Remove the upstream ebtables-legacy-save before we install the local
ones. And install it to ${sbindir} rather than ${base_sbindir}.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The ebtables.common is required by ebtables.service. Add it back.
Fixes:
systemd[660]: ebtables.service: Failed to locate executable /usr/sbin/ebtables.common: No such file or directory
systemd[660]: ebtables.service: Failed at step EXEC spawning /usr/sbin/ebtables.common: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh the following patch:
0001-dbus-Remove-unused-variabes.patch
0002-Makefile-Exclude-.h-files-from-target-rule.patch
Add 0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch to solve the
compilation errors on musl.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh the following patch:
avoid-attr-unless-wanted.patch
options-0.10.0.patch
0001-waf-add-support-of-cross_compile.patch
Removed since this is included in 0.10.2
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-waf-add-support-of-cross_compile.patch
Removed since this is included in 2.3.1.
Refresh the following patch:
avoid-attr-unless-wanted.patch
options-2.2.0.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Both inetutils-tftp and tftp-hpa provide the tftp command and
the ALTERNATIVE_PRIORITY of inetutils-tftp is 79 until now.
Increase the ALTERNATIVE_PRIORITY of tftp-hpa to 100 to guarantee
the tftp command provided by tftp-hpa when both of the packages
installed.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-libopeniscsiusr-Compare-with-max-int-instead-of-max-.patch
Removed since this is included in 2.1.3
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh the following patch:
0010-Adjust-header-include-sequence.patch
Referring to Fedora style, ebtables-legacy-save and ebtables.service are retained.
The upstream address has been modified.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Both inetutils-traceroute and traceroute provide the traceroute
command and the ALTERNATIVE_PRIORITY of inetutils-traceroute is
79 until now.
Increase the ALTERNATIVE_PRIORITY of traceroute to 100 to guarantee
the traceroute command provided by traceroute when both of the
packages installed.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
gcc-10.patch
Removed since this is included in 25.
Refresh the following patch:
cross.patch
makefile-add-ldflags.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Deleted build fix patch. This is already applied in this release.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The /etc/ethertypes is provided by netbase since 6.0[1].
Do not instal the file in ebtables, otherwise there would be a conflict:
Error: Transaction test error:
file /etc/ethertypes conflicts between attempted installs of netbase-1:6.2-r0.corei7_64 and ebtables-2.0.10+4-r4.corei7_64
[1] 316680c6a2
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Download archives are no longer updated so fetch from Github. Add build
fix from upstream. The file LICENSE now contains the full Apache 2.0
license text.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Solve the memory leak in function NTPDCrequest detected by valgrind tool.
Memory leak log example:
==619== 21 bytes in 1 blocks are still reachable in loss record 1 of 3
==619== at 0x4A09DB0: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==619== by 0x43512E: NTPDCrequest (ntpdcontrol.c:255)
==619== by 0x43512E: NTPDCquery.isra.1 (ntpdcontrol.c:683)
==619== by 0x4359EE: ntpdInControl (ntpdcontrol.c:807)
==619== by 0x4364F5: ntpServiceUpdate (timingdomain.c:622)
==619== by 0x436935: timingDomainUpdate (timingdomain.c:756)
==619== by 0x4334A7: protocol (protocol.c:263)
==619== by 0x402BAE: main (ptpd.c:131)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Relevant changes:
- fe40226 version: bump
- d0bf51b qemu: bump default testing version
- ce8faa3 compat: SYM_FUNC_{START,END} were backported to 5.4
- da5646f qemu: drop build support for rhel 8.2
- 99e954f netns: check that route_me_harder packets use the right sk
- 25320ac noise: take lock when removing handshake entry from table
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-src-parse.c-Initialize-key-to-NULL.patch
Removed since this is included in 0.100.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog is here [1]
Do not install /var/log as it conflicts with basefiles package
Collected errors:
* check_data_file_clashes: Package chrony wants to install file /var/log
But that file is already provided by package * base-files
Remove CVE patch since its upstream
Forward port arm_eabi.patch patch
Make builds reproducible
[1] https://chrony.tuxfamily.org/news.html
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Remove-obsolete-setting-regarding-the-Standard-Outpu.patch
Removed since this is included in 5.9.1
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
configure: error:
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
via the LIBS environment variable.
Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since ldap is not a standard DISTRO_FEATURE, leave it disabled by default.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
to PACKAGECONFIG by default, and remove stroke. When systemd is in DISTRO_FEATURES,
add systemd-charon to PACKAGECONFIG, and add charon when systemd is not in
DISTRO_FEATURES.
While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The ntop project is inactive and there is no new version
since 2012 [1] and it has been replaced by ntopng.
