mctpd ships with an example dbus service configuration, so install in
the dbus system configuration dir.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We have a tag for 1.0, now: better handling of local stack configuration
at runtime, and the 5.15 kernel header change has been integrated.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
dhcp-relay needs a fresh tarball of bind unpacked in ${S}, but this is
done by fetching the tarball to ${WORKDIR}, then in do_configure moving
it to ${S} and unpacking it.
If dhcp-relay is re-configured, the tarball no longer exists in ${WORKDIR}
so this fails. Copy instead of moving so rebuilds work.
Also don't rename the downloaded file to just bind.tar.gz as that can
cause probems if the version changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
changelog:
=========
* src/snort.c :
Fixed an issue where verdict will be applied onto next session when timeout
occurs in some scenarios.
* rc/file-process/file_service.c :
Removed an excessively flooding log.
* src/dynamic-preprocessors/modbus/modbus_decode.c :
Fixed possible integer overflow.
* src/fpcreate.c :
Added fix to GCC compiled snort to use AC-BNFA-Q search-method when Intel-cpm
is enabled.
* src/generators.h
src/preprocessors/Stream6/snort_stream_tcp.c :
Added fix to not to drop packets when window size is 0 by TCP normalizer
and Added new alert with GID 129 and SID 21 when such packets are seen.
* src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c
src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c :
Added support for Appid to detect login success and failure for IMAP and POP3
protocols.
* src/dynamic-preprocessors/reputation/reputation_config.c
src/dynamic-preprocessors/reputation/spp_reputation.c
src/dynamic-preprocessors/reputation/spp_reputation.h
src/pkt_tracer.c
src/snort.c
src/util.c :
Fixed terminology to be bias-free in log/error messages.
* src/snort.c :
Fixed a potential race condition.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commit hash is pointing out to the tag v4.0, not 2.1.0.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This dependency is already handled through a PACKAGECONFIG so there is
no need for it in DEPENDS anymore.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also fix patch contributor name in the process of reworking it to apply
on the new 1.2.1 release (I had accidentally modified it when reworking
it previously).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: year updated to 2021.
Changelog
==========
This version fixes some really old issues, the most significant one being
excessive memory use for large memory listings.
When virtual quotas were used, transfers were not aborted after the limit was
reached; files were only removed at the end of a transfer. That should now be fixed.
Support for MD5, SHA1 and the MySQL PASSWORD() function were removed for
password hashing. You should now use scrypt, argon2 or the system crypt(3) function.
The server used to reject class E reserved network ranges. People reported that
Linux containers may use them, so this is now accepted.
Finally, it is now possible to recursively include additional files in a
configuration file, with the new Include directive.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Replace the configure tests UNKNOWN answers with the correct answers.
Then drop the related patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib -name \*cpython\*
/usr/lib/pkgconfig/samba-policy.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so
/usr/lib/samba/libsamba-python.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/samba/libsamba-net.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so
[snip]
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/
/usr/lib/pkgconfig/samba-policy.pc
/usr/lib/libsamba-policy.so
/usr/lib/samba/libsamba-python-samba4.so
/usr/lib/samba/libsamba-net-samba4.so
/usr/lib/libsamba-policy.so.0
/usr/lib/libsamba-policy.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.so
/usr/lib/python3.10/site-packages/samba/dsdb.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.so
/usr/lib/python3.10/site-packages/samba/_ldb.so
/usr/lib/python3.10/site-packages/samba/gensec.so
[snip]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/ -name \*ldb\*
/usr/lib/pkgconfig/pyldb-util.cpython-310-x86_64-linux-gnu.pc
/usr/lib/pkgconfig/ldb.pc
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so.2.3.2
/usr/lib/libldb.so.2.3.2
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so.2
/usr/lib/libldb.so
/usr/lib/libldb.so.2
/usr/lib/python3.10/site-packages/_ldb_text.py
/usr/lib/python3.10/site-packages/ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/ -name \*ldb\*
/usr/lib/pkgconfig/pyldb-util.pc
/usr/lib/pkgconfig/ldb.pc
/usr/lib/libpyldb-util.so.2.3.2
/usr/lib/libldb.so.2.3.2
/usr/lib/libpyldb-util.so.2
/usr/lib/libldb.so
/usr/lib/libldb.so.2
/usr/lib/python3.10/site-packages/_ldb_text.py
/usr/lib/python3.10/site-packages/ldb.so
/usr/lib/libpyldb-util.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/python3.10/ -name \*tevent\*.so
/usr/lib/python3.10/site-packages/_tevent.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/_tevent.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/python3.10/ -name \*tevent\*.so
/usr/lib/python3.10/site-packages/_tevent.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/python3.10/ -name tdb\*
/usr/lib/python3.10/site-packages/tdb.so
/usr/lib/python3.10/site-packages/tdb.cpython-310-x86_64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/python3.10/ -name tdb\*
/usr/lib/python3.10/site-packages/tdb.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib -name \*talloc\*
/usr/lib/pkgconfig/talloc.pc
/usr/lib/pkgconfig/pytalloc-util.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so.2.3.3
/usr/lib/libtalloc.so.2
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so.2
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so
/usr/lib/libtalloc.so
/usr/lib/libtalloc.so.2.3.3
/usr/lib/python3.10/site-packages/talloc.cpython-310-x86_64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib -name \*talloc\*
/usr/lib/pkgconfig/talloc.pc
/usr/lib/pkgconfig/pytalloc-util.pc
/usr/lib/libpytalloc-util.so.2.3.3
/usr/lib/libtalloc.so.2
/usr/lib/libpytalloc-util.so.2
/usr/lib/libpytalloc-util.so
/usr/lib/libtalloc.so
/usr/lib/libtalloc.so.2.3.3
/usr/lib/python3.10/site-packages/talloc.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes:
Automatically extract new version from GIT tag
Fixes:
Avoid trying to delete inactive VIFs. Fixing an annoying bogus error:
"Failed deleting VIF for iface lo: Resource temporarily unavailable"
Fix#171: too small string buffer for IPv6 address causing garbled
output in periodic expiry callback
Fix too small buffer for IPv6 address in mroute display functions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change makes the server use AES-256-GCM instead of BF-CBC as the default
cipher for the VPN tunnel. To avoid breaking existing running configurations
defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains
the BF-CBC in addition to AES-CBC. This makes it possible to migrate
existing older client configurations one-by-one to use at least AES-CBC unless
the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically)
Upstream-Status: Backport [https://src.fedoraproject.org/rpms/openvpn/blob/rawhide/f/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Strongswan failed to startup because there is no kernel module named
ipsec. Add basic kernel modules required by strongswan per [1].
