NetworkManager should only be licensed under LGPL 2.1 or higher. But as far as
I understand, the process is not finished yet and some codes are still under
GPL-2.0.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/RELICENSE.md
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since libesmtp-1.1.0, libesmtp-config is removed, use pkg-config to
check for existence instead.
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Allow to compile nmcli with libedit (alternative to gplv3 readline)
- Support iwd as well as wpa-supplicant for wifi
- Make vala build-time dependency optional
- Split all plugins into packages. By default all packages are installed
acc. to features in the PACKAGECONFIG but it's now possible to build
images where only some plugins are installed.
- Move FILES:networkmanager to last position to increase the FILES
priority of other packages.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Switch to meson build-system
- Removed 0003-install-firewalld-to-var-libdir-rather-than-hardcod-.patch
nm-shared.xml gets installed into /usr/lib/firewalld/zones where also
firewalld installs its xml files. Not 100% sure this is as it was
before but it seams to be consistent with firewalld.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Forward port 0002-add-an-option-to-specify-iptables-location.patch
Use distutils3, since it still needs it [1]
[1] https://git.launchpad.net/ufw/tree/setup.py#n28
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Overview of changes since NetworkManager-1.34
=============================================
* The handling of Layer 3 configurations has been substantially reworked.
While this is mostly internal change, it results in more robust
behavior when addressing information from multiple sources (DHCP,
manually configured, VPN) need to be applied simultaneously.
Overall performance and memory use have also slightly improved.
* Manually configured addresses can no longer expire even if the same
addresses are also obtained dynamically.
* Code for systemd-based DHCP and DHCPv6 clients has been updated from
upstream.
* NTP servers obtained via DHCPv6 are now exposed on the DBus API, visible
in nmcli and available for use by dispatcher scripts.
* 5G NR (New Radio) modems are now supported.
* The "rd.znet_ifnames" kernel command line option is now honored on
network bootups on an IBM s390 platform.
* Wi-Fi P2P support does now work with the IWD backend, in addition to
wpa_supplicant backend.
* Support for special route types have been added: "prohibit", "blackhole"
and "unreachable".
* Routes managed by routing daemons are now ignored. This is done to
address a performance bottleneck on specialized routers.
* Handling of IP addressing and routing information is now slightly
more efficient and uses less memory. This is apparent on systems with
large amount of IP configuration information.
* It is now possible to start NetworkManager without root user privileges.
This is experimental doesn't necessarily result in a working daemon.
NetworkManager service already drops many of capabilities available
to the root user.
* WPA3 Wi-FI network security have been improved by enabling new H2E (hash
to element) method for generating SAE password element.
* It is now possible to select the default Wi-Fi backend (wpa_supplicant or
IWD) at build-time.
* Replies from broken DHCP servers that send duplicate address or mask
options are now handled gracefully.
* Bridge support has gained the possibility of turning off MAC ageing.
* "configure-and-quit" mode and nm-iface-helper have been removed.
* A number of bugs that could cause NetworkManager to crash in rare
conditions have been fixed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch
0001-makeinit.sh-fix-parallel-build-issue.patch
0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch
deleted since they're included in 2.1.28
CVE-2019-19906.patch
avoid-to-call-AC_TRY_RUN.patch
refreshed for new version
Changelog:
=========
build:
------
configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
makemd5.c - Fix potential out of bound writes
fix build with –disable-shared –enable-static
Dozens of fixes for Windows specific builds
Fix cross platform builds with SPNEGO
Do not try to build broken java subtree
Fix build error with –enable-auth-sasldb
common:
-------
plugin_common.c:
Ensure size is always checked if called repeatedly (#617)
documentation:
--------------
Fixed generation of saslauthd(8) man page
Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373)
Updates for additional SCRAM mechanisms
Fix sasl_decode64 and sasl_encode64 man pages
Tons of fixes for Sphinx
include:
--------
sasl.h:
Allow up to 16 bits for security flags
lib:
----
checkpw.c:
Skip one call to strcat
Disable auxprop-hashed (#374)
client.c:
Use proper length for fully qualified domain names
common.c:
CVE-2019-19906 Fix off by one error (#587)
external.c:
fix EXTERNAL with non-terminated input (#689)
saslutil.c:
fix index_64 to be a signed char (#619)
plugins:
--------
gssapi.c:
Emit debug log only in case of errors
ntlm.c:
Fail compile if MD4 is not available (#632)
sql.c:
Finish reading residual return data (#639)
CVE-2022-24407 Escape password for SQL insert/update commands.
sasldb:
-------
db_gdbm.c:
fix gdbm_errno overlay from gdbm_close
DIGEST-MD5 plugin:
------------------
Prevent double free of RC4 context
Use OpenSSL RC4 implementation if available
SCRAM plugin:
------------
Return BADAUTH on incorrect password (#545)
Add -224, -384, -512 (#552)
Remove SCRAM_HASH_SIZE
Add function to return SCRAM auth method name
Allocate enough memory in scam_setpass()
Add function to sort SCRAM methods by hash strength
Update windows build for newer SCRAM options
saslauthd:
---------
auth_httpform.c:
Avoid signed overflow with non-ascii characters (#576)
auth_krb5.c:
support setting an explicit auth_krb5 server name
support setting an explicit servername with Heimdal
unify the MIT and Heimdal auth_krb5 implementations
Remove call to krbtf
auth_rimap.c:
provide native memmem implementation if missing
lak.c:
Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
lak.h:
Increase supported DN length to 4096 (#626)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Standard defaults are not able to guess it right, so aid it a bit
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
this puts python3-nose away from default requirements, nose dependency
should eventually be removed and perhaps converted to pytest
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Auto rename performed by oe-core's convert-variable-renames.py 0.1
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Major changes in 0.14.4
=======================
* Fix enum deprecation warning for visual studio
* Fix documentation typos in stream-device.h
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
refresh patches for 0.104:
0001-Makefile-do-not-use-Werror.patch
0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch
0001-parse-nm-fix-32bit-format-string.patch
