We encountered a do_configure error when using dash on Ubuntu 20.04:
conftest.c:31:26: fatal error: Python.h: No such file or directory
31 | #include <Python.h>
| ^~~~~~~~~~
It seems that PYTHON_CPPFLAGS is not passed to configure command
correctly. Use configuration option --with-pythoncflags instead of
passing it in cmdline.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it uses gdbus-codegen from glib-2.0-native which depended
on python3-distutils-native until
https://lists.openembedded.org/g/openembedded-core/message/196136
but distutils on host was enforced by sanity check only until mickledore with:
https://git.openembedded.org/openembedded-core/commit/?id=8e3a5b0709384f2b455a82ac1e8e212686fe4456
so on hosts without distutils this was already failing with:
http://errors.yoctoproject.org/Errors/Details/754697/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import distutils.version
ModuleNotFoundError: No module named 'distutils'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
and the glib-2.0-native change only changes the dependency from
distutils to packaging which results in:
http://errors.yoctoproject.org/Errors/Details/754693/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import packaging.version
ModuleNotFoundError: No module named 'packaging'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
* packaging probably isn't as wide spread on host distros as old
distutils was, so make sure it's available by using
python3-native with python3-packaging-native from OE build
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes CVE-2023-50387 and CVE-2023-50868
Remove backported CVE patch.
Remove patch for lua as hardcoding lua version was removed.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: lib32-snort3-3+git-r0 do_populate_sysroot: QA Issue: snort.pc failed sanity test (tmpdir) in path lib32-snort3/3+git/sysroot-destdir/usr/lib/pkg
* it's broken for non-multilib builds as well, the issue is that
FLEX_CPPFLAGS points to native include dir, e.g.
FLEX_CPPFLAGS=-I/OE/../lib32-snort3/3+git/recipe-sysroot-native/usr/include
and the work around from:
9736478480
sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/pkgconfig/snort.pc
strips the "/OE/../lib32-snort3/3+git/recipe-sysroot" part in non-multilib
case, but leaves:
FLEX_CPPFLAGS=-I-native/usr/include
which is still wrong, but not detected by buildpaths QA check anymore
and in multilib case, this didn't strip the first part because the
target sysroot is:
"/OE/../lib32-snort3/3+git/lib32-recipe-sysroot"
so it didn't strip anything from native sysroot:
"/OE/../lib32-snort3/3+git/recipe-sysroot-native"
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
wavemon is an ncurses-based monitoring application for wireless network
devices on Linux.
We have to provide the path to libnl3 headers since the build system is
not able to find them.
In order to workaround a link issue with pthread library, we have to
add -pthread to CFLAGS in order to add the library after the object
file.
arm-none-linux-gnueabihf/bin/ld: info_scr.o: undefined reference to symbol 'pthread_mutex_trylock@@GLIBC_2.4'
[...]/wavemon/0.9.5-r0/recipe-sysroot/lib/libpthread.so.0: error adding symbols: DSO missing from command line
"We should mention the library on the command line after the object files being compiled" [1]
[1] https://stackoverflow.com/questions/19901934/libpthread-so-0-error-adding-symbols-dso-missing-from-command-line
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If llvm unwind is present then disable unwinding support since it will
not have all unw_* functions eg. unw_strerror
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort2 is legacy now.
See more: https://github.com/snort3/snort3
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort3 depends on it.
snort3 recipe will be provided in next commit.
See more: https://github.com/snort3/libdaq
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ERROR: samba-4.19.4-r0 do_package: QA Issue: samba: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/samba/domain_update.py
/usr/lib/python3.12/site-packages/samba/ntstatus.so
/usr/lib/python3.12/site-packages/samba/descriptor.py
......
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python 2 is long unsupported, so we no longer need this variable
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it does not match with our real head file form kernel.(net_dropmon.h)
net_dropmon.h in dropwatch local src/net_dropmon.h.
linux kernel also have it in include/uapi/linux/net_dropmon.h
for example,our kernel is linux5.10:
diff tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/recipe-sysroot/usr/
include/linux/net_dropmon.h tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/git/src/net_dropmon.h
1c1,3
<
95a94
> NET_DM_ATTR_REASON, /* string */
it will cause mismatch when we use dropwatch in older kernel version(v5.10),
will cause dropwatch and kernel drop_monitor module mismatch with netlink talk.
we should build it with header from sysroot which comes from matching
kernel.
Signed-off-by: chenheyun <chen_heyun@163.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In reproducible test, useradd config comes from static files:
meta-networking/files/static-{passwd,group}-meta-networking
Those files were not coherent :
* an unused "rasvd" was defined (a typo for "radvd")
* passwd referenced a unexisting group id.
This patch aligns static files to the USERADD_PARAM recipe value.
This will fix the errors seen during reproducibility tests:
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: radvd: useradd command did not succeed.
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: ExecutionError('/home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/run.useradd_sysroot.1178426', 1, None, None)
stdio: ERROR: Logfile of failure stored in: /home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/log.do_prepare_recipe_sysroot.1178426
stdio: ERROR: Task (/home/pokybuild/yocto-worker/reproducible-meta-oe/build/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb:do_prepare_recipe_sysroot) failed with exit code '1'
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Use "git archive" for the "make releasetar" process.
- Makefile.in: Add the releasecheck target.
- Cirrus CI: Add the "make releasecheck" command in the Linux task.
- INSTALL.md: Add missing files.
- Makefile.in: Add "make -s install" in the releasecheck target.
- Makefile.in: Add the whitespacecheck target.
- Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
- Makefile.in: Add some missing files in the distclean target.
- autoconf: Add autogen.sh, remove configure and config.h.in.
- autoconf: Require at least autoconf 2.69.
- autoconf: Address most warnings from Autoconf 2.71.
- autoconf: Update install-sh script to the latest available version.
- autoconf: Update config.{guess,sub}, timestamps 2024-01-01
- Fix a build error on Haiku.
- Do the version number the same way as in tcpdump and libpcap.
- Lose unused missing/strlcpy.c.
- Use posix_fadvise() on input files if available.
- Prefer calloc() over malloc().
- Fix --static-pcap-only test on Solaris 10.
- autoconf: replace --with-system-libpcap with --disable-local-libpcap.
- autoconf: Find a local libpcap even with rcX directory suffix
- configure: special-case macOS /usr/bin/pcap-config
- On Solaris, for 64-bit builds, use the 64-bit pcap-config.
- configure: don't use egrep, use $EGREP.
- Add some warning flags for Clang 13 or newer.
- Fix some warnings with -Wmissing-variable-declarations.
- Make various improvements to the instrument functions.
- autoconf: Remove many obsolete elements, including workarounds for BSD/OS,
IRIX, OSF/1, Solaris, Ultrix and possibly other OSes.
- autoconf: Refine reporting of os-proto.h.
- tcpslice(1): Use bold font more consistently.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- MS Windows portability improvements and some documentation improvements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
-Fixed #1105 which caused a SIGBUS on some some platforms due misaligned accesses.
-Fixed a problem when using absolute CMake target directories.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
DumpStateLog() calls LogMsgWithLevelv() with category == NULL, avoid
crashing in this case.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When adding scapy to core-image-base from poky those dependecies were
missing causing scapys start to fail.
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
-sharkd is not installed by the Windows installer.
-Fuzz job crash output: fuzz-2024-01-01-7740.pcap.
-Can't open a snoop file from the Open dialog box unless I select \"All files\" as the file type.
