Fix the following ptest output format issues:
- For "sed" command, change "-e" option to "-E" option. I believe the
previous "-e" option is a typo based on the manual page of "sed":
-e script, --expression=script
add the script to the commands to be executed
"-E" option, on the other hand, makes "sed" "use extended regular
expressions in the script" according to the manual page.
- The test result summary line is being treated as both a passed
testcase and a failed testcase due to this line containing substring
"[OK]" and "[FAILED]". The following is a sample test result summary
line:
I: results: [OK] 379 [SKIPPED] 1 [FAILED] 0 [TOTAL] 380
The fix is to change run-ptest to look for "I: [OK]" and
"W: [FAILED]" when determining which lines correspond to
passed/failed testcases.
- Previously, only "W: [FAILED]" out of the following testcase failure
prompts is parsed:
W: [CHK DUMP]
W: [VALGRIND]
W: [TAINTED]
W: [DUMP FAIL]
W: [FAILED]
Adding parsing for all testcase failure prompts.
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Add --without-rlm_json to fix:
configure: error: set --without-rlm_json to disable it explicitly
* Add --without-rlm_cache_redis to fix:
configure: error: set --without-rlm_cache_redis to disable it explicitly.
* Drop 0017-add-python.m4-for-detecting-python-3.10.patch and add
0017-Add-acinclude.m4-to-include-required-macros.patch to fix python3 related
build errors
* Rebased other patches for 3.2.3.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bugfix:
=========
-wnpa-sec-2024-06 T.38 dissector crash.
-Extcap with configuration never starts; "Configure all extcaps before start of capture." is shown instead.
-Packet Dissection CSV Export includes last column even if hidden.
-Inject TLS secrets closes Wireshark on Windows.
-Wireshark crashes when adding another port to the HTTP dissector.
-When adding a new row to a table an error report may be inserted.
-'--export-objects' does not work as expected on tshark version later than 3.2.10.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Curl for People C++ Requests is a simple wrapper around
libcurl inspired by the excellent Python Requests project.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The last patch 0012-Fix-configuration-of-NETSNMP_FD_MASK_TYPE.patch
brought in with 5.9.4 upgrade is not sufficient and infact has a regression
introduced for clang+musl builds.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Update copyright years to 2024
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst
Security fixes:
CVE-2024-27459: Windows: fix a possible stack overflow in the
interactive service component which might lead to a local privilege
escalation.
CVE-2024-24974: Windows: disallow access to the interactive service pipe
from remote computers.
CVE-2024-27903: Windows: disallow loading of plugins from untrusted
installation paths, which could be used to attack openvpn.exe via a
malicious plugin. Plugins can now only be loaded from the OpenVPN
install directory, the Windows system directory, and possibly from a
directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.
CVE-2024-1305: Windows TAP driver: Fix potential integer overflow in
!TapSharedSendPacket.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Improve performance when getting interface status
- update project URL
- Add environment variables to manpage.
- Don't start the daemon if there's nothing to do
- _interface_scan: fix wrong index into iface map
- _interface_scan: force handle_state for new interfaces
- Add missing administrative state 'initialized'
- use os.path.dirname instead of os.path.basename
- make sure scripts are not writeable by non-root users
- don't allow unknown operational/admin states (CVE-2022-29799, CVE-2022-29800)
- Fix missing word in exception message
- fix some new linting issues from pylint
- manpage: fix missing slash in "configured.d" directory name
- Normalize parsed IP address value
- Drop support for Python 3.4
- Add testing for Python 3.10
- README.md: fix code formatting
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* as oe-core did in:
https://git.openembedded.org/openembedded-core/commit/?id=d4c346e8ab
* when people are have to maintain own PRs for recipes in oe-core, they
might add them for meta-oe recipes at the same time when upgrading
to next LTS
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* add Pending to .patch files where it was accidentally droped
with upgrades or modifications in:
f88e5b146e postgresql: upgrade 15.5 -> 16.2
c904e169db multipath-tools: upgrade 0.9.3 -> 0.9.8
105be9b3d9 unionfs-fuse: upgrade 2.2 --> 3.4
or new patches where the author didn't notice/care:
2a7f74cdb0 dropwatch: Use header files from sysroot instead of build host
f5cc9f272a yasm: improve reproducibility
39028d0d9d python3-pybind11: Restore strip prevention patch
authors of these added to CC, please be more careful with removing
or not adding these or enable patch-status in ERROR_QA for your
builds, see:
https://lists.openembedded.org/g/openembedded-core/topic/104922136#197113
* added with:
for p in `/OE/layers/openembedded-core/scripts/contrib/patchreview.py -v . | grep Missing.Upstream-Status.tag | sed 's/.*(//g;s/)$//g'`; do grep -q ^Upstream-Status: $p || sed -i "s/^---$/\nUpstream-Status: Pending\n---/g" $p; grep -q ^Upstream-Status: $p || sed -i "1iUpstream-Status: Pending\n" $p; done
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We're seeing errors like below in log.do_configure:
./conftest: cannot execute binary file: Exec format error
The tcprelay's configure have two places to execute ./conftest.