removed since it's included in 0.104
Changelog:
=========
Enable embedded-switch-mode setting on SmartNICs (#253)
Permit multiple patterns for the driver globs in match (#202), LP#1918421
Improve routing capabilities (#248), LP#1892272, LP#1805038
Support additional link offload options for networkd (#225) (#242), LP#1771740
Consolidate enum-to-string arrays (#230)
Handle differing ip6-privacy default value for NetworkManager (#263)
YAML state tracking (--state rootdir) for DBus API and netplan try (#231), LP#1943120
Support ConfigureWithoutCarrier (ignore-carrier) for networkd (#215)
Move primary git branch master to main
Documentation improvements (#226)
Compatibility for glib-2.70 (#235)
Cleanup Makefile, install only public headers
Improve test reliability & enable integration testing CI for autopkgtests
Netplan get to use the libnetplan parser (#252)
libnetplan:
- introduce the notion of NetplanState (#232)
- use an explicit parser context (#233)
- expose coherent generator APIs (#239)
- improve overall error handling (#234)
- consolidation of YAML parsing into the library (#241, #249, #250, #251)
Restrict the symbol export to a determined public API (#227)
- WARNING: We dropped some internal symbols from the API that we know
have no external consumers (that we are aware of)
- 0.103: _serialize_yaml, contains_netdef_type, tmp, validate_default_route_consistency
- 0.102: cur_filename, netplan_netdef_new
- 0.100: address_option_handlers, is_hostname, validate_ovs_target, wireguard_peer_handlers
- 0.99: current_file, is_ip4_address, is_ip6_address, missing_id,
missing_ids_found, parser_error, validate_backend_rules, validate_netdef_grammar,
yaml_error
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
b2fedc4 rsocket: Make sure that the allocated memory is aligned
ebbdb85 Merge pull request #1107 from Sindhu-Devale/libirdma-12-9-fixes
a83619b providers: Move input validation for memory window bind to core
a274c9c providers/rxe: Replace '%' with '&' in check_qp_queue_full()
812ab81 Merge pull request #1128 from Wenpeng-Liang/clear_rq_sge
1a9b2db docs: Fix typo in pyverbs example
d498180 libhns: Clear remaining unused sges when post recv
d99f61c Merge pull request #1127 from Wenpeng-Liang/misc_bugfix
7307264 verbs: Fix description of manual for ibv wc read byte len function
c298130 verbs: Fix a typo
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Fix-compiler-error-introduced-with-recent-IPv6-commi.patch
removed since it's included in 2.1.6.
Changelog:
=========
This release adds more bug fixes and cleanups. No major functionality changes.
libopeniscsiusr: extend sysfs ignore_error to include EINVAL
Fix compiler error introduced with recent IPv6 commit.
Remove dependences from iscsi-init.service
Use "sbindir" for path in systemd service files
Updated README a bit
Finish ability to have binary location configurable.
Fix iscsi-init so that it runs when root writable
remove redundant params in Makefile
Fixing last parts of sbindir configuration
Cosmetic cleanup on recent addition
Update the iscsi-gen-initiatorname script: harden and generalize
change iscsi-gen-initiatorname option -b => -p
Add man page for the iscsi-gen-initiatorname script.
Install new man page for iscsi-gen-initiatorname
Fix issues discovered by gcc12
Fix more issues discovered by gcc12
iscsi sysfs: check state before onlining devs
iscsistart: fix login timeout handling
iscsid: use infinite timeout if passed in
iscsid: add error code for req timeouts
Improve 'iscsid.conf'
iscsiadm: Call log_init() first to fix a segmentation fault
iscsi_err: Add iscsid request timed out error messages
Fix wrong install_systemd destination path
actor: add name to struct actor and init it with function name
actor: print thread name in log
actor: enhanced: print error log when init a initilized thread
initiator_common: make set operational parameter log easy to read
iscsid: Check session id before start sync a thread
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Netsniff-ng is a fast zero-copy analyzer, pcap capturing and replaying tool.
Actually the Makefile doesn't create the folder when installing tools, let's
add a patch to fix this.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upstream ebtables-legacy-save perl script is replaced by a bash
implementation (taken from Fedora). So there's nothing left which
RDEPENDs on perl.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
ERROR: QA Issue: /usr/sbin/dhcrelay contained in package dhcp-relay requires libisccfg.so.163, but no providers found in RDEPENDS:dhcp-relay? [file-rdeps]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.
https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The official site was moved to https://tcpreplay.appneta.com/.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
refresh 0001-autogen.sh-not-generate-configure.patch
Changelog:
=========
New Features
-----------
Add a "confidence" field indicating the reliability of the classification
Add risk exceptions for services and domain names via ndpi_add_domain_risk_exceptions()
Add ability to report whether a protocol is encrypted
New Supported Protocols and Services
-----------------------------------
Add protocol detection for:
Badoo
Cassandra
EthernetIP
Improvements
------------
Significantly reduced memory footprint from 2.94 KB to 688 B per flow
Improve protocol detection for:
BitTorrent
ICloud Private Relay
IMAP, POP3, SMTP
Log4J/Log4Shell
Microsoft Azure
Pandora TV
RTP
RTSP
Salesforce
STUN
Whatsapp
QUICv2
Zoom
Add flow risk:
NDPI_CLEAR_TEXT_CREDENTIALS
NDPI_POSSIBLE_EXPLOIT (Log4J)
NDPI_TLS_FATAL_ALERT
NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE
Update WhatsAPP and Instagram addresses
Update the list of default ports for QUIC
Update WindowsUpdate URLs
Add support for the .goog Google TLD
Add googletagmanager.com
Add bitmaps and API for handling compressed bitmaps
Add JA3 in risk exceptions
Add entropy calculation to check for suspicious (encrypted) payload
Add extraction of hostname in SMTP
Add RDP over UDP dissection
Add support for TLS over IPV6 in Subject Alt Names field
Improve JSON and CSV serialization
Improve IPv6 support for almost all dissectors
Improve CI and unit tests, add arm64, armhf and s390x as part of CI
Improve WHOIS detection, reduce false positives
Improve DGA detection for skipping potential DGAs of known/popular domain names
Improve user agent analysis
Reworked HTTP protocol dissection including HTTP proxy and HTTP connect
Changes
--------
TLS obsolete protocol is set when TLS < 1.2 (used to be 1.1)
Numeric IPs are not considered for DGA checks
Differentiate between standard Amazon stuff (i.e market) and AWS
Remove Playstation VUE protocol
Remove pandora.tv from Pandora protocol
Remove outdated SoulSeek dissector
Fixes
-----
Fix race conditions
Fix dissectors to be big-endian friendly
Fix heap overflow in realloc wrapper
Fix errors in Kerberos, TLS, H323, Netbios, CSGO, Bittorrent
Fix wrong tuple comparison
Fix ndpi_serialize_string_int64
Fix Grease values parsing