-Add s4607 dissector to \"decode as\"
-Updater for 4.2.1 hangs.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Dropwatch is a utility to help developers and system administrators to
diagnose problems in the Linux Networking stack, specifically their
ability to diagnose where packets are getting dropped.
References:
* https://github.com/nhorman/dropwatch
Signed-off-by: Christophe Vu-Brugier <christophe.vu-brugier@seagate.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes installed-vs-shipped when libdir in target is different than in
native python e.g. with multilib enabled:
ERROR: QA Issue: libtdb: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/tdb.so
/usr/lib/python3.12/site-packages/_tdb_text.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libtdb: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: QA Issue: libtalloc: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/talloc.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libtalloc: 1 installed and not shipped files. [installed-vs-shipped]
ERROR: QA Issue: libtevent: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/_tevent.so
/usr/lib/python3.12/site-packages/tevent.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-libtevent: 2 installed and not shipped files. [installed-vs-shipped]
* waflib has some fallback to query distutils when PYTHONARCHDIR isn't
set in environment as in:
84c26588fc
but this still returns wrong value from
print(get_python_lib(plat_specific=1, standard_lib=0, prefix='/usr'))
e.g.
/usr/lib/python3.12/site-packages
matching native layout instead of:
/usr/lib64/python3.12/site-packages
* python3targetconfig inherit breaks waflib as well as shown in config.log:
['libtdb/1.4.9/recipe-sysroot-native/usr/bin/python3-native/python3', '-c', "\ntry:\n\tfrom distutils.sysconfig import get_config_var, get_python_lib\nexcept ImportError:\n\tfrom sysconfig import get_config_var, get_path\n\tdef get_python_lib(*k, **kw):\n\t\tkeyword='platlib' if kw.get('plat_specific') else 'purelib'\n\t\tif 'prefix' in kw:\n\t\t\treturn get_path(keyword, vars={'installed_base': kw['prefix'], 'platbase': kw['prefix']})\n\t\treturn get_path(keyword)\n\nprint(repr(get_python_lib(standard_lib=0, prefix='/usr') or ''))"]
err: Traceback (most recent call last):
File "<string>", line 12, in <module>
File "<string>", line 9, in get_python_lib
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 636, in get_path
return get_paths(scheme, vars, expand)[name]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 626, in get_paths
return _expand_vars(scheme, vars)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 270, in _expand_vars
_extend_dict(vars, get_config_vars())
^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 728, in get_config_vars
_init_config_vars()
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 670, in _init_config_vars
_init_posix(_CONFIG_VARS)
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 536, in _init_posix
_temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ModuleNotFoundError: No module named '_sysconfigdata'
* setting PYTHONARCHDIR is simplest fix
* this also fixes libldb failure when it fails to find e.g. tevent after
these installed-vs-shipped issues instealled it in wrong libdir:
Checking for system tevent (>=0.15.0) : yes
Traceback (most recent call last):
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 159, in waf_entry_point
run_commands()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 255, in run_commands
ctx = run_command(cmd_name)
^^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 239, in run_command
ctx.execute()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Configure.py", line 159, in execute
super(ConfigurationContext, self).execute()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 214, in execute
self.recurse([os.path.dirname(g_module.root_path)])
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 296, in recurse
user_function(self)
File "lib32-libldb/2.8.0/ldb-2.8.0/wscript", line 54, in configure
conf.RECURSE('lib/tevent')
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 66, in fun
return f(*k, **kw)
^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 469, in RECURSE
return ctx.recurse(relpath)
^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 296, in recurse
user_function(self)
File "lib32-libldb/2.8.0/ldb-2.8.0/lib/tevent/wscript", line 51, in configure
conf.CHECK_BUNDLED_SYSTEM_PYTHON('pytevent', 'tevent', minversion=VERSION):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 66, in fun
return f(*k, **kw)
^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_bundled.py", line 270, in CHECK_BUNDLED_SYSTEM_PYTHON
if not found and not conf.LIB_MAY_BE_BUNDLED(libname):
^^^^^
UnboundLocalError: cannot access local variable 'found' where it is not associated with a value
and then it needs PYTHONARCHDIR as well to fix:
ERROR: libldb-2.8.0-r0 do_package: QA Issue: libldb: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/python3.12
/usr/lib/python3.12/site-packages
/usr/lib/python3.12/site-packages/_ldb_text.py
/usr/lib/python3.12/site-packages/ldb.so
/usr/lib/python3.12/site-packages/.debug
/usr/lib/python3.12/site-packages/.debug/ldb.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libldb: 7 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Error: Transaction test error:
file /usr/share/yang/ietf-interfaces.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.cortexa57 and frr-9.1-r1.cortexa57
libsmi also uses the doc 'ietf-interfaces.yang'.
libsmi has a priority of 50.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
* Multiple registers can now be dumped at once, via the generic dump
operation.
* Relax the driver matching to accept the strings used in kernels 6.2
and newer.
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog
========
* Add support for AES-GCM-SIV in GnuTLS
* Add support for corrections from PTP transparent clocks
* Add support for systemd socket activation
* Fix presend in interleaved mode
* Fix reloading of modified sources from sourcedir
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libldb.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtevent.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtalloc.
* Add ptest.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtdb.
* Add ptest.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
By default keepalived installs a bunch of sample configurations to
/etc/keepalived/samples. These are good demonstrations but will almost
certainly not apply to any real world situation.
Move the sample files to a separate package.
Signed-off-by: Jordan Crouse <jorcrous@amazon.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Bug 5328: Fix ESI build with libxml2 v2.12.0
- Bug 5319: QOS Netfilter MARK preservation is always disabled
- Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data"
- Bug 5317: FATAL attempt to read data from memory
- Bug 5154: Do not open IPv6 sockets when IPv6 is disabled
- FTP: Ignore credentials with a NUL-prefixed username
- log_db_daemon: Fix DSN construction
- Limit the number of allowed X-Forwarded-For hops
- Do not update StoreEntry expiration after errorAppendEntry()
- improve handling of response sending errors
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This resolves dependency on removed python distutils in particular.
openipmi-remove-host-path-from-la_LDFLAGS.patch is removed
as issue is fixed upstream.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the latest stable release of the Samba 4.18 release series.
It contains the security-relevant bugfix CVE-2018-14628:
Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
allow read of object tombstones over LDAP
(Administrator action required!)
https://www.samba.org/samba/security/CVE-2018-14628.html
Release Notes:
https://www.samba.org/samba/history/samba-4.18.9.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the nmtui being now handled via tha PACKAGECONFIG, there is no need
for the global libnewt dependency, PACKAGECONFIG["nmtui"] handles it
correctrly. Drop the libnewt from DEPENDS list.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
-A memory leak fix in the prior version wasn't applied correctly, resulting
in an invalid memory access causing a crash.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Install headers so that dependencies can use this to build against. Make
`brssl` executable, fixup library soname. Drop patches which change
build flags in favour of command line overrides. Add support for static
build.
Changes:
Thomas Pornin (4):
Added generic API for date range validation (with callbacks).
Fixed RSA PSS verificatiobn bug (when hash_len != salt_len).
Added macro that indicates presence of the time callback feature. Also added C++ compatibility.
Fixed spurious warning about old-style prototype.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- to build and package nmtui
- to automatically append networkmanager-adsl and
networkmanager-wwan in recommended packages.
- to fix an invalid-packageconfig QA issue that is raised when
adsl and wwan are added in pkgconfig.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX.