[1] https://sourceforge.net/projects/ntop/files/ntop/Stable/
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ntopng is a web-based network traffic monitoring application
released under GPLv3. It is the new incarnation of the original
ntop written in 1998, and now revamped in terms of performance,
usability, and features.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The libmaxminddb library provides a C library for reading MaxMind
DB files, including the GeoIP2 databases from MaxMind.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nDPI is an open source LGPLv3 library for deep-packet inspection.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Add-configure-time-check-for-gettid-API.patch
Removed since this is included in 5.20.08
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable LTO, its uses ASM constructs for symbol versioning which are incompatible with LTO,
they should migrate to gcc-10's mechanism for symbol versioning which is
compatible with LTO
disable manpages, it needs pandoc to build
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add options for eap-identity and eap-mschapv2 plugins.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- 7a321ce version: bump
- 91fbeb4 Revert "wg-quick: wait on process substitutions"
- 9a0d65e wg-quick: android: use iproute2 to bring up interface instead of ndc
- fbca033 version: bump
- 26683f6 wg-quick: wait on process substitutions
- 13fac76 ctype: use non-locale-specific ctype.h
- cf2bf09 pubkey: isblank is a subset of isspace
- b4a8a18 man: wg-quick: use syncconf instead of addconf for strip example
- a66219f systemd: add reload target to systemd unit
- eb4665e wincompat: fold random into genkey
- 197995d ipc: split into separate files per-platform
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
vnStat is a console-based network traffic monitor for Linux and BSD
that keeps a log of network traffic for the selected interface(s).
Signed-off-by: Paulo Fagundes <paulohefagundes@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: copyright years updated.
This is a bug fix release:
- X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes.
- Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
- Merged Debian 05-typos.patch (thx to Peter Pentchev).
- Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
- Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
- Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
- Fixed tests on the WSL2 platform.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Install systemd configuration file wg-quick@.service into the proper folder.
Use 'systemd_system_unitdir' instead of 'systemd_unitdir' as the installation
path.
Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The dhcp-client has been removed from oe-core and the current
networkmanager does not support dhcpcd >= 9.0 (See bug report:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/410)
Remove the PACKAGECONFIG[dhclient] and pass --with-dhclient/dhcpcd=no
explicitly to EXTRA_OECONF. Otherwise it will search the host path when
configure.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is security release in order to address CVE-2020-1472
(Unauthenticated domain takeover via netlogon ("ZeroLogon")).
See: https://www.samba.org/samba/history/samba-4.10.18.html
Also remove 3 backported patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add patch from upstream which fixes building on big endian.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
IEC 61850 is an international standard for communication systems in
Substation Automation Systems (SAS) and management of Decentralized
Energy Resources (DER). It is seen as one of the communication
standards of the emerging Smart Grid.
Add two upstream patch fixing build issues with musl libc.
Enable the libiec61850 python binding (pyiec61850) that require a fix
to find the correct PYTHON_SITE_DIR path while cross-compiling.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The wireless-regdb has been moved to oe-core. According the commit
message:
wireless-regdb-static should be used with kernel >= 4.15.
wireless-regdb can be used with older kernels and is mostly
irrelevant here, but keeping it in meta-networking would
create needless recipe duplication.
it should replace runtime dependency wireless-regdb with
wireless-regdb-static.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is no need to set and then tediously modify PV variable on every
upgrade, what's worse it may happen that the PV is not modified like it
happened on the recent upgrade from cifs-utils-6.10 to cifs-utils-6.11.
Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The Standard output type "syslog" is obsolete, causing a warning since systemd
version 246 [1].
Please consider using "journal" or "journal+console"
[1] https://github.com/systemd/systemd/blob/master/NEWS#L202
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The Standard error type "syslog" is obsolete, causing a warning since systemd
version 246 [1].
Please consider using "journal" or "journal+console"
[1] https://github.com/systemd/systemd/blob/master/NEWS#L202
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it's newaliases not newalias in sbindir
* drop u-a for man pages, because only ssmtp.8 was created which shouldn't
conflict with esmpt
In my build I don't have mailq, sendmail, newaliases as man pages, but binaries in sbindir (and the sbinbinary is called newaliases, not newalias)
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man/man8
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man/man8/ssmtp.8
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/mailq
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/sendmail
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/newaliases
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/ssmtp
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc/ssmtp
tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc/ssmtp/revaliases
this added u-a is causing following warnings:
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/mailq.1 or /usr/share/man/man1/mailq.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/newaliases.1 or /usr/share/man/man1/newaliases.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/sendmail.1 or /usr/share/man/man1/sendmail.1.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/sbin/newalias or /usr/sbin/newalias.ssmtp) does not exist, skipping...
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/mailq.1: /usr/share/man/man1/mailq.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/newaliases.1: /usr/share/man/man1/newaliases.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/sendmail.1: /usr/share/man/man1/sendmail.1.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/sbin/newalias: /usr/sbin/newalias.ssmtp does not exist
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/mailq.1 == /usr/share/man/man1/mailq.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/newaliases.1 == /usr/share/man/man1/newaliases.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/sendmail.1 == /usr/share/man/man1/sendmail.1
WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/sbin/newalias == /usr/sbin/newalias
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The LICENSE file in source tree says:
The majority of the source code in the mDNSResponder project is licensed
under the terms of the Apache License, Version 2.0, available from:
<http://www.apache.org/licenses/LICENSE-2.0>
To accommodate license compatibility with the widest possible range
of client code licenses, the shared library code, which is linked
at runtime into the same address space as the client using it, is
licensed under the terms of the "Three-Clause BSD License".