And the result happens to be correct even with the error above.
Instead of leaving the errors as they are, we explicitly skip
running ./conftest in case of cross compiling. The build will
continue to succeed and result will remain the same.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/net-snmp/net-snmp/blob/V5-9-patches/CHANGES
* Refresh patches
* Drop backport CVE patch
* Drop 0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch as the
issue has been fixed upstream.
* Add a patch to fix build on musl
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.46.0/NEWS
Highlights:
- Drop build with python2, python3 is now required
- Support randomizing the MAC address based on the Wi-Fi network
- IPv4 DAD (Duplicate Address Detection) enabled by default
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.72
License-Update: Copyright year updated to 2024.
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.2.1.
- OpenSSL FIPS Provider updated to version 3.0.8.
* Bugfixes
- Fixed SSL_CTX_new() errors handling.
- Fixed OPENSSL_NO_PSK builds.
- Android build updated for NDK r23c.
- stunnel.nsi updated for Debian 12.
- Fixed tests with OpenSSL older than 1.0.2.
- Fixed the console output of tstunnel.exe.
- Fixed TLS socket EOF handling with OpenSSL 3.x.
This bug caused major interoperability issues between
stunnel built with OpenSSL 3.x and Microsoft's
Schannel Security Support Provider (SSP).
- Fixed reading certificate chains from PKCS#12 files.
* Features sponsored by SAE IT-systems
- OCSP stapling is requested and verified in the client mode.
- Using "verifyChain" automatically enables OCSP
stapling in the client mode.
- OCSP stapling is always available in the server mode.
- An inconclusive OCSP verification breaks TLS negotiation.
This can be disabled with "OCSPrequire = no".
- Added the "TIMEOUTocsp" option to control the maximum
time allowed for connecting an OCSP responder.
* Features
- Added support for Red Hat OpenSSL 3.x patches.
- Added configurable delay for the "retry" option.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
-updates translations, and tightens OpenSSL/wolfSSL version requirements in order
to track their security fixes and deprecations.
OpenSSL 3.0.9, 3.1.4, 3.2.0 and wolfSSL 5.6.2 (or newer on the respective compatible branches) remain supported.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
drbd-utils configure step check the build host udev version to enable
or disable the target udev rule. This leads to a clear
non-reproducibility.
