Changelog:
https://github.com/secdev/scapy/releases/tag/v2.5.0
Also, in this version the UTscapy wrapper gets no longer installed
into /usr/bin, so for ptest we need to install it.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
New features and improvements in 2.6.0 compared to 2.5.8:
- Data Channel Offload (DCO) kernel acceleration support for Windows,
Linux, and FreeBSD.
- OpenSSL 3 support.
- Improved handling of tunnel MTU, including support for pushable MTU.
- Outdated cryptographic algorithms disabled by default, but there are
options to override if necessary.
- Reworked TLS handshake, making OpenVPN immune to replay-packet state
exhaustion attacks.
- Added --peer-fingerprint mode for a more simplistic certificate setup
and verification.
- Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
- Improved protocol negotiation, leading to faster connection setup.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Convert repo to git
* Remove sig unsafe functions from signal handler (Ticket #22).
* Allow -e to explicitly specify the environment variable to use
(Ticket #5).
* Unset the variable specified with -e before calling subprogram
(Ticket #25).
* Change the logic for setting a controlling TTY. Fixes compatibility
issues with OpenSolaris and MSYS/Cygwin. Thanks Marcin Olszewski for
the fix.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-examples-Include-alloca.h-for-strdupa.patch
removed since it's included in 44.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
__assert_fail signature is assuming glibc which is fine for glibc
systems but we have to consider musl case too.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Added support for source load balancing for Ethernet Bonds.
* Allow specifying vhost name (SNI) for a manually DNS-over-TLS server.
Only works with systemd-resolved plugin.
* Connections can now be activated on a loopback interface.
* Added support of IPv4 ECMP routes. The ECMP routes will get merged
automatically but the user need to configure them as single-hop routes
specifying a valid weight.
* Add new "reapply" dispatcher event.
* Added support of VTI and VTI6 ip-tunnels along with a new property,
"ip-tunnel.fwmark".
* VLAN can now support 802.1ad tagging instead of 802.1Q.
* Invocations of iptables now use "--wait 2" to handle races with concurrent
calls. This fixes misbehavior with IPv4 shared mode.
* The DHCP client-id and DHCPv6 DUID are now exposed along with the lease
information.
* Optionally suppress adding direct route to an external VPN gateway
with the new "ipv[46].auto-route-ext-gw" property.
* Open vSwitch support gained new properties: "ovs-dpdk.n-rxq-desc",
"ovs-dpdk.n-txq-desc", "ovs-interface.ofport-request" and
"ovs-port.trunks".
* Added support of "other_config" for OVS bridge, port or interface. This
property is not supported by nmcli.
* nmtui now supports editing Wi-Fi WPA-Enterprise, Ethernet with 802.1X
authentication and MACsec connection profiles.
* nmcli now allows changing "connection.uuid" and "connection.type"
properties in offline mode and setting the UUID when creating a
connection.
* nmcli now accepts abbreviations for the UUID with the connection selector
in `nmcli connection $operator uuid $uuid`.
* DHCPv6 leases are now declined when addresses fail DAD.
* Documentation improvements.
* Many internal improvements and bug fixes.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Add-configure-options-for-packages.patch
refreshed for new version.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Now built with meson
- Update the source git repository and home page
https://github.com/nmav/ipcalc redirects to https://gitlab.com/ipcalc/ipcalc
- USE_GEOIP = "no" not necessary in the recipe, already
set by default in the code.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0002-iscsiuio-Use-pthread_t-for-INVALID_THREAD.patch
removed since it's included in 2.1.8.