The Linux Name Service Switch code, contributed by National ICT
Australia Ltd (NICTA) is licensed under the terms of the NICTA Public
Software Licence (which is substantially similar to the "Three-Clause
BSD License", with some additional language pertaining to Australian law).
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh Makefile patch (build.patch) to properly cross compile
mdns. Then try refresh patches which still apply. Following patches
don't apply anymore due to refactoring done on mdns side so thus
dropping patches:
* 0005-Handle-noisy-netlink-sockets.patch
* 0007-Indicate-loopback-interface-to-mDNS-core.patch
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 5.0:
- In non-quiet loop and count mode, a line is printed for every
lost packet
- The returned size in bytes now always excludes the IP header, so
if before it reported '84 bytes' e.g. when using 'fping -l', now
it reports '64 bytes'. This is to make the reported size
consistent with ping(8) from iputils and also with fping when
pinging a IPv6 host (which never included the IPv6 header size).
- The number of sent pings is only counted when the pings are
received or have timed out, ensuring that the loss ratio will be
always correct. This makes it possible, for example, to use loop
mode (-l) with interval statistics (-Q) and a timeout larger
than period, without having the issue that initially some pings
would be reported as missing
- Improved precision of measurements from 10us to 1us
- The reported size of received packets is now always correct on
Linux even for packets > 4096 bytes
- Travis CI automated testing now also macos testing and additional
ubuntu distributions
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.6.12:
Security:
- In some circumstances, Mosquitto could leak memory when handling
PUBLISH messages. This is limited to incoming QoS 2 messages,
and is related to the combination of the broker having
persistence enabled, a clean session=false client, which was
connected prior to the broker restarting, then has reconnected
and has now sent messages at a sufficiently high rate that the
incoming queue at the broker has filled up and hence messages
are being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed.
Broker:
- Build warning fixes when building with WITH_BRIDGE=no and
WITH_TLS=no.
Clients:
- All clients exit with an error exit code on CONNACK failure.
- Don't busy loop with `mosquitto_pub -l` on a slow connection.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.8.1:
- Bug fix: authenticated users can trigger an application crash
(with a NULL pointer dereference) if echo-message is not enabled
and there is no network.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Ettercap is a comprehensive suite for man in the
middle attacks. It features sniffing of live
connections, content filtering on the fly and
many other interesting tricks. It supports active
and passive dissection of many protocols and includes
many features for network and host analysis.
To test ettercap :
$ ettercap -T -i eth0 # Text mode
or
$ ettercap -C -i eth0 # console based mode
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fails to build on an aarch64 system with ipv6 disabled. This backported
patch fixes it.
Signed-off-by: Jack Mitchell <ml@embed.me.uk>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Moving beyond kernel 5.6, this kmod is not needed and core has moved the
reference kernel to 5.8 for reference machines
wireguard-tools should RDEPEND but not DEPEND
Remove it from meta-networking packagegroup as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Default Makefile of bearssl doesn't have a make target which hadn't
enough attraction when creating the recipe.
Add missing functionality.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for BearSSL - an an implementation of the SSL/TLS protocol with
the approach of:
* Be correct and secure.
* Be small
* Be highly portable
* Be feature-rich and extensible
See https://bearssl.org for more details.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.6.11:
Broker:
- Fix usage message only mentioning v3.1.1.
- Fix broker refusing to start if only websockets listeners were
defined.
- Change systemd unit files to create /var/log/mosquitto before
starting.
- Don't quit with an error if opening the log file isn't possible.
- Fix bridge topic remapping when using "" as the topic.
- Fix messages being queued for disconnected bridges when clean
start was set to true.
- Fix `autosave_interval` not being triggered by messages being
delivered.
- Fix websockets clients sometimes not being disconnected promptly.
- Fix "slow" file based logging by switching to line based
buffering.
- Log protocol error message where appropriate from a bad
UNSUBSCRIBE, rather than the generic "socket error".
- Don't try to start DLT logging if DLT unavailable, to avoid a
long delay when shutting down the broker.
- Fix potential memory leaks.
- Fix clients not receiving messages after a previous client with
the same client ID and positive will delay interval quit.
- Fix overly broad HAVE_PTHREAD_CANCEL compile guard.
Client library:
- Improved documentation around connect callback return codes.
- Fix `mosquitto_publish*()` no longer returning
`MOSQ_ERR_NO_CONN` when not connected.
- `mosquitto_loop_start()` now sets a thread name on Linux,
FreeBSD, NetBSD, and OpenBSD.