Fix certificate mismatch check
Fix null-dereference read for Zattoo with IPv6
Fix dissectors initialization for XBox, Diameter
Fix confidence for STUN classifications
Fix FreeBSD support
Fix old GQUIC versions on big-endian machines
Fix aho-corasick on big-endian machines
Fix DGA false positive
Fix integer overflow for QUIC
Fix HTTP false positives
Fix SonarCloud-CI support
Fix clashes setting the hostname on similar protocols (FTP, SMTP)
Fix some invalid TLS guesses
Fix crash on ARM (Raspberry)
Fix DNS (including fragmented DNS) dissection
Fix parsing of IPv6 packets with extension headers
Fix extraction of Realm attribute in STUN
Fix support for START-TLS sessions in FTP
Fix TCP retransmissions for multiple dissectors
Fix DES initialisation
Fix Git protocol dissection
Fix certificate mismatch for TLS flows with no client hello observed
Fix old versions of GQUIC on big-endian machines
Misc
----
Add tool for generating automatically the Azure IP list
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
Update strlcpy.c and strlcat.c
PR #636
Apply #616 fix to flows.c, fix#665
Bug #670: update Travis CI to focal
Bug #669: LINUX installed netmap auto detection
Feature #626 - Support for Q-in-Q VLAN tags
Bug #677 skipbroadcast
Bug #689: add security policy document
Directories of pcaps as arguments
PR #682
Bug #679 fix PPS calc for long-running sessions
Bug #668 Improve SDK selection
Bug #696 fix directory include feature
Bug #695 mac os tests fail
Bug #674 - Revert "send_packet: Avoid clock drift by using time since first packet"
Feature #563 mac update on multicast
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
* log: removal of letter 'C'/'R' from msgId in RFC5424 format [#3303]
* log: Stop all threads while releasing the log agent object [#3302]
* amf: Correct HC period to make it effect immediately[#3298]
* log: Correct condition to shutdown the log agent [#3301]
* log: Increase timeout in logtest [#3291]
* log: Shutdown log agent when not in use [#3291]
* log: Introduce the initial clm node status [#3291]
* amf: Correct the version of csi attribute message [#3296]
* ntf: correct the behavior of periodic check log pending [#3297]
* mds: Resolve active MxN VDEST conflict in split brain [#3281]
* smf: correct merge bundle rolling to single step [#3290]
* ntf: get attribute value from local when value not existed [#3289]
* immd: fix cannot find candidate for new immnd coordinator [#3284]
* smf: make more robustness in BISU upgrade [#3286]
* amfd: Tightens sync window condition to proceed headless restoration [#3271]
* osaf: fixed redefinition of typedef 'SaConstStringT' [#3287]
* amf: update runtime attributes of node to IMM in sync [#3285]
* amfd: Correct checking CSICOMP while deleting CSI [#3282]
* base: using mutex for test case sysf_ipc_test instead of atomic [#3283]
* build: adaptive python version for rpm build [#3270]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fping is under a non-standard license: it's almost BSD-3-Clause but is
phrased differently. As interpretation of the licenses isn't something
we want to do, we can use the exact license text instead of referring to
the 3-clause BSD text.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Update SRC_URI to official download page
* Drop patches which had been fixed upstream.
* Add UPSTREAM_CHECK_REGEX
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Skip aclocal in do_configure
* Inherit pkgconfig then we can drop
0001-aclocal.m4-Skip-checking-for-pcap-config.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
* initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6".
* core: better handle sd-resolved errors when resolving hostnames.
* nmcli: fix import WireGuard profile with DNS domain and address
family disabled.
* ndisc: send router solicitations before expiry.
* policy: send earlier the ip configs to the DNS manager.
* core: support linking with LLD 13.
* wireguard: importing wg-quick configuration files with nmcli
no longer sets a negative, exclusive "dns-priority". This plays
better with common split DNS setups that use systemd-resolved.
Adjust the "dns-priority" to your liking after import yourself.
* NetworkManager no longer listens for netlink events for traffic
control objects (qdiscs and filters).
* core: add internal nm-priv-helper service for separating privileges
and have a way to drop capabilities from NetworkManager daemon.
* bond: add support for setting queue-id of bond port.
* dns: support configuring DNS over TLS (DoT) with systemd-resolved.
* nmtui: add support for WireGuard profiles.
* nmcli: add aliases `nmcli device up|down` beside connect|disconnect.
* conscious language: Deprecate 'Device.Slaves' D-Bus property in favor of new
'Device.Ports' property. Depracate 'nm_device_*_get_slaves()' in favor of
'nm_device_get_ports()' in libnm.
* nmcli: invoking nmcli command without arguments will now show 'default'
instead of null address in route4 or route6 section.
The following changes were backported to 1.32.x releases between 1.32.0
and 1.32.12 are also present in NetworkManager-1.34:
- 1.32.12:
* Fix wrong order of addresses when restarting NetworkManager.
* Preserve the IPv6 ff00::/8 route added by kernel in the local table,
necessary for multicast communication.
* Fix emitting the signal for changed metered status of devices.
* Fix applying the ethtool autonegotiation and speed settings.
* initrd: fix crash parsing plain '=' without key.
* cloud-setup: use suppress_prefixlength rule to honor
non-default-routes in the main table.
- 1.32.10:
* core: fix the order of IPv6 addresses changing on service restart.
* initrd: add command line option to configure link autonegotiation
and speed.
* ifcfg-rh: fix crash when parsing invalid DNS address.
* ifcfg-rh: extend ifup/ifdown scripts to work with connection profile
names.
* udev: also react to "move" (and "change") udev actions in our rules.
- 1.32.8:
* firewalld: configure zones on "Reloaded" signal.
* core: fix wrong MTU for bridge interfaces.
* cloud-setup: fix gateway address for Aliyun cloud.
- 1.32.6:
* core: fix adding stale local routes when address changes.
* initrd: tag generated profiles with origin in user data.
* core: introduce "allowed-connections" option to disallow
profiles on a device. This allows to filter out profiles
that originate from initrd.
* core: introduce "keep-configuration" device option to forcefully
activate a profile on start.
* dhcp: handle filename/bootfile_name DHCP option and write it to
device state file for initrd/kickstart.
* initrd: add "ib.pkey=" command line option
- 1.32.4:
* core: remove stale entries from "seen-bssids" and "timestamp"
files in "/var/lib/NetworkManager".
* bond: support the peer_notif_delay option.
* core: add ipv[46].required-timeout option to wait for IP
configuration while activating.
* core: send ARP announcements when there is carrier.
* core: start DHCPv6 when a prefix delegation is needed for shared
mode.
* firewall: fix nftables backend to create "ip" table for
IPv4 only.