0001-Makefile-Do-not-set-Werror.patch
refreshed for 2.1.8
Changelog:
===========
make: avoid hard-coding path to sed (#357)
etc: install system unit with without executable bit (#354)
Add ability for MGMT IPC to check UID only
Use config for iscsistart and iscsiadm fw login
iscsiuio: Use pthread_t for INVALID_THREAD (#363)
Add a 'distclean' Makefile top-level target
Cleanup fwparam makefile (#360)
Small bug fixes (#364)
Use meson as the main build system (#365)
libopeniscsiusr: cleanup recent reallocarray->realloc change (#369)
Added examples in man file for iscsiadm session commands.
iscsid: fix logout pdu send failure handling
Update README's error handler/timeout section
iscsiuio: fix LDADD
libopeniscsiusr: use realloc instead of reallocarray (#368)
iscsiadm: enable specify iface name-value parameters when creating iface
Fix a possible passing null pointer in usr/iface.c (#356)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- bugfix: wrong default portnumber for proxy was used
- bugfix: https://bugs.launchpad.net/ubuntu/+source/htpdate/+bug/1850740
- improvement: Avoid bouncing between upper/lower limit when (almost) in sync
- improvement: Set SSL server hostname on SSL object
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update to version 0.42:
v0.42
=====
- !115 - Fix compilation on win32 with EGL
- !114 - spice-widget: fix hotspot position on Wayland/HiDPI
- !112 - meson: Allow building on a Wayland-only environment
- !110 - usb-backend: Fix devices not being enumerated
- !108 - spicy: Add keyboard shortcuts for copy/paste sync
- Require meson >= 0.56
The original recipe name was spice-gtk_0.4.1.bb, but the spice-gtk
repo tags the releases as 0.41, not 0.4.1, so update it accordingly.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Up to now in this recipe the alternative mechanism only worked by accident, so
do like all other recipes and utilize varflags.
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version 2.89
Fix bug introduced in 2.88 (commit fe91134b) which can result
in corruption of the DNS cache internal data structures and
logging of "cache internal error". This has only been seen
in one place in the wild, and it took considerable effort
to even generate a test case to reproduce it, but there's
no way to be sure it won't strike, and the effect is to break
the cache badly. Installations with DNSSEC enabled are more
likely to see the problem, but not running DNSSEC does not
guarantee that it won't happen. Thanks to Timo van Roermund
for reporting the bug and for his great efforts in chasing
it down.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CRDA is no longer needed as of kernel v4.15 since commit 007f6c5e6eb45
("cfg80211: support loading regulatory database as firmware file") added
support to use the kernel's firmware request API which looks for the
firmware on /lib/firmware. Because of this CRDA is legacy software for
older kernels, remove the recipe.
It could change regulatory domains with iw and wpa_supplicant.
Refs
1. https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/tree/README#n8
2. https://wireless.wiki.kernel.org/en/developers/Regulatory/CRDA
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a missing runtime dependency on python3-ctypes
Add a polkit rule to allow users of group wheel to use blueman without authentification
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fails to link otherwise
ld: cannot find -lhiredis: No such file or directory
collect2: error: ld returned 1 exit status
Signed-off-by: Khem Raj <raj.khem@gmail.com>
configure uses AC_PREPROC_IFELSE to check for certain errors from getaddrinfo()
it user search operation in a preprocessed file
UNIQUEVALS=`sort $ERRVALFILE | uniq | wc -l | awk '{ print $1 }'`
However, line numbers are generated into the preprocesser files and they
get sorted higher than numbers
gaierrval:
# 130 "conftest.c" 3 4
-3
-P ensures that line numbers are not generated into preprocessed files,
so these checks can succeed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It uses python3-config during build to grok the python specific
includedirs, therefore its important to ensure that target specific
python3-config is used, otherwise currently it defaults to native
python3-config which ends up adding native python3 include paths
which might work out ok but is exposed when target is 32bit + lfs
enabled, the headers don't match between native and target python
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It uses python3-config during build to grok the python specific
includedirs, therefore its important to ensure that target specific
python3-config is used, otherwise currently it defaults to native
python3-config which ends up adding native python3 include paths
which might work out ok but is exposed when target is 32bit + lfs
enabled, the headers don't match between native and target python
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Release Notes:
https://www.samba.org/samba/history/samba-4.17.5.html
Drop 0007-waf-Fix-errors-with-Werror-implicit-function-declara.patch
as the issue has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) can recover an RSA private key after observing the victim
performing a single private-key operation, if the window size
(MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392https://nvd.nist.gov/vuln/detail/CVE-2022-46393
Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Mitigate occurence where ':append' operator is used and leading
whitespace character is obviously missing, risking inadvertent
string concatenation.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop backported patches, drop `wscript: Widen the search for tags` as
upstream has merged something similar which means devtool builds now
work.