[1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules,
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fetchmail-6.4.23 (released 2021-10-31, 30206 LoC):
For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
- no matter its contents - and that set auth ssh), change the STARTTLS
error message to suggest sslproto '' instead.
This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
Fixes Redhat Bugzilla 2008160. Fixes GitLab #39.
License-Update:
Add "SSL library considerations" to COPYING.
Format of COPYING changed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It seems to require asciidoctor and currently does not build
until someone fixes it, disable it for cosnsitency.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NTPsec, "a secure, hardened, and improved implementation of Network Time
Protocol derived from NTP Classic, Dave Mills’s original."
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rename /etc/init.d/opensafd to /usr/lib/opensaf/opensafd-init as it is
needed by opensafd.service, but /etc/init.d is removed by
systemd.bbclass if sysvinit is not in DISTRO_FEATURES.
Note that this will not actually make the initscript and service file
work since they depend on /lib/lsb/init-functions, which does not exist
since the lsb recipe was removed from OE-Core.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
/var/log/cluster will be created in runtime.
This also drops the removal of the /var/run directory as it is no
longer created in the first place.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These features were removed in commit 5c051f84 (corosync: Update to
3.0.3), but some code still remained.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The hardcoded path /lib/netplan causes a runtime error on multilib
image:
$ netplan try
An error occurred: [Errno 2] No such file or directory: '/lib/netplan/generate'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
atftp-0.7.5
===========
README: update contributors list
text files: mark/convert all textfiles to UTF-8
fix some compiler warnings
fix buffer overflow in atftpd (CVE-2021-41054)
insert typos.patch
insert atftp-0.7-ack_heuristic.patch
insert atftp-0.7-server_receive_race.patch
insert patch atftp-0.7-sorcerers_apprentice.patch
test.sh: check for root no longer necessary
Merge commits from https://github.com/srett/atftp
=================================================
tftpd.c: Only drop privs if requested or running as root + check for failure
fix invalid read of 1 byte in tftp_send_request.
Check return value of fseek(), abort if != 0
options.c: Proper fix for the read-past-end-of-array
configure.ac: Add -std=gnu89 if gcc/clang is detected
tftpd.c: Fix memleak if thread spawning fails
atftp: Check return value of fgets, buffer might be uninitialized on NULL
Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H)
replace LICENSE with current version
License-Update:
1. Address changed
2. "the GNU Library General Public License" changed to
"the GNU Lesser General Public License"
3. Format of LICENSE changed
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change adds a recipe for the Management Component Transport
Protocol userspace utilities. This contains:
- the command-line 'mctp' tool, similar to 'ip', for setting up links,
assigning local address and configuring routing.
- an optional 'mctpd' daemon, which implements the MCTP control
protocol, and manages remote address assignment.
The latter depends on systemd (for sdbus), so use a
PACKAGECONFIG[systemd] for the conditional service installation.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
autofs-5.1.8 changelog:
- add xdr_exports().
- remove mount.x and rpcgen dependencies.
- dont use realloc in host exports list processing.
- use sprintf() when constructing hosts mapent.
- fix mnts_remove_amdmount() uses wrong list.
- Fix option for master read wait.
- eliminate cache_lookup_offset() usage.
- fix is mounted check on non existent path.
- simplify cache_get_parent().
- set offset parent in update_offset_entry().
- remove redundant variables from mount_autofs_offset().
- remove unused parameter form do_mount_autofs_offset().
- refactor umount_multi_triggers().
- eliminate clean_stale_multi_triggers().
- simplify mount_subtree() mount check.
- fix mnts_get_expire_list() expire list construction.
- fix inconsistent locking in umount_subtree_mounts().
- fix return from umount_subtree_mounts() on offset list delete.