- Fix `mosquitto_loop_stop()` not stopping on Windows.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Strip host path infomation out of binaries by not suppressing
default CFLAGS.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport patches from https://github.com/intel/openlldp/pull/55
to fix build with -fno-common
Append SRCPV to PV since we are not at exact release point
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang11 and gcc10 have switched to using -fno-common by default this
hoowever still needs to use -fcommon until fixed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It fails to compile rdist occasionally when system load of build server
is high:
| In file included from common.c:57:
| ../include/defs.h:49:10: fatal error: y.tab.h: No such file or directory
| 49 | #include "y.tab.h"
| | ^~~~~~~~~
| compilation terminated.
Make $(COMMONOBJS) which include common.o to depends on related header files
and y.tab.h to fix the parallel build failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a security release in order to address the following defects:
CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results.
CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Also backport 3 patches to fix build error with musl.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ifenslave binary and its man page were removed (see @2b0da97853367e34).
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
netoprintf() was not handling a case where
return value of vsnprintf is greater than
"size"(2nd argument), results in buffer overflow
while adjusting "nfrontp" pointer to point
beyond "netobuf" buffer.
Here is one such case where "nfrontp"
crossed boundaries of "netobuf", and
pointing to another global variable.
(gdb) p &netobuf[8255]
$5 = 0x55c93afe8b1f <netobuf+8255> ""
(gdb) p nfrontp
$6 = 0x55c93afe8c20 <terminaltype> "\377"
(gdb) p &terminaltype
$7 = (char **) 0x55c93afe8c20 <terminaltype>
(gdb)
This resulted in crash of telnetd service
with segmentation fault.
Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When starting radvd without any configuration the following errors would
be triggered.
"""
root@intel-x86-64:~# systemctl status radvd
● radvd.service - Router advertisement daemon for IPv6
Loaded: loaded (/lib/systemd/system/radvd.service; enabled; vendor preset:
enabled)
Active: inactive (dead)
Condition: start condition failed at Tue 2019-09-24 13:29:36 UTC; 3s ago
└─ ConditionPathExists=/etc/radvd.conf was not met
"""
Normally the user should create and configrue the /etc/radvd.conf
manually. However the radvd provide a example file for redhad located
at "radvd/redhat/radvd.conf.empty". When installing, it would copy
radvd/redhat/radvd.conf.empty to /etc/radvd.conf. Also add this empty
conf here to used as an example of configuration
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nmcli depends on libreadline which is licensed under GPLv3.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes the occasional error:
# cd /etc/raddb/certs
# ./bootstrap
[snip]
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
Using configuration from ./client.cnf
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
The matching entry has the following details
Type :Valid
Expires on :200908024833Z
Serial Number :02
File name :unknown
Subject Name :/C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
make: *** [Makefile:128: client.crt] Error 1
Add the check to fix the above error and it does the same for server.crt.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixed when rebuild:
DEBUG: Executing shell function autotools_preconfigure
NOTE: make clean
aclocal
autoheader
autoconf
You need to call ./configure with appropriate arguments (again).
make: *** [Makefile:287: config.status] Error 1
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since networkmanager: upgrade 1.22.10 -> 1.22.14, it added a new
build option 'firewalld-zone', while enabling multilib, there is
a QA issue
...
ERROR: QA Issue: networkmanager: Files/directories were installed but not shipped in any package:
/usr/lib/firewalld
/usr/lib/firewalld/zones
/usr/lib/firewalld/zones/nm-shared.xml
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- removed B = "${S}", which is the default anyway
- removed FILES_${PN} =+ "${bindir}",
as it's already covered by ${PN}-bin package
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This way yocto cve-check can find open CVE's. See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE
database differ from yocto recipe names. This series fixes several
of those name mapping problems by setting the CVE_PRODUCT correctly
in the recipes. To check this mapping with after a build, I'm exporting
LICENSE and CVE_PRODUCT variables to buildhistory for recipes and
packages."
Value added is based on:
https://nvd.nist.gov/products/cpe/search/results?keyword=netcat&status=FINAL&orderBy=CPEURI&namingFormat=2.3
Signed-off-by: Andre Carvalho <andrestc@fb.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2.1.3
Changes
* Force cython to use python language version 3
Bugs fixed
* Fix tooltip not updating when bluetooth is disabled
* Fix dbus timeout in DhcClient
* Call the right method when pulseaudio crashes
* Handle os.remove failing
2.1.2
Bugs fixed
* Signal bar updates with multiple adapters
* Pairing with pincode
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
================================================
NetworkManager-1.22.14
Overview of changes since NetworkManager-1.22.12
================================================
This is a new stable release of NetworkManager. Notable changes include:
* ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
property silently fails and a profile might accidentally not perform
any authentication (CVE-2020-10754).
* ifcfg-rh: handle 802-1x.pin properties.