* initrd: set required-timeout of 20 seconds for default IPv4 configuration
to opportunistically wait for IPv4.
* ifcfg: log warning about invalid keys in ifcfg files.
* ifcfg: reject non-UTF-8 from ifcfg files.
* nmcli: show DNS SEARCH field in device information.
* cloud-setup: add support for Aliyun cloud.
- 1.32.2:
* hostname: prefer IPv4 addresses for reverse DNS lookup.
* dhcp: ignore unauthenticated FORCERENEW messages with
internal, systemd-based DHCPv4 plugin (CVE-2020-13529).
This plugin is not used, unless the undocumented dhcp=systemd
option was set.
* cloud-setup: preserve IP addresses, routes and rules from
currently active connection profile.
* Various bugfixes and performance improvements.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch
removed since it is included in 0.95.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
musl highlights this problem
Fixes
| ../../tnftp-20210827/libedit/chartype.h:47:3: error: wchar_t must store ISO 10646 characters
| #error wchar_t must store ISO 10646 characters | ^
| 1 error generated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Yi Zhao <yi.zhao@windriver.com>
* License-Update: Update copyright years
* Drop tnftp-autotools.patch as the issue had been fixed upstream
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Update SRC_URI to official git repo per [1]
* Refresh patches
* Backport a patch to fix build error with musl
[1] https://wiki.linuxfoundation.org/networking/bridge
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch
as the clang build issue had been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Scapy moved from pycrypto to cryptography in 2.4.0 (commit c24298b).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
refresh 0001-use-pkg-config-for-gcrypt-instead.patch
License-Update:
Url changed
from "https://www.gnu.org/philosophy/why-not-lgpl.html"
to "https://www.gnu.org/licenses/why-not-lgpl.html"
Changelog:
=========
New features
----------------
core: add support of static arrays in hdata
core: add command /toggle
api: add parameters pointers, extra_vars and options in function hdata_search
api: add user variables in evaluation of expressions with "define:name,value"
api: add IRC message parameters "param1" to "paramN" and "num_params" in output of irc_message_parse
irc: allow quotes around IRC message in command /server fakerecv
trigger: hide key and password in command "/msg nickserv setpass nick key password"
trigger: add support of option "-server" when hiding passwords in command /msg nickserv register
Bug fixes
---------------
core: fix memory leak in evaluated expression "split:number,seps,flags,xxx" when multiple "strip_items" are given
core: fix random integer number with large range in evaluation of expressions on GNU/Hurd
core: fix access to integer/long/time arrays in hdata
api: fix search of option when the section is not given in functions config_search_option and config_search_section_option
irc: fix join of channels with long name (issue #1717)
irc: fix parsing of parameters in all IRC messages (issue #1666)
irc: fix parsing of CAP message when there is no prefix (issue #1707)
irc: fix parsing of TAGMSG message when there is a colon before the channel
Documentation
---------------
doc: remove tester's guide
doc: add dark theme (automatic, following browser/desktop settings)
doc: make build reproducible
doc: disable web fonts
doc: switch from prettify to pygments for syntax highlighting
Tests
--------------
core: add build with CMake and Ninja in CI
core: add build on macOS 11 in CI
Build
------------
ruby: add detection of Ruby 3.0 (issue #1721, issue #1605)
core: add targets "changelog" and "rn" to build HTML version of ChangeLog and release notes (CMake build only)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2.2.3:
Bugs fixed
Recent connections disabled after suspend and resume
Service authorization notifications did not respond
Passkeys did not get displayed
2.2.2:
Bugs fixed
Issues with power level bars
Error message in blueman-mechanism
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
drop openssl and gmp from DEPENDS, covered in PACKAGECONFIG
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Not everyone wants this to be installed by default. Enable to remove
cureve25519 is someone wants to.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
There have been a few regressions in the security release 4.14.10:
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
PLEASE [RE-]READ!
The instructions have been updated and some workarounds
initially adviced for 4.14.10 are no longer required and
should be reverted in most cases.
o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable. While this release should fix this bug, it is
adviced to have a look at the bug report for more detailed
information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
Changes since 4.14.10
---------------------
* BUG 14878: Recursive directory delete with veto files is broken.
* BUG 14879: A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory.
* BUG 14656: Spaces incorrectly collapsed in ldb attributes.
* BUG 14694: Ensure that the LDB request has not timed out during filter
processing as the LDAP server MaxQueryDuration is otherwise not honoured.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-
deletable.
* BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk
* BUG 14922: Kerberos authentication on standalone server in MIT realm
broken.
* BUG 14923: Segmentation fault when joining the domain.
* BUG 14903: Support for ROLE_IPA_DC is incomplete.
* BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
smbd_smb2_ioctl_send.
* BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14694: Ensure that the LDB request has not timed out during filter
processing as the LDAP server MaxQueryDuration is otherwise not honoured.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
Fix error in example firewall.sh script
configure: remove useless -Wno-* from default CFLAGS
Add argv_insert_head__empty_argv__head_only to argv tests
Move deprecation of SWEET32/64bit block size ciphers to 2.7
Include --push-remove in the output of --help.
Move '--push-peer-info' documentation from 'server' to 'client options'
add test case(s) to notice 'openvpn --show-cipher' crashing
BUILD: enable CFG and Spectre mitigation for MSVC
Fix loading PKCS12 files on Windows
msvc: fix product version display
msvc: add missing header to project file
config-msvc.h: fix OpenSSL-related defines
contrib/vcpkg-ports: remove openssl port
GitHub Actions: use latest working lukka/run-vcpkg
Use network address for emulated DHCP server as a default
Load OpenSSL config on Windows from trusted location
ring_buffer.h: fix GCC warning about unused function
ssh_openssl.h: remove unused declaration
vcpkg/pkcs11-helper: compatibility with latest vcpkg
config-msvc.h: indicate key material export support
Don't use BF-CBC in unit tests if we don't have it
Define have_blowfish variable in ncp unit tests
doc link-options.rst: Use free open-source dynamic-DNS provider URL
Fix some more wrong defines in config-msvc.h
Ensure the current common_name is in the environment for scripts
Require EC key support in Windows builds
resolvconf fails with -p
Update IRC information in CONTRIBUTING.rst
doc/man (vpn-network-options): fix foreign_option_{n} typo
README.down-root: Fix plugin module name
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
refresh arm_eabi.patch
Changelog:
==========
Enhancements
-Add support for NTPv4 extension field improving synchronisation stability and
resolution of root delay and dispersion (experimental)
-Add support for NTP over PTP (experimental)
-Add support for AES-CMAC and hash functions in GnuTLS
-Improve server interleaved mode to be more reliable and support multiple clients behind NAT
-Update seccomp filter
-Add statistics about interleaved mode to serverstats report
Bug fixes
-Fix RTC support with 64-bit time_t on 32-bit Linux
-Fix seccomp filter to work correctly with bind*device directives
-Suppress kernel adjustments of system clock (dosynctodr) on illumos
Other changes
-Switch Solaris support to illumos
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
mctpd ships with an example dbus service configuration, so install in
the dbus system configuration dir.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We have a tag for 1.0, now: better handling of local stack configuration
at runtime, and the 5.15 kernel header change has been integrated.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
dhcp-relay needs a fresh tarball of bind unpacked in ${S}, but this is
done by fetching the tarball to ${WORKDIR}, then in do_configure moving
it to ${S} and unpacking it.