Changes:
Dave Rodgman (12):
Header updates
Fix some non-standard headers
Update documentation
Add Changelog for license
Update license for p256-m
README improvements to 3rdparty section
assemble Changelog
Fix typos in changelog
Bump version
Update BRANCHES
Update Changelog with bugfix entry
Add docs re Everest license
David Horstmann (1):
Fix 3rdparty target names for custom config
License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The SUMMARY and DESCRIPTION are taken from Arch Linux wiki page:
https://wiki.archlinux.org/title/NetworkManager
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes:
| Dependency spice-server found: NO found UNKNOWN but need: '>=0.14.0'
| Run-time dependency spice-server found: NO
|
| ../qemu-8.1.2/meson.build:1038:10: ERROR: Dependency lookup for spice-server
with method 'pkgconfig' failed: Invalid version, need 'spice-server'
['>=0.14.0'] found 'UNKNOWN'.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Integrate the upstream unit file into the recipe.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Move the config files to a separate squid-conf package. This allows
shipping new configs via a custom conf package.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This
allows building squid without authentication support and all its related
dependencies.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This enables the networkmanager dispatcher to reload squid automatically
on network changes. This idea is from the Fedora package where they do
the same:
https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh patches and clean up ones that are no longer needed:
* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
cd3dc147bf8abc0225237ced865c6660fffcb63a
Fix squid-conf-tests to allow running on target device.
License change: Update year
The version update eliminates the following CVEs:
* CVE-2023-5824 (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-tools-make-quiet-actually-suppress-output.patch
CVE-2023-46752.patch
CVE-2023-46753.patch
CVE-2023-47234.patch
CVE-2023-47235.patch
removed since they're included in 9.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Otherwise install packages reported warning at do_rootfs
...log.do_rootfs...
Installing : freeradius-ldap-3.0.26-r0.corei7_64 1235/1236
warning: user radiusd does not exist - using root
warning: group radiusd does not exist - using root
Installing : freeradius-krb5-3.0.26-r0.corei7_64 1236/1236
warning: user radiusd does not exist - using root
...log.do_rootfs...
The user/group radiusd is added by package freeradius,
explicitly made the sub packages to runtime depends on freeradius
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Put sip_monitor, sip_reg and sip_storm in a separate libexosip2-tools
package as they won't be needed most of the time.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
They are enabled by default as libexosip2 works better with those.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fixed a vulnerability in charon-tkm related to processing DH public values
that can lead to a buffer overflow and potentially remote code execution.
- The new `pki --ocsp` command produces OCSP responses based on certificate
status information provided by plugins.
- The cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
- The --priv argument for charon-cmd allows using any type of private key.
- Support for nameConstraints of type iPAddress has been added (the openssl
plugin previously didn't support nameConstraints at all).
- SANs of type uniformResourceIdentifier can now be encoded in certificates.
- Password-less PKCS#12 and PKCS#8 files are supported.
- A new global option allows preventing peers from authenticating with trusted
end-entity certificates (i.e. local certificates).
- ECDSA public keys that encode curve parameters explicitly are now rejected by
all plugins that support ECDSA.
- charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can
also use the name in connection.interface-name.
- The resolve plugin tries to maintain the order of installed DNS servers.
- The kernel-libipsec plugin always installs routes even if no address is found
in the local traffic selectors.
- Increased the default receive buffer size for Netlink sockets to 8 MiB and
simplified its configuration.
- Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of
always generating a hash of the subjectPublicKey.
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors.
- Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT,
instead callbacks are always invoked even if only errors are signaled.
- Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when
handling invalid messages.
- Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs.
- Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if
CHILD_SA is not found during rekeying.
- The testing environment is now based on Debian 12 (bookworm), by default.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
-Fixed bug that caused crash when a CLIENT_KEY arrived out of order
-Fixed option handling on Windows when an argument is missing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
dco: fix crash when --multihome is used with --proto tcp
Mock openvpn_exece on win32 also for test_tls_crypt
Add warning for the --show-groups command that some groups are missing
Print peer temporary key details
Add warning if a p2p NCP client connects to a p2mp server
Remove openssl engine method for loading the key
Remove saving initial frame code
Double check that we do not use a freed buffer when freeing a session
Fix using to_link buffer after freed
GHA: do not trigger builds in openvpn-build anymore
GHA: new workflow to submit scan to Coverity Scan service
buffer: use memcpy in buf_catrunc
vcpkg-ports/pkcs11-helper: Backport MinGW series from master to release/2.6
CMake: backport CMake buildsystem from master to release/2.6
Remove all traces of the previous MSVC build system
doc: fix argument name in --route-delay documentation
dns option: remove support for exclude-domains
Warn user if INFO control command is too long
dco-win: get driver version
dco: warn if DATA_V1 packets are sent to userspace
Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant
Log OpenSSL errors on failure to set certificate
configure: disable engines if OPENSSL_NO_ENGINE is defined
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
* fix "Peer refused to agree to his IP address" message, again
* deprecate option --plugin
* better masking of password in logs
* break on reading 0 from ppp pty, for non-Linux systems
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Patches removed because fixed in the new version.
Changelog:
- Various fixes around the build process (esp. cmake support + string.h include fixes)
- Stronger cmake support, updated autotools and a few smaller fixes.
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
=========================
- Added "-DCIVETWEB_SSL_OPENSSL_API_3_0=ON" because of following error:
civetweb.c:1561:2: error: #error "Please define OPENSSL_API_#_# or USE_MBEDTLS"
You may also want to check out the available CMake options here:
d7ba35bbb6/CMakeLists.txt
=========================
Changelog:
d7ba35bbb6/RELEASE_NOTES.md
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Condition the creation of some files and their consequences to a
PACKAGECONFIG, which can be overridden outside the meta layer.
It removes the sub package wireguard-tools-wg-quick as PACKAGECONFIG is
supposed to work to configure a package only, and not deal with
sub packages.
Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites
* Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH
* Includes aesce compilation fixes
Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
The extra patch fixes x86 32-bit builds.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
OpenBMC enables SPDX SBOM generation by default. For Meta's Bletchley
platform we found that mdio-tools and its relationships with both
mdio-netlink and the mdio-netlink kernel module break SPDX processing
while generating the rootfs after a kernel bump. For example, the
following output was generated by `bitbake obmc-phosphor-image`:
ERROR: obmc-phosphor-image-1.0-r0 do_rootfs: Cannot find any SPDX file for document http://spdx.org/spdxdoc/kernel-module-mdio-netlink-6.5.4-da279e9-00089-gda279e98c07f-89187488-3164-50cb-94c5-8b76a30ea093
The error occurred after the following patch was applied (again, in the
context of OpenBMC):
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
index e6f98297c540..b852e993f0f6 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
@@ -1,6 +1,6 @@
KBRANCH ?= "dev-6.5"
-LINUX_VERSION ?= "6.5.4"
+LINUX_VERSION ?= "6.5.9"
-SRCREV="da279e98c07f9c948c60a434ab0043a55c26ea1d"
+SRCREV="fc8d4fdba5bd2b9b1cea2aa8a731531943c45aa7"
require linux-aspeed.inc
With the lack of a dependency the mdio-tools package is not rebuilt
subsequent to the kernel bump and the package information remains stale,
leading to an incorrect SPDX path being generated.