================================================
NetworkManager-1.22.12
Overview of changes since NetworkManager-1.22.10
================================================
This is a new stable release of NetworkManager. Notable changes include:
* Fix a bug preventing lease renewal in the internal DHCP client.
* Add a new build option 'firewalld-zone'; when enabled,
NetworkManager installs a firewalld zone for connection sharing and
puts interfaces using IPv4 or IPv6 shared mode in this zone during
activation. The option is enabled by default.
Note that NetworkManager still calls to iptables to enable
masquerading and open needed ports for DHCP and DNS. The new option
is useful on systems using firewalld with the nftables backend,
where the iptables rules would not be sufficient.
* Support changing the MTU of OVS interfaces.
* Better handle a restart of ovsdb process.
* Support the 'no-reload' and 'trust-ad' resolv.conf options.
* Various minor bug fixes and improvements.
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Source: net-snmp.org
MR: 104509
Type: Security Fix
Disposition: Backport from 5f881d3bf2
ChangeID: 206d822029d48d904864f23fd1b1af69dffc26c8
Description:
Fixes CVE-2019-20892 which affect net-snmp <= 5.8pre1
Had to fix up some file do to later code restructioning.
"int refcnt;" addition was done in include/net-snmp/library/snmpusm.h
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Main new features of netplan release 0.99:
- YAML parser is now in a separate library named libnetplan
- Systemd unit file for launching WPA Supplicant with netplan
configuration is now generated at runtime
See here for a full comparison:
https://github.com/CanonicalLtd/netplan/compare/0.98...0.99
Signed-off-by: Jacopo Dall'Aglio <jacopo.dallaglio@kynetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
>From [1]
* Increase cache buffers size to accomodate VLAN edits (#594)
* Correct L2 header length to correct IP header offset (#583)
* Fix warnings from gcc version 10 (#580)
* Heap Buffer Overflow in randomize_iparp (#579)
* Use after free in get_ipv6_next (#578)
* Heap Buffer Overflow in git_ipv6_next (#576)
* Call pcap_freecode() on pcap_compile() (#572)
* Increase max snaplen to 262144 (#571)
* Fix divide by zero in fuzzing (#570)
* Unique IP repeats at very high iteration counts (#566)
* Fails to compile on FreeBSD amd64 13.0 (#558)
* Heap Buffer Overflow in do_checksum (#556) (#577)
* Attempt to correct corrupt pcap files, if possible (#557)
* Fix GCC v10 warnings (#555)
* Remove some duplicated SOURCES entries (#551)
* Expand /dev/bpfX hard limit to fix macOS Mojave (#550)
* Implement --loopdelay-ms when using --loop=0 (#546)
* Heap overflow packet2tree and get_l2len (#530)
[1] https://github.com/appneta/tcpreplay/releases
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
https://samba.org seems to be gone, switch to https://www.samba.org
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The "ssl" PACKAGECONFIG setting contains WITH_EC_OFF instead of
WITH_EC=OFF, resulting in a build break when "ssl" is not set.
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As ??= assignment will be overwritten by += in any case,
one can't define a default of PACKAGECONFIG in this recipe.
Using _append instead mitigates chances of accidental overwriting
the default
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-0001-chdeck-for-gettid-API-during-configure.patch
Removed since this is included in 2.9.16
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refreshed patches for 5.8 due to the following:
ERROR: net-snmp-5.8-r0 do_patch: Command Error: 'quilt --quiltrc .../net-snmp/5.8-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output:
Applying patch 0001-Add-pkg-config-support-for-building-applications-and.patch
patching file configure
...
Hunk #1 succeeded at 32248 with fuzz 2 (offset 1826 lines).
Hunk #2 FAILED at 31447.
1 out of 2 hunks FAILED -- rejects in file configure
...
Patch 0001-Add-pkg-config-support-for-building-applications-and.patch does not apply (enforce with -f)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Full changelog:
Version 5.0 - 4/22/2020
Major security updates. The key exchange and key derivation algorithms
were modified and supported algorithms were pruned using TLS 1.3 as a
basis. This includes:
- HKDF used in multiple stages for key derivation from raw shared secrets.
- Included addtional context in key derivation and signatures to protect
against replay attacks and downgrade attacks.
- Reduced set of supported EC curves to those supported by TLS 1.3
- Removed RSA key exchange which does not provide perfect forward secrecy.
All key exchanges now use ECDH.
- Removed support for SHA-1 hashes in key exchanges.
- Supported symmetric ciphers are AES in AEAD mode (GCM or CCM).
- Increased supported RSA key sizes
Encrypted sessions are now enabled by default. It can be disabled by
specifying "none" for the key type in the server's -Y option.
Backward compatibility retained for version 4.x in clients and proxies.
When communicating with a 4.x server, only allow algorithms and key
exchange modes permitted in the new version.
