Changelog:
=========
* initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6".
* core: better handle sd-resolved errors when resolving hostnames.
* nmcli: fix import WireGuard profile with DNS domain and address
family disabled.
* ndisc: send router solicitations before expiry.
* policy: send earlier the ip configs to the DNS manager.
* core: support linking with LLD 13.
* wireguard: importing wg-quick configuration files with nmcli
no longer sets a negative, exclusive "dns-priority". This plays
better with common split DNS setups that use systemd-resolved.
Adjust the "dns-priority" to your liking after import yourself.
* NetworkManager no longer listens for netlink events for traffic
control objects (qdiscs and filters).
* core: add internal nm-priv-helper service for separating privileges
and have a way to drop capabilities from NetworkManager daemon.
* bond: add support for setting queue-id of bond port.
* dns: support configuring DNS over TLS (DoT) with systemd-resolved.
* nmtui: add support for WireGuard profiles.
* nmcli: add aliases `nmcli device up|down` beside connect|disconnect.
* conscious language: Deprecate 'Device.Slaves' D-Bus property in favor of new
'Device.Ports' property. Depracate 'nm_device_*_get_slaves()' in favor of
'nm_device_get_ports()' in libnm.
* nmcli: invoking nmcli command without arguments will now show 'default'
instead of null address in route4 or route6 section.
The following changes were backported to 1.32.x releases between 1.32.0
and 1.32.12 are also present in NetworkManager-1.34:
- 1.32.12:
* Fix wrong order of addresses when restarting NetworkManager.
* Preserve the IPv6 ff00::/8 route added by kernel in the local table,
necessary for multicast communication.
* Fix emitting the signal for changed metered status of devices.
* Fix applying the ethtool autonegotiation and speed settings.
* initrd: fix crash parsing plain '=' without key.
* cloud-setup: use suppress_prefixlength rule to honor
non-default-routes in the main table.
- 1.32.10:
* core: fix the order of IPv6 addresses changing on service restart.
* initrd: add command line option to configure link autonegotiation
and speed.
* ifcfg-rh: fix crash when parsing invalid DNS address.
* ifcfg-rh: extend ifup/ifdown scripts to work with connection profile
names.
* udev: also react to "move" (and "change") udev actions in our rules.
- 1.32.8:
* firewalld: configure zones on "Reloaded" signal.
* core: fix wrong MTU for bridge interfaces.
* cloud-setup: fix gateway address for Aliyun cloud.
- 1.32.6:
* core: fix adding stale local routes when address changes.
* initrd: tag generated profiles with origin in user data.
* core: introduce "allowed-connections" option to disallow
profiles on a device. This allows to filter out profiles
that originate from initrd.
* core: introduce "keep-configuration" device option to forcefully
activate a profile on start.
* dhcp: handle filename/bootfile_name DHCP option and write it to
device state file for initrd/kickstart.
* initrd: add "ib.pkey=" command line option
- 1.32.4:
* core: remove stale entries from "seen-bssids" and "timestamp"
files in "/var/lib/NetworkManager".
* bond: support the peer_notif_delay option.
* core: add ipv[46].required-timeout option to wait for IP
configuration while activating.
* core: send ARP announcements when there is carrier.
* core: start DHCPv6 when a prefix delegation is needed for shared
mode.
* firewall: fix nftables backend to create "ip" table for
IPv4 only.
* initrd: set required-timeout of 20 seconds for default IPv4 configuration
to opportunistically wait for IPv4.
* ifcfg: log warning about invalid keys in ifcfg files.
* ifcfg: reject non-UTF-8 from ifcfg files.
* nmcli: show DNS SEARCH field in device information.
* cloud-setup: add support for Aliyun cloud.
- 1.32.2:
* hostname: prefer IPv4 addresses for reverse DNS lookup.
* dhcp: ignore unauthenticated FORCERENEW messages with
internal, systemd-based DHCPv4 plugin (CVE-2020-13529).
This plugin is not used, unless the undocumented dhcp=systemd
option was set.
* cloud-setup: preserve IP addresses, routes and rules from
currently active connection profile.
* Various bugfixes and performance improvements.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch
removed since it is included in 0.95.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
musl highlights this problem
Fixes
| ../../tnftp-20210827/libedit/chartype.h:47:3: error: wchar_t must store ISO 10646 characters
| #error wchar_t must store ISO 10646 characters | ^
| 1 error generated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Yi Zhao <yi.zhao@windriver.com>
* License-Update: Update copyright years
* Drop tnftp-autotools.patch as the issue had been fixed upstream
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Update SRC_URI to official git repo per [1]
* Refresh patches
* Backport a patch to fix build error with musl
[1] https://wiki.linuxfoundation.org/networking/bridge
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch
as the clang build issue had been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Scapy moved from pycrypto to cryptography in 2.4.0 (commit c24298b).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
refresh 0001-use-pkg-config-for-gcrypt-instead.patch
License-Update:
Url changed
from "https://www.gnu.org/philosophy/why-not-lgpl.html"
to "https://www.gnu.org/licenses/why-not-lgpl.html"
Changelog:
=========
New features
----------------
core: add support of static arrays in hdata
core: add command /toggle
api: add parameters pointers, extra_vars and options in function hdata_search
api: add user variables in evaluation of expressions with "define:name,value"
api: add IRC message parameters "param1" to "paramN" and "num_params" in output of irc_message_parse
irc: allow quotes around IRC message in command /server fakerecv
trigger: hide key and password in command "/msg nickserv setpass nick key password"
trigger: add support of option "-server" when hiding passwords in command /msg nickserv register
Bug fixes
---------------
core: fix memory leak in evaluated expression "split:number,seps,flags,xxx" when multiple "strip_items" are given
core: fix random integer number with large range in evaluation of expressions on GNU/Hurd
core: fix access to integer/long/time arrays in hdata
api: fix search of option when the section is not given in functions config_search_option and config_search_section_option
irc: fix join of channels with long name (issue #1717)
irc: fix parsing of parameters in all IRC messages (issue #1666)
irc: fix parsing of CAP message when there is no prefix (issue #1707)
irc: fix parsing of TAGMSG message when there is a colon before the channel
Documentation
---------------
doc: remove tester's guide
doc: add dark theme (automatic, following browser/desktop settings)
doc: make build reproducible
doc: disable web fonts
doc: switch from prettify to pygments for syntax highlighting
Tests
--------------
core: add build with CMake and Ninja in CI
core: add build on macOS 11 in CI
Build
------------
ruby: add detection of Ruby 3.0 (issue #1721, issue #1605)
core: add targets "changelog" and "rn" to build HTML version of ChangeLog and release notes (CMake build only)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2.2.3:
Bugs fixed
Recent connections disabled after suspend and resume
Service authorization notifications did not respond
Passkeys did not get displayed
2.2.2:
Bugs fixed
Issues with power level bars
Error message in blueman-mechanism
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
drop openssl and gmp from DEPENDS, covered in PACKAGECONFIG
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Not everyone wants this to be installed by default. Enable to remove
cureve25519 is someone wants to.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
There have been a few regressions in the security release 4.14.10:
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
PLEASE [RE-]READ!
The instructions have been updated and some workarounds
initially adviced for 4.14.10 are no longer required and
should be reverted in most cases.
o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable. While this release should fix this bug, it is
adviced to have a look at the bug report for more detailed
information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
Changes since 4.14.10
---------------------
* BUG 14878: Recursive directory delete with veto files is broken.
* BUG 14879: A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory.
* BUG 14656: Spaces incorrectly collapsed in ldb attributes.
* BUG 14694: Ensure that the LDB request has not timed out during filter
processing as the LDAP server MaxQueryDuration is otherwise not honoured.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-
deletable.
* BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk
* BUG 14922: Kerberos authentication on standalone server in MIT realm
broken.
* BUG 14923: Segmentation fault when joining the domain.
* BUG 14903: Support for ROLE_IPA_DC is incomplete.
* BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
smbd_smb2_ioctl_send.
* BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14694: Ensure that the LDB request has not timed out during filter
processing as the LDAP server MaxQueryDuration is otherwise not honoured.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
Fix error in example firewall.sh script
configure: remove useless -Wno-* from default CFLAGS
Add argv_insert_head__empty_argv__head_only to argv tests
Move deprecation of SWEET32/64bit block size ciphers to 2.7
Include --push-remove in the output of --help.
Move '--push-peer-info' documentation from 'server' to 'client options'
add test case(s) to notice 'openvpn --show-cipher' crashing
BUILD: enable CFG and Spectre mitigation for MSVC
Fix loading PKCS12 files on Windows
msvc: fix product version display
msvc: add missing header to project file
config-msvc.h: fix OpenSSL-related defines
contrib/vcpkg-ports: remove openssl port
GitHub Actions: use latest working lukka/run-vcpkg
Use network address for emulated DHCP server as a default
Load OpenSSL config on Windows from trusted location
ring_buffer.h: fix GCC warning about unused function
ssh_openssl.h: remove unused declaration
vcpkg/pkcs11-helper: compatibility with latest vcpkg
config-msvc.h: indicate key material export support
Don't use BF-CBC in unit tests if we don't have it
Define have_blowfish variable in ncp unit tests
doc link-options.rst: Use free open-source dynamic-DNS provider URL
Fix some more wrong defines in config-msvc.h
Ensure the current common_name is in the environment for scripts
Require EC key support in Windows builds
resolvconf fails with -p
Update IRC information in CONTRIBUTING.rst
doc/man (vpn-network-options): fix foreign_option_{n} typo
README.down-root: Fix plugin module name
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
refresh arm_eabi.patch
Changelog:
==========
Enhancements
-Add support for NTPv4 extension field improving synchronisation stability and
resolution of root delay and dispersion (experimental)
-Add support for NTP over PTP (experimental)
-Add support for AES-CMAC and hash functions in GnuTLS
-Improve server interleaved mode to be more reliable and support multiple clients behind NAT
-Update seccomp filter
-Add statistics about interleaved mode to serverstats report
Bug fixes
-Fix RTC support with 64-bit time_t on 32-bit Linux
-Fix seccomp filter to work correctly with bind*device directives
-Suppress kernel adjustments of system clock (dosynctodr) on illumos
Other changes
-Switch Solaris support to illumos
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
mctpd ships with an example dbus service configuration, so install in
the dbus system configuration dir.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We have a tag for 1.0, now: better handling of local stack configuration
at runtime, and the 5.15 kernel header change has been integrated.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
dhcp-relay needs a fresh tarball of bind unpacked in ${S}, but this is
done by fetching the tarball to ${WORKDIR}, then in do_configure moving
it to ${S} and unpacking it.