This patch fixes this by adding a configure option to the configure step
which allows to skip the udev version checks and unconditionally enable
the udev rule.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Line "DRBD mirrors a block device over the network to another machine"
is written twice in DESCRIPTION.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
rebased patches:
0001-drbd-utils-support-usrmerge.patch
0001-drbdmon-add-LDFLAGS-when-linking.patch
removed patches that already in upstream code repository
0001-replace-off64_t-with-off_t.patch
0002-drbdadm-drop-use-of-GLOB_MAGCHAR-use-strchr-heuristi.patch
add keyutils depends
Change log
==========
9.27.0
* adjust,v9: retry for diskless primaries
* tests: sanitize env (e.g., TZ)
* drbdmeta: dump and restore the members field
9.26.0
* config,v9: new config option load-balance-paths
* config,v9: new config options rdma-ctrls-(snd|rcv)buf-size
* drbdadm,v9: fix segfault if proxy has no path
* drbd: increase maximum CPU mask size
* systemd: introduce drbd-graceful-shutdown.service
* drbdmeta,v9: fix regression, allow attach after offline resize
* drbdsetup,v9: add path established information to JSON status
* events2: terminate on module unload even under --poll
* events2: specif exit code if module unload
* docs: add spdx license file
* drbdmon: various smaller improvements
* drbdsetup,v9: support for TLS/kTLS
9.25.0
* drbdsetup,v9,show: fix meta disk format for json
* drbdmon: various updates
* build: fix RHEL6 spec builds
* drbdmeta: {hex,}dump superblock
* drbdmon: major rewrite
* build: gcc v12 cleanups
* misc: put locks into separate dir
* selinux: add fowner fsetsid, they dropped a global noaudit rule
9.24.0
* windrbd: various fixes
* v9: Support user-defined block-size
* doc,v9: improvements all over the place
* drbdadm,v9: implement drbdadm role <res:peer>
* drbdadm,v9: pass --verbose/--statistics to drbdsetup status
* drbd{adm,meta}: add repair-md subcommand
9.23.1
* drbdadm,v9,resync-after: fix too strict check
9.23.0
* drbdadm,v9,floating: fixup fake uname for 9.2.x strict_names=1
* drbdadm,v9,parser: fixup globs, also rm GNU libc specific extensions
* drbdadm,v9,parser: allow via outside-address for NATed peers
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We encountered a do_configure error when using dash on Ubuntu 20.04:
conftest.c:31:26: fatal error: Python.h: No such file or directory
31 | #include <Python.h>
| ^~~~~~~~~~
It seems that PYTHON_CPPFLAGS is not passed to configure command
correctly. Use configuration option --with-pythoncflags instead of
passing it in cmdline.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it uses gdbus-codegen from glib-2.0-native which depended
on python3-distutils-native until
https://lists.openembedded.org/g/openembedded-core/message/196136
but distutils on host was enforced by sanity check only until mickledore with:
https://git.openembedded.org/openembedded-core/commit/?id=8e3a5b0709384f2b455a82ac1e8e212686fe4456
so on hosts without distutils this was already failing with:
http://errors.yoctoproject.org/Errors/Details/754697/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import distutils.version
ModuleNotFoundError: No module named 'distutils'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
and the glib-2.0-native change only changes the dependency from
distutils to packaging which results in:
http://errors.yoctoproject.org/Errors/Details/754693/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import packaging.version
ModuleNotFoundError: No module named 'packaging'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
* packaging probably isn't as wide spread on host distros as old
distutils was, so make sure it's available by using
python3-native with python3-packaging-native from OE build
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes CVE-2023-50387 and CVE-2023-50868
Remove backported CVE patch.
Remove patch for lua as hardcoding lua version was removed.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: lib32-snort3-3+git-r0 do_populate_sysroot: QA Issue: snort.pc failed sanity test (tmpdir) in path lib32-snort3/3+git/sysroot-destdir/usr/lib/pkg
* it's broken for non-multilib builds as well, the issue is that
FLEX_CPPFLAGS points to native include dir, e.g.
FLEX_CPPFLAGS=-I/OE/../lib32-snort3/3+git/recipe-sysroot-native/usr/include
and the work around from:
9736478480
sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/pkgconfig/snort.pc
strips the "/OE/../lib32-snort3/3+git/recipe-sysroot" part in non-multilib
case, but leaves:
FLEX_CPPFLAGS=-I-native/usr/include
which is still wrong, but not detected by buildpaths QA check anymore
and in multilib case, this didn't strip the first part because the
target sysroot is:
"/OE/../lib32-snort3/3+git/lib32-recipe-sysroot"
so it didn't strip anything from native sysroot:
"/OE/../lib32-snort3/3+git/recipe-sysroot-native"
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
wavemon is an ncurses-based monitoring application for wireless network
devices on Linux.
We have to provide the path to libnl3 headers since the build system is
not able to find them.
In order to workaround a link issue with pthread library, we have to
add -pthread to CFLAGS in order to add the library after the object
file.
arm-none-linux-gnueabihf/bin/ld: info_scr.o: undefined reference to symbol 'pthread_mutex_trylock@@GLIBC_2.4'
[...]/wavemon/0.9.5-r0/recipe-sysroot/lib/libpthread.so.0: error adding symbols: DSO missing from command line
"We should mention the library on the command line after the object files being compiled" [1]
[1] https://stackoverflow.com/questions/19901934/libpthread-so-0-error-adding-symbols-dso-missing-from-command-line
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If llvm unwind is present then disable unwinding support since it will
not have all unw_* functions eg. unw_strerror
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort2 is legacy now.