If dhcp-relay is re-configured, the tarball no longer exists in ${WORKDIR}
so this fails. Copy instead of moving so rebuilds work.
Also don't rename the downloaded file to just bind.tar.gz as that can
cause probems if the version changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
changelog:
=========
* src/snort.c :
Fixed an issue where verdict will be applied onto next session when timeout
occurs in some scenarios.
* rc/file-process/file_service.c :
Removed an excessively flooding log.
* src/dynamic-preprocessors/modbus/modbus_decode.c :
Fixed possible integer overflow.
* src/fpcreate.c :
Added fix to GCC compiled snort to use AC-BNFA-Q search-method when Intel-cpm
is enabled.
* src/generators.h
src/preprocessors/Stream6/snort_stream_tcp.c :
Added fix to not to drop packets when window size is 0 by TCP normalizer
and Added new alert with GID 129 and SID 21 when such packets are seen.
* src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c
src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c :
Added support for Appid to detect login success and failure for IMAP and POP3
protocols.
* src/dynamic-preprocessors/reputation/reputation_config.c
src/dynamic-preprocessors/reputation/spp_reputation.c
src/dynamic-preprocessors/reputation/spp_reputation.h
src/pkt_tracer.c
src/snort.c
src/util.c :
Fixed terminology to be bias-free in log/error messages.
* src/snort.c :
Fixed a potential race condition.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commit hash is pointing out to the tag v4.0, not 2.1.0.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This dependency is already handled through a PACKAGECONFIG so there is
no need for it in DEPENDS anymore.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also fix patch contributor name in the process of reworking it to apply
on the new 1.2.1 release (I had accidentally modified it when reworking
it previously).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: year updated to 2021.
Changelog
==========
This version fixes some really old issues, the most significant one being
excessive memory use for large memory listings.
When virtual quotas were used, transfers were not aborted after the limit was
reached; files were only removed at the end of a transfer. That should now be fixed.
Support for MD5, SHA1 and the MySQL PASSWORD() function were removed for
password hashing. You should now use scrypt, argon2 or the system crypt(3) function.
The server used to reject class E reserved network ranges. People reported that
Linux containers may use them, so this is now accepted.
Finally, it is now possible to recursively include additional files in a
configuration file, with the new Include directive.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Replace the configure tests UNKNOWN answers with the correct answers.
Then drop the related patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib -name \*cpython\*
/usr/lib/pkgconfig/samba-policy.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so
/usr/lib/samba/libsamba-python.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/samba/libsamba-net.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so
[snip]
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/
/usr/lib/pkgconfig/samba-policy.pc
/usr/lib/libsamba-policy.so
/usr/lib/samba/libsamba-python-samba4.so
/usr/lib/samba/libsamba-net-samba4.so
/usr/lib/libsamba-policy.so.0
/usr/lib/libsamba-policy.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.so
/usr/lib/python3.10/site-packages/samba/dsdb.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.so
/usr/lib/python3.10/site-packages/samba/_ldb.so
/usr/lib/python3.10/site-packages/samba/gensec.so
[snip]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/ -name \*ldb\*
/usr/lib/pkgconfig/pyldb-util.cpython-310-x86_64-linux-gnu.pc
/usr/lib/pkgconfig/ldb.pc
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so.2.3.2
/usr/lib/libldb.so.2.3.2
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so.2
/usr/lib/libldb.so
/usr/lib/libldb.so.2
/usr/lib/python3.10/site-packages/_ldb_text.py
/usr/lib/python3.10/site-packages/ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/libpyldb-util.cpython-310-x86-64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/ -name \*ldb\*
/usr/lib/pkgconfig/pyldb-util.pc
/usr/lib/pkgconfig/ldb.pc
/usr/lib/libpyldb-util.so.2.3.2
/usr/lib/libldb.so.2.3.2
/usr/lib/libpyldb-util.so.2
/usr/lib/libldb.so
/usr/lib/libldb.so.2
/usr/lib/python3.10/site-packages/_ldb_text.py
/usr/lib/python3.10/site-packages/ldb.so
/usr/lib/libpyldb-util.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/python3.10/ -name \*tevent\*.so
/usr/lib/python3.10/site-packages/_tevent.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/_tevent.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/python3.10/ -name \*tevent\*.so
/usr/lib/python3.10/site-packages/_tevent.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib/python3.10/ -name tdb\*
/usr/lib/python3.10/site-packages/tdb.so
/usr/lib/python3.10/site-packages/tdb.cpython-310-x86_64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/python3.10/ -name tdb\*
/usr/lib/python3.10/site-packages/tdb.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib -name \*talloc\*
/usr/lib/pkgconfig/talloc.pc
/usr/lib/pkgconfig/pytalloc-util.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so.2.3.3
/usr/lib/libtalloc.so.2
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so.2
/usr/lib/libpytalloc-util.cpython-310-x86-64-linux-gnu.so
/usr/lib/libtalloc.so
/usr/lib/libtalloc.so.2.3.3
/usr/lib/python3.10/site-packages/talloc.cpython-310-x86_64-linux-gnu.so
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib -name \*talloc\*
/usr/lib/pkgconfig/talloc.pc
/usr/lib/pkgconfig/pytalloc-util.pc
/usr/lib/libpytalloc-util.so.2.3.3
/usr/lib/libtalloc.so.2
/usr/lib/libpytalloc-util.so.2
/usr/lib/libpytalloc-util.so
/usr/lib/libtalloc.so
/usr/lib/libtalloc.so.2.3.3
/usr/lib/python3.10/site-packages/talloc.so
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes:
Automatically extract new version from GIT tag
Fixes:
Avoid trying to delete inactive VIFs. Fixing an annoying bogus error:
"Failed deleting VIF for iface lo: Resource temporarily unavailable"
Fix#171: too small string buffer for IPv6 address causing garbled
output in periodic expiry callback
Fix too small buffer for IPv6 address in mroute display functions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change makes the server use AES-256-GCM instead of BF-CBC as the default
cipher for the VPN tunnel. To avoid breaking existing running configurations
defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains
the BF-CBC in addition to AES-CBC. This makes it possible to migrate
existing older client configurations one-by-one to use at least AES-CBC unless
the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically)
Upstream-Status: Backport [https://src.fedoraproject.org/rpms/openvpn/blob/rawhide/f/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Strongswan failed to startup because there is no kernel module named
ipsec. Add basic kernel modules required by strongswan per [1].
