Signed-off-by: Paulo Fagundes <paulohefagundes@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: copyright years updated.
This is a bug fix release:
- X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes.
- Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
- Merged Debian 05-typos.patch (thx to Peter Pentchev).
- Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
- Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
- Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
- Fixed tests on the WSL2 platform.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Install systemd configuration file wg-quick@.service into the proper folder.
Use 'systemd_system_unitdir' instead of 'systemd_unitdir' as the installation
path.
Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The dhcp-client has been removed from oe-core and the current
networkmanager does not support dhcpcd >= 9.0 (See bug report:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/410)
Remove the PACKAGECONFIG[dhclient] and pass --with-dhclient/dhcpcd=no
explicitly to EXTRA_OECONF. Otherwise it will search the host path when
configure.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is security release in order to address CVE-2020-1472
(Unauthenticated domain takeover via netlogon ("ZeroLogon")).
See: https://www.samba.org/samba/history/samba-4.10.18.html
Also remove 3 backported patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add patch from upstream which fixes building on big endian.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
IEC 61850 is an international standard for communication systems in
Substation Automation Systems (SAS) and management of Decentralized
Energy Resources (DER). It is seen as one of the communication
standards of the emerging Smart Grid.
Add two upstream patch fixing build issues with musl libc.
Enable the libiec61850 python binding (pyiec61850) that require a fix
to find the correct PYTHON_SITE_DIR path while cross-compiling.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The wireless-regdb has been moved to oe-core. According the commit
message:
wireless-regdb-static should be used with kernel >= 4.15.
wireless-regdb can be used with older kernels and is mostly
irrelevant here, but keeping it in meta-networking would
create needless recipe duplication.
it should replace runtime dependency wireless-regdb with
wireless-regdb-static.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is no need to set and then tediously modify PV variable on every
upgrade, what's worse it may happen that the PV is not modified like it
happened on the recent upgrade from cifs-utils-6.10 to cifs-utils-6.11.
Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The Standard output type "syslog" is obsolete, causing a warning since systemd
version 246 [1].
Please consider using "journal" or "journal+console"
[1] https://github.com/systemd/systemd/blob/master/NEWS#L202
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The Standard error type "syslog" is obsolete, causing a warning since systemd
version 246 [1].
Please consider using "journal" or "journal+console"
[1] https://github.com/systemd/systemd/blob/master/NEWS#L202
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it's newaliases not newalias in sbindir
* drop u-a for man pages, because only ssmtp.8 was created which shouldn't
conflict with esmpt
In my build I don't have mailq, sendmail, newaliases as man pages, but binaries in sbindir (and the sbinbinary is called newaliases, not newalias)
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man/man8
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man/man8/ssmtp.8
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/mailq
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/sendmail
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/newaliases
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/ssmtp
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc/ssmtp
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc/ssmtp/revaliases
this added u-a is causing following warnings:
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/mailq.1 or /usr/share/man/man1/mailq.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/newaliases.1 or /usr/share/man/man1/newaliases.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/sendmail.1 or /usr/share/man/man1/sendmail.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/sbin/newalias or /usr/sbin/newalias.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/mailq.1: /usr/share/man/man1/mailq.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/newaliases.1: /usr/share/man/man1/newaliases.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/sendmail.1: /usr/share/man/man1/sendmail.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/sbin/newalias: /usr/sbin/newalias.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/mailq.1 == /usr/share/man/man1/mailq.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/newaliases.1 == /usr/share/man/man1/newaliases.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/sendmail.1 == /usr/share/man/man1/sendmail.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/sbin/newalias == /usr/sbin/newalias
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The LICENSE file in source tree says:
The majority of the source code in the mDNSResponder project is licensed
under the terms of the Apache License, Version 2.0, available from:
<http://www.apache.org/licenses/LICENSE-2.0>
To accommodate license compatibility with the widest possible range
of client code licenses, the shared library code, which is linked
at runtime into the same address space as the client using it, is
licensed under the terms of the "Three-Clause BSD License".
The Linux Name Service Switch code, contributed by National ICT
Australia Ltd (NICTA) is licensed under the terms of the NICTA Public
Software Licence (which is substantially similar to the "Three-Clause
BSD License", with some additional language pertaining to Australian law).
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh Makefile patch (build.patch) to properly cross compile
mdns. Then try refresh patches which still apply. Following patches
don't apply anymore due to refactoring done on mdns side so thus
dropping patches:
* 0005-Handle-noisy-netlink-sockets.patch
* 0007-Indicate-loopback-interface-to-mDNS-core.patch
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 5.0:
- In non-quiet loop and count mode, a line is printed for every
lost packet
- The returned size in bytes now always excludes the IP header, so
if before it reported '84 bytes' e.g. when using 'fping -l', now
it reports '64 bytes'. This is to make the reported size
consistent with ping(8) from iputils and also with fping when
pinging a IPv6 host (which never included the IPv6 header size).