- pass mapent_cache to update_offset_entry().
- fix inconsistent locking in parse_mount().
- remove unused mount offset list lock functions.
- eliminate count_mounts() from expire_proc_indirect().
- eliminate some strlen calls in offset handling.
- don't add offset mounts to mounted mounts table.
- reduce umount EBUSY check delay.
- cleanup cache_delete() a little.
- rename path to m_offset in update_offset_entry().
- don't pass root to do_mount_autofs_offset().
- rename tree implementation functions.
- add some multi-mount macros.
- remove unused functions cache_dump_multi() and cache_dump_cache().
- add a len field to struct autofs_point.
- make tree implementation data independent.
- add mapent tree implementation.
- add tree_mapent_add_node().
- add tree_mapent_delete_offsets().
- add tree_mapent_traverse_subtree().
- fix mount_fullpath().
- add tree_mapent_cleanup_offsets().
- add set_offset_tree_catatonic().
- add mount and umount offsets functions.
- switch to use tree implementation for offsets.
- remove obsolete functions.
- remove redundant local var from sun_mount().
- use mount_fullpath() in one spot in parse_mount().
- pass root length to mount_fullpath().
- remove unused function master_submount_list_empty().
- move amd mounts removal into lib/mounts.c.
- check for offset with no mount location.
- remove mounts_mutex.
- remove unused variable from get_exports().
- add missing free in handle_mounts().
- remove redundant if check.
- fix possible memory leak in master_parse().
- fix possible memory leak in mnts_add_amdmount().
- fix double unlock in parse_mount().
- add length check in umount_subtree_mounts().
- fix flags check in umount_multi().
- dont try umount after stat() ENOENT fail.
- remove redundant assignment in master_add_amd_mount_section_mounts().
- fix dead code in mnts_add_mount().
- fix arg not used in error print.
- fix missing lock release in mount_subtree().
- fix double free in parse_mapent().
- refactor lookup_prune_one_cache() a bit.
- cater for empty mounts list in mnts_get_expire_list().
- add ext_mount_hash_mutex lock helpers.
- fix amd section mounts map reload.
- fix dandling symlink creation if nis support is not available.
- dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT.
- fix lookup_prune_one_cache() refactoring change.
- fix amd hosts mount expire.
- fix offset entries order.
- use mapent tree root for tree_mapent_add_node().
- eliminate redundant cache lookup in tree_mapent_add_node().
- fix hosts map offset order.
- fix direct mount deadlock.
- add missing description of null map option.
- fix nonstrict offset mount fail handling.
- fix concat_options() error handling.
- eliminate some more alloca usage.
- use default stack size for threads.
- fix use of possibly NULL var in lookup_program.c:match_key().
- fix incorrect print format specifiers in get_pkt().
- add mapent path length check in handle_packet_expire_direct().
- add copy length check in umount_autofs_indirect().
- add some buffer length checks to master map parser.
- add buffer length check to rmdir_path().
- eliminate buffer usage from handle_mounts_cleanup().
- add buffer length checks to autofs mount_mount().
- make NFS version check flags consistent.
- refactor get_nfs_info().
- also require TCP_REQUESTED when setting NFS port.
0001-Do-not-hardcode-path-for-pkg.m4.patch refreshed.
autofs-5.1.7-use-default-stack-size-for-threads.patch
removed since it is included in 5.1.8.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also organize the recipe to to match OE style
Remove PYTHON_PN from DEPENDS, setuptools should be enough
Correct setting LIC_FILES_CHKSUM
Move setting git SHA to SRCREV
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Marco Cavallini <m.cavallini@koansoftware.com>
Cc: Martin Jansa <martin.jansa@gmail.com>
Add openssl PACKAGECONFIG back as the openssl 3.0 compatibility issue
has been fixed.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ifenslave (2.13) unstable; urgency=medium
* QA upload.
[ Guillem Jover ]
* Fix MAC address setting messed up by udev for bond interfaces.
(Closes: #949062)
* Use ifquery instead of example contrib script ifstate. (Closes: #991930)
* Fix ifquery redirections.
* Bump Standards-Version to 4.6.0 (no changed needed).
* Remove long supported Linux version requirements from Description.
[ Sami Haahtinen ]
* Use correct argument in setup_slave_device(). (Closes: #968368)
[ Oleander Reis ]
* Handle slave definitions of interfaces with no bond settings.
(Closes: #990428)
* Delete bond interfaces on ifdown -a. (Closes: #992102)
-- Guillem Jover <guillem@debian.org> Sun, 17 Oct 2021 06:02:55 +0200
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021.10.04 -- Version 2.5.4
Antonio Quartulli (3):
route.c: pass the right parameter to IN6_IS_ADDR_UNSPECIFIED
configure: search also for rst2{man, html}.py
networking: add networking API net_addr_ll_set() and use it on Linux
Arne Schwabe (1):
Move examples into openvpn-examples(5) man page
David Korczynski (1):
Fix argv leaks in add_route() and add_route_ipv6()
David Sommerseth (2):
doc: Use generic rules for man/html generation
man: Clarify IV_HWADDR
Gert Doering (1):
Add error reporting to get_console_input_win32().