If dhcp-relay is re-configured, the tarball no longer exists in ${WORKDIR}
so this fails. Copy instead of moving so rebuilds work.
Also don't rename the downloaded file to just bind.tar.gz as that can
cause probems if the version changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
changelog:
=========
* src/snort.c :
Fixed an issue where verdict will be applied onto next session when timeout
occurs in some scenarios.
* rc/file-process/file_service.c :
Removed an excessively flooding log.
* src/dynamic-preprocessors/modbus/modbus_decode.c :
Fixed possible integer overflow.
* src/fpcreate.c :
Added fix to GCC compiled snort to use AC-BNFA-Q search-method when Intel-cpm
is enabled.
* src/generators.h
src/preprocessors/Stream6/snort_stream_tcp.c :
Added fix to not to drop packets when window size is 0 by TCP normalizer
and Added new alert with GID 129 and SID 21 when such packets are seen.
* src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c
src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c :
Added support for Appid to detect login success and failure for IMAP and POP3
protocols.
* src/dynamic-preprocessors/reputation/reputation_config.c
src/dynamic-preprocessors/reputation/spp_reputation.c
src/dynamic-preprocessors/reputation/spp_reputation.h
src/pkt_tracer.c
src/snort.c
src/util.c :
Fixed terminology to be bias-free in log/error messages.
* src/snort.c :
Fixed a potential race condition.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commit hash is pointing out to the tag v4.0, not 2.1.0.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This dependency is already handled through a PACKAGECONFIG so there is
no need for it in DEPENDS anymore.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also fix patch contributor name in the process of reworking it to apply
on the new 1.2.1 release (I had accidentally modified it when reworking
it previously).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: year updated to 2021.
Changelog
==========
This version fixes some really old issues, the most significant one being
excessive memory use for large memory listings.
When virtual quotas were used, transfers were not aborted after the limit was
reached; files were only removed at the end of a transfer. That should now be fixed.
Support for MD5, SHA1 and the MySQL PASSWORD() function were removed for
password hashing. You should now use scrypt, argon2 or the system crypt(3) function.
The server used to reject class E reserved network ranges. People reported that
Linux containers may use them, so this is now accepted.
Finally, it is now possible to recursively include additional files in a
configuration file, with the new Include directive.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Replace the configure tests UNKNOWN answers with the correct answers.
Then drop the related patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib -name \*cpython\*
/usr/lib/pkgconfig/samba-policy.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so
/usr/lib/samba/libsamba-python.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/samba/libsamba-net.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so
[snip]
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/
/usr/lib/pkgconfig/samba-policy.pc
/usr/lib/libsamba-policy.so
/usr/lib/samba/libsamba-python-samba4.so
/usr/lib/samba/libsamba-net-samba4.so
/usr/lib/libsamba-policy.so.0
/usr/lib/libsamba-policy.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.so
/usr/lib/python3.10/site-packages/samba/dsdb.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.so
/usr/lib/python3.10/site-packages/samba/_ldb.so
/usr/lib/python3.10/site-packages/samba/gensec.so
[snip]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/ -name \*ldb\*
/usr/lib/pkgconfig/pyldb-util.cpython-310-x86_64-linux-gnu.pc
/usr/lib/pkgconfig/ldb.pc
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so.2.3.2
/usr/lib/libldb.so.2.3.2
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so.2
/usr/lib/libldb.so
/usr/lib/libldb.so.2
/usr/lib/python3.10/site-packages/_ldb_text.py
/usr/lib/python3.10/site-packages/ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/ -name \*ldb\*
/usr/lib/pkgconfig/pyldb-util.pc
/usr/lib/pkgconfig/ldb.pc
/usr/lib/libpyldb-util.so.2.3.2
/usr/lib/libldb.so.2.3.2
/usr/lib/libpyldb-util.so.2
/usr/lib/libldb.so
/usr/lib/libldb.so.2
/usr/lib/python3.10/site-packages/_ldb_text.py
/usr/lib/python3.10/site-packages/ldb.so
/usr/lib/libpyldb-util.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/python3.10/ -name \*tevent\*.so
/usr/lib/python3.10/site-packages/_tevent.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/_tevent.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/python3.10/ -name \*tevent\*.so
/usr/lib/python3.10/site-packages/_tevent.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/python3.10/ -name tdb\*
/usr/lib/python3.10/site-packages/tdb.so
/usr/lib/python3.10/site-packages/tdb.cpython-310-x86_64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/python3.10/ -name tdb\*
/usr/lib/python3.10/site-packages/tdb.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib -name \*talloc\*
/usr/lib/pkgconfig/talloc.pc
/usr/lib/pkgconfig/pytalloc-util.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so.2.3.3
/usr/lib/libtalloc.so.2
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so.2
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so
/usr/lib/libtalloc.so
/usr/lib/libtalloc.so.2.3.3
/usr/lib/python3.10/site-packages/talloc.cpython-310-x86_64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib -name \*talloc\*
/usr/lib/pkgconfig/talloc.pc
/usr/lib/pkgconfig/pytalloc-util.pc
/usr/lib/libpytalloc-util.so.2.3.3
/usr/lib/libtalloc.so.2
/usr/lib/libpytalloc-util.so.2
/usr/lib/libpytalloc-util.so
/usr/lib/libtalloc.so
/usr/lib/libtalloc.so.2.3.3
/usr/lib/python3.10/site-packages/talloc.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes:
Automatically extract new version from GIT tag
Fixes:
Avoid trying to delete inactive VIFs. Fixing an annoying bogus error:
"Failed deleting VIF for iface lo: Resource temporarily unavailable"
Fix#171: too small string buffer for IPv6 address causing garbled
output in periodic expiry callback
Fix too small buffer for IPv6 address in mroute display functions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change makes the server use AES-256-GCM instead of BF-CBC as the default
cipher for the VPN tunnel. To avoid breaking existing running configurations
defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains
the BF-CBC in addition to AES-CBC. This makes it possible to migrate
existing older client configurations one-by-one to use at least AES-CBC unless
the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically)
Upstream-Status: Backport [https://src.fedoraproject.org/rpms/openvpn/blob/rawhide/f/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Strongswan failed to startup because there is no kernel module named
ipsec. Add basic kernel modules required by strongswan per [1].
[1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules,
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fetchmail-6.4.23 (released 2021-10-31, 30206 LoC):
For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
- no matter its contents - and that set auth ssh), change the STARTTLS
error message to suggest sslproto '' instead.
This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
Fixes Redhat Bugzilla 2008160. Fixes GitLab #39.
License-Update:
Add "SSL library considerations" to COPYING.
Format of COPYING changed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It seems to require asciidoctor and currently does not build
until someone fixes it, disable it for cosnsitency.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NTPsec, "a secure, hardened, and improved implementation of Network Time
Protocol derived from NTP Classic, Dave Mills’s original."
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rename /etc/init.d/opensafd to /usr/lib/opensaf/opensafd-init as it is
needed by opensafd.service, but /etc/init.d is removed by
systemd.bbclass if sysvinit is not in DISTRO_FEATURES.
Note that this will not actually make the initscript and service file
work since they depend on /lib/lsb/init-functions, which does not exist
since the lsb recipe was removed from OE-Core.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
/var/log/cluster will be created in runtime.
This also drops the removal of the /var/run directory as it is no
longer created in the first place.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These features were removed in commit 5c051f84 (corosync: Update to
3.0.3), but some code still remained.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The hardcoded path /lib/netplan causes a runtime error on multilib
image:
$ netplan try
An error occurred: [Errno 2] No such file or directory: '/lib/netplan/generate'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
atftp-0.7.5
===========
README: update contributors list
text files: mark/convert all textfiles to UTF-8
fix some compiler warnings
fix buffer overflow in atftpd (CVE-2021-41054)
insert typos.patch
insert atftp-0.7-ack_heuristic.patch
insert atftp-0.7-server_receive_race.patch
insert patch atftp-0.7-sorcerers_apprentice.patch
test.sh: check for root no longer necessary
Merge commits from https://github.com/srett/atftp
=================================================
tftpd.c: Only drop privs if requested or running as root + check for failure
fix invalid read of 1 byte in tftp_send_request.
Check return value of fseek(), abort if != 0
options.c: Proper fix for the read-past-end-of-array
configure.ac: Add -std=gnu89 if gcc/clang is detected
tftpd.c: Fix memleak if thread spawning fails
atftp: Check return value of fgets, buffer might be uninitialized on NULL
Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H)
replace LICENSE with current version
License-Update:
1. Address changed
2. "the GNU Library General Public License" changed to
"the GNU Lesser General Public License"
3. Format of LICENSE changed
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change adds a recipe for the Management Component Transport
Protocol userspace utilities. This contains:
- the command-line 'mctp' tool, similar to 'ip', for setting up links,
assigning local address and configuring routing.
- an optional 'mctpd' daemon, which implements the MCTP control
protocol, and manages remote address assignment.
The latter depends on systemd (for sdbus), so use a
PACKAGECONFIG[systemd] for the conditional service installation.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
autofs-5.1.8 changelog:
- add xdr_exports().
- remove mount.x and rpcgen dependencies.
- dont use realloc in host exports list processing.
- use sprintf() when constructing hosts mapent.
- fix mnts_remove_amdmount() uses wrong list.