[1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules,
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fetchmail-6.4.23 (released 2021-10-31, 30206 LoC):
For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
- no matter its contents - and that set auth ssh), change the STARTTLS
error message to suggest sslproto '' instead.
This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
Fixes Redhat Bugzilla 2008160. Fixes GitLab #39.
License-Update:
Add "SSL library considerations" to COPYING.
Format of COPYING changed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It seems to require asciidoctor and currently does not build
until someone fixes it, disable it for cosnsitency.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NTPsec, "a secure, hardened, and improved implementation of Network Time
Protocol derived from NTP Classic, Dave Mills’s original."
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rename /etc/init.d/opensafd to /usr/lib/opensaf/opensafd-init as it is
needed by opensafd.service, but /etc/init.d is removed by
systemd.bbclass if sysvinit is not in DISTRO_FEATURES.
Note that this will not actually make the initscript and service file
work since they depend on /lib/lsb/init-functions, which does not exist
since the lsb recipe was removed from OE-Core.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.
/var/log/cluster will be created in runtime.
This also drops the removal of the /var/run directory as it is no
longer created in the first place.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These features were removed in commit 5c051f84 (corosync: Update to
3.0.3), but some code still remained.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The hardcoded path /lib/netplan causes a runtime error on multilib
image:
$ netplan try
An error occurred: [Errno 2] No such file or directory: '/lib/netplan/generate'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
atftp-0.7.5
===========
README: update contributors list
text files: mark/convert all textfiles to UTF-8
fix some compiler warnings
fix buffer overflow in atftpd (CVE-2021-41054)
insert typos.patch
insert atftp-0.7-ack_heuristic.patch
insert atftp-0.7-server_receive_race.patch
insert patch atftp-0.7-sorcerers_apprentice.patch
test.sh: check for root no longer necessary
Merge commits from https://github.com/srett/atftp
=================================================
tftpd.c: Only drop privs if requested or running as root + check for failure
fix invalid read of 1 byte in tftp_send_request.
Check return value of fseek(), abort if != 0
options.c: Proper fix for the read-past-end-of-array
configure.ac: Add -std=gnu89 if gcc/clang is detected
tftpd.c: Fix memleak if thread spawning fails
atftp: Check return value of fgets, buffer might be uninitialized on NULL
Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H)
replace LICENSE with current version
License-Update:
1. Address changed
2. "the GNU Library General Public License" changed to
"the GNU Lesser General Public License"
3. Format of LICENSE changed
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change adds a recipe for the Management Component Transport
Protocol userspace utilities. This contains:
- the command-line 'mctp' tool, similar to 'ip', for setting up links,
assigning local address and configuring routing.
- an optional 'mctpd' daemon, which implements the MCTP control
protocol, and manages remote address assignment.
The latter depends on systemd (for sdbus), so use a
PACKAGECONFIG[systemd] for the conditional service installation.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
autofs-5.1.8 changelog:
- add xdr_exports().
- remove mount.x and rpcgen dependencies.
- dont use realloc in host exports list processing.
- use sprintf() when constructing hosts mapent.
- fix mnts_remove_amdmount() uses wrong list.
- Fix option for master read wait.
- eliminate cache_lookup_offset() usage.
- fix is mounted check on non existent path.
- simplify cache_get_parent().
- set offset parent in update_offset_entry().
- remove redundant variables from mount_autofs_offset().
- remove unused parameter form do_mount_autofs_offset().
- refactor umount_multi_triggers().
- eliminate clean_stale_multi_triggers().
- simplify mount_subtree() mount check.
- fix mnts_get_expire_list() expire list construction.
- fix inconsistent locking in umount_subtree_mounts().
- fix return from umount_subtree_mounts() on offset list delete.
- pass mapent_cache to update_offset_entry().
- fix inconsistent locking in parse_mount().
- remove unused mount offset list lock functions.
- eliminate count_mounts() from expire_proc_indirect().
- eliminate some strlen calls in offset handling.
- don't add offset mounts to mounted mounts table.
- reduce umount EBUSY check delay.
- cleanup cache_delete() a little.
- rename path to m_offset in update_offset_entry().
- don't pass root to do_mount_autofs_offset().
- rename tree implementation functions.
- add some multi-mount macros.
- remove unused functions cache_dump_multi() and cache_dump_cache().
- add a len field to struct autofs_point.
- make tree implementation data independent.
- add mapent tree implementation.
- add tree_mapent_add_node().
- add tree_mapent_delete_offsets().
- add tree_mapent_traverse_subtree().
- fix mount_fullpath().
- add tree_mapent_cleanup_offsets().
- add set_offset_tree_catatonic().
- add mount and umount offsets functions.
- switch to use tree implementation for offsets.
- remove obsolete functions.
- remove redundant local var from sun_mount().
- use mount_fullpath() in one spot in parse_mount().
- pass root length to mount_fullpath().
- remove unused function master_submount_list_empty().
- move amd mounts removal into lib/mounts.c.
- check for offset with no mount location.
- remove mounts_mutex.
- remove unused variable from get_exports().
- add missing free in handle_mounts().
- remove redundant if check.
- fix possible memory leak in master_parse().
- fix possible memory leak in mnts_add_amdmount().
- fix double unlock in parse_mount().
- add length check in umount_subtree_mounts().
- fix flags check in umount_multi().
- dont try umount after stat() ENOENT fail.
- remove redundant assignment in master_add_amd_mount_section_mounts().
- fix dead code in mnts_add_mount().
- fix arg not used in error print.
- fix missing lock release in mount_subtree().
- fix double free in parse_mapent().
- refactor lookup_prune_one_cache() a bit.
- cater for empty mounts list in mnts_get_expire_list().
- add ext_mount_hash_mutex lock helpers.