Lev Stipakov (3):
Fix console prompts with redirected log
Add building man page on Windows
GitHub Actions: remove Ubuntu 16.04 environment
Max Fillinger (1):
Update Fox e-mail address in copyright notices
Selva Nair (1):
Minor doc correction: tls-crypt-v2 key generation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
v2.5.3 Changes
New tests to verify add/del of IPv4/IPv6 routes in kernel MFC
Fixes
Fix#166: build warning with gcc 10.2.1: "comparison is always true due to limited range of data type"
Fix build warning with --disable-mrdisc configure option
Fix#167: cannot remove routes added with smcroutectl add, only affects add/del at runtime with smcroutectl, not .conf reload
Fix#168: build problem on Debian/kFreeBSD, used wrong queue.h
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The main repo is sourced from git://git.openembedded.org not github.
Don't think oe-core.git exists.
Lets be constent across all sub layers.
Drop Revisions and Prioriiy from repo references as they are not used.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
configure.ac:1: error: possibly undefined macro: dnl
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
../firewalld-0.9.4/configure: line 3408: pkg.m4: command not found
../firewalld-0.9.4/configure: line 3422: syntax error near unexpected token `0.16'
../firewalld-0.9.4/configure: line 3422: ` PKG_PROG_PKG_CONFIG(0.16)'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These site files are only there for single recipe, move the data to
recipe and use SITEINFO_ENDIANNESS to choose right option and pass it
to configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
One file is BSD-1-Clause while another is BSD-4-Clause
Set and check accourdingly
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Features
Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support.
ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones.
Fix: Resolve interface names on control-interface too.
Merge #470 from edevil: Allow configuration of persistent TCP connections.
Fix#474: always_null and others inside view.
Add that log-servfail prints an IP address and more information about one of the last failures for that query.
Merge #478: Allow configuration of TCP timeout while waiting for response.
Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes.
zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone.
Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
Merge PR #491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https.
Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version 2.86
Handle DHCPREBIND requests in the DHCPv6 server code.
Thanks to Aichun Li for spotting this omission, and the initial
patch.
Fix bug which caused dnsmasq to lose track of processes forked
to handle TCP DNS connections under heavy load. The code
checked that at least one free process table slot was
available before listening on TCP sockets, but didn't take
into account that more than one TCP connection could
arrive, so that check was not sufficient to ensure that
there would be slots for all new processes. It compounded
this error by silently failing to store the process when
it did run out of slots. Even when this bug is triggered,
all the right things happen, and answers are still returned.
Only under very exceptional circumstances, does the bug
manifest itself: see
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
Thanks to Tijs Van Buggenhout for finding the conditions under
which the bug manifests itself, and then working out
exactly what was going on.
Major rewrite of the DNS server and domain handling code.
This should be largely transparent, but it drastically
improves performance and reduces memory foot-print when
configuring large numbers domains of the form
local=/adserver.com/
or
local=/adserver.com/#
Lookup times now grow as log-to-base-2 of the number of domains,
rather than greater than linearly, as before.
The change makes multiple addresses associated with a domain work
address=/example.com/1.2.3.4
address=/example.com/5.6.7.8
It also handles multiple upstream servers for a domain better; using
the same try/retry algorithms as non domain-specific servers. This
also applies to DNSSEC-generated queries.
Finally, some of the oldest and gnarliest code in dnsmasq has had
a significant clean-up. It's far from perfect, but it _is_ better.
Revise resource handling for number of concurrent DNS queries. This
used to have a global limit, but that has a problem when using
different servers for different upstream domains. Queries which are
routed by domain to an upstream server which is not responding will
build up and trigger the limit, which breaks DNS service for
all other domains which could be handled by other servers. The
change is to make the limit per server-group, where a server group
is the set of servers configured for a particular domain. In the
common case, where only default servers are declared, there is
no effective change.
Improve efficiency of DNSSEC. The sharing point for DNSSEC RR data
used to be when it entered the cache, having been validated. After
that queries requiring the KEY or DS records would share the cached
values. There is a common case in dual-stack hosts that queries for
A and AAAA records for the same domain are made simultaneously.
If required keys were not in the cache, this would result in two
requests being sent upstream for the same key data (and all the
subsequent chain-of-trust queries.) Now we combine these requests
and elide the duplicates, resulting in fewer queries upstream
and better performance. To keep a better handle on what's
going on, the "extra" logging mode has been modified to associate
queries and answers for DNSSEC queries in the same way as ordinary
queries. The requesting address and port have been removed from
DNSSEC logging lines, since this is no longer strictly defined.
Connection track mark based DNS query filtering. Thanks to
Etan Kissling for implementing this It extends query filtering
support beyond what is currently possible
with the `--ipset` configuration option, by adding support for:
1) Specifying allowlists on a per-client basis, based on their
associated Linux connection track mark.
2) Dynamic configuration of allowlists via Ubus.
3) Reporting when a DNS query resolves or is rejected via Ubus.
4) DNS name patterns containing wildcards.
Disallowed queries are not forwarded; they are rejected
with a REFUSED error code.
Allow smaller than 64 prefix lengths in synth-domain, with caveats.
--synth-domain=1234:4567::/56,example.com is now valid.