- Fix option for master read wait.
- eliminate cache_lookup_offset() usage.
- fix is mounted check on non existent path.
- simplify cache_get_parent().
- set offset parent in update_offset_entry().
- remove redundant variables from mount_autofs_offset().
- remove unused parameter form do_mount_autofs_offset().
- refactor umount_multi_triggers().
- eliminate clean_stale_multi_triggers().
- simplify mount_subtree() mount check.
- fix mnts_get_expire_list() expire list construction.
- fix inconsistent locking in umount_subtree_mounts().
- fix return from umount_subtree_mounts() on offset list delete.
- pass mapent_cache to update_offset_entry().
- fix inconsistent locking in parse_mount().
- remove unused mount offset list lock functions.
- eliminate count_mounts() from expire_proc_indirect().
- eliminate some strlen calls in offset handling.
- don't add offset mounts to mounted mounts table.
- reduce umount EBUSY check delay.
- cleanup cache_delete() a little.
- rename path to m_offset in update_offset_entry().
- don't pass root to do_mount_autofs_offset().
- rename tree implementation functions.
- add some multi-mount macros.
- remove unused functions cache_dump_multi() and cache_dump_cache().
- add a len field to struct autofs_point.
- make tree implementation data independent.
- add mapent tree implementation.
- add tree_mapent_add_node().
- add tree_mapent_delete_offsets().
- add tree_mapent_traverse_subtree().
- fix mount_fullpath().
- add tree_mapent_cleanup_offsets().
- add set_offset_tree_catatonic().
- add mount and umount offsets functions.
- switch to use tree implementation for offsets.
- remove obsolete functions.
- remove redundant local var from sun_mount().
- use mount_fullpath() in one spot in parse_mount().
- pass root length to mount_fullpath().
- remove unused function master_submount_list_empty().
- move amd mounts removal into lib/mounts.c.
- check for offset with no mount location.
- remove mounts_mutex.
- remove unused variable from get_exports().
- add missing free in handle_mounts().
- remove redundant if check.
- fix possible memory leak in master_parse().
- fix possible memory leak in mnts_add_amdmount().
- fix double unlock in parse_mount().
- add length check in umount_subtree_mounts().
- fix flags check in umount_multi().
- dont try umount after stat() ENOENT fail.
- remove redundant assignment in master_add_amd_mount_section_mounts().
- fix dead code in mnts_add_mount().
- fix arg not used in error print.
- fix missing lock release in mount_subtree().
- fix double free in parse_mapent().
- refactor lookup_prune_one_cache() a bit.
- cater for empty mounts list in mnts_get_expire_list().
- add ext_mount_hash_mutex lock helpers.
- fix amd section mounts map reload.
- fix dandling symlink creation if nis support is not available.
- dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT.
- fix lookup_prune_one_cache() refactoring change.
- fix amd hosts mount expire.
- fix offset entries order.
- use mapent tree root for tree_mapent_add_node().
- eliminate redundant cache lookup in tree_mapent_add_node().
- fix hosts map offset order.
- fix direct mount deadlock.
- add missing description of null map option.
- fix nonstrict offset mount fail handling.
- fix concat_options() error handling.
- eliminate some more alloca usage.
- use default stack size for threads.
- fix use of possibly NULL var in lookup_program.c:match_key().
- fix incorrect print format specifiers in get_pkt().
- add mapent path length check in handle_packet_expire_direct().
- add copy length check in umount_autofs_indirect().
- add some buffer length checks to master map parser.
- add buffer length check to rmdir_path().
- eliminate buffer usage from handle_mounts_cleanup().
- add buffer length checks to autofs mount_mount().
- make NFS version check flags consistent.
- refactor get_nfs_info().
- also require TCP_REQUESTED when setting NFS port.
0001-Do-not-hardcode-path-for-pkg.m4.patch refreshed.
autofs-5.1.7-use-default-stack-size-for-threads.patch
removed since it is included in 5.1.8.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also organize the recipe to to match OE style
Remove PYTHON_PN from DEPENDS, setuptools should be enough
Correct setting LIC_FILES_CHKSUM
Move setting git SHA to SRCREV
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Marco Cavallini <m.cavallini@koansoftware.com>
Cc: Martin Jansa <martin.jansa@gmail.com>
Add openssl PACKAGECONFIG back as the openssl 3.0 compatibility issue
has been fixed.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ifenslave (2.13) unstable; urgency=medium
* QA upload.
[ Guillem Jover ]
* Fix MAC address setting messed up by udev for bond interfaces.
(Closes: #949062)
* Use ifquery instead of example contrib script ifstate. (Closes: #991930)
* Fix ifquery redirections.
* Bump Standards-Version to 4.6.0 (no changed needed).
* Remove long supported Linux version requirements from Description.
[ Sami Haahtinen ]
* Use correct argument in setup_slave_device(). (Closes: #968368)
[ Oleander Reis ]
* Handle slave definitions of interfaces with no bond settings.
(Closes: #990428)
* Delete bond interfaces on ifdown -a. (Closes: #992102)
-- Guillem Jover <guillem@debian.org> Sun, 17 Oct 2021 06:02:55 +0200
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021.10.04 -- Version 2.5.4
Antonio Quartulli (3):
route.c: pass the right parameter to IN6_IS_ADDR_UNSPECIFIED
configure: search also for rst2{man, html}.py
networking: add networking API net_addr_ll_set() and use it on Linux
Arne Schwabe (1):
Move examples into openvpn-examples(5) man page
David Korczynski (1):
Fix argv leaks in add_route() and add_route_ipv6()
David Sommerseth (2):
doc: Use generic rules for man/html generation
man: Clarify IV_HWADDR
Gert Doering (1):
Add error reporting to get_console_input_win32().
Lev Stipakov (3):
Fix console prompts with redirected log
Add building man page on Windows
GitHub Actions: remove Ubuntu 16.04 environment
Max Fillinger (1):
Update Fox e-mail address in copyright notices
Selva Nair (1):
Minor doc correction: tls-crypt-v2 key generation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
v2.5.3 Changes
New tests to verify add/del of IPv4/IPv6 routes in kernel MFC
Fixes
Fix#166: build warning with gcc 10.2.1: "comparison is always true due to limited range of data type"
Fix build warning with --disable-mrdisc configure option
Fix#167: cannot remove routes added with smcroutectl add, only affects add/del at runtime with smcroutectl, not .conf reload
Fix#168: build problem on Debian/kFreeBSD, used wrong queue.h
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The main repo is sourced from git://git.openembedded.org not github.
Don't think oe-core.git exists.
Lets be constent across all sub layers.
Drop Revisions and Prioriiy from repo references as they are not used.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
configure.ac:1: error: possibly undefined macro: dnl
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
../firewalld-0.9.4/configure: line 3408: pkg.m4: command not found
../firewalld-0.9.4/configure: line 3422: syntax error near unexpected token `0.16'
../firewalld-0.9.4/configure: line 3422: ` PKG_PROG_PKG_CONFIG(0.16)'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These site files are only there for single recipe, move the data to
recipe and use SITEINFO_ENDIANNESS to choose right option and pass it
to configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
One file is BSD-1-Clause while another is BSD-4-Clause
Set and check accourdingly
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Features
Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support.
ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones.
Fix: Resolve interface names on control-interface too.
Merge #470 from edevil: Allow configuration of persistent TCP connections.
Fix#474: always_null and others inside view.
Add that log-servfail prints an IP address and more information about one of the last failures for that query.
Merge #478: Allow configuration of TCP timeout while waiting for response.
Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes.
zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone.
Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
Merge PR #491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https.
Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version 2.86
Handle DHCPREBIND requests in the DHCPv6 server code.
Thanks to Aichun Li for spotting this omission, and the initial
patch.
Fix bug which caused dnsmasq to lose track of processes forked
to handle TCP DNS connections under heavy load. The code
checked that at least one free process table slot was
available before listening on TCP sockets, but didn't take
into account that more than one TCP connection could
arrive, so that check was not sufficient to ensure that
there would be slots for all new processes. It compounded
this error by silently failing to store the process when
it did run out of slots. Even when this bug is triggered,
all the right things happen, and answers are still returned.
Only under very exceptional circumstances, does the bug
manifest itself: see
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
Thanks to Tijs Van Buggenhout for finding the conditions under
which the bug manifests itself, and then working out
exactly what was going on.
Major rewrite of the DNS server and domain handling code.
This should be largely transparent, but it drastically
improves performance and reduces memory foot-print when
configuring large numbers domains of the form
local=/adserver.com/
or
local=/adserver.com/#
Lookup times now grow as log-to-base-2 of the number of domains,
rather than greater than linearly, as before.
The change makes multiple addresses associated with a domain work
address=/example.com/1.2.3.4
address=/example.com/5.6.7.8
It also handles multiple upstream servers for a domain better; using
the same try/retry algorithms as non domain-specific servers. This
also applies to DNSSEC-generated queries.
Finally, some of the oldest and gnarliest code in dnsmasq has had
a significant clean-up. It's far from perfect, but it _is_ better.
Revise resource handling for number of concurrent DNS queries. This
used to have a global limit, but that has a problem when using
different servers for different upstream domains. Queries which are
routed by domain to an upstream server which is not responding will
build up and trigger the limit, which breaks DNS service for
all other domains which could be handled by other servers. The
change is to make the limit per server-group, where a server group
is the set of servers configured for a particular domain. In the
common case, where only default servers are declared, there is
no effective change.
Improve efficiency of DNSSEC. The sharing point for DNSSEC RR data
used to be when it entered the cache, having been validated. After
that queries requiring the KEY or DS records would share the cached
values. There is a common case in dual-stack hosts that queries for
A and AAAA records for the same domain are made simultaneously.