Add BISONFLAGS support to fix build reproducbility issue.
Drop `--debug` which generates internal debug info.
License-Update: License files moved to separate directory
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Expose all current dnsmasq configuration options in PACKAGECONFIG,
enable i18n generation, filter supplementary systemd files against
DISTRO_FEATURES.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add an option to use Platform Security Architecture for the X.509 and TLS
operations.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
Updated printers:
PTP: Use the proper values for the control field and print un-allocated
values for the message field as "Reserved" instead of "none".
Source code:
smbutil.c: Replace obsolete function call (asctime)
Building and testing:
cmake: Update the minimum required version to 2.8.12 (except Windows).
CI: Introduce and use TCPDUMP_CMAKE_TAINTED.
Makefile.in: Add the releasecheck target.
Makefile.in: Add "make -s install" in the releasecheck target.
Cirrus CI: Run the "make releasecheck" command in the Linux task.
Makefile.in: Add the whitespacecheck target.
Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
Address all shellcheck warnings in update-test.sh.
Makefile.in: Get rid of a remain of gnuc.h.
Documentation:
Reformat the installation notes (INSTALL.txt) in Markdown.
Convert CONTRIBUTING to Markdown.
CONTRIBUTING.md: Document the use of "protocol: " in a commit summary.
Add a README file for NetBSD.
Fix CMake build to set man page section numbers in tcpdump.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Fix the evaluation of the autoconnect retries.
* nm-cloud-setup now preserves addresses added externally.
* Ensure that dnsmasq is stopped after changing the dns backend and
restarting the service.
* Fix honoring an explicit DHCPv6 DUID with dhclient.
* Other various fixes.
* Fixed a bug that caused devices (MACsec in particular) to be stuck in
UNAVAILABLE state and not transition to DISCONNECTED if the carrier was
ready too early.
* Improved interoperability of MACsec with some Aruba switches by allowing
CKN shorter than 64 characters.
* Fixed an assertion failure when restarting NetworkManager with MACsec
links configured.
* Fixed a possible DHCP helper crash when handling failure to connect to
D-Bus.
* Corrected calculation of expiration time for items configured from IPv6
neighbor discovery messages.
* Various fixes for platforms that don't allow unaligned memory access.
* team: also set empty port configuration so teamd
knows about the port.
* team: restore port configuration after teamd respawn.
* dhcp: revert restarting DHCP when MAC address changes,
for example during a bond fail over.
* various documentation fixes.
* fix non-exported ABI in libnm which was wrongly present
in the header files but unusable so far.
* ifcfg-rh: fix writing ethtool pause settings to file.
* core: set "proto static" for manual routing rules configured
by NetworkManager.
* Various minor bugfixes.
* Ensure that resolv.conf gets updated when the configuration changes.
* Fix setting as bond primary an interface that doesn't exist yet when the
bond is activated.
* The number of autoconnect retries is now accounted independently for each
device when there are profiles with multi-connect=multiple.
* Don't print duplicate entries in the output of "NetworkManager
--print-config"
* Fix the ifcfg-rh plugin to properly read infiniband P-Key connection
profiles without an explicit interface name.
* Allow the removal of a bond port connection profile from the bond via
nmcli.
* Fix race condition during the activation of veth profiles when the peer
already exists.
* Decline the DHCPv6 lease if all addresses fail IPv6 duplicate address
detection (DAD).
* Wait that devices get carrier before trying to resolve the system hostname
on them via DNS.
* Fix race condition during the initial activation of OVS interfaces.
* Profiles generated by nm-initrd-generator now have lower than default
priority.
* Fix error when adding many SR-IOV virtual functions (VFs).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