Clients and proxies no longer need to use signature keys that match the
type and size used by the server. As a result, the -k and -K options to
the client now only accept a single key instead of multiple. The proxy
still supports multiple keys for 4.x compatibility, however only the first
key listed is used for any version 5.x session.
Proxies now send their keys in a separate message instead of injecting them
in the ANNOUNCE sent by the server. This allows clients to be fully
aware of proixes and allows them to authenticate servers and proxies
separately.
Format of client's server list modified to specify the proxy that a server
communicates through. Fingerprints listed in this file now always
specify the server as opposed to having the proxy's key in some cases.
Added -R option to client to specify a list of proxies along with their
public key fingerprints. The old use of -R to specify a version 4.x
response proxy has moved to -r.
Previously, using -S in the client or proxy to specify a server list would
automatically enable source specific multicast (SSM). The use of SSM is
now enabled separately via the -o option on both the client and proxy.
Fixed a bug that caused ECDSA signatures created on Linux with curve
secp521r1 from being verified successfully on Windows.
Fixed cleanup on clients and proxies to prevent occasional crashes on
shutdown under Windows.
Update timstamps in messages to use 64-bit microseconds since the epoch,
addressing Y2038 issues.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Make sure PNBLACKLIST assignments in recipe files use weak assignment,
so they can be overridden in, for example, local.conf files.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-dnsmasq/0001-dnsmasq-fix-build-against-5.2-headers.patch
-dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch
Removed since these are included in 2.81
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it needs to link with libsystemd when using systemd as init system
Fixes
Package libsystemd was not found in the pkg-config search path.
Perhaps you should add the directory containing `libsystemd.pc'
to the PKG_CONFIG_PATH environment variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a security release in order to address the following defects:
CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes building TCPDump without OpenSSL. Current version does not
recognize the option --without-openssl.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It is unnecessary, and libbsd uses the "BSD-4-Clause" license, which can
be problematic.
To make it deterministic, a patch is introduced to allow libbsd support
to be disabled. It resembles similar patches in, e.g., libldb,
libtalloc, libtdb and libtevent.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Release 4.4.0 of wolfSSL embedded TLS has bug fixes, new features
and fixes for security vulnerabilities.
See full changelog https://github.com/wolfSSL/wolfssl/releases/tag/v4.4.0-stablefixes
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are some shell scripts such as kea-admin,
upgrade_4.0_to_5.0.sh, wipe_data.sh and etc contain
build path.
Actually the build path is meanlingless on the target,
so replace abs_top_builddir to abs_top_builddir_placeholder
to avoid expanding abs_top_builddir which introduces
build path.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commit 89d86b96f8 which tries to fix
the installation issue for ostree introduces a recursive dependency
issue. When installing the postfix package on target via online
repository, the postinst function for postfix-cfg package needs
newaliases but this command is from postfix package which causes an
error:
Configuring postfix-cfg.
/var/lib/opkg/info/postfix-cfg.postinst: line 9: newaliases: not found
pkg_run_script: package "postfix-cfg" postinst script returned status 127.
Split a new package postfix-bin from postfix and make it as the runtime
dependency for postfix-cfg.
Set USERADD_PACKAGES to ${PN}-bin to avoid image do_rootfs warnings when
installing postfix via IMAGE_INSTALL:
[log_check] warning: group postdrop does not exist - using root
[log_check] warning: user postfix does not exist - using root
Set ALTERNATIVE to ${PN}-bin to make sure the newaliases symbolic link
is installed before installing postfix-cfg.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This gets it in sync with libhugetlbfs which according to the comment,
is supposed to be correct.
Signed-off-by: Drew Moseley <drew.moseley@northern.tech>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This includes:
Version 4.10.2
Fixed security issue where using sha384 or sha512 would set encryption keys
to all bytes 0
When using ECDH key exchange with closed group membership, an incorrect
signature would be applied to the ANNOUCE message, causing the session
to fail. Bug fixes.
Relaxed server side checks on the type of key supplied by a client when not
using public key signatures on all messages. This will assist in the
upgrade process to the upcoming version 5.0.
Fixed various small memory leaks
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Nbdkit uses plugins to add more sources of data for nbd client.
Nbdkit can also spawn nbd-client, uses unix or network socket to
communicate with client, uses different plugins to serve data for nbd
device eg. curl, file, custom plugins in many languages (perl, python)
and some others.
Fix build when printf is a macro instead of function
Use BSD-3-Clause for license
inherit bash-completion so these are packaged correctly
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License has been changed due to date time, no new stuff added.
delete source patch reproducibility-respect-source-date-epoch.patch
for new version source tree contains it.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for NVM-Express target user space configuration utility. It
contains a command line interface to the NVMe over Fabrics nvmet in
the Linux kernel. It allows configuring the nvmet interactively as well
as saving/restoring the configuration to/from a json file.
Signed-off-by: Jonathan Richardson <jonathan.richardson@broadcom.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As per discussed in a previous email under the subject "Regarding
poppler auto PACKAGECONFIG when qt5-layer exists", adding a layer
but not using it should not change PACKAGECONFIG automatically. It
may result unexpected error.
Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently miniupnpd.service fails to start
without miniupnpd_functions.sh in rootfs
Signed-off-by: Vinothkumar <vinothkumar_baskaran@comcast.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the following manpage conflicts:
* check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man1/tftp.1
But that file is already provided by package * tftp-hpa-doc
* check_data_file_clashes: Package inetutils-doc wants to install file /usr/share/man/man8/tftpd.8
But that file is already provided by package * tftp-hpa-doc
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the following manpage installation conflict:
* check_data_file_clashes: Package netkit-telnet-doc wants to install file /usr/share/man/man8/telnetd.8
But that file is already provided by package * inetutils-doc
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When S is pointing to a level up, it calls clean target which also tries
to clean the module build objects, which causes make clean to misnehave
since the env is not set to build module and it tries to reach out to
/lib/modules dir on host
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This recipe fetches from debian archives, therefore we need logic to
apply the patches which are part of tarball
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix error:
Fetcher failure: Repository
git://github.com/FreeRADIUS/freeradius-server.git has LFS content,
install git-lfs on host to download (or set lfs=0 to ignore it)
upstream has file .lfsconfig to make it not download lfs files by
default, so we also don't download it by default
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
>From [1]:
=======================================================
NetworkManager-openvpn-1.8.12
Overview of changes since NetworkManager-openvpn-1.8.10
=======================================================
* The auth helper in external UI mode can now be run without a display
server. Future nmcli version will utilize this for handling the
secrets without a graphical desktop.
* libnm-glib compatibility (NetworkManager < 1.0) is disabled by default.
It can be enabled by passing --with-libnm-glib to configure script.
Nobody should need it by now. Users that still use this are encouraged
to let us know before the libnm-glib support is removed for good.
* Add support for the following OpenVPN options: tls-version-min,
tls-version-max, compress.
* Support inline CRL blobs during import.
* Allow option mssfix to be set to zero.
* Update Catalan, Czech, Danish, Dutch, Friulian, Hungarian,
Indonesian, Italian, Polish, Serbian, Spanish, Swedish and Ukrainian
translations.
[1] http://ftp.gnome.org/pub/gnome/sources/NetworkManager-openvpn/1.8/NetworkManager-openvpn-1.8.12.news
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-waf-add-support-of-cross_compile.patch
removed since it's not available for 1.4.3
refresh tdb-Add-configure-options-for-packages.patch
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
arptables-init-busybox.patch
arptables-remove-bashism.patch
removed since they are not available in 0.0.5
refresh 0001-Use-ARPCFLAGS-for-package-specific-compiler-flags.patch
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang isn't suppressing warnings from system headers like it should
Fixes
../../git/libknet/transport_udp.c:326:48: error: comparison of integers of different signs: 'unsigned long' and 'int' [-Werror,-Wsign-compare]
for (cmsg = CMSG_FIRSTHDR(&msg);cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
^~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rationale can be found in the Debian packaging (debian/changelog):
Revert change enabling SRV functionality, it is disabled by default
upstream and of little benefit to any end user, but adds reasonable
complexity to the code.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- rebased patches
- added two more small patches
- Option --enable-polkit-agent is not available with current NM, removed
- Option --with-libnm-glib is not available with current NM, removed
- New package NM-cloud-setup for new experimental cloud setup feature
- NM tries to re-license from GPL to LGPL, added LGPL to LICENSES
- Removed empty packages libnmutil libnmglib libnmglib-vpn
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
net-snmp/net-snmp-config.h:
- encodes type sizes
- encodes pathing into the libdir
net-snmp-config:
- encodes build configuration data and lib pathing.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
macro-prefix-map points to build WORKDIR which will
cause reproducibilty failures.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version.h contains the configure options passed during the build
which differs between multilibs
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version.h contains the options passed to configure, which includes
the path to the recipe-sysroot on the build host.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Drop unused 0001-dlm-fix-package-qa-error.patch
- Merge appends into main task
- remove explicitly mentioning systemd in deps, systemd bbclass will add it
- Add a patch to fix install using cp cmd to preserve file permissions
Fixes
dlm: /usr/lib/libdlmcontrol.so.3 is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* because sysdig from meta-oe depends on it now, since:
commit ed798c7643
Author: Khem Raj <raj.khem@gmail.com>
Date: Wed Jan 2 17:59:20 2019 -0800
sysdig: Upgrade to 0.26.5
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Building an SDK with this included fails:
* calculate_dependencies_for: Cannot satisfy the following dependencies for ncp-dev:
* libowfat (= 0.32-r0) *
* opkg_solver_install: Cannot install package ncp-dev.
libowfat only provides a static library, so there no
${PN} package is created by default.