If required keys were not in the cache, this would result in two
requests being sent upstream for the same key data (and all the
subsequent chain-of-trust queries.) Now we combine these requests
and elide the duplicates, resulting in fewer queries upstream
and better performance. To keep a better handle on what's
going on, the "extra" logging mode has been modified to associate
queries and answers for DNSSEC queries in the same way as ordinary
queries. The requesting address and port have been removed from
DNSSEC logging lines, since this is no longer strictly defined.
Connection track mark based DNS query filtering. Thanks to
Etan Kissling for implementing this It extends query filtering
support beyond what is currently possible
with the `--ipset` configuration option, by adding support for:
1) Specifying allowlists on a per-client basis, based on their
associated Linux connection track mark.
2) Dynamic configuration of allowlists via Ubus.
3) Reporting when a DNS query resolves or is rejected via Ubus.
4) DNS name patterns containing wildcards.
Disallowed queries are not forwarded; they are rejected
with a REFUSED error code.
Allow smaller than 64 prefix lengths in synth-domain, with caveats.
--synth-domain=1234:4567::/56,example.com is now valid.
Make domains generated by --synth-domain appear in replies
when in authoritative mode.
Ensure CAP_NET_ADMIN capability is available when
conntrack is configured. Thanks to Yick Xie for spotting
the lack of this.
When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which
files within that directory are read (alphabetical order
of filename). Thanks to Ed Wildgoose for the initial patch
and motivation for this.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
STABLE RELEASE 1.0.5:
- Add --no-solicit option to skip sending the discovery packet.
- Ignore multicast advertisements when discovery was sent as unicast
- Since its point release, no need to use +git${SRCPV} in PV it can be
absolute
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently, viewing the help text with snmpd -h results in snmpd being
started in the background.
$ snmpd -h
Usage: snmpd [OPTIONS] [LISTENING ADDRESSES]
[snip]
$ ps -ef | grep snmpd
root 1477 1 0 05:46 ? 00:00:00 snmpd -h
Backport a patch to fix this issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
From the changelog (https://marc.info/?l=netfilter&m=162939459210790&w=2):
- Catch-all set element support: This allows users to define the
special wildcard set element for anything else not defined in
the set
- Define variables from the command line through --define
- Allow to use stateful expressions in maps
- Add command to list the netfilter hooks pipeline for a given packet
family. If device is specified, then ingress path is also included
- Allow to combine jhash, symhash and numgen expressions with the
queue statement, to fan out packets to userspace queues via
nfnetlink_queue
- Expand variable containing set into multiple mappings
- Allow to combine verdict maps with interval concatenations
- Simplify syntax for NAT mappings. You can specify an IP range, or a
specific IP and port, or a combination of range of IP addresses and
ports
- Bugfixes
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
To drop root privileges on Linux-based systems, chrony requires a
standard user to switch to and the use of capabilities. Fix up the
privdrop packageconfig to account for this.
Signed-off-by: Easwar Hariharan <easwar.hariharan@microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
bmon is a monitoring and debugging tool to capture networking
related statistics and prepare them visually in a human friendly way
Signed-off-by: Patrick Areny <patrick.areny@notiloplus.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libconfuse a configuration file parser library written in C
Used by bmon network monitor.
Signed-off-by: Patrick Areny <patrick.areny@notiloplus.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 2 seccomp patches as seccomp sandbox policy tweaks in new version [1].
[1] https://security.appspot.com/vsftpd/Changelog.txt
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Handle-enum-element-override.patch
removed since it is included in 0.103
Add patch to fix bug for 32bit format string bug.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
===============================================
NetworkManager-1.32.8
Overview of changes since NetworkManager-1.32.6
===============================================
* firewalld: configure zones on "Reloaded" signal.
* core: fix wrong MTU for bridge interfaces.
* cloud-setup: fix gateway address for Aliyun cloud.
===============================================
NetworkManager-1.32.6
Overview of changes since NetworkManager-1.32.4
===============================================
* core: fix adding stale local routes when address changes.
* initrd: tag generated profiles with origin in user data.
* core: introduce "allowed-connections" option to disallow
profiles on a device. This allows to filter out profiles
that originate from initrd.
* core: introduce "keep-configuration" device option to forcefully
activate a profile on start.
* dhcp: handle filename/bootfile_name DHCP option and write it to
device state file for initrd/kickstart.
* initrd: add "ib.pkey=" command line option
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of
messages logged to buffered outputs, predominantly --logfile.
This also caused lines in the logfile to run into one another because
the fragment containing the '\n' line-end character was usually lost.
Reason is that on all modern systems (with <stdarg.h> header and vsnprintf()
interface), the length of log message fragments was added up twice, so
that these ended too deep into a freshly allocated buffer, after the '\0'
byte. Unbuffered outputs flushed the fragments right away, which masked the
bug.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add them to PACKAGECONFIG if enable selinux distro feature.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch is the result of running the latest convert-ovrrides.py
script.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: curlpp.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: netsnmp-agent.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
v1.44.0 changelog:
lib: Port new ngtcp2 map implementation
doc: Replace master with main
build: Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS
build: Add more --with-* configure flags
build: Add LIBTOOL_LDFLAGS configure variable
third-party: Bump llhttp to 6.0.2
src: Replace black-list with block-list
nghttpx: Fix max distance in weight group/address cycle comparison
nghttpx: Set connect_blocker and live_check after shuffling addresses
nghttpx: Replace master with main
nghttpx: Remove trailing white space after $method log variable
(https://github.com/nghttp2/nghttp2/pull/1553)
h2load: Add --rps option
(https://github.com/nghttp2/nghttp2/pull/1559)
h2load: Allow unit in -D option
asio: fix some typos (Patch from Jan Kundrát)
(https://github.com/nghttp2/nghttp2/pull/1550)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
add note:
** NOTE! The following LGPL license applies to the talloc
** library. This does NOT imply that all of Samba is released
** under the LGPL
"GNU General Public License" changed to "GNU Lesser General Public License"
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin.
- Added AES_CCM and SHA-3 signature support to openssl plugin.
- The x509 and openssl plugins now consider the authorityKeyIdentifier, if
available, before verifying signatures, which avoids unnecessary signature
verifications after a CA key rollover if both certificates are loaded.
- The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which
previously depended on a version check.
- charon-nm now supports using SANs as client identities, not only full DNs.
- charon-tkm now handles IKE encryption.
- A MOBIKE update is sent again if a a change in the NAT mappings is detected
but the endpoints stay the same.
- Converted most of the test case scenarios to the vici interface
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bug fix only release.
$ git shortlog --grep "^fix" v0.9.3..v0.9.4
Eric Garver (10):
fix(dbus): conf: setting deprecated properties should be ignored
fix(dbus): properties: IPv4 and IPv6 should be true if using nftables
fix(fw): when checking tables make sure to check the actual backend
fix(ipset): nftables: use interval flag for "ip" types
fix(rpm): applet: don't replace config modified by admin
fix(rpm): logrotate: don't replace config modified by admin
fix(ipv6_filter): match fwmark
fix(direct): rule order with multiple address with -s/-d
fix(nm): reload: only consider NM connections with a real interface
fix(policy): warn instead of error for overlapping ports
Fabrizio D'Angelo (1):
fix(ipset): fix hash:net,net functionality
Robert Richmond (1):
fix(ipset): entry delete with timeout
Ye Shu (1):
fix(applet): Show a basic tooltip instead of HTML
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Did not find hints upstream but musl build turned painless!
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Manually refresh 0002-fix-fail-to-enable-bluetooth.patch - it did not apply
2.2.1
Bugs fixed
Hard dependency of DBusService on NetworkManager
2.2
New features
Disconnect items in applet menu (plugin)
Desktop notifications on connect / disconnect (plugin)
Notifications with battery level for connecting devices (applet plugin)
Stop discovery and retry connection for broken adapter drivers
Auto-connect settings for supported services
Changes
Drop blueman-report
Drop blueman-assistant
Raise minimum Python version to 3.6
Raise GTK+ 3 version to 3.22
Raise minimum BlueZ version to 5.48
Allow opening device menus via keyboard (Shift+F10 or menu key)
Add Ctrl+Q and Ctrl+W accelerators for closing blueman-manager
Allow cancelling device connection attempts
Improved passkey handling (fixed padding, highlighting, single notifitication)
Hide devices with no name
Bugs fixed
Fix disconnecting NMDevice
Exceptions from asynchronous DBus calls (getting picked up by tools like Apport or ABRT)
DiscvManager plugin showed its icon unreliably
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add libparse-yapp-perl to RDEPENDS for pidl.
Fixes:
$ pidl
Can't locate Parse/Yapp/Driver.pm in @INC (you may need to install the Parse::Yapp::Driver module)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The shebang in pidl points to wrong location:
$ pidl
-sh: /usr/bin/pidl: /buildarea/build/tmp-glibc/hosttools/env: bad interpreter: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When using systemd, ntpdate-sync script will start in background
triggering the start of ntpd without actually exiting.
This results in an bind error in ntpd startup.
Add wait at the end of ntpdate script to ensure that when the ntpdate.service
is marked as finished the oneshot script ntpdate-sync finished and unbind the
ntp port
Fixes#386
Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.
Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We're not living in a perfect world so avoid build failures like:
ERROR: samba-4.14.5-r0 do_package_qa: QA Issue: samba-pidl contains perllocal.pod (/usr/lib/perl5/5.34.0/x86_64-linux/perllocal.pod), should not be installed [perllocalpod]
ERROR: samba-4.14.5-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Due to the sed commands in do_install_append() that removed
${STAGING_DIR_HOST} and it being empty when building for native, it was
impossible to add support for building this as native using a bbappend.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove the explicit dependency on libnl as the libnl PACKAGECONFIG
depends on it as necessary.
* Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF
directly.
* Sort the PACKAGECONFIGs.
* Some whitespace clean up.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Configure the recipe to use the module_install function from the module
source code and remove the overriden modules_install function from the
recipe.
Using the default modules_install (instead of the function defined in
the recipe file) the module is signed when DISTRO_FEATURE contains modsign.
Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: notice.html does not exist in this version, use NOTICE.md to
check.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes cif-utils recipe build when DISTRO_FEATURES includes 'usrmerge'
Add do_configure_prepend() to override ROOTSSBINDIR environment variable
so that the utilities are installed in /usr/sbin rather than /sbin.
Setting --exec-prefix or --prefix in EXTRA_OECONF does not work.
Update do_install_append() to NOT remove /usr/bin /usr/sbin if usrmerge
is set in DISTRO_FEATURES
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For distros that want to use the ENABLE_LIB_ONLY option, the rm call
will fail, because ENABLE_HPACK_TOOLS (set implicitly as part of
ENABLE_LIB_ONLY) removes those two binaries from the build, so they then
can't be removed again. This commit sets ENABLE_HPACK_TOOLS=OFF, which not
only allows for the option to be overridden in other meta layers, also
allows a simplified use of ENABLE_LIB_ONLY in meta layers that don't
want to ship the binaries.
Signed-off-by: Ed Tanous <ed@tanous.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes since 4.4.2 (Bug Fixes)
Corrected a buffer overwrite possible when parsing hexadecimal
literals with more than 1024 octets. Reported by Jon Franklin from Dell,
and also by Pawel Wieczorkiewicz from Amazon Web Services.
[Gitlab #182]
CVE: CVE-2021-25217
See: https://downloads.isc.org/isc/dhcp/4.4.2-P1/dhcp-4.4.2-P1-RELNOTES
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable backtrace in bundled bind to fix build error for qemuarm on
musl.
Fixes:
bind/bind-9.11.32/lib/isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update the bundled bind from 9.11.14 to 9.11.32.
Fixes build error on qemuarmv5:
stats.c: In function 'setcounter':
stats.c:300:36: error: 'val' undeclared (first use in this function); did you mean 'value'?
300 | stats->counters[counter] = val;
| ^~~
| value
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-dbus-Remove-unused-variabes.patch
0002-Makefile-Exclude-.h-files-from-target-rule.patch
Removed since these are included in 0.102.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are some options are deprecated in smb.conf.
Refer to
https://salsa.debian.org/samba-team/samba/-/blob/master/debian/smb.conf
to update it.
* Remove the deprecated "syslog only" and "syslog" global options and
replace them with the "logging" statement.
* Remove wins support and wins server comments since WINS protocol is
outdated.
* Improve idmap config
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The 4.10.x is EOL: https://wiki.samba.org/index.php/Samba_Release_Planning
Upgrade to latest 4.14.x.
Remove PACKAGECONFIG[gnutls] since the gnutls is now the mandatory
requirement for samba. See:
https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Mandatory
Refresh patches:
16-do-not-check-xsltproc-manpages.patch
20-do-not-import-target-module-while-cross-compile.patch
21-add-config-option-without-valgrind.patch
0001-Add-options-to-configure-the-use-of-libbsd.patch
dnsserver-4.7.0.patch
iconv-4.7.0.patch
0001-samba-fix-musl-lib-without-innetgr.patch
Drop patches:
0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch
0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch
0001-waf-add-support-of-cross_compile.patch
0002-util_sec.c-Move-__thread-variable-to-global-scope.patch
CVE-2020-14318.patch
CVE-2020-14383.patch
glibc_only.patch
smb_conf-4.7.0.patch
Add new patches:
0007-wscript_configure_system_gnutls-disable-check-gnutls.patch
0008-source3-wscript-disable-check-fcntl-F_OWNER_EX.patch
source3-wscript-disable-check-fcntl-RW_HINTS.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable the options by default, as we use different compilers there are
more warnings to handle then upstream
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade libnftnl in preparation for the upgrade of nftables, since the
latter requires libnftnl >= 1.2.0.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The bundled libtool files are arcane and do not work in OE cross build
environment, resulting in creating wrong entried in DT_NEEDED section
as well as emitting build paths into rpaths into ELF files, therefore
copy the OE provided libtool files to fix this issue
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This tracks the official scapy project.
includes ptest
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
vendored version of bind is quite old which does not have all newer
architecture info like riscv in gnu-config files captured in the bind
tarball, therefore update these files before configuring bundled bind
Fixes build on rv32/rv64
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Yi Zhao <yi.zhao@windriver.com>
The current default dhcp server kea in oe-core doesn't provide
dhcp-relay tool. Add a recipe to provide dhcrelay which is from dhcp.
This patch is picked up from dhcp recipe with some tweaks. In order to
fix the build dependency, we use bundled bind instead of external bind.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Native python is being probed on some builds
Fixes
recipe-sysroot-native/usr/share/cmake-3.20/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS)
(Required is exact version "3.8")
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-m4-sctp.m4-make-conpatible-to-autoconf-2.70.patch
Removed since this is included in 1.0.19.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Header-only C++14 library that gives you an embedded HTTP server.
Signed-off-by: Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
HTTP request/response parser for C.
Signed-off-by: Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit brings the version of ufw up to 0.36 since version 0.33
had some problems:
* The setup.py calls sed to replace some variables in the source
code with the correct paths. However, this is done using a hardcoded
path and conflicts with distutils
* The python shebang was not properly corrected in setup.py, leading
to a script that only run if there is a python symlink to python2 or
python3
The first issue is addressed by the bump in version, while the second
one is fixed in patch 0003 of the recipe.
Also, the new version provides examples for systemd service and
sysvinit scripts to autostart ufw. These are added into the recipe
now.
Signed-off-by: Silcet <camorga1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
this is another option for reproducibility which can be used by
compilers, and here consider processing it as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: Change distribition to distribution.
Specific permission is granted for the GPLed code in this distribution to be linked to OpenSSL without invoking GPL clause 2(b).
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[meta-openembedded ticket #327] --
https://github.com/openembedded/meta-openembedded/issues/327
The python version in the shebang at the begining of the ufw script
should be the same one as the version the setup.py script was called
with.
The fix in patch "setup-only-make-one-reference-to-env.patch"
depends on sys.executable returning "/usr/bin/env pythonX". However,
it returns "/usr/bin/pythonX". Using sys.version_info we can get the
major version of the python used to called the script and append
that to the shebang line so it works as intended.
Signed-off-by: Silcet <camorga1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Change: Update copyright years change to Staysail Systems, Inc
ee0b44406d (diff-d0ed4cc3fb70489fe51c7e0ac180cba2a7472124f9f9e9ae67b01a37fbd580b7)
In contrast to 1.2.5, this recipe also builds and packages the nngcat
tool.
Signed-off-by: Reto Schneider <reto.schneider@husqvarnagroup.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
changelog
* 79b1a99 Fixed comment.
* b2ec203 Fixed carry propagation bug in m64 impl for P-256.
* dda1f8a Harmonized behaviour when point length is invalid.
* acc70b1 Typo fix in comment.
* 946f5ba Added discard of unread appdata on explicit close.
* 252dba9 Fixed carry propagation bug in P-256 'm62' implementation (found by Auke Zeilstra; consequences unclear, possibly some invalid curve attacks in static ECDH contexts).
* 15b3af7 Typo fix in comment.
* 69807a3 Fixed typo in comment.
* fb4296c Fixed some errors in comments.
* 4b60464 Fixed small display bug in debug tool.
* b715b43 Fixed buffer overflow in private key decoding (wrong buffer length used in size check).
* 2893441 Fixed a spurious warning on some compilers.
* e4edfb8 Added support for getrandom()/getentropy(), and a fix for the RDRAND bug on AMD CPU (family 22).
* 924921d Fixed mishandling of UTF-8 codepoints in the FDF0..FEDF range (these were unduly rejected when extracting names from certificates, thereby preventing use of the extra presentation forms of Arabic).
* 9721b3e Fixed efficiency pre-test on RSA prime generation (no security issue, but RSA key generation with pubexp 5, 7 or 11 may be slightly more efficient).
* ecdf897 Normalize use of BR_DOXYGEN_IGNORE.
* c1bb535 Small workaround for CompCert compatibility.
* 87a796d Fixed computing of intermediate buffer size for maximum-size RSA keys.
* 6433cc2 Added detection for MIPS64 with n32 ABI.
* 001d094 Some small performance improvements on 32-bit architectures.
* 08eb078 Fixed fd leak in test code.
* d5acc4f Made m64 implementations of elliptic curves the default (when available).
* f0ddbc3 Added new 64-bit implementations of Curve25519 and P-256.
* b2a08e9 Made ec_c25519_m62 implementation the default on supported architectures.
* 52a69fe Fixed endianness in Curve25519 implementation (no consequence on security). Also added new Curve25519 code for 64-bit platforms.
* fd98320 Cosmetic fix (value did not conform to its announced bit length, but this did not have bad consequences since br_i31_decode_mod() is lenient on that).
* 431629d Changed speed benchmark for i31 to a 521-bit modulus.
* c6ffcd2 Fixed warning on GCC 4.6 to 4.9 (macro redefinition).
* 420f50c Added stand-alone RSA/PSS implementation.
* 966078b Added SHAKE implementation.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The +1 fixes build issues for the 5.4 kernel.
This update looks like bugfixes
Signed-off-by: Armin Kuster <akuster808@gmail.com>
v2]
Wrong version listed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 0001-GitHub-Issue-367.-Remove-references-to-deprecated-G_.patch
since it was a backport.
Drop 0001-pollGtk-Drop-volatile-qualifier.patch
since it's covered by:
f48efc8e Make pollGtk resetable.
Drop 0001-utilBacktrace-Ignore-Warray-bounds.patch
since it's covered by:
0cfda58a Make peeking back into the stack work for back traces
Drop 0002-add-include-sys-sysmacros.h.patch
since it's covered by:
69b7e1f9 Include sysmacros.h directly as mandated by glibc-2.25.