Make domains generated by --synth-domain appear in replies
when in authoritative mode.
Ensure CAP_NET_ADMIN capability is available when
conntrack is configured. Thanks to Yick Xie for spotting
the lack of this.
When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which
files within that directory are read (alphabetical order
of filename). Thanks to Ed Wildgoose for the initial patch
and motivation for this.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
STABLE RELEASE 1.0.5:
- Add --no-solicit option to skip sending the discovery packet.
- Ignore multicast advertisements when discovery was sent as unicast
- Since its point release, no need to use +git${SRCPV} in PV it can be
absolute
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently, viewing the help text with snmpd -h results in snmpd being
started in the background.
$ snmpd -h
Usage: snmpd [OPTIONS] [LISTENING ADDRESSES]
[snip]
$ ps -ef | grep snmpd
root 1477 1 0 05:46 ? 00:00:00 snmpd -h
Backport a patch to fix this issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
From the changelog (https://marc.info/?l=netfilter&m=162939459210790&w=2):
- Catch-all set element support: This allows users to define the
special wildcard set element for anything else not defined in
the set
- Define variables from the command line through --define
- Allow to use stateful expressions in maps
- Add command to list the netfilter hooks pipeline for a given packet
family. If device is specified, then ingress path is also included
- Allow to combine jhash, symhash and numgen expressions with the
queue statement, to fan out packets to userspace queues via
nfnetlink_queue
- Expand variable containing set into multiple mappings
- Allow to combine verdict maps with interval concatenations
- Simplify syntax for NAT mappings. You can specify an IP range, or a
specific IP and port, or a combination of range of IP addresses and
ports
- Bugfixes
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
To drop root privileges on Linux-based systems, chrony requires a
standard user to switch to and the use of capabilities. Fix up the
privdrop packageconfig to account for this.
Signed-off-by: Easwar Hariharan <easwar.hariharan@microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
bmon is a monitoring and debugging tool to capture networking
related statistics and prepare them visually in a human friendly way
Signed-off-by: Patrick Areny <patrick.areny@notiloplus.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libconfuse a configuration file parser library written in C
Used by bmon network monitor.
Signed-off-by: Patrick Areny <patrick.areny@notiloplus.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 2 seccomp patches as seccomp sandbox policy tweaks in new version [1].
[1] https://security.appspot.com/vsftpd/Changelog.txt
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Handle-enum-element-override.patch
removed since it is included in 0.103
Add patch to fix bug for 32bit format string bug.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
===============================================
NetworkManager-1.32.8
Overview of changes since NetworkManager-1.32.6
===============================================
* firewalld: configure zones on "Reloaded" signal.
* core: fix wrong MTU for bridge interfaces.
* cloud-setup: fix gateway address for Aliyun cloud.
===============================================
NetworkManager-1.32.6
Overview of changes since NetworkManager-1.32.4
===============================================
* core: fix adding stale local routes when address changes.
* initrd: tag generated profiles with origin in user data.
* core: introduce "allowed-connections" option to disallow
profiles on a device. This allows to filter out profiles
that originate from initrd.
* core: introduce "keep-configuration" device option to forcefully
activate a profile on start.
* dhcp: handle filename/bootfile_name DHCP option and write it to
device state file for initrd/kickstart.
* initrd: add "ib.pkey=" command line option
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of
messages logged to buffered outputs, predominantly --logfile.
This also caused lines in the logfile to run into one another because
the fragment containing the '\n' line-end character was usually lost.
Reason is that on all modern systems (with <stdarg.h> header and vsnprintf()
interface), the length of log message fragments was added up twice, so
that these ended too deep into a freshly allocated buffer, after the '\0'
byte. Unbuffered outputs flushed the fragments right away, which masked the
bug.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add them to PACKAGECONFIG if enable selinux distro feature.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch is the result of running the latest convert-ovrrides.py
script.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: curlpp.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: netsnmp-agent.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
v1.44.0 changelog:
lib: Port new ngtcp2 map implementation
doc: Replace master with main
build: Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS
build: Add more --with-* configure flags
build: Add LIBTOOL_LDFLAGS configure variable
third-party: Bump llhttp to 6.0.2
src: Replace black-list with block-list
nghttpx: Fix max distance in weight group/address cycle comparison
nghttpx: Set connect_blocker and live_check after shuffling addresses
nghttpx: Replace master with main
nghttpx: Remove trailing white space after $method log variable
(https://github.com/nghttp2/nghttp2/pull/1553)
h2load: Add --rps option
(https://github.com/nghttp2/nghttp2/pull/1559)
h2load: Allow unit in -D option
asio: fix some typos (Patch from Jan Kundrát)
(https://github.com/nghttp2/nghttp2/pull/1550)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
add note:
** NOTE! The following LGPL license applies to the talloc
** library. This does NOT imply that all of Samba is released
** under the LGPL
"GNU General Public License" changed to "GNU Lesser General Public License"
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin.
- Added AES_CCM and SHA-3 signature support to openssl plugin.
- The x509 and openssl plugins now consider the authorityKeyIdentifier, if
available, before verifying signatures, which avoids unnecessary signature
verifications after a CA key rollover if both certificates are loaded.
- The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which
previously depended on a version check.