- fix amd section mounts map reload.
- fix dandling symlink creation if nis support is not available.
- dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT.
- fix lookup_prune_one_cache() refactoring change.
- fix amd hosts mount expire.
- fix offset entries order.
- use mapent tree root for tree_mapent_add_node().
- eliminate redundant cache lookup in tree_mapent_add_node().
- fix hosts map offset order.
- fix direct mount deadlock.
- add missing description of null map option.
- fix nonstrict offset mount fail handling.
- fix concat_options() error handling.
- eliminate some more alloca usage.
- use default stack size for threads.
- fix use of possibly NULL var in lookup_program.c:match_key().
- fix incorrect print format specifiers in get_pkt().
- add mapent path length check in handle_packet_expire_direct().
- add copy length check in umount_autofs_indirect().
- add some buffer length checks to master map parser.
- add buffer length check to rmdir_path().
- eliminate buffer usage from handle_mounts_cleanup().
- add buffer length checks to autofs mount_mount().
- make NFS version check flags consistent.
- refactor get_nfs_info().
- also require TCP_REQUESTED when setting NFS port.
0001-Do-not-hardcode-path-for-pkg.m4.patch refreshed.
autofs-5.1.7-use-default-stack-size-for-threads.patch
removed since it is included in 5.1.8.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also organize the recipe to to match OE style
Remove PYTHON_PN from DEPENDS, setuptools should be enough
Correct setting LIC_FILES_CHKSUM
Move setting git SHA to SRCREV
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Marco Cavallini <m.cavallini@koansoftware.com>
Cc: Martin Jansa <martin.jansa@gmail.com>
Add openssl PACKAGECONFIG back as the openssl 3.0 compatibility issue
has been fixed.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ifenslave (2.13) unstable; urgency=medium
* QA upload.
[ Guillem Jover ]
* Fix MAC address setting messed up by udev for bond interfaces.
(Closes: #949062)
* Use ifquery instead of example contrib script ifstate. (Closes: #991930)
* Fix ifquery redirections.
* Bump Standards-Version to 4.6.0 (no changed needed).
* Remove long supported Linux version requirements from Description.
[ Sami Haahtinen ]
* Use correct argument in setup_slave_device(). (Closes: #968368)
[ Oleander Reis ]
* Handle slave definitions of interfaces with no bond settings.
(Closes: #990428)
* Delete bond interfaces on ifdown -a. (Closes: #992102)
-- Guillem Jover <guillem@debian.org> Sun, 17 Oct 2021 06:02:55 +0200
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021.10.04 -- Version 2.5.4
Antonio Quartulli (3):
route.c: pass the right parameter to IN6_IS_ADDR_UNSPECIFIED
configure: search also for rst2{man, html}.py
networking: add networking API net_addr_ll_set() and use it on Linux
Arne Schwabe (1):
Move examples into openvpn-examples(5) man page
David Korczynski (1):
Fix argv leaks in add_route() and add_route_ipv6()
David Sommerseth (2):
doc: Use generic rules for man/html generation
man: Clarify IV_HWADDR
Gert Doering (1):
Add error reporting to get_console_input_win32().
Lev Stipakov (3):
Fix console prompts with redirected log
Add building man page on Windows
GitHub Actions: remove Ubuntu 16.04 environment
Max Fillinger (1):
Update Fox e-mail address in copyright notices
Selva Nair (1):
Minor doc correction: tls-crypt-v2 key generation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
v2.5.3 Changes
New tests to verify add/del of IPv4/IPv6 routes in kernel MFC
Fixes
Fix#166: build warning with gcc 10.2.1: "comparison is always true due to limited range of data type"
Fix build warning with --disable-mrdisc configure option
Fix#167: cannot remove routes added with smcroutectl add, only affects add/del at runtime with smcroutectl, not .conf reload
Fix#168: build problem on Debian/kFreeBSD, used wrong queue.h
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The main repo is sourced from git://git.openembedded.org not github.
Don't think oe-core.git exists.
Lets be constent across all sub layers.
Drop Revisions and Prioriiy from repo references as they are not used.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
configure.ac:1: error: possibly undefined macro: dnl
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
../firewalld-0.9.4/configure: line 3408: pkg.m4: command not found
../firewalld-0.9.4/configure: line 3422: syntax error near unexpected token `0.16'
../firewalld-0.9.4/configure: line 3422: ` PKG_PROG_PKG_CONFIG(0.16)'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These site files are only there for single recipe, move the data to
recipe and use SITEINFO_ENDIANNESS to choose right option and pass it
to configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
One file is BSD-1-Clause while another is BSD-4-Clause
Set and check accourdingly
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Features
Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support.
ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones.
Fix: Resolve interface names on control-interface too.
Merge #470 from edevil: Allow configuration of persistent TCP connections.
Fix#474: always_null and others inside view.
Add that log-servfail prints an IP address and more information about one of the last failures for that query.
Merge #478: Allow configuration of TCP timeout while waiting for response.
Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes.
zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone.
Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
Merge PR #491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https.
Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
version 2.86
Handle DHCPREBIND requests in the DHCPv6 server code.
Thanks to Aichun Li for spotting this omission, and the initial
patch.
Fix bug which caused dnsmasq to lose track of processes forked
to handle TCP DNS connections under heavy load. The code
checked that at least one free process table slot was
available before listening on TCP sockets, but didn't take
into account that more than one TCP connection could
arrive, so that check was not sufficient to ensure that
there would be slots for all new processes. It compounded
this error by silently failing to store the process when
it did run out of slots. Even when this bug is triggered,
all the right things happen, and answers are still returned.
Only under very exceptional circumstances, does the bug
manifest itself: see
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
Thanks to Tijs Van Buggenhout for finding the conditions under
which the bug manifests itself, and then working out
exactly what was going on.
Major rewrite of the DNS server and domain handling code.
This should be largely transparent, but it drastically
improves performance and reduces memory foot-print when
configuring large numbers domains of the form
local=/adserver.com/
or
local=/adserver.com/#
Lookup times now grow as log-to-base-2 of the number of domains,
rather than greater than linearly, as before.
The change makes multiple addresses associated with a domain work
address=/example.com/1.2.3.4
address=/example.com/5.6.7.8
It also handles multiple upstream servers for a domain better; using
the same try/retry algorithms as non domain-specific servers. This
also applies to DNSSEC-generated queries.
Finally, some of the oldest and gnarliest code in dnsmasq has had
a significant clean-up. It's far from perfect, but it _is_ better.