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Support for building from native was removed in commit e1b332f2e
(meta-networking: Drop broken BBCLASSEXTEND variants), most likely due
to no support for building libwebsockets-native. That support has now
been added, so it is now possible to build mosquitto-native again.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bugfix:
Error loading g729.so plugin with Wireshark 4.0.9 and 3.6.17 on macOS.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This release fixes several regressions in 1.4.7 with the -U/--update and
-D/--delete commands.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* Clean up use of tags.
* Support for MacOS with Contiki-NG builds.
* Support for Windows with OpenSSL 3.x builds.
* Reported bugs fixed.
* Documentation updated.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When this feature is enabled by default in packageconfig
this implies a dependency to python3-dnspython which is in meta-python.
Disable ac-dc PACKAGECONFIG by default to avoid adding a layer
dependency only for this feature.
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libexosip2 extends the capabilities of the osip2 library. It can be a
useful building block for an embedded device application.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The GNU oSIP library is an implementation of SIP - rfc3261. It can be a
useful building block for an embedded device application.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Do not use bundled cmocka to get rid of bundled library
libcmocka-samba4.so.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In order to pass reproducible tests, recipes that use the
useradd class must have static ids configured.
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These are test images to build all recipes in layer. Renaming them makes
them refect what they are. Moreover we can rename the ptest images to
match OE-Core naming conventions for meta-oe/meta-perl/meta-python
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These were essentially duplicates of core-image-minimal, however
core-image-base is a better baseline for upper layers, so switched the
consumers of these images to use core-image-base
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recipe for TAYGA - an out-of-kernel stateless NAT64 implementation for Linux
Signed-off-by: Pawel Langowski <pawel.langowski@3mdeb.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Accepted was replaced with Backport in gatesgarth:
https://docs.yoctoproject.org/migration-guides/migration-3.2.html#miscellaneous-changes
* as detected with oe-core/scripts/contrib/patchreview.py:
meta-openembedded $ grep -A 3 Malformed *qa-patches
meta-gnome.qa-patches:Malformed Upstream-Status 'Malformed Upstream-Status in patch
meta-gnome.qa-patches-/OE/layers/meta-openembedded/meta-gnome/recipes-gnome/gnome-tweaks/gnome-tweaks/0002-meson-fix-invalid-positional-argument.patch
meta-gnome.qa-patches-Please correct according to https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#patch-upstream-status :
meta-gnome.qa-patches-Upstream-Status: Accepted [dc9701e187]' (/OE/layers/meta-openembedded/meta-gnome/recipes-gnome/gnome-tweaks/gnome-tweaks/0002-meson-fix-invalid-positional-argument.patch)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add two patches from Debian, pull requests proposed upstream as 2894 and 2895
to make it start only when board is online, and to fix dynamic websockets link failure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix a crash in ntpd if NTS is disabled and an NTS-enabled client request
(mode 3) is received. (CVE-2023-4012) #794https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it has runtime dependency on mdio-netlink to satisfy:
RDEPENDS:${PN} = "kernel-module-mdio-netlink"
and mdio-netlink is MACHINE_ARCH because inherits module.bbclass
* fixes:
bitbake-diffsigs \
sstate-before/hammerhead-halium/cortexa8t2hf-neon-halium-webos-linux-gnueabi/mdio-tools/1.3.0.do_package_write_ipk.sigdata.1c175d042bd09e59c1329c51fba2569376f395ba79ee9adc62157ee91ad99e80 \
sstate-before/mako/cortexa8t2hf-neon-halium-webos-linux-gnueabi/mdio-tools/1.3.0.do_package_write_ipk.sigdata.4ad94062582b2cbbff07167598c1243aa18ff6c5cc23b3de8bce99081da500d8
Hash for task dependency mdio-netlink:do_packagedata changed from 759076223ccea58a05414b33bcc55c8d4b41a85c75ce56f2ba965004c422fd4c to b3c2ceee91dedb3b40f298d2efe09bbb7d3024f9ae93e83204233dcfd0a66459
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
Copyright: Update copyright date to end 2023 as appropriate
Add in OSCORE support
RIOT: Update to support latest libcoap code
Add BSD-3-Clause
Changelog:
===========
* Source files reformatted according to pre-commit rules.
* Support for RFC8613 (OSCORE).
* Support for RFC8974 (Extended Tokens).
* Support for RFC9177 (Q-Block).
* Support for latest RIOT code and new examples.
* Support for MinGW builds.
* Support for AF_UNIX sockets.
* Support for WebSockets (RFC8323).
* Support for IPv4 only and IPv6 only libcoap builds.
* Support for defining maximum logging level.
* Support for maintaining Observer requests over server restarts.
* Support for Contiki-NG.
* Support for latest LwIP, including using TinyDTLS.
* libcoap now has protocol layered support, separating out the
logical layers. Stack now is:-
- Application
- libcoap - CoAP
- libcoap - CoAP-Session
- libcoap - (D)TLS I/F using external (D)TLS Library
- libcoap - Netif
- libcoap - Sockets
- Kernel Network Stack
* Fixes CVE-2023-30362 and CVE-2023-35862.
* Reported bugs fixed.
* Examples now support separate logging levels for libcoap and (D)TLS.
* syslog LOG_ logging levels replaced with COAP_LOG_ logging levels.
* New public API functions to aid / reduce application coding.
* Remove requirement for applications to have sockaddr knowledge.
* Support for clients sending IPv4 broadcast requests.
* Documentation added and updated (Doxygen and man).
* Fix ABI version.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* lib-oauth2: Allow JWT tokens to be validated with missing typ field.
+ auth: Auth passdb and userdb reply can contain "event_<name>=value"
which will be added to login event and mail user event respectively.
+ lib-master: Set process title during various initialization stages to
clearly describe what the process is waiting on.
+ lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it
by 0..30% based on username's hash to reduce the chance of load spikes.
+ lib-storage: The temp file scan has been moved from the open of the
mailbox to the close, to reduce the latency perceived by users.
+ stats: If metric has fields specified, all these fields are
exported as counters to prometheus exposition.
- *-login: Processes might have crashed when a SSL connection disconnects
uncleanly.
- acl: When plugin was loaded \HasChildren and \HasNoChildren flags
were calculated incorrectly for mailboxes containing '*' and '%'
in their names.
- auth: Crash occured if a connection to PostgreSQL database server
failed during startup.
- auth: Logins with invalid passwords (e.g. unknown scheme) in passdb
were failing with "password mismatch" instead of "internal error".
- auth: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol
specific error message on all errors. This especially broke OIDC
discovery.
- dbox: When last_temp_file_scan header wasn't set (especially after
dsync migration), the next mailbox open always triggers the temp file
scan.
- dict-redis: A crash would occur on transaction rollback.
- dsync: Infinite loop causing out of memory would occur when handling
mailbox deletion from remote end and hierarchy separators would differ.
- dsync: Incremental dsync failed for folder names ending with '%',
unless BROKENCHAR was set. Also folder names with '%' elsewhere in
them caused each incremental dsync to unnecessarily rename the folder
to a temporary name and back. v2.3.19 regression.
- imap-hibernate: If an IMAP client unhibernation timed out with
"(version received)", the unhibernation could still have successfully
finished later on and continued working normally. This was rather
confusing, because imap-hibernate already logged that the client got
disconnected.
- imapc: Crashed when a folder mapped through the virtual plugin
disappears from the storage.
- imapc: EXPUNGE, EXISTS or FETCH replies from a server for a previously
selected mailbox could have been processed as if they belonged to the
new mailbox currently being selected.