- charon-nm now supports using SANs as client identities, not only full DNs.
- charon-tkm now handles IKE encryption.
- A MOBIKE update is sent again if a a change in the NAT mappings is detected
but the endpoints stay the same.
- Converted most of the test case scenarios to the vici interface
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bug fix only release.
$ git shortlog --grep "^fix" v0.9.3..v0.9.4
Eric Garver (10):
fix(dbus): conf: setting deprecated properties should be ignored
fix(dbus): properties: IPv4 and IPv6 should be true if using nftables
fix(fw): when checking tables make sure to check the actual backend
fix(ipset): nftables: use interval flag for "ip" types
fix(rpm): applet: don't replace config modified by admin
fix(rpm): logrotate: don't replace config modified by admin
fix(ipv6_filter): match fwmark
fix(direct): rule order with multiple address with -s/-d
fix(nm): reload: only consider NM connections with a real interface
fix(policy): warn instead of error for overlapping ports
Fabrizio D'Angelo (1):
fix(ipset): fix hash:net,net functionality
Robert Richmond (1):
fix(ipset): entry delete with timeout
Ye Shu (1):
fix(applet): Show a basic tooltip instead of HTML
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Did not find hints upstream but musl build turned painless!
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Manually refresh 0002-fix-fail-to-enable-bluetooth.patch - it did not apply
2.2.1
Bugs fixed
Hard dependency of DBusService on NetworkManager
2.2
New features
Disconnect items in applet menu (plugin)
Desktop notifications on connect / disconnect (plugin)
Notifications with battery level for connecting devices (applet plugin)
Stop discovery and retry connection for broken adapter drivers
Auto-connect settings for supported services
Changes
Drop blueman-report
Drop blueman-assistant
Raise minimum Python version to 3.6
Raise GTK+ 3 version to 3.22
Raise minimum BlueZ version to 5.48
Allow opening device menus via keyboard (Shift+F10 or menu key)
Add Ctrl+Q and Ctrl+W accelerators for closing blueman-manager
Allow cancelling device connection attempts
Improved passkey handling (fixed padding, highlighting, single notifitication)
Hide devices with no name
Bugs fixed
Fix disconnecting NMDevice
Exceptions from asynchronous DBus calls (getting picked up by tools like Apport or ABRT)
DiscvManager plugin showed its icon unreliably
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add libparse-yapp-perl to RDEPENDS for pidl.
Fixes:
$ pidl
Can't locate Parse/Yapp/Driver.pm in @INC (you may need to install the Parse::Yapp::Driver module)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The shebang in pidl points to wrong location:
$ pidl
-sh: /usr/bin/pidl: /buildarea/build/tmp-glibc/hosttools/env: bad interpreter: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When using systemd, ntpdate-sync script will start in background
triggering the start of ntpd without actually exiting.
This results in an bind error in ntpd startup.
Add wait at the end of ntpdate script to ensure that when the ntpdate.service
is marked as finished the oneshot script ntpdate-sync finished and unbind the
ntp port
Fixes#386
Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.
Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We're not living in a perfect world so avoid build failures like:
ERROR: samba-4.14.5-r0 do_package_qa: QA Issue: samba-pidl contains perllocal.pod (/usr/lib/perl5/5.34.0/x86_64-linux/perllocal.pod), should not be installed [perllocalpod]
ERROR: samba-4.14.5-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Due to the sed commands in do_install_append() that removed
${STAGING_DIR_HOST} and it being empty when building for native, it was
impossible to add support for building this as native using a bbappend.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove the explicit dependency on libnl as the libnl PACKAGECONFIG
depends on it as necessary.
* Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF
directly.
* Sort the PACKAGECONFIGs.
* Some whitespace clean up.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Configure the recipe to use the module_install function from the module
source code and remove the overriden modules_install function from the
recipe.
Using the default modules_install (instead of the function defined in
the recipe file) the module is signed when DISTRO_FEATURE contains modsign.
Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: notice.html does not exist in this version, use NOTICE.md to
check.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes cif-utils recipe build when DISTRO_FEATURES includes 'usrmerge'
Add do_configure_prepend() to override ROOTSSBINDIR environment variable
so that the utilities are installed in /usr/sbin rather than /sbin.
Setting --exec-prefix or --prefix in EXTRA_OECONF does not work.
Update do_install_append() to NOT remove /usr/bin /usr/sbin if usrmerge
is set in DISTRO_FEATURES
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For distros that want to use the ENABLE_LIB_ONLY option, the rm call
will fail, because ENABLE_HPACK_TOOLS (set implicitly as part of
ENABLE_LIB_ONLY) removes those two binaries from the build, so they then
can't be removed again. This commit sets ENABLE_HPACK_TOOLS=OFF, which not
only allows for the option to be overridden in other meta layers, also
allows a simplified use of ENABLE_LIB_ONLY in meta layers that don't
want to ship the binaries.
Signed-off-by: Ed Tanous <ed@tanous.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes since 4.4.2 (Bug Fixes)
Corrected a buffer overwrite possible when parsing hexadecimal
literals with more than 1024 octets. Reported by Jon Franklin from Dell,
and also by Pawel Wieczorkiewicz from Amazon Web Services.