Refit:
0005-Use-configure-to-test-for-feature-instead-of-platfor.patch
0009-Rename-poll.h-to-vm_poll.h.patch
0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch
0011-Use-uintmax_t-for-handling-rlim_t.patch
Add:
0001-Add-resolv_compat.h-for-musl-builds.patch
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Trevor Gamblin <Trevor.Gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.30.2:
- 0004-fix_reallocarray_check.patch removed because the current
version of nm already includes boths malloc.h and stdlib.h
- musl/0002-Fix-build-with-musl.patch removed because the commit
c50da167bc of nm solves the build issue with musl
- musl/0001-Fix-build-with-musl-systemd-specific.patch modified
to avoid conflicts when applied to current version of nm
- musl/0003-Fix-build-with-musl-systemd-specific.patch renamed
to musl/0002-Fix-build-with-musl-systemd-specific.patch and
modified to avoid conflicts when applied to current version of nm
Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop one patch at the issue is already fixed in new version
(307678b268 Fix rlm_python3 build)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* and make it skipped only when meta-filesystem is missing as well
* depends on libdnet from meta-networking and nothing in meta-oe depends on open-vm-tools
* update packagegroup-meta-oe to match this, without either of these layers packagegroup-meta-oe is currently failing with:
ERROR: Nothing RPROVIDES 'open-vm-tools' (but meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb RDEPENDS on or otherwise requires it)
open-vm-tools was skipped: Requires meta-networking and meta-filesystems to be present.
NOTE: Runtime target 'open-vm-tools' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['open-vm-tools']
ERROR: Required build target 'packagegroup-meta-oe' has no buildable providers.
Missing or unbuildable dependency chain was: ['packagegroup-meta-oe', 'open-vm-tools']
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It does not have to maintain two patch directories files and atftp,
merge them.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update the SRC_URI as the previous is unaccessible to fix the below
warning:
WARNING: quagga-1.2.4-r0 do_fetch: Failed to fetch URL https://download.savannah.gnu.org/releases/quagga/quagga-1.2.4.tar.gz;, attemptin MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The systemd can not open the pid file because it is locked by quagga
daemon.
Fixes:
$ systemctl status ospf6d.service
Feb 25 05:53:26 intel-x86-64 systemd[1]: Starting OSPF routing daemon for IPv6...
Feb 25 05:53:26 intel-x86-64 systemd[1]: ospf6d.service: Can't open PID file /run/quagga/ospf6d.pid (yet?) after start: Operation not permitted
Feb 25 05:53:26 intel-x86-64 systemd[1]: Started OSPF routing daemon for IPv6.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2.0.8 - 2021-02-25
==================
Broker:
- Fix incorrect datatypes in `struct mosquitto_evt_tick`. This changes the
size and offset of two of the members of this struct, and changes the size
of the struct. This is an ABI break, but is considered to be acceptable
because plugins should never be allocating their own instance of this
struct, and currently none of the struct members are used for anything, so a
plugin should not be accessing them. It would also be safe to read/write
from the existing struct parameters.
- Give compile time warning if libwebsockets compiled without external poll
support. Closes#2060.
- Fix memory tracking not being available on FreeBSD or macOS. Closes#2096.
Client library:
- Fix mosquitto_{pub|sub}_topic_check() functions not returning MOSQ_ERR_INVAL
on topic == NULL.
Clients:
- Fix possible loss of data in `mosquitto_pub -l` when sending multiple long
lines. Closes#2078.
Build:
- Provide a mechanism for Docker users to run a broker that doesn't use
authentication, without having to provide their own configuration file.
Closes#2040.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Allow newfstatat and pselect6 in the seccomp sanbox for glibc 2.33.
Fixes the following OOPS error:
root@qemux86-64:~# tnftp 192.168.1.1
Connected to 192.168.1.1.
220 (vsFTPd 3.0.3)
Name (192.168.1.1:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
OOPS: priv_sock_get_cmd
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Removed patches:
* avoid-absolute-path-when-searching-for-libdlpi.patch
reason: this is a solaris specific patch,
It no longer generates QA error.
* unnecessary-to-check-libpcap.patch
reason: upstream changed the logic, a new patch was needed.
New patch:
* 0001-aclocal.m4-Skip-checking-for-pcap-config.patch
reason: configure shouldn't look for pcap-config.
upstream reference: cfc4c750a
Modified patch:
* add-ptest.patch
reason: Makefile had slight change.
new unrelated perl script was introduced,
removed to make package QA happy.
License:
upstream removed some whitespace
Ptest:
binaries are now present in /usr/bin not /usr/sbin
upstream commit: 95096be4f
add perl libraries dependencies
tests passed: 571 (qemux86-64)
tests failed: 0
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The licenses were renamed to match their SPDX names, fix the
references in LIC_FILES_CHKSUM
Correct the checksums where they were wrong
Signed-off-by: Khem Raj <raj.khem@gmail.com>
What was done:
- add --noline option to flex, --no-line to bison
and -l to lemon generators to prevent
adding #line directives with absolute path.
- eliminate absolute source path in python code generator
and use baseline instead.
Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
While DEBUG_BUILD != 1, Yocto adds option _FORTIFY_SOURCE to CPP and CC [1],
since _FORTIFY_SOURCE requires -O1 or higher, if no -O1 or higher then
results in a compiler warning.
The configure.ac of ndpi uses macro AC_PROG_CC to test toolchain, since
CPPFLAGS does not have the option -O<level> [1], while building with autoconf
2.71+, the toolchain test will report a warning.
The configure.ac of ndpi uses macro AC_LANG_WERROR to treat the warning as
error. Then it broke the build
...
|configure: error: C preprocessor "i686-wrs-linux-gcc -E --sysroot=tmp-glibc/
work/core2-32-wrs-linux/ndpi/3.4-r0/recipe-sysroot -m32 -march=core2
-mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -D_FORTIFY_SOURCE=2
-Wformat -Wformat-security -Werror=format-security" fails sanity check
...
The SELECTED_OPTIMIZATION contains option -O<level>, add SELECTED_OPTIMIZATION
to CPPFLAGS to could fix the issue
[1] The definition of CPP and CC and XXXFLAGS in bitbake.conf
[snip]
export CPP = "${HOST_PREFIX}gcc -E${TOOLCHAIN_OPTIONS} ${HOST_CC_ARCH}"
export CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}"
...
export CFLAGS = "${TARGET_CFLAGS}"
TARGET_CFLAGS = "${TARGET_CPPFLAGS} ${SELECTED_OPTIMIZATION}"
...
export CPPFLAGS = "${TARGET_CPPFLAGS}"
TARGET_CPPFLAGS = ""
[snip]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- drop patch install-protocol.patch: upstream
- add new cjson and dlt-daemon dependencies
- update copyright and license
- add build of manpages optionally via PACKAGECONFIG
- also install the new mosquitto_ctrl and mosquitto_dynamic_security.so tools
2.0.7 - 2021-02-04
==================
Broker:
- Fix exporting of executable symbols on BSD when building via makefile.
- Fix some minor memory leaks on exit only.
- Fix possible memory leak on connect. Closes#2057.
- Fix openssl engine not being able to load private key. Closes#2066.
Clients:
- Fix config files truncating options after the first space. Closes#2059.
Build:
- Fix man page building to not absolutely require xsltproc when using CMake.
This now handles the case where we are building from the released tar, or
building from git if xsltproc is available, or building from git if xsltproc
is not available.
1.6.13 - 2021-02-04
===================
Broker:
- Fix crash on Windows if loading a plugin fails. Closes#1866.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes#1925. Closes#1476.
- Fix local bridges being disconnected on SIGHUP. Closes#1942.
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
messages. Closes#1968.
- Fix listener not being reassociated with client when reloading a persistence
file and `per_listener_settings true` is set and the client did not set a
username. Closes#1891.
- Fix file logging on Windows. Closes#1880.
- Fix bridge sock not being removed from sock hash on error. Closes#1897.
Client library:
- Fix build on Mac Big Sur. Closes#1905.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes#1925. Closes#1476.
Clients:
- mosquitto_sub will now quit with an error if the %U option is used on
Windows, rather than just quitting. Closes#1908.
- Fix config files truncating options after the first space. Closes#2059.
Apps:
- Perform stricter parsing of input username in mosquitto_passwd. Closes
#570126 (Eclipse bugzilla).
Build:
- Enable epoll support in CMake builds.
2.0.6 - 2021-01-28
==================
Broker:
- Fix calculation of remaining length parameter for websockets clients that
send fragmented packets. Closes#1974.
Broker:
- Fix potential duplicate Will messages being sent when a will delay interval
has been set.
- Fix message expiry interval property not being honoured in
`mosquitto_broker_publish` and `mosquitto_broker_publish_copy`.
- Fix websockets listeners with TLS not responding. Closes#2020.
- Add notes that libsystemd-dev or similar is needed if building with systemd
support. Closes#2019.
- Improve logging in obscure cases when a client disconnects. Closes#2017.
- Fix reloading of listeners where multiple listeners have been defined with
the same port but different bind addresses. Closes#2029.
- Fix `message_size_limit` not applying to the Will payload. Closes#2022.
- The error topic-alias-invalid was being sent if an MQTT v5 client published
a message with empty topic and topic alias set, but the topic alias hadn't
already been configured on the broker. This has been fixed to send a
protocol error, as per section 3.3.4 of the specification.
- Note in the man pages that SIGHUP reloads TLS certificates. Closes#2037.
- Fix bridges not always connecting on Windows. Closes#2043.
Apps:
- Allow command line arguments to override config file options in
mosquitto_ctrl. Closes#2010.
- mosquitto_ctrl: produce an error when requesting a new password if both
attempts do not match. Closes#2011.
Build:
- Fix cmake builds using `WITH_CJSON=no` not working if cJSON not found.
Closes#2026.
Other:
- The SPDX identifiers for EDL-1.0 have been changed to BSD-3-Clause as per
The Eclipse legal documentation generator. The licenses are identical.
2.0.5 - 2021-01-11
==================
Broker:
- Fix `auth_method` not being provided to the extended auth plugin event.
Closes#1975.
- Fix large packets not being completely published to slow clients.
Closes#1977.
- Fix bridge connection not relinquishing POLLOUT after messages are sent.