See more: https://github.com/snort3/snort3
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort3 depends on it.
snort3 recipe will be provided in next commit.
See more: https://github.com/snort3/libdaq
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ERROR: samba-4.19.4-r0 do_package: QA Issue: samba: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/samba/domain_update.py
/usr/lib/python3.12/site-packages/samba/ntstatus.so
/usr/lib/python3.12/site-packages/samba/descriptor.py
......
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python 2 is long unsupported, so we no longer need this variable
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it does not match with our real head file form kernel.(net_dropmon.h)
net_dropmon.h in dropwatch local src/net_dropmon.h.
linux kernel also have it in include/uapi/linux/net_dropmon.h
for example,our kernel is linux5.10:
diff tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/recipe-sysroot/usr/
include/linux/net_dropmon.h tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/git/src/net_dropmon.h
1c1,3
<
95a94
> NET_DM_ATTR_REASON, /* string */
it will cause mismatch when we use dropwatch in older kernel version(v5.10),
will cause dropwatch and kernel drop_monitor module mismatch with netlink talk.
we should build it with header from sysroot which comes from matching
kernel.
Signed-off-by: chenheyun <chen_heyun@163.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In reproducible test, useradd config comes from static files:
meta-networking/files/static-{passwd,group}-meta-networking
Those files were not coherent :
* an unused "rasvd" was defined (a typo for "radvd")
* passwd referenced a unexisting group id.
This patch aligns static files to the USERADD_PARAM recipe value.
This will fix the errors seen during reproducibility tests:
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: radvd: useradd command did not succeed.
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: ExecutionError('/home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/run.useradd_sysroot.1178426', 1, None, None)
stdio: ERROR: Logfile of failure stored in: /home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/log.do_prepare_recipe_sysroot.1178426
stdio: ERROR: Task (/home/pokybuild/yocto-worker/reproducible-meta-oe/build/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb:do_prepare_recipe_sysroot) failed with exit code '1'
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Use "git archive" for the "make releasetar" process.
- Makefile.in: Add the releasecheck target.
- Cirrus CI: Add the "make releasecheck" command in the Linux task.
- INSTALL.md: Add missing files.
- Makefile.in: Add "make -s install" in the releasecheck target.
- Makefile.in: Add the whitespacecheck target.
- Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
- Makefile.in: Add some missing files in the distclean target.
- autoconf: Add autogen.sh, remove configure and config.h.in.
- autoconf: Require at least autoconf 2.69.
- autoconf: Address most warnings from Autoconf 2.71.
- autoconf: Update install-sh script to the latest available version.
- autoconf: Update config.{guess,sub}, timestamps 2024-01-01
- Fix a build error on Haiku.
- Do the version number the same way as in tcpdump and libpcap.
- Lose unused missing/strlcpy.c.
- Use posix_fadvise() on input files if available.
- Prefer calloc() over malloc().
- Fix --static-pcap-only test on Solaris 10.
- autoconf: replace --with-system-libpcap with --disable-local-libpcap.
- autoconf: Find a local libpcap even with rcX directory suffix
- configure: special-case macOS /usr/bin/pcap-config
- On Solaris, for 64-bit builds, use the 64-bit pcap-config.
- configure: don't use egrep, use $EGREP.
- Add some warning flags for Clang 13 or newer.
- Fix some warnings with -Wmissing-variable-declarations.
- Make various improvements to the instrument functions.
- autoconf: Remove many obsolete elements, including workarounds for BSD/OS,
IRIX, OSF/1, Solaris, Ultrix and possibly other OSes.
- autoconf: Refine reporting of os-proto.h.
- tcpslice(1): Use bold font more consistently.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- MS Windows portability improvements and some documentation improvements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
-Fixed #1105 which caused a SIGBUS on some some platforms due misaligned accesses.