[Gitlab #182]
CVE: CVE-2021-25217
See: https://downloads.isc.org/isc/dhcp/4.4.2-P1/dhcp-4.4.2-P1-RELNOTES
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable backtrace in bundled bind to fix build error for qemuarm on
musl.
Fixes:
bind/bind-9.11.32/lib/isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update the bundled bind from 9.11.14 to 9.11.32.
Fixes build error on qemuarmv5:
stats.c: In function 'setcounter':
stats.c:300:36: error: 'val' undeclared (first use in this function); did you mean 'value'?
300 | stats->counters[counter] = val;
| ^~~
| value
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-dbus-Remove-unused-variabes.patch
0002-Makefile-Exclude-.h-files-from-target-rule.patch
Removed since these are included in 0.102.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are some options are deprecated in smb.conf.
Refer to
https://salsa.debian.org/samba-team/samba/-/blob/master/debian/smb.conf
to update it.
* Remove the deprecated "syslog only" and "syslog" global options and
replace them with the "logging" statement.
* Remove wins support and wins server comments since WINS protocol is
outdated.
* Improve idmap config
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The 4.10.x is EOL: https://wiki.samba.org/index.php/Samba_Release_Planning
Upgrade to latest 4.14.x.
Remove PACKAGECONFIG[gnutls] since the gnutls is now the mandatory
requirement for samba. See:
https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Mandatory
Refresh patches:
16-do-not-check-xsltproc-manpages.patch
20-do-not-import-target-module-while-cross-compile.patch
21-add-config-option-without-valgrind.patch
0001-Add-options-to-configure-the-use-of-libbsd.patch
dnsserver-4.7.0.patch
iconv-4.7.0.patch
0001-samba-fix-musl-lib-without-innetgr.patch
Drop patches:
0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch
0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch
0001-waf-add-support-of-cross_compile.patch
0002-util_sec.c-Move-__thread-variable-to-global-scope.patch
CVE-2020-14318.patch
CVE-2020-14383.patch
glibc_only.patch
smb_conf-4.7.0.patch
Add new patches:
0007-wscript_configure_system_gnutls-disable-check-gnutls.patch
0008-source3-wscript-disable-check-fcntl-F_OWNER_EX.patch
source3-wscript-disable-check-fcntl-RW_HINTS.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable the options by default, as we use different compilers there are
more warnings to handle then upstream
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade libnftnl in preparation for the upgrade of nftables, since the
latter requires libnftnl >= 1.2.0.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The bundled libtool files are arcane and do not work in OE cross build
environment, resulting in creating wrong entried in DT_NEEDED section
as well as emitting build paths into rpaths into ELF files, therefore
copy the OE provided libtool files to fix this issue
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This tracks the official scapy project.
includes ptest
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
vendored version of bind is quite old which does not have all newer
architecture info like riscv in gnu-config files captured in the bind
tarball, therefore update these files before configuring bundled bind
Fixes build on rv32/rv64
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Yi Zhao <yi.zhao@windriver.com>
The current default dhcp server kea in oe-core doesn't provide
dhcp-relay tool. Add a recipe to provide dhcrelay which is from dhcp.
This patch is picked up from dhcp recipe with some tweaks. In order to
fix the build dependency, we use bundled bind instead of external bind.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Native python is being probed on some builds
Fixes
recipe-sysroot-native/usr/share/cmake-3.20/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS)
(Required is exact version "3.8")
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-m4-sctp.m4-make-conpatible-to-autoconf-2.70.patch
Removed since this is included in 1.0.19.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Header-only C++14 library that gives you an embedded HTTP server.
Signed-off-by: Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
HTTP request/response parser for C.
Signed-off-by: Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit brings the version of ufw up to 0.36 since version 0.33
had some problems:
* The setup.py calls sed to replace some variables in the source
code with the correct paths. However, this is done using a hardcoded
path and conflicts with distutils
* The python shebang was not properly corrected in setup.py, leading
to a script that only run if there is a python symlink to python2 or
python3
The first issue is addressed by the bump in version, while the second
one is fixed in patch 0003 of the recipe.
Also, the new version provides examples for systemd service and
sysvinit scripts to autostart ufw. These are added into the recipe
now.
Signed-off-by: Silcet <camorga1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
this is another option for reproducibility which can be used by
compilers, and here consider processing it as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: Change distribition to distribution.
Specific permission is granted for the GPLed code in this distribution to be linked to OpenSSL without invoking GPL clause 2(b).
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[meta-openembedded ticket #327] --
https://github.com/openembedded/meta-openembedded/issues/327
The python version in the shebang at the begining of the ufw script
should be the same one as the version the setup.py script was called
with.
The fix in patch "setup-only-make-one-reference-to-env.patch"
depends on sys.executable returning "/usr/bin/env pythonX". However,
it returns "/usr/bin/pythonX". Using sys.version_info we can get the
major version of the python used to called the script and append
that to the shebang line so it works as intended.
Signed-off-by: Silcet <camorga1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Change: Update copyright years change to Staysail Systems, Inc
ee0b44406d (diff-d0ed4cc3fb70489fe51c7e0ac180cba2a7472124f9f9e9ae67b01a37fbd580b7)
In contrast to 1.2.5, this recipe also builds and packages the nngcat
tool.