- The number of sent pings is only counted when the pings are
received or have timed out, ensuring that the loss ratio will be
always correct. This makes it possible, for example, to use loop
mode (-l) with interval statistics (-Q) and a timeout larger
than period, without having the issue that initially some pings
would be reported as missing
- Improved precision of measurements from 10us to 1us
- The reported size of received packets is now always correct on
Linux even for packets > 4096 bytes
- Travis CI automated testing now also macos testing and additional
ubuntu distributions
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.6.12:
Security:
- In some circumstances, Mosquitto could leak memory when handling
PUBLISH messages. This is limited to incoming QoS 2 messages,
and is related to the combination of the broker having
persistence enabled, a clean session=false client, which was
connected prior to the broker restarting, then has reconnected
and has now sent messages at a sufficiently high rate that the
incoming queue at the broker has filled up and hence messages
are being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed.
Broker:
- Build warning fixes when building with WITH_BRIDGE=no and
WITH_TLS=no.
Clients:
- All clients exit with an error exit code on CONNACK failure.
- Don't busy loop with `mosquitto_pub -l` on a slow connection.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.8.1:
- Bug fix: authenticated users can trigger an application crash
(with a NULL pointer dereference) if echo-message is not enabled
and there is no network.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Ettercap is a comprehensive suite for man in the
middle attacks. It features sniffing of live
connections, content filtering on the fly and
many other interesting tricks. It supports active
and passive dissection of many protocols and includes
many features for network and host analysis.
To test ettercap :
$ ettercap -T -i eth0 # Text mode
or
$ ettercap -C -i eth0 # console based mode
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fails to build on an aarch64 system with ipv6 disabled. This backported
patch fixes it.
Signed-off-by: Jack Mitchell <ml@embed.me.uk>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Moving beyond kernel 5.6, this kmod is not needed and core has moved the
reference kernel to 5.8 for reference machines
wireguard-tools should RDEPEND but not DEPEND
Remove it from meta-networking packagegroup as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Default Makefile of bearssl doesn't have a make target which hadn't
enough attraction when creating the recipe.
Add missing functionality.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for BearSSL - an an implementation of the SSL/TLS protocol with
the approach of:
* Be correct and secure.
* Be small
* Be highly portable
* Be feature-rich and extensible
See https://bearssl.org for more details.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.6.11:
Broker:
- Fix usage message only mentioning v3.1.1.
- Fix broker refusing to start if only websockets listeners were
defined.
- Change systemd unit files to create /var/log/mosquitto before
starting.
- Don't quit with an error if opening the log file isn't possible.
- Fix bridge topic remapping when using "" as the topic.
- Fix messages being queued for disconnected bridges when clean
start was set to true.
- Fix `autosave_interval` not being triggered by messages being
delivered.
- Fix websockets clients sometimes not being disconnected promptly.
- Fix "slow" file based logging by switching to line based
buffering.
- Log protocol error message where appropriate from a bad
UNSUBSCRIBE, rather than the generic "socket error".
- Don't try to start DLT logging if DLT unavailable, to avoid a
long delay when shutting down the broker.
- Fix potential memory leaks.
- Fix clients not receiving messages after a previous client with
the same client ID and positive will delay interval quit.
- Fix overly broad HAVE_PTHREAD_CANCEL compile guard.
Client library:
- Improved documentation around connect callback return codes.
- Fix `mosquitto_publish*()` no longer returning
`MOSQ_ERR_NO_CONN` when not connected.
- `mosquitto_loop_start()` now sets a thread name on Linux,
FreeBSD, NetBSD, and OpenBSD.
- Fix `mosquitto_loop_stop()` not stopping on Windows.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Strip host path infomation out of binaries by not suppressing
default CFLAGS.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport patches from https://github.com/intel/openlldp/pull/55
to fix build with -fno-common
Append SRCPV to PV since we are not at exact release point
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang11 and gcc10 have switched to using -fno-common by default this
hoowever still needs to use -fcommon until fixed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It fails to compile rdist occasionally when system load of build server
is high:
| In file included from common.c:57:
| ../include/defs.h:49:10: fatal error: y.tab.h: No such file or directory
| 49 | #include "y.tab.h"
| | ^~~~~~~~~
| compilation terminated.
Make $(COMMONOBJS) which include common.o to depends on related header files
and y.tab.h to fix the parallel build failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a security release in order to address the following defects:
CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results.
CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Also backport 3 patches to fix build error with musl.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ifenslave binary and its man page were removed (see @2b0da97853367e34).
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