-Fixed a problem when using absolute CMake target directories.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
DumpStateLog() calls LogMsgWithLevelv() with category == NULL, avoid
crashing in this case.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When adding scapy to core-image-base from poky those dependecies were
missing causing scapys start to fail.
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
-sharkd is not installed by the Windows installer.
-Fuzz job crash output: fuzz-2024-01-01-7740.pcap.
-Can't open a snoop file from the Open dialog box unless I select \"All files\" as the file type.
-Add s4607 dissector to \"decode as\"
-Updater for 4.2.1 hangs.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Dropwatch is a utility to help developers and system administrators to
diagnose problems in the Linux Networking stack, specifically their
ability to diagnose where packets are getting dropped.
References:
* https://github.com/nhorman/dropwatch
Signed-off-by: Christophe Vu-Brugier <christophe.vu-brugier@seagate.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes installed-vs-shipped when libdir in target is different than in
native python e.g. with multilib enabled:
ERROR: QA Issue: libtdb: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/tdb.so
/usr/lib/python3.12/site-packages/_tdb_text.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libtdb: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: QA Issue: libtalloc: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/talloc.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libtalloc: 1 installed and not shipped files. [installed-vs-shipped]
ERROR: QA Issue: libtevent: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/_tevent.so
/usr/lib/python3.12/site-packages/tevent.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-libtevent: 2 installed and not shipped files. [installed-vs-shipped]
* waflib has some fallback to query distutils when PYTHONARCHDIR isn't
set in environment as in:
84c26588fc
but this still returns wrong value from
print(get_python_lib(plat_specific=1, standard_lib=0, prefix='/usr'))
e.g.
/usr/lib/python3.12/site-packages
matching native layout instead of:
/usr/lib64/python3.12/site-packages
* python3targetconfig inherit breaks waflib as well as shown in config.log:
['libtdb/1.4.9/recipe-sysroot-native/usr/bin/python3-native/python3', '-c', "\ntry:\n\tfrom distutils.sysconfig import get_config_var, get_python_lib\nexcept ImportError:\n\tfrom sysconfig import get_config_var, get_path\n\tdef get_python_lib(*k, **kw):\n\t\tkeyword='platlib' if kw.get('plat_specific') else 'purelib'\n\t\tif 'prefix' in kw:\n\t\t\treturn get_path(keyword, vars={'installed_base': kw['prefix'], 'platbase': kw['prefix']})\n\t\treturn get_path(keyword)\n\nprint(repr(get_python_lib(standard_lib=0, prefix='/usr') or ''))"]
err: Traceback (most recent call last):
File "<string>", line 12, in <module>
File "<string>", line 9, in get_python_lib
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 636, in get_path
return get_paths(scheme, vars, expand)[name]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 626, in get_paths
return _expand_vars(scheme, vars)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 270, in _expand_vars
_extend_dict(vars, get_config_vars())
^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 728, in get_config_vars
_init_config_vars()
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 670, in _init_config_vars
_init_posix(_CONFIG_VARS)
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 536, in _init_posix
_temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ModuleNotFoundError: No module named '_sysconfigdata'
* setting PYTHONARCHDIR is simplest fix
* this also fixes libldb failure when it fails to find e.g. tevent after
these installed-vs-shipped issues instealled it in wrong libdir:
Checking for system tevent (>=0.15.0) : yes
Traceback (most recent call last):
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 159, in waf_entry_point
run_commands()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 255, in run_commands
ctx = run_command(cmd_name)
^^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 239, in run_command
ctx.execute()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Configure.py", line 159, in execute
super(ConfigurationContext, self).execute()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 214, in execute
self.recurse([os.path.dirname(g_module.root_path)])
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 296, in recurse
user_function(self)
File "lib32-libldb/2.8.0/ldb-2.8.0/wscript", line 54, in configure
conf.RECURSE('lib/tevent')
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 66, in fun
return f(*k, **kw)
^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 469, in RECURSE
return ctx.recurse(relpath)
^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 296, in recurse
user_function(self)
File "lib32-libldb/2.8.0/ldb-2.8.0/lib/tevent/wscript", line 51, in configure
conf.CHECK_BUNDLED_SYSTEM_PYTHON('pytevent', 'tevent', minversion=VERSION):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 66, in fun
return f(*k, **kw)
^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_bundled.py", line 270, in CHECK_BUNDLED_SYSTEM_PYTHON
if not found and not conf.LIB_MAY_BE_BUNDLED(libname):
^^^^^
UnboundLocalError: cannot access local variable 'found' where it is not associated with a value
and then it needs PYTHONARCHDIR as well to fix:
ERROR: libldb-2.8.0-r0 do_package: QA Issue: libldb: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/python3.12
/usr/lib/python3.12/site-packages
/usr/lib/python3.12/site-packages/_ldb_text.py
/usr/lib/python3.12/site-packages/ldb.so
/usr/lib/python3.12/site-packages/.debug
/usr/lib/python3.12/site-packages/.debug/ldb.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libldb: 7 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Error: Transaction test error:
file /usr/share/yang/ietf-interfaces.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.cortexa57 and frr-9.1-r1.cortexa57
libsmi also uses the doc 'ietf-interfaces.yang'.