- lib-http: Dovecot HTTP server (doveadm, stats/openmetrics) may have
disconnected HTTP clients before the response is fully sent. This
happened only on busy servers where kernel's socket buffers were
rather full.
- lib-http: Fixed a potential crash on http-server if a client
disconnected early. v2.3.18 regression.
- lib-index: Index file corruption could have caused a crash. Fixes:
Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set):
assertion failed: (min_file_seq <= max_file_seq).
- lib-index: Purging an existing >1GB cache file can crash. Now cache
files still above 1GB after purging are removed. Fixes:
Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset):
assertion failed: (offset < 0x40000000)
- lib-lua: A HTTP client could not resolve DNS names in mail processes,
because it expected "the dns-client" socket to exist in the current
directory.
- lib-oauth2: Dovecot would send client_id and client_secret as POST
parameters to the introspection server. These need to be optionally in
Basic auth instead.
- lib-oauth2: JWT aud validation was not performed if aud was missing
from a token, but was configured on Dovecot.
- lib-oauth2: JWT key type check was too strict.
- lib-oauth2: JWT token audience was not validated against client_id as
required by the specification.
- lib-ssl-iostream: Using the ssl_require_crl=yes setting may have caused
CRL check failures for outgoing SSL/TLS connections, although it was
supposed to affect checking CRLs only for client-side SSL
certificates. v2.3.17 regression.
- lib-sql: MySQL driver leaked memory when connection failed.
- lib-storage: Various fixes when running into out of disk space.
- master: Service idle_kill setting didn't work properly on busy
servers.
- mdbox: Temp file scan was done for always empty directories.
- mdbox: The fdatasync() call was done in wrong parent directory when
writing mails. Also on a failure it crashed instead of logging an error.
- notify_status: The plugin crashes if any user initialization fails.
- pop3: Sending command with the ':' character caused an assert-crash.
v2.3.18 regression. Fixes: Panic: event_reason_code_prefix(): name has ':'
- stats: Fix panic when a nonexistent event exporter was referenced while
adding a new metric dynamically via doveadm stats add.
- stats: If process exported a lot of events and then exited, some of
the last events may have become lost.
- stats: Invalid Prometheus label names were created with specific
histogram group_by configurations. Prometheus rejected these labels.
- welcome: The plugin didn't execute in some situations that created
INBOX but didn't open it.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
add EXTRA_CFLAGS to Fix reproducibility.
upstream fixed compilation on RHEL 9, which should be same problem fixed
with 0001-layer4-Change-order-of-include-files.patch. hence drop the
patch file.
3fd0c21e4f
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
The following vulnerabilities have been fixed:
wnpa-sec-2023-23 CBOR dissector crash. Issue 19144.
wnpa-sec-2023-24 BT SDP dissector infinite loop. Issue 19258.
wnpa-sec-2023-25 BT SDP dissector memory leak. Issue 19259.
wnpa-sec-2023-26 CP2179 dissector crash. Issue 19229.
The following bugs have been fixed:
TShark cannot capture to pipe on Windows correctly. Issue 17900.
Wireshark wrongly blames group membership when pcap capabilities are removed. Issue 18279.
Packet bytes window broken layout. Issue 18326.
RTP Player only shows waveform until sequence rollover. Issue 18829.
Valid Ethernet CFM DMM packets are shown as malformed. Issue 19198.
Crash on DICOM Export Objects window close. Issue 19207.
The QUIC dissector is reporting the quic_transport_parameters max_ack_delay with the title \"GREASE\" Issue 19209.
Preferences: Folder name editing behaves weirdly, cursor jumps. Issue 19213.
DHCPFO: Expert info list does not show all expert infos. Issue 19216.
Websocket packets not decoded and displayed for Field type=Custom and Field name websocket.payload.text. Issue 19220.
Cannot read pcapng file captured on OpenBSD and read on FreeBSD. Issue 19230.
UI: While capturing the Wireshark icon changes from green to blue when new file is created. Issue 19252.
Conversation: heap-use-after-free after wmem_leave_file_scope. Issue 19265.
IP Packets with DSCP 44 does not indicate "Voice-Admit" Issue 19270.
NAS 5GS Malformed Packet Decoding SOR transparent container PLMN ID and access technology list. Issue 19273.
UI: Auto scroll button in the toolbar is turned on when manually scrolling to the end of packet list. Issue 19274.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Some perl modules are required by ntptrace:
$ ntptrace
Can't locate lib.pm in @INC (you may need to install the lib module)
(@INC contains: /usr/lib/perl5/site_perl/5.36.0/x86_64-linux
/usr/lib/perl5/site_perl/5.36.0
/usr/lib/perl5/vendor_perl/5.36.0/x86_64-linux
/usr/lib/perl5/vendor_perl/5.36.0 /usr/lib/perl5/5.36.0/x86_64-linux
/usr/lib/perl5/5.36.0) at /usr/sbin/ntptrace line 10.
BEGIN failed--compilation aborted at /usr/sbin/ntptrace line 10.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vsomeip stack implements the http://some-ip.com/ (Scalable
service-Oriented MiddlewarE over IP (SOME/IP)) protocol.
The stack consists out of:
a shared library for SOME/IP (libvsomeip3.so)
a shared library for SOME/IP's configuration module
(libvsomeip3-cfg.so)
a shared library for SOME/IP's service discovery
(libvsomeip3-sd.so)
a shared library for SOME/IP's E2E protection module
(libvsomeip3-e2e.so)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* use BPN, BP where useful
* use prefix instead of hardcoding /usr
* add patch to search also in lib32 subdir of --with-libpcap value
to fix:
checking for libpcap... configure: error: "Unable to find matching library for header file in TOPDIR/BUILD/work/raspberrypi4_64-oemllib32-linux-gnueabi/lib32-tcpreplay/4.4.4-r0/lib32-recipe-sysroot/usr"
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
musl does not need _IO_stdin_used, since its not provided by toolchain
runtime ( crt files ) lld linker complains about undefined global symbol
on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes installed-vs-shipped QA issue with multilib:
ERROR: lib32-phodav-3.0-r0 do_package: QA Issue: lib32-phodav: Files/directories were installed but not shipped in any package:
/usr/lib/systemd
/usr/lib/systemd/system
/usr/lib/systemd/system/spice-webdavd.service
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-phodav: 3 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2023-3748:
A flaw was found in FRRouting when parsing certain babeld unicast hello
messages that are intended to be ignored. This issue may allow an
attacker to send specially crafted hello messages with the unicast flag
set, the interval field set to 0, or any TLV that contains a sub-TLV
with the Mandatory flag set to enter an infinite loop and cause a denial
of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3748
Patch from:
ae1e0e1fed
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
spice depends on spice-protocol, when IMAGE_INSTALL contains spice,
do_populate_sdk fails with the following error:
Error:
Problem: package libspice-server-dev-0.14.2+git0+7cbd70b931_4fc4c2db36-r0.core2_64 requires spice-protocol-dev, but none of the providers can be installed
- conflicting requests
- nothing provides spice-protocol = 0.14.4-r0 needed by spice-protocol-dev-0.14.4-r0.core2_64
(try to add '--skip-broken' to skip uninstallable packages)
For spice-protocol, it's a development package and all things are in
the dev package, so set ALLOW_EMPTY to fix the above error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The spice-vdagent needs to be running alongside qemu-guest-agent on
virtualizationguest systems that are using the spice protocol to
get seamless integration.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
phodav is a small webdav server, that was originally created as a tool to
provide folder sharing for spice but it can be used on a wider range
of applications.