Signed-off-by: Reto Schneider <reto.schneider@husqvarnagroup.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
changelog
* 79b1a99 Fixed comment.
* b2ec203 Fixed carry propagation bug in m64 impl for P-256.
* dda1f8a Harmonized behaviour when point length is invalid.
* acc70b1 Typo fix in comment.
* 946f5ba Added discard of unread appdata on explicit close.
* 252dba9 Fixed carry propagation bug in P-256 'm62' implementation (found by Auke Zeilstra; consequences unclear, possibly some invalid curve attacks in static ECDH contexts).
* 15b3af7 Typo fix in comment.
* 69807a3 Fixed typo in comment.
* fb4296c Fixed some errors in comments.
* 4b60464 Fixed small display bug in debug tool.
* b715b43 Fixed buffer overflow in private key decoding (wrong buffer length used in size check).
* 2893441 Fixed a spurious warning on some compilers.
* e4edfb8 Added support for getrandom()/getentropy(), and a fix for the RDRAND bug on AMD CPU (family 22).
* 924921d Fixed mishandling of UTF-8 codepoints in the FDF0..FEDF range (these were unduly rejected when extracting names from certificates, thereby preventing use of the extra presentation forms of Arabic).
* 9721b3e Fixed efficiency pre-test on RSA prime generation (no security issue, but RSA key generation with pubexp 5, 7 or 11 may be slightly more efficient).
* ecdf897 Normalize use of BR_DOXYGEN_IGNORE.
* c1bb535 Small workaround for CompCert compatibility.
* 87a796d Fixed computing of intermediate buffer size for maximum-size RSA keys.
* 6433cc2 Added detection for MIPS64 with n32 ABI.
* 001d094 Some small performance improvements on 32-bit architectures.
* 08eb078 Fixed fd leak in test code.
* d5acc4f Made m64 implementations of elliptic curves the default (when available).
* f0ddbc3 Added new 64-bit implementations of Curve25519 and P-256.
* b2a08e9 Made ec_c25519_m62 implementation the default on supported architectures.
* 52a69fe Fixed endianness in Curve25519 implementation (no consequence on security). Also added new Curve25519 code for 64-bit platforms.
* fd98320 Cosmetic fix (value did not conform to its announced bit length, but this did not have bad consequences since br_i31_decode_mod() is lenient on that).
* 431629d Changed speed benchmark for i31 to a 521-bit modulus.
* c6ffcd2 Fixed warning on GCC 4.6 to 4.9 (macro redefinition).
* 420f50c Added stand-alone RSA/PSS implementation.
* 966078b Added SHAKE implementation.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The +1 fixes build issues for the 5.4 kernel.
This update looks like bugfixes
Signed-off-by: Armin Kuster <akuster808@gmail.com>
v2]
Wrong version listed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 0001-GitHub-Issue-367.-Remove-references-to-deprecated-G_.patch
since it was a backport.
Drop 0001-pollGtk-Drop-volatile-qualifier.patch
since it's covered by:
f48efc8e Make pollGtk resetable.
Drop 0001-utilBacktrace-Ignore-Warray-bounds.patch
since it's covered by:
0cfda58a Make peeking back into the stack work for back traces
Drop 0002-add-include-sys-sysmacros.h.patch
since it's covered by:
69b7e1f9 Include sysmacros.h directly as mandated by glibc-2.25.
Refit:
0005-Use-configure-to-test-for-feature-instead-of-platfor.patch
0009-Rename-poll.h-to-vm_poll.h.patch
0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch
0011-Use-uintmax_t-for-handling-rlim_t.patch
Add:
0001-Add-resolv_compat.h-for-musl-builds.patch
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Trevor Gamblin <Trevor.Gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.30.2:
- 0004-fix_reallocarray_check.patch removed because the current
version of nm already includes boths malloc.h and stdlib.h
- musl/0002-Fix-build-with-musl.patch removed because the commit
c50da167bc of nm solves the build issue with musl
- musl/0001-Fix-build-with-musl-systemd-specific.patch modified
to avoid conflicts when applied to current version of nm
- musl/0003-Fix-build-with-musl-systemd-specific.patch renamed
to musl/0002-Fix-build-with-musl-systemd-specific.patch and
modified to avoid conflicts when applied to current version of nm
Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop one patch at the issue is already fixed in new version
(307678b268 Fix rlm_python3 build)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* and make it skipped only when meta-filesystem is missing as well
* depends on libdnet from meta-networking and nothing in meta-oe depends on open-vm-tools
* update packagegroup-meta-oe to match this, without either of these layers packagegroup-meta-oe is currently failing with:
ERROR: Nothing RPROVIDES 'open-vm-tools' (but meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb RDEPENDS on or otherwise requires it)
open-vm-tools was skipped: Requires meta-networking and meta-filesystems to be present.
NOTE: Runtime target 'open-vm-tools' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['open-vm-tools']
ERROR: Required build target 'packagegroup-meta-oe' has no buildable providers.
Missing or unbuildable dependency chain was: ['packagegroup-meta-oe', 'open-vm-tools']
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It does not have to maintain two patch directories files and atftp,
merge them.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