libsmi has a priority of 50.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
* Multiple registers can now be dumped at once, via the generic dump
operation.
* Relax the driver matching to accept the strings used in kernels 6.2
and newer.
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog
========
* Add support for AES-GCM-SIV in GnuTLS
* Add support for corrections from PTP transparent clocks
* Add support for systemd socket activation
* Fix presend in interleaved mode
* Fix reloading of modified sources from sourcedir
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libldb.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtevent.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtalloc.
* Add ptest.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtdb.
* Add ptest.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
By default keepalived installs a bunch of sample configurations to
/etc/keepalived/samples. These are good demonstrations but will almost
certainly not apply to any real world situation.
Move the sample files to a separate package.
Signed-off-by: Jordan Crouse <jorcrous@amazon.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Bug 5328: Fix ESI build with libxml2 v2.12.0
- Bug 5319: QOS Netfilter MARK preservation is always disabled
- Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data"
- Bug 5317: FATAL attempt to read data from memory
- Bug 5154: Do not open IPv6 sockets when IPv6 is disabled
- FTP: Ignore credentials with a NUL-prefixed username
- log_db_daemon: Fix DSN construction
- Limit the number of allowed X-Forwarded-For hops
- Do not update StoreEntry expiration after errorAppendEntry()
- improve handling of response sending errors
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This resolves dependency on removed python distutils in particular.
openipmi-remove-host-path-from-la_LDFLAGS.patch is removed
as issue is fixed upstream.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the latest stable release of the Samba 4.18 release series.
It contains the security-relevant bugfix CVE-2018-14628:
Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
allow read of object tombstones over LDAP
(Administrator action required!)
https://www.samba.org/samba/security/CVE-2018-14628.html
Release Notes:
https://www.samba.org/samba/history/samba-4.18.9.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the nmtui being now handled via tha PACKAGECONFIG, there is no need
for the global libnewt dependency, PACKAGECONFIG["nmtui"] handles it
correctrly. Drop the libnewt from DEPENDS list.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
-A memory leak fix in the prior version wasn't applied correctly, resulting
in an invalid memory access causing a crash.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Install headers so that dependencies can use this to build against. Make
`brssl` executable, fixup library soname. Drop patches which change
build flags in favour of command line overrides. Add support for static
build.
Changes:
Thomas Pornin (4):
Added generic API for date range validation (with callbacks).
Fixed RSA PSS verificatiobn bug (when hash_len != salt_len).
Added macro that indicates presence of the time callback feature. Also added C++ compatibility.
Fixed spurious warning about old-style prototype.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- to build and package nmtui
- to automatically append networkmanager-adsl and
networkmanager-wwan in recommended packages.
- to fix an invalid-packageconfig QA issue that is raised when
adsl and wwan are added in pkgconfig.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX.