It is usable e.g. in virt-viewer or gnome-boxes
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
Bug fixes::
-----------
* core: fix integer overflow when setting integer option with '++N' or '--N'
* core: fix increment/decrement of options weechat.notify.*
* irc: add missing tags on multiline messages (issue #1987)
* irc: fix redirection of command '/list' when the reply doesn't start with message 321 (start of /list)
* irc: fix wrong time displayed for CTCP messages received from self nick (issue #2000)
* logger: remove trailing empty line in display of backlog (issue #2002)
* perl: fix display of non-ASCII chars after load of a script with Perl >= 5.38 (issue #1996)
* script: adjust scroll after command '/script go N'
* scripts: fix function string_parse_size on 32-bit systems (python and ruby) (issue #1999)
* xfer: fix conversion of string to IPv4 on 32-bit systems (issue #1999)
Tests::
------------
* irc: fix tests on function irc_join_compare_join_channel (issue #1997)
* scripts: fix tests of functions print_date_tag, print_y_date_tags and hook_timer on 32-bit systems
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- add support for smartcard
- add missing rdepend on usbids
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-switch to meson buildsystem
-remove patches
-update dependencies
-fetch spice-common as a submodule
Major Changes in 0.15.2:
Really minor fix release, mainly to fix a distribution issue
Add missing file to distribution
Fix sound recording fix in case of buffer wrapping
Major Changes in 0.15.1:
Fix some compatibility issues with FreeBSD
Fix some minor issue with build
Improve packaging with Meson
Lot of C++ improves (clang-tidy)
Fix some compatibility with no-Glibc libraries (like Musl)
Fix minor leaks shutting down library
Add Doxygen file to distribution
Fix a longstanding issue related to surface updates where wrong surfaces were possibly used
Fix compatibility with OpenSSL 3
Updates and fixes for CI
Use more random connection IDs to fix possible issues with proxies
Major Changes in 0.15:
This is the first release in the new 0.15.x stable series. This release should
be ready for production use.
Minor updates to CI
Some compatibility with OpenSSL
Change the behavior of handle_dev_start ignoring multiple start requests
Ignore multiple calls to handle_dev_stop
Pick up newer spice-common to fix a buffer overflow issue
Major Changes in 0.14.91:
IMPORTANT
0.14.91 is the first release candidate for the stable 0.15.x series. While some
bugs might still be present, it should be reasonably stable. If you are looking
for stability for daily use, please keep using the latest 0.14.x release.
Support UNIX abstract sockets
Fix some potential thread race condition in RedClient
Many cleanups in the code
Improve migration test script
Update in protocol documentation
Improve Meson build
Removed CELT support
Update CI
Removed QXLWorker definition, it was deprecated 6 years ago
Fix some compatibility with MacOS
Fix some compatibility with Windows
Move the project to C++
Some fixes for SASL dealing with WebDAV
Fix minor Coverity reports
Add Doxygen support, manually built with "make doxy"
Support more mouse buttons (up to 16 buttons)
CVE-2020-14355 multiple buffer overflow vulnerabilities in QUIC decoding
code
Major Changes in 0.14.3:
Main changes are WebSocket and support for Windows.
Add support for WebSocket, this will allow to use spice-html5 without proxy
Support Windows, now Qemu Windows can be build enabling Spice
Fix some alignment problem
Converted some documentation to Asciidoc format to make easier to update,
updated some
Minor compatibility fix for PPC64EL and ARMHF
Minor fixes for big endian machines like MIPS
Avoid some crashes with some buggy guest drivers, simply ignore the invalid
request
Fix for old OpenSSL versions
Minor fix for Windows clients and brushes, fixed an issue with Photoshop
under Windows 7
Add ability to query video-codecs
Small use-after-free fix
Fix for debugging recording/replaying using QUIC images
Fix a regression where spice reported no monitors to the client
Fix DoS in spicevmc if WebDAV used
Updated and improved test migration script
Some minor fixes to smartcard support
Avoid possible disconnection using proxies using a in-flow keepalive
mechanism
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libcacard is a library that adds smartcard support to qemu and/or spice
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
Bug fixes::
----------
* core: fix input length and crash after delete of line
* irc: fix display of self CTCP message containing bold attribute
* irc: fix memory leak in IRC message parser
* irc: fix switch to channel manually joined when server option
autojoin_dynamic is on and option irc.look.buffer_switch_autojoin is off
* irc: fix display of outgoing notice with channel when capability
"echo-message" is enabled
* relay: fix display of IRC CTCP messages received from client
Build::
-----------
* doc: display a warning if a locale is missing with fallback to English
for auto-generated content
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Introduce a new "link" setting that holds properties related to the
kernel link such as "tx-queue-length", "gso-max-size",
"gso-max-segments", "gro-max-size".
* Support sending a DHCPv6 prefix delegation hint via the
"ipv6.dhcp-pd-hint" connection property.
* Support new bond options: "arp_missed_max", "lacp_active",
"ns_ip6_target".
* Add new "initial-eps-bearer-configure" and "initial-eps-bearer-apn"
properties in the GSM setting.
* Setting "connection.stable-id=default${CONNECTION}" changed behavior to
be identical to the built-in default value when the stable-id is not set.
* Add a "[keyfile].rename" option to NetworkManager.conf to force renaming
profiles on disk when their name changes.
* The ifcfg-rh plugin is deprecated; it will only receive bugfixes and
no new features. A warning is emitted the log when a connection in
ifcfg-rh format is found.
* To automatically migrate existing ifcfg-rh connections to the
keyfile format, a new configuration option "main.migrate-ifcfg-rh"
is provided. Migration is disabled by default, but the default value
can be changed at build time via
"--with-config-migrate-ifcfg-rh-default=yes".
* When configuring hostnames in non-public TLD (like "example.local"), use
the TLD as default search domain instead of the full hostname.
* Always apply DNS options from the [global-dns] configuration section
* The NetworkManager daemon now acquires the D-Bus name only after
populating the D-Bus tree. This can add a delay during startup but
it is required to avoid race conditions with other services
depending on NM.
* Add a "version-id" argument to the Update2() D-Bus call to guard
against concurrent modifications of profiles.
* Don't use tentative IPv6 addresses to resolve the system hostname
via DNS.
* Track the number of autoconnect retries left for each device and
connection. Previously it was tracked only per connection and this
lead to unexpected behaviors in case of multiconnect profiles.
* Set VLAN filtering options on bridge via netlink instead of sysfs.
* nm-cloud-setup now supports IMDSv2 on Amazon EC2.
* nmtui now allows to enable or disable Wi-Fi and WWAN radios.
* Honor ignore-carrier=no for bond/bridge/team devices.