Closes#1979.
- Fix apparmor incorrectly denying access to
/var/lib/mosquitto/mosquitto.db.new. Closes#1978.
- Fix potential intermittent initial bridge connections when using poll().
- Fix `bind_interface` option. Closes#1999.
- Fix invalid behaviour in dynsec plugin if a group or client is deleted
before a role that was attached to the group or client is deleted.
Closes#1998.
- Improve logging in dynsec addGroupRole command. Closes#2005.
- Improve logging in dynsec addGroupClient command. Closes#2008.
Client library:
- Improve documentation around the `_v5()` and non-v5 functions, e.g.
`mosquitto_publish()` and `mosquitto_publish_v5().
Build:
- `install` Makefile target should depend on `all`, not `mosquitto`, to ensure
that man pages are always built. Closes#1989.
- Fixes for lots of minor build warnings highlighted by Visual Studio.
Apps:
- Disallow control characters in mosquitto_passwd usernames.
- Fix incorrect description in mosquitto_ctrl man page. Closes#1995.
- Fix `mosquitto_ctrl dynsec getGroup` not showing roles. Closes#1997.
2.0.4 - 2020-12-22
==================
Broker:
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
messages. Closes#1968.
- mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() should not
reset the bind address option if called with bind_address == NULL.
- Fix dynamic security configuration possibly not being reloaded on Windows
only. Closes#1962.
- Add more log messages for dynsec load/save error conditions.
- Fix websockets connections blocking non-websockets connections on Windows.
Closes#1934.
Build:
- Fix man pages not being built when using CMake. Closes#1969.
2.0.3 - 2020-12-17
==================
Security:
- Running mosquitto_passwd with the following arguments only
`mosquitto_passwd -b password_file username password` would cause the
username to be used as the password.
Broker:
- Fix excessive CPU use on non-Linux systems when the open file limit is set
high. Closes#1947.
- Fix LWT not being sent on client takeover when the existing session wasn't
being continued. Closes#1946.
- Fix bridges possibly not completing connections when WITH_ADNS is in use.
Closes#1960.
- Fix QoS 0 messages not being delivered if max_queued_messages was set to 0.
Closes#1956.
- Fix local bridges being disconnected on SIGHUP. Closes#1942.
- Fix slow initial bridge connections for WITH_ADNS=no.
- Fix persistence_location not appending a '/'.
Clients:
- Fix mosquitto_sub being unable to terminate with Ctrl-C if a successful
connection is not made. Closes#1957.
Apps:
- Fix `mosquitto_passwd -b` using username as password (not if `-c` is also
used). Closes#1949.
Build:
- Fix `install` target when using WITH_CJSON=no. Closes#1938.
- Fix `generic` docker build. Closes#1945.
2.0.2 - 2020-12-10
==================
Broker:
- Fix build regression for WITH_WEBSOCKETS=yes on non-Linux systems.
2.0.1 - 2020-12-10
==================
Broker:
- Fix websockets connections on Windows blocking subsequent connections.
Closes#1934.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes#1925. Closes#1476.
- Fix websockets listeners not causing the main loop not to wake up.
Closes#1936.
Client library:
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes#1925. Closes#1476.
Apps:
- Fix `mosquitto_passwd -U`
Build:
- Fix cjson include paths.
- Fix build using WITH_TLS=no when the openssl headers aren't available.
- Distribute cmake/ and snap/ directories in tar.
2.0.0 - 2020-12-03
==================
Breaking changes:
- When the Mosquitto broker is run without configuring any listeners it will
now bind to the loopback interfaces 127.0.0.1 and/or ::1. This means that
only connections from the local host will be possible.
Running the broker as `mosquitto` or `mosquitto -p 1883` will bind to the
loopback interface.
Running the broker with a configuration file with no listeners configured
will bind to the loopback interface with port 1883.
Running the broker with a listener defined will bind by default to `0.0.0.0`
/ `::` and so will be accessible from any interface. It is still possible to
bind to a specific address/interface.
If the broker is run as `mosquitto -c mosquitto.conf -p 1884`, and a
listener is defined in the configuration file, then the port defined on the
command line will be IGNORED, and no listener configured for it.
- All listeners now default to `allow_anonymous false` unless explicitly set
to true in the configuration file. This means that when configuring a
listener the user must either configure an authentication and access control
method, or set `allow_anonymous true`. When the broker is run without a
configured listener, and so binds to the loopback interface, anonymous
connections are allowed.
- If Mosquitto is run on as root on a unix like system, it will attempt to
drop privileges as soon as the configuration file has been read. This is in
contrast to the previous behaviour where elevated privileges were only
dropped after listeners had been started (and hence TLS certificates loaded)
and logging had been started. The change means that clients will never be
able to connect to the broker when it is running as root, unless the user
explicitly sets it to run as root, which is not advised. It also means that
all locations that the broker needs to access must be available to the
unprivileged user. In particular those people using TLS certificates from
Lets Encrypt will need to do something to allow Mosquitto to access
those certificates. An example deploy renewal hook script to help with this
is at `misc/letsencrypt/mosquitto-copy.sh`.
The user that Mosquitto will change to are the one provided in the
configuration, `mosquitto`, or `nobody`, in order of availability.
- The `pid_file` option will now always attempt to write a pid file,
regardless of whether the `-d` argument is used when running the broker.
- The `tls_version` option now defines the *minimum* TLS protocol version to
be used, rather than the exact version. Closes#1258.
- The `max_queued_messages` option has been increased from 100 to 1000 by
default, and now also applies to QoS 0 messages, when a client is connected.
- The mosquitto_sub, mosquitto_pub, and mosquitto_rr clients will now load
OS provided CA certificates by default if `-L mqtts://...` is used, or if
the port is set to 8883 and no other CA certificates are loaded.
- Minimum support libwebsockets version is now 2.4.0
- The license has changed from "EPL-1.0 OR EDL-1.0" to "EPL-2.0 OR EDL-1.0".
Broker features:
- New plugin interface which is more flexible, easier to develop for and
easier to extend.
- New dynamic security plugin, which allows clients, groups, and roles to be
defined and updated as the broker is running.
- Performance improvements, particularly for higher numbers of clients.
- When running as root, if dropping privileges to the "mosquitto" user fails,
then try "nobody" instead. This reduces the burden on users installing
Mosquitto themselves.
- Add support for Unix domain socket listeners.
- Add `bridge_outgoing_retain` option, to allow outgoing messages from a
bridge to have the retain bit completely disabled, which is useful when
bridging to e.g. Amazon or Google.
- Add support for MQTT v5 bridges to handle the "retain-available" property
being false.
- Allow MQTT v5.0 outgoing bridges to fall back to MQTT v3.1.1 if connecting
to a v3.x only broker.
- DLT logging is now configurable at runtime with `log_dest dlt`.
Closes#1735.
- Add `mosquitto_broker_publish()` and `mosquitto_broker_publish_copy()`
functions, which can be used by plugins to publish messages.
- Add `mosquitto_client_protocol_version()` function which can be used by
plugins to determine which version of MQTT a client has connected with.
- Add `mosquitto_kick_client_by_clientid()` and `mosquitto_kick_client_by_username()`
functions, which can be used by plugins to disconnect clients.
- Add support for handling $CONTROL/ topics in plugins.
- Add support for PBKDF2-SHA512 password hashing.
- Enabling certificate based TLS encryption is now through certfile and
keyfile, not capath or cafile.
- Added support for controlling UNSUBSCRIBE calls in v5 plugin ACL checks.
- Add "deny" acl type. Closes#1611.
- The broker now sends the receive-maximum property for MQTT v5 CONNACKs.
- Add the `bridge_max_packet_size` option. Closes#265.
- Add the `bridge_bind_address` option. Closes#1311.
- TLS certificates for the server are now reloaded on SIGHUP.
- Default for max_queued_messages has been changed to 1000.
- Add `ciphers_tls1.3` option, to allow setting TLS v1.3 ciphersuites.
Closes#1825.
- Bridges now obey MQTT v5 server-keepalive.
- Add bridge support for the MQTT v5 maximum-qos property.
- Log client port on new connections. Closes#1911.
Broker fixes:
- Send DISCONNECT with `malformed-packet` reason code on invalid PUBLISH,
SUBSCRIBE, and UNSUBSCRIBE packets.
- Document that X509_free() must be called after using
mosquitto_client_certificate(). Closes#1842.
- Fix listener not being reassociated with client when reloading a persistence
file and `per_listener_settings true` is set and the client did not set a
username. Closes#1891.
- Fix bridge sock not being removed from sock hash on error. Closes#1897.
- mosquitto_password now forbids the : character. Closes#1833.
- Fix `log_timestamp_format` not applying to `log_dest topic`. Closes#1862.
- Fix crash on Windows if loading a plugin fails. Closes#1866.
- Fix file logging on Windows. Closes#1880.
- Report an error if the config file is set to a directory. Closes#1814.
- Fix bridges incorrectly setting Wills to manage remote notifications when
`notifications_local_only` was set true. Closes#1902.
Client library features:
- Client no longer generates random client ids for v3.1.1 clients, these are
now expected to be generated on the broker. This matches the behaviour for
v5 clients. Closes#291.
- Add support for connecting to brokers through Unix domain sockets.
- Add `mosquitto_property_identifier()`, for retrieving the identifier integer
for a property.
- Add `mosquitto_property_identifier_to_string()` for converting a property
identifier integer to the corresponding property name string.
- Add `mosquitto_property_next()` to retrieve the next property in a list, for
iterating over property lists.
- mosquitto_pub now handles the MQTT v5 retain-available property by never
setting the retain bit.
- Added MOSQ_OPT_TCP_NODELAY, to allow disabling Nagle's algorithm on client
sockets. Closes#1526.
- Add `mosquitto_ssl_get()` to allow clients to access their SSL structure and
perform additional verification.
- Add MOSQ_OPT_BIND_ADDRESS to allow setting of a bind address independently
of the `mosquitto_connect*()` call.