Changes:
Dave Rodgman (12):
Header updates
Fix some non-standard headers
Update documentation
Add Changelog for license
Update license for p256-m
README improvements to 3rdparty section
assemble Changelog
Fix typos in changelog
Bump version
Update BRANCHES
Update Changelog with bugfix entry
Add docs re Everest license
David Horstmann (1):
Fix 3rdparty target names for custom config
License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The SUMMARY and DESCRIPTION are taken from Arch Linux wiki page:
https://wiki.archlinux.org/title/NetworkManager
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes:
| Dependency spice-server found: NO found UNKNOWN but need: '>=0.14.0'
| Run-time dependency spice-server found: NO
|
| ../qemu-8.1.2/meson.build:1038:10: ERROR: Dependency lookup for spice-server
with method 'pkgconfig' failed: Invalid version, need 'spice-server'
['>=0.14.0'] found 'UNKNOWN'.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Integrate the upstream unit file into the recipe.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Move the config files to a separate squid-conf package. This allows
shipping new configs via a custom conf package.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This
allows building squid without authentication support and all its related
dependencies.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This enables the networkmanager dispatcher to reload squid automatically
on network changes. This idea is from the Fedora package where they do
the same:
https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh patches and clean up ones that are no longer needed:
* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
cd3dc147bf8abc0225237ced865c6660fffcb63a
Fix squid-conf-tests to allow running on target device.
License change: Update year
The version update eliminates the following CVEs:
* CVE-2023-5824 (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-tools-make-quiet-actually-suppress-output.patch
CVE-2023-46752.patch
CVE-2023-46753.patch
CVE-2023-47234.patch
CVE-2023-47235.patch
removed since they're included in 9.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Otherwise install packages reported warning at do_rootfs
...log.do_rootfs...
Installing : freeradius-ldap-3.0.26-r0.corei7_64 1235/1236
warning: user radiusd does not exist - using root
warning: group radiusd does not exist - using root
Installing : freeradius-krb5-3.0.26-r0.corei7_64 1236/1236
warning: user radiusd does not exist - using root
...log.do_rootfs...
The user/group radiusd is added by package freeradius,
explicitly made the sub packages to runtime depends on freeradius
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Put sip_monitor, sip_reg and sip_storm in a separate libexosip2-tools
package as they won't be needed most of the time.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
They are enabled by default as libexosip2 works better with those.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fixed a vulnerability in charon-tkm related to processing DH public values
that can lead to a buffer overflow and potentially remote code execution.
- The new `pki --ocsp` command produces OCSP responses based on certificate
status information provided by plugins.
- The cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
- The --priv argument for charon-cmd allows using any type of private key.
- Support for nameConstraints of type iPAddress has been added (the openssl
plugin previously didn't support nameConstraints at all).
- SANs of type uniformResourceIdentifier can now be encoded in certificates.
- Password-less PKCS#12 and PKCS#8 files are supported.
- A new global option allows preventing peers from authenticating with trusted
end-entity certificates (i.e. local certificates).
- ECDSA public keys that encode curve parameters explicitly are now rejected by
all plugins that support ECDSA.
- charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can
also use the name in connection.interface-name.
- The resolve plugin tries to maintain the order of installed DNS servers.
- The kernel-libipsec plugin always installs routes even if no address is found
in the local traffic selectors.
- Increased the default receive buffer size for Netlink sockets to 8 MiB and
simplified its configuration.
- Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of
always generating a hash of the subjectPublicKey.
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors.
- Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT,
instead callbacks are always invoked even if only errors are signaled.
- Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when
handling invalid messages.
- Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs.
- Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if
CHILD_SA is not found during rekeying.
- The testing environment is now based on Debian 12 (bookworm), by default.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
-Fixed bug that caused crash when a CLIENT_KEY arrived out of order
-Fixed option handling on Windows when an argument is missing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
dco: fix crash when --multihome is used with --proto tcp
Mock openvpn_exece on win32 also for test_tls_crypt
Add warning for the --show-groups command that some groups are missing
Print peer temporary key details
Add warning if a p2p NCP client connects to a p2mp server
Remove openssl engine method for loading the key
Remove saving initial frame code
Double check that we do not use a freed buffer when freeing a session
Fix using to_link buffer after freed
GHA: do not trigger builds in openvpn-build anymore
GHA: new workflow to submit scan to Coverity Scan service
buffer: use memcpy in buf_catrunc
vcpkg-ports/pkcs11-helper: Backport MinGW series from master to release/2.6
CMake: backport CMake buildsystem from master to release/2.6
Remove all traces of the previous MSVC build system
doc: fix argument name in --route-delay documentation
dns option: remove support for exclude-domains
Warn user if INFO control command is too long
dco-win: get driver version
dco: warn if DATA_V1 packets are sent to userspace
Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant
Log OpenSSL errors on failure to set certificate
configure: disable engines if OPENSSL_NO_ENGINE is defined
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
* fix "Peer refused to agree to his IP address" message, again
* deprecate option --plugin
* better masking of password in logs
* break on reading 0 from ppp pty, for non-Linux systems
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Patches removed because fixed in the new version.