Add ALLOW_EMPTY_${PN} = "1" to allow creation of an empty
${PN} package.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| DEBUG: Executing shell function autotools_preconfigure
| NOTE: make clean
| (cd ftp && make clean)
| make[1]: Entering directory '/project/tmp/work/i586-oe-linux/netkit-ftp/0.17-r0/netkit-ftp-0.17/ftp'
| Makefile:3: ../MCONFIG: No such file or directory
| make[1]: *** No rule to make target '../MCONFIG'. Stop.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-librdmacm-Use-sched_yield-instead-of-pthread_yield.patch
removed because it is included in 28.0.
refresh 0001-Remove-man-files-which-cant-be-built.patch
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ipmi_serial_bmc_emu.c-include-readline.h-from-readli.patch
removed because it is included in 2.0.28.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Open-LLDP provides a Link Layer Discovery Protocol agent that supports
DCB (Data Center Bridging). The tc utility from iproute is needed to
manipulate traffic control settings in the kernel.
Signed-off-by: Jonathan Richardson <jonathan.richardson@broadcom.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nodejs from meta-oe depends on this since:
commit 76dd3dac1f
Author: André Draszik <git@andred.net>
Date: Tue Oct 29 16:42:24 2019 +0000
nodejs: allow use of system c-ares (and make default)
Use system c-ares via PACKAGECONFIG by default. So far,
nodejs had been built using its embedded copy of c-ares,
which we generally try to avoid, for the known reasons
(independent updates, cve & license checks, etc).
Notes:
* otherwise nodejs uses its bundled version of c-ares
* the PACKAGECONFIG variable is 'ares' so as to be in
line with other uses of this (wget & curl recipes in
OE core)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Package-owned tmpfiles snippets belong in /usr/lib/tmpfiles.d,
/etc/tmpfiles.d is for administrator customisations.
Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openconnect puts the default absolute path to the vpnc-script into
its binary from the --with-vpnc-script configure options.
So do not prepend the value with the path to the OE sysroot.
RDEPEND on vpnc-script to have the script from vpnc installed on target.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vpnc-script can be used unchanged with the openconnect package. Provide
it in its own package and make vpnc RDEPEND on it.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Apple's default implementation of the Posix backend for mDNSResponder
has a number of weaknesses. Address several of them, most notably:
* Improve interface tracking, preventing confusion to mdns's state
machine. Prevents spurious removal/republication cycles whenever
network interfaces are added or removed.
* Support network interfaces whose indeces are great than 31. Indices
grow past that range surprisingly quickly, especially with multi-
homed, mobile, wifi, Bluetooth, VPN, VLANs, or other interfaces
present.
* Correctly handle edge cases during removal of a network interface.
The fixes are kept as a patch series for clarity.
Signed-off-by: Matt Hoosier <matt.hoosier@garmin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nng is the nanomsg project's rewrite of their libnanomsg library. Just
like nanomsg it is a socket library that provides several common
communication patterns.
Unlike nanomsg it does not normally provide a number of tools and we do
not attempt to add them here. We allow for optional mbedtls support.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
dnssec-conf relies heavily on python2 code and was not updated since
2010.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update recipe to include support for python3. Introduce a patch which
converts samples to utilize pytho3 on the target.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This aids cross-building, otherwise configure goes into weeks to find
these especially python-config and starts to poke at host files e.g.
if /etc/debian_release exists then it errors out, but if it does not
then it deploys a workaround and continues build, as a result we see
ntop fail the build on debian-like build hosts but not on others eg.
archlinux
Ensure that linking with libpython happens therefore use
python3-config --libs --embed
Fixes
checking for arm-yoe-linux-gnueabi-python-config... no
checking for python-config... no
Please install python-dev and rerun configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
coreutils-native tool dependency was implicitly met while building with
source GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
gettext tool dependency was implicitly met while building with source
GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As TARGET_PREFIX may vary from source GCC tool-set to external GCC
tool-set. Also, libtool-cross is installed in recipe sysroot using
HOST_SYS variable only.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
flex-native tool dependency was implicitly met while building with
source GCC tool-set which isn't the case with external tool-set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change makes the parsing go though, we still might have build
issues, which will be reported in world builds seprately
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-files/0001-dhcpcd-Fix-build-error-with-musl.patch
Removed since this is included in 8.1.5.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport the CVE patch from the upstream to fix the memory leak.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
plugins tab and about dialog have created dependency with commit[1]
this fails to build when qt5 is in bblayers
Fixes
wireshark-3.2.0/ui/qt/about_dialog.cpp:137:29: error: 'plugins_add_description' was not declared in this scope; did you mean 'plugins_get_descriptions'?
137 | extcap_get_descriptions(plugins_add_description, &plugin_data);
| ^~~~~~~~~~~~~~~~~~~~~~~
| plugins_get_descriptions
[1] 5dfde7ff83
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-gcc-6-conflicts-signbit.patch
Removed since they are included in 4.9.0
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes:
CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
See: https://www.samba.org/samba/history/samba-4.10.11.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