* Add version mismatch warning when running nmcli commands.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
arm_eabi.patch
refreshed for 4.4
Changelog:
===========
* Add support for AES-GCM-SIV with Nettle >= 3.9 to shorten NTS
cookies to avoid some length-specific blocking of NTP on Internet
* Add support for multiple refclocks using extpps option on one PHC
* Add maxpoll option to hwtimestamp directive to improve PHC tracking
with low packet rates
* Add hwtstimeout directive to configure timeout for late timestamps
* Handle late hardware transmit timestamps of NTP requests on all sockets
* Handle mismatched 32/64-bit time_t in SOCK refclock samples
* Improve source replacement
* Log important changes made by command requests (chronyc)
* Refresh address of NTP sources periodically
* Request nanosecond kernel RX timestamping on FreeBSD
* Set DSCP for IPv6 packets
* Shorten NTS-KE retry interval when network is down
* Update seccomp filter for musl
* Warn if loading keys from file with unexpected permissions
* Warn if source selection fails or falseticker is detected
* Add selectopts command to modify source-specific selection options
* Add timestamp sources to serverstats report and make its fields 64-bit
* Add -e option to chronyc to indicate end of response
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
vmware:tools is also a valid CVE_PRODUCT for open-vm-tools,
e.g., https://nvd.nist.gov/vuln/detail/CVE-2023-20867.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch fixes warnings when useradd-staticids.bbclass is used and
USERADD_PARAM is used to add the user to a group that has not been
explicitly created yet. By adding the GROUPADD_PARAM for the new group
being used the warnings for changing the gid from GID-OLD to GID-NEW
is eliminated.
Warning fixed:
radvd: Changing groupname nogroup's gid from (WXYZ) to (JKLM), verify configuration files!
Signed-off-by: JD Schroeder <sweng5080@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
No longer used in generating packages
Also creates a possible confusion with the recipe maintainer
name.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
Primarily widen the gamut of supported kernel versions, now supporting
all kernels from 5.2 and onwards.
Added
------
mvls: Support for 88E6320/88E6321
Changed
--------
mdio-netlink: Adapt to the upstream C22/C45 refactor.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Implemented the per-interface option "probe-mtu", which automatically
discards links with a mis-configured MTU.
* Fixed a typo in the handing of the option "v4viav6".
* Removed diversity support and related configuration file directives.
* Optimised route redistribution. We now install just the route that the
kernel sent us rather than doing a full route dump on every change.
* Added optional delay to daemon shutdown; see the configuration option
"shutdown-delay-ms".
* Fixed compilation under BSD.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Conversion from CVE_CHECK_IGNORE to CVE_STATUS had some copy+paste
issues.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NFQ is the new and improved way to process iptables packets. Snort IPS
mode requires this module in some cases.
Before the patch:
$ snort --daq-list
Available DAQ modules:
pcap(v3): readback live multi unpriv
ipfw(v3): live inline multi unpriv
dump(v3): readback live inline multi unpriv
afpacket(v5): live inline multi unpriv
After the patch:
$ snort --daq-list
Available DAQ modules:
pcap(v3): readback live multi unpriv
nfq(v7): live inline multi
ipfw(v3): live inline multi unpriv
dump(v3): readback live inline multi unpriv
afpacket(v5): live inline multi unpriv
Also update 0001-correct-the-location-of-unistd.h.patch to fix build
with musl.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a security release in order to address the following defects:
CVE-2022-2127
CVE-2023-3347
CVE-2023-34966
CVE-2023-34967
CVE-2023-34968
Release Notes:
https://www.samba.org/samba/history/samba-4.18.5.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
The following vulnerabilities have been fixed:
wnpa-sec-2023-21[3] Kafka dissector crash. Issue 19105[4].
wnpa-sec-2023-22[5] iSCSI dissector crash. Issue 19164[6].
The following bugs have been fixed:
-Crash when (re)loading a capture file after renaming a dfilter
macro. Issue 13753[7].
- Moving a column deselects selected packet and moves to beginning
of packet list. Issue 16251[8].
-If you set the default interface in the preferences, it doesn't
work with TShark. Issue 16593[9].
-Severe performance issues in Follow → Save As raw workflow. Issue
17313[10].
-TShark doesn't support the tab character as an aggregator
character in \"-T fields\" Issue 18002[11].
-On Windows clicking on a link in the 'Software Update' window
launches, now unsupported, MS Internet Explorer. Issue 18488[12].
-Wireshark 4.x.x on Win10-x64 crashes after saving a file with a
name already in use. Issue 18679[13].
-NAS-5GS Operator-defined Access Category: Multiple Criteria
values not displayed in dissected packet display. Issue
18941[14].
-Server Hello Packet Invisible - during 802.1x Authentication-
from Wireshark App Version 4.0.3 (v4.0.3-0-gc552f74cdc23) &
above. Issue 19071[15].
-TShark reassembled data is incomplete/truncated. Issue 19107[16].
CQL protocol parsing issues with 'Result' frames from open source
Cassandra. Issue 19119[17].
-TLS 1.3 second Key Update doesn't work. Issue 19120[18].
-HTTP2 dissector reports an assertion error on large data frames.
Issue 19121[19].
-epan: Single letter hostnames aren't displayed correctly. Issue
19137[20].
-BLF: CAN-FD-Message format is missing a field. Issue 19146[21].
-BLF: last parameter of LIN-Message is not mandatory (BUGFIX)
Issue 19147[22].
-PPP IPv6CP: Incorrect payload length warning. Issue 19149[23].
-INSTALL file needs to be updated for Debian. Issue 19167[24].
-Some RTP streams make Wireshark crash when trying to play stream.
Issue 19170[25].
-Wrong ordering in OpenFlow 1.0 Datapath unique ID. Issue
19172[26].
-Incorrect mask in RTCP slice picture ID. Issue 19182[27].
-Dissection error in AMQP 1.0. Issue 19191[28].
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
Bug fixes::
* core: fix renaming of options with command '/item rename'
* core: don't send "key_pressed" signal again for the same key press
* core: don't send "key_combo_*" signals for incomplete keys
* core: add key ctrl-backspace in /help key
* core: keep keys ctrl-H and ctrl-? (in lower case) if they were manually bound to custom commands in a previous version
Tests::
* core: fix hdata tests failure on Alpine 3.18
* relay: fix crash in tests on Alpine 3.18
Build::
* php: fix detection of PHP 8.2 on Alpine 3.18
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This ensures that host tools like 'gen' are built for build host and not
target. internal bind build supplies its own options to configuring it,
where it does not pass --host option and as a result it does not deduce
it to be a cross compile and hence these variables are not set property
inside bind build
Fixes
| ./gen: /usr/lib/libc.so.6: version `GLIBC_2.38' not found (required by ./gen)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Pass it via cflags from environment, so it can be controlled for
platforms where it is not supported
Pass -fstack-clash-protection for clang too, it is available now a days
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bug fixes
=========
* core: force key "return" to command "/input return" when migrating
legacy keys
* core: display actual key name and command with key kbd:[Alt+k],
remove key kbd:[Alt+K] (grab raw key) and associated commands
'/input grab_raw_key' and '/input grab_raw_key_command'
* core: check for newline characters in string_is_whitespace_char
* api: do not convert option name to lower case in API functions
config_set_plugin and config_set_desc_plugin
* guile: fix crash on quit with Guile < 3 (issue #1965)
* irc: reply to a CTCP request sent to self nick (issue #1966)
* irc: sent "QUIT" message to servers connected with TLS on '/upgrade'
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Add support for ppp 2.5.0.
* Fix nft rules for balance-slb bonding.
* Support port priority for bonding.
* Fix regression handling the PKEY_ID for infiniband profiles
in ifcfg-rh format.
* Fix race in nm-cloud-setup that caused partial configuration
and loss of connectivity with multiple interfaces.
* Don't touch "net.ipv6.conf.$IFACE.forwarding" unless explicitly
required for IPv6 sharing.