Changelog:
- Various fixes around the build process (esp. cmake support + string.h include fixes)
- Stronger cmake support, updated autotools and a few smaller fixes.
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
=========================
- Added "-DCIVETWEB_SSL_OPENSSL_API_3_0=ON" because of following error:
civetweb.c:1561:2: error: #error "Please define OPENSSL_API_#_# or USE_MBEDTLS"
You may also want to check out the available CMake options here:
d7ba35bbb6/CMakeLists.txt
=========================
Changelog:
d7ba35bbb6/RELEASE_NOTES.md
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Condition the creation of some files and their consequences to a
PACKAGECONFIG, which can be overridden outside the meta layer.
It removes the sub package wireguard-tools-wg-quick as PACKAGECONFIG is
supposed to work to configure a package only, and not deal with
sub packages.
Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites
* Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH
* Includes aesce compilation fixes
Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
The extra patch fixes x86 32-bit builds.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
OpenBMC enables SPDX SBOM generation by default. For Meta's Bletchley
platform we found that mdio-tools and its relationships with both
mdio-netlink and the mdio-netlink kernel module break SPDX processing
while generating the rootfs after a kernel bump. For example, the
following output was generated by `bitbake obmc-phosphor-image`:
ERROR: obmc-phosphor-image-1.0-r0 do_rootfs: Cannot find any SPDX file for document http://spdx.org/spdxdoc/kernel-module-mdio-netlink-6.5.4-da279e9-00089-gda279e98c07f-89187488-3164-50cb-94c5-8b76a30ea093
The error occurred after the following patch was applied (again, in the
context of OpenBMC):
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
index e6f98297c540..b852e993f0f6 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
@@ -1,6 +1,6 @@
KBRANCH ?= "dev-6.5"
-LINUX_VERSION ?= "6.5.4"
+LINUX_VERSION ?= "6.5.9"
-SRCREV="da279e98c07f9c948c60a434ab0043a55c26ea1d"
+SRCREV="fc8d4fdba5bd2b9b1cea2aa8a731531943c45aa7"
require linux-aspeed.inc
With the lack of a dependency the mdio-tools package is not rebuilt
subsequent to the kernel bump and the package information remains stale,
leading to an incorrect SPDX path being generated.
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Support for building from native was removed in commit e1b332f2e
(meta-networking: Drop broken BBCLASSEXTEND variants), most likely due
to no support for building libwebsockets-native. That support has now
been added, so it is now possible to build mosquitto-native again.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bugfix:
Error loading g729.so plugin with Wireshark 4.0.9 and 3.6.17 on macOS.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This release fixes several regressions in 1.4.7 with the -U/--update and
-D/--delete commands.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* Clean up use of tags.
* Support for MacOS with Contiki-NG builds.
* Support for Windows with OpenSSL 3.x builds.
* Reported bugs fixed.
* Documentation updated.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When this feature is enabled by default in packageconfig
this implies a dependency to python3-dnspython which is in meta-python.
Disable ac-dc PACKAGECONFIG by default to avoid adding a layer
dependency only for this feature.
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libexosip2 extends the capabilities of the osip2 library. It can be a
useful building block for an embedded device application.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The GNU oSIP library is an implementation of SIP - rfc3261. It can be a
useful building block for an embedded device application.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Do not use bundled cmocka to get rid of bundled library
libcmocka-samba4.so.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In order to pass reproducible tests, recipes that use the
useradd class must have static ids configured.
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These are test images to build all recipes in layer. Renaming them makes
them refect what they are. Moreover we can rename the ptest images to
match OE-Core naming conventions for meta-oe/meta-perl/meta-python
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These were essentially duplicates of core-image-minimal, however
core-image-base is a better baseline for upper layers, so switched the
consumers of these images to use core-image-base
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recipe for TAYGA - an out-of-kernel stateless NAT64 implementation for Linux
Signed-off-by: Pawel Langowski <pawel.langowski@3mdeb.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