- Add `MOSQ_OPT_TLS_USE_OS_CERTS` option, to instruct the client to load and
trust OS provided CA certificates for use with TLS connections.
Client library fixes:
- Fix send quota being incorrecly reset on reconnect. Closes#1822.
- Don't use logging until log mutex is initialised. Closes#1819.
- Fix missing mach/mach_time.h header on OS X. Closes#1831.
- Fix connect properties not being sent when the client automatically
reconnects. Closes#1846.
Client features:
- Add timeout return code (27) for `mosquitto_sub -W <secs>` and
`mosquitto_rr -W <secs>`. Closes#275.
- Add support for connecting to brokers through Unix domain sockets with the
`--unix` argument.
- Use cJSON library for producing JSON output, where available. Closes#1222.
- Add support for outputting MQTT v5 property information to mosquitto_sub/rr
JSON output. Closes#1416.
- Add `--pretty` option to mosquitto_sub/rr for formatted/unformatted JSON
output.
- Add support for v5 property printing to mosquitto_sub/rr in non-JSON mode.
Closes#1416.
- Add `--nodelay` to all clients to allow them to use the MOSQ_OPT_TCP_NODELAY
option.
- Add `-x` to all clients to all the session-expiry-interval property to be
easily set for MQTT v5 clients.
- Add `--random-filter` to mosquitto_sub, to allow only a certain proportion
of received messages to be printed.
- mosquitto_sub %j and %J timestamps are now in a ISO 8601 compatible format.
- mosquitto_sub now supports extra format specifiers for field width and
precision for some parameters.
- Add `--version` for all clients.
- All clients now load OS provided CA certificates if used with `-L
mqtts://...`, or if port is set to 8883 and no other CA certificates are
used. Closes#1824.
- Add the `--tls-use-os-certs` option to all clients.
Client fixes:
- mosquitto_sub will now exit if all subscriptions were denied.
- mosquitto_pub now sends 0 length files without an error when using `-f`.
- Fix description of `-e` and `-t` arguments in mosquitto_rr. Closes#1881.
- mosquitto_sub will now quit with an error if the %U option is used on
Windows, rather than just quitting. Closes#1908.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
While using autoconf 2.71, the AM_MISSING_PROG caused unexpected error:
...
configure.ac: error: required file 'missing' not found
...
Since these tools were explicitly added by autotools bbclass,
remove the testing to workaround the error with autoconf 2.7
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In order to build with autoconf 2.7, explicitly link to jpeg lib
since lib jpeg is already in DEPENDS
...
| checking for jpeglib.h... ../git/configure: line 16008: CPP: command not found
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The openssl already added in DEPENDS and the openssl related library
will be in recipe-sysroot. So it's meanlingless to add the configure
option "--with-openssl=${STAGING_EXECPREFIXDIR}" as the below help message.
$ cd /prj/net-snmp-5.9/
$ ./configure --help
[snip]
--with-openssl=PATH Look for openssl in PATH/lib,
or PATH may be "internal" to build with
minimal copied OpenSSL code for USM only
[snip]
And there is also a side effect after add the above openssl configuration
as the build path is added for NSC_LDFLAGS in /usr/bin/net-snmp-config.
NSC_LDFLAGS="-L/prj/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib64 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now"
To improve reproducibility for netsnmp as below.
$ sed -i -e 's@${STAGING_DIR_HOST}@@g' -i ${D}${bindir}/net-snmp-config
The NSC_LDFLAGS in net-snmp-config will be changed to below:
NSC_LDFLAGS="-L/usr/lib64 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now"
But it will result in other packages which depend on net-snmp such as
corosync, quagga and etc uses the build host library and introduce
below do_configure error.
ERROR: QA Issue: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities.
Rerun configure task after fixing this. [configure-unsafe]
So remove the useless configuration to fix the issue.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Changes v0.100 to v0.101:
Dmitry Bogdanov (1):
Fix parsing of GetNextRsp
Lee Duncan (10):
Ignore common build files
Fix compiler issue when not in security mode
Do not ignore write() return value.
Fix 586 compile issue and remove -Werror
Added a TODO: 'make depend' not worrking
Update version string to "0.100".
Fix broken server authentication initialization.
Add man page for isnssetup.
Added TODO to test "isnsd --init"
Preparing for version 0.101
Leo (1):
socket.c: include poll.h instead of sys/poll.h for POSIX compatibility
Rosen Penev (2):
fix compilation without deprecated OpenSSL APIs
libisns: remove sighold and sigrelse
* Changes v0.99 to v0.100:
Chris Leech (1):
Travis-CI and Coverity Scan setup
Lee Duncan (7):
Fix compiler complaint about possible alignment issue
add tags to ignored list of files
Change isns_portal_string() to return allocated string.
Remove old compiler option, and add "-Werror".
openssl: handle newer version with ifdefs
General cleanup for the compiler.
Fix problem with parsing IPv6 Addresses with brakcets.
Preparing for version v0.100
Added debugging, moved .cvsignore to .gitignore
fixed issues with old openssl usage
Adding python compiled files
Change isns_portal_string() to use static mem
Running make twice should not rebuild everything
Fix mdebug.c so it compiles when enabled.
Handle restarting test harness server correctly
Ignore SO lib
Create and use pythong unittest framework
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
New autconf detects that NSC_LDFLAGS are hardcoded to use -L/usr/lib
therefore edit these variables during build so that they have
cross-compile friendly values when net-snmp-config is used during build
of dependent packages
Signed-off-by: Khem Raj <raj.khem@gmail.com>
...
./configure: line 16398: syntax error: unexpected end of file
...
Backport a commit from upstream to fix it
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a patch to fix the gap between 32bit and 64bit system when
the configure option "--with-openssl=${STAGING_EXECPREFIXDIR}"
passed in.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Open vSwitch support is enabled by default in NetworkManager, but only
useful in the context of several virtualisation environments, e.g. Xen,
KVM, OpenStack and more. Therefore, the ovs PACKAGECONFIG is now disabled by
default.
The jansson dependency is only required for Open vSwitch and teamsdctl
support in NetworkManager. As there is no libteamsdctl recipe around
(and no teamsdctl PACKAGECONFIG), make it dependent on the ovs
PACKAGECONFIG.
Signed-off-by: Nicolas Jeker <n.jeker@gmx.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Introduce PACKAGECONFIG[nmcli] to make building the nmcli utility which
depends on GPLv3 licensed readline library optional.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Linux Wireless Extensions (Wext) support is enabled per default in
NetworkManager. Having Wext enabled without enabling WiFi support, too,
doesn't make much sense. Therefore, instead of creating a separate
PACKAGECONFIG flag, 'wext' was added to the already existing 'wifi'
flag.
Signed-off-by: Nicolas Jeker <n.jeker@gmx.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Systemd service file option 'ExecStopPre' is warned and ignored by
systemd. By replacing 'ExecStopPre' with 'ExecStop', the intended
behavior is realized. The 'ExecStop' commands are executed one after the
other.
Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix new dependencies to nftables-python. Firewalld has been changed to
use python bindings instead of calling the nftables cli utility.
(Has this firewalld recipe been used with firewalld's default
configuration which defaults to nftables backend?)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added missing RDEPENDS to the libnft library from nftables-python to
libnftable.so.1 which is loaded dynamically by LibraryLoader into
python.
Added json to default PACKAGECONFIG which is probably used as well when
compiled with python support. For example firewalld crashes at runtime
if nftables is compiled without json support.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Build tested on aarch64 glibc/musl
* 0003-Fix-build-with-musl-for-n-dhcp4.patch has to go. Grepped nm code for
seed48_r / mrand48_r => no findings
* Since this is a huge version bump no detaile release notes are provided here
* Have tried to move to meson build few months ago but it turned into huge
efforts and ended without success. Maybe situation changed but let's postpone
for now
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Support for smux is always enabled by the recipe, but it can be a
security risk since it makes the snmpd daemon listen on TCP port 199.
This makes it contrallable via PACKAGECONFIG, so that it can be easily
disabled from the distro or local config. The mechanism makes it easy
to add control for other MIB modules via PACKAGECONFIG later if need
be.
For compatibility smux is added to the default PACKAGECONFIG, so there
is no change in the default build configuration.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Module 'time' had been imported in Functions.py by upstream, so not
import in 0002-fix-fail-to-enable-bluetooth.patch and update accordingly.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
original SRC_URI is not valid now, offical CELT repository
moved to gitlab
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-doveadm-Fix-parallel-build.patch
removed since it is included in 2.3.13
refresh 0001-configure.ac-convert-AC_TRY_RUN-to-AC_TRY_LINK-state.patch
add 0001-not-check-pandoc.patch to not check pandoc of configure
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Bugfix-Modify-the-dir-of-install-exec-hook-and.patch
Removed since this is included in 6.12.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security release, see GHSA-jpc9-mgw6-2xwx/CVE-2020-15238 [1]
Changes
Force cython to use python language version 3
Do not use exitcode 1 when we expect to fail
Mark more strings translatable (@cwendling)
Bugs fixed
Unstranslated strings
Searching (with Ctrl+F in manager device list) did not work
Default PIN lookup
Fix device removal handling (@Yannik)
Only use LaunchContext when we have proper event time
[1] https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Make-ByteReverseWords-available-for-big-and-little-e.patch
Removed since this is included in 4.6.0
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The original /sbin/ebtables has been moved to /usr/sbin/ebtables-legacy.
But the old path is still used by some other software libvirt.
libvirtd[809]: direct firewall backend requested,
but /sbin/ebtables is not available: No such file or directory
As stated in the related change in ebtable git repo:
The new -legacy binary has no problem if called via a symlink with the
'ebtables' name, so users can still name this binary with whatever name.
So we add a symbol link from /usr/sbin/ebtables-legacy to /sbin/ebtables.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refer to Debian, patch the Makefile to prevent /etc/ethertypes
installation instead of removing it in do_install_append.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