* Various bugfixes related to team, Wi-Fi P2P, IPv6LL.
* Automatically unblock autoconnect of profiles during reapply.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since we autoreconf, it should be better to build the linker map file
too, which requires ctags during build. This is otherwise flagged as
error by lld linker where we specify a linker symbol file on cmdline
but the file is not there.
Fixes
| libtool: error: symbol file './libcoap-3.sym' does not exist
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This release contains bug fixes only.
The following CVEs have been addressed:
CVE-2023-27783
CVE-2023-27784
CVE-2023-27785
CVE-2023-27786
CVE-2023-27787
CVE-2023-27788
CVE-2023-27789
Changelog:
=========
dlt_jnpr_ether_cleanup: check subctx before cleanup by @Marsman1996 in #781
Bug #780 assert tcpedit dlt cleanup by @fklassen in #800
Fix bugs caused by strtok_r by @Marsman1996 in #783
Bug #782#784#785#786#787#788 strtok r isuses by @fklassen in #801
Update en10mb.c by @david-guti in #793
PR #793 ip6 unicast flood by @fklassen in #802
Bug #719 fix overflow check for parse_mpls() by @fklassen in #804
PR #793 - update tests for corrected IPv6 MAC by @fklassen in #805
PR #793 - update tests for vlandel by @fklassen in #806
Feature #773 gh actions ci by @fklassen in #807
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 3.4.0 adds a lot of improvements and fixes (a notable one
being initial support for PKCS7 CMS), but since this is a pretty
big jump, let's keep both versions for a while, so the v2.x users
can upgrade to 3.x in a timely manner if needed.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- A deadlock in the vici plugin has been fixed that could get triggered when
multiple connections were initiated/terminated concurrently and control-log
events were raised by the watcher_t component.
- CRLs have to be signed by a certificate that has the cRLSign keyUsage bit
encoded (even if it's a CA), or a CA certificate without keyUsage extension.
- Optional CA labels in EST server URIs are supported by `pki --est/estca`.
- CMS-style signatures in PKCS#7 containers are supported by the pkcs7 and
openssl plugins, which allows verifying RSA-PSS and ECDSA signatures.
- Fixed a regression in the server implementation of EAP-TLS with TLS 1.2 or
earlier that was introduced with 5.9.10.
- Ensure the TLS handshake is complete in the EAP-TLS client with TLS <= 1.2.
- kernel-libipsec can process raw ESP packets on Linux (disabled by default) and
gained support for trap policies.
- The dhcp plugin uses an alternate method to determine the source address
for unicast DHCP requests that's not affected by interface filtering.
- Certificate and trust chain selection as initiator has been improved in case
the local trust chain is incomplete and an unrelated certreq is received.
- ECDSA and EdDSA keys in IPSECKEY RRs are supported by the ipseckey plugin.
- To bypass tunnel mode SAs/policies, the kernel-wfp plugin installs bypass
policies also on the FWPM_SUBLAYER_IPSEC_TUNNEL sublayer.
- Stale OCSP responses are now replace in-place in the certificate cache.
- Fixed parsing of SCEP server capabilities by `pki --scep/scepca`.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The READMEs are often viewed from websites markdown format which is
much as readable as text and yet friendlier in browsers.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Type=forking means systemd waits untill the main process, /usr/sbin/ntpd
in this case, has exited. However, the ntpd daemon does not seem to call
fork() or vfork() and runs endlessly untill killed. Eventually, this
causes systemd to trigger a timeout, and the ntpd service is killed. All
the while, "systemctl status ntpd" shows "activating (start)" instead of
"active (running)". This is fixed by switching Type=forking to
Type=simple.
Reading ntpd(8) shows that the "-n" option requests ntpd not to fork, so
also use that to be safe.
Finally, there is no need anymore to keep a pidfile around.
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
By default, subscriptions are turned on.
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
By default, open62541 is built without multithreading support. Make this
configurable.
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- When --no-decorate is given the default output will
include no colors (#28)
- Correctly split networks with /31 (#25)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
lld flags errors when checking for --version-script linker option since
the export file specifies symbols which do not exist during link, so in
a way it is right, however bfd linker works fine and ignores this error.
perhaps the meson check should be improved but until them lets add
--undefined-version option to linker when using lld
Fixes
aarch64-yoe-linux-ld.lld: error: TOPDIR/build/tmp/work/cortexa72-cortexa53-crypto-mx8-yoe-linux/spice-gtk/0.42-r0/git/src/spice-glib-sym-file:1: unknown directive: spice_audio_get
>>> spice_audio_get
>>> ^
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop CVE patch as its included.
Drop 0003-bison-Remove-line-directives.patch as file is not longer there.
refactor 0001-wireshark-src-improve-reproducibility.patch
LIC_FILES_CHKSUM changed do to re-structuring.
Remove TMPDIR found in some files.
Remove c-ares PACKAGECONFIG as its a required pkg
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There's conflict of config.h between dovecot and lib32-dovecot.
The differences of config-64.h and config-32.h are as follows:
@@ -774,7 +774,7 @@
#define MODULE_SUFFIX ".so"
/* Maximum value of off_t */
-#define OFF_T_MAX LONG_MAX
+#define OFF_T_MAX LLONG_MAX
/* Name of package */
#define PACKAGE "dovecot"
@@ -834,7 +834,7 @@
#define PRIdTIME_T "ld"
/* printf() format for uoff_t */
-#define PRIuUOFF_T "lu"
+#define PRIuUOFF_T "llu"
/* printf() fmt for hex time_t */
#define PRIxTIME_T "lx"
@@ -846,19 +846,19 @@
#define SIZEOF_INT 4
/* The size of `long', as computed by sizeof. */
-#define SIZEOF_LONG 8
+#define SIZEOF_LONG 4
/* The size of `long long', as computed by sizeof. */
#define SIZEOF_LONG_LONG 8
/* The size of `void *', as computed by sizeof. */
-#define SIZEOF_VOID_P 8
+#define SIZEOF_VOID_P 4
/* Build SQL drivers as plugins */
/* #undef SQL_DRIVER_PLUGINS */
/* Maximum value of ssize_t */
-#define SSIZE_T_MAX LONG_MAX
+#define SSIZE_T_MAX INT_MAX
/* C99 static array */
#define STATIC_ARRAY static
@@ -887,13 +887,13 @@
/* #undef UOFF_T_INT */
/* Define if off_t is long */
-#define UOFF_T_LONG /**/
+/* #undef UOFF_T_LONG */
/* Define if off_t is long long */
-/* #undef UOFF_T_LONG_LONG */
+#define UOFF_T_LONG_LONG /**/
/* Maximum value of uoff_t */
-#define UOFF_T_MAX ULONG_MAX
+#define UOFF_T_MAX ULLONG_MAX
/* Build with checkpassword userdb support */
#define USERDB_CHECKPASSWORD /**/
@@ -935,7 +935,7 @@
#endif
/* Number of bits in a file offset, on hosts where this is settable. */
-/* #undef _FILE_OFFSET_BITS */
+#define _FILE_OFFSET_BITS 64
/* Define for large files, on AIX-style hosts. */
/* #undef _LARGE_FILES */
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Without any build type specified, open62541 defaults to "Debug".
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch
0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch
refreshed for new version.
Changelog
=========
- fixes 4 vulnerabilities (3 LOW and 1 None severity),
- fixes 46 bugs
- includes 15 general improvements
- adds support for OpenSSL-3.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