Revise resource handling for number of concurrent DNS queries. This
used to have a global limit, but that has a problem when using
different servers for different upstream domains. Queries which are
routed by domain to an upstream server which is not responding will
build up and trigger the limit, which breaks DNS service for
all other domains which could be handled by other servers. The
change is to make the limit per server-group, where a server group
is the set of servers configured for a particular domain. In the
common case, where only default servers are declared, there is
no effective change.
Improve efficiency of DNSSEC. The sharing point for DNSSEC RR data
used to be when it entered the cache, having been validated. After
that queries requiring the KEY or DS records would share the cached
values. There is a common case in dual-stack hosts that queries for
A and AAAA records for the same domain are made simultaneously.
If required keys were not in the cache, this would result in two
requests being sent upstream for the same key data (and all the
subsequent chain-of-trust queries.) Now we combine these requests
and elide the duplicates, resulting in fewer queries upstream
and better performance. To keep a better handle on what's
going on, the "extra" logging mode has been modified to associate
queries and answers for DNSSEC queries in the same way as ordinary
queries. The requesting address and port have been removed from
DNSSEC logging lines, since this is no longer strictly defined.
Connection track mark based DNS query filtering. Thanks to
Etan Kissling for implementing this It extends query filtering
support beyond what is currently possible
with the `--ipset` configuration option, by adding support for:
1) Specifying allowlists on a per-client basis, based on their
associated Linux connection track mark.
2) Dynamic configuration of allowlists via Ubus.
3) Reporting when a DNS query resolves or is rejected via Ubus.
4) DNS name patterns containing wildcards.
Disallowed queries are not forwarded; they are rejected
with a REFUSED error code.
Allow smaller than 64 prefix lengths in synth-domain, with caveats.
--synth-domain=1234:4567::/56,example.com is now valid.
Make domains generated by --synth-domain appear in replies
when in authoritative mode.
Ensure CAP_NET_ADMIN capability is available when
conntrack is configured. Thanks to Yick Xie for spotting
the lack of this.
When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which
files within that directory are read (alphabetical order
of filename). Thanks to Ed Wildgoose for the initial patch
and motivation for this.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
STABLE RELEASE 1.0.5:
- Add --no-solicit option to skip sending the discovery packet.
- Ignore multicast advertisements when discovery was sent as unicast
- Since its point release, no need to use +git${SRCPV} in PV it can be
absolute
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently, viewing the help text with snmpd -h results in snmpd being
started in the background.
$ snmpd -h
Usage: snmpd [OPTIONS] [LISTENING ADDRESSES]
[snip]
$ ps -ef | grep snmpd
root 1477 1 0 05:46 ? 00:00:00 snmpd -h
Backport a patch to fix this issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
From the changelog (https://marc.info/?l=netfilter&m=162939459210790&w=2):
- Catch-all set element support: This allows users to define the
special wildcard set element for anything else not defined in
the set
- Define variables from the command line through --define
- Allow to use stateful expressions in maps
- Add command to list the netfilter hooks pipeline for a given packet
family. If device is specified, then ingress path is also included
- Allow to combine jhash, symhash and numgen expressions with the
queue statement, to fan out packets to userspace queues via
nfnetlink_queue
- Expand variable containing set into multiple mappings
- Allow to combine verdict maps with interval concatenations
- Simplify syntax for NAT mappings. You can specify an IP range, or a
specific IP and port, or a combination of range of IP addresses and
ports
- Bugfixes
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
To drop root privileges on Linux-based systems, chrony requires a
standard user to switch to and the use of capabilities. Fix up the
privdrop packageconfig to account for this.
Signed-off-by: Easwar Hariharan <easwar.hariharan@microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
bmon is a monitoring and debugging tool to capture networking
related statistics and prepare them visually in a human friendly way
Signed-off-by: Patrick Areny <patrick.areny@notiloplus.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libconfuse a configuration file parser library written in C
Used by bmon network monitor.
Signed-off-by: Patrick Areny <patrick.areny@notiloplus.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 2 seccomp patches as seccomp sandbox policy tweaks in new version [1].
[1] https://security.appspot.com/vsftpd/Changelog.txt
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Handle-enum-element-override.patch
removed since it is included in 0.103
Add patch to fix bug for 32bit format string bug.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
===============================================
NetworkManager-1.32.8
Overview of changes since NetworkManager-1.32.6
===============================================
* firewalld: configure zones on "Reloaded" signal.
* core: fix wrong MTU for bridge interfaces.
* cloud-setup: fix gateway address for Aliyun cloud.
===============================================
NetworkManager-1.32.6
Overview of changes since NetworkManager-1.32.4
===============================================
* core: fix adding stale local routes when address changes.
* initrd: tag generated profiles with origin in user data.
* core: introduce "allowed-connections" option to disallow
profiles on a device. This allows to filter out profiles
that originate from initrd.
* core: introduce "keep-configuration" device option to forcefully
activate a profile on start.
* dhcp: handle filename/bootfile_name DHCP option and write it to
device state file for initrd/kickstart.
* initrd: add "ib.pkey=" command line option
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of
messages logged to buffered outputs, predominantly --logfile.
This also caused lines in the logfile to run into one another because
the fragment containing the '\n' line-end character was usually lost.
Reason is that on all modern systems (with <stdarg.h> header and vsnprintf()
interface), the length of log message fragments was added up twice, so
that these ended too deep into a freshly allocated buffer, after the '\0'
byte. Unbuffered outputs flushed the fragments right away, which masked the
bug.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add them to PACKAGECONFIG if enable selinux distro feature.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch is the result of running the latest convert-ovrrides.py
script.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: curlpp.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Adding -f*-prefix-map to LDFLAGS caused the following issue:
QA Issue: netsnmp-agent.pc failed sanity test (tmpdir)
Fix by filtering out -f*-prefix-map from *.pc files.
[YOCTO #14481]
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
v1.44.0 changelog:
lib: Port new ngtcp2 map implementation
doc: Replace master with main
build: Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS
build: Add more --with-* configure flags
build: Add LIBTOOL_LDFLAGS configure variable
third-party: Bump llhttp to 6.0.2
src: Replace black-list with block-list
nghttpx: Fix max distance in weight group/address cycle comparison
nghttpx: Set connect_blocker and live_check after shuffling addresses
nghttpx: Replace master with main
nghttpx: Remove trailing white space after $method log variable
(https://github.com/nghttp2/nghttp2/pull/1553)
h2load: Add --rps option
(https://github.com/nghttp2/nghttp2/pull/1559)
h2load: Allow unit in -D option
asio: fix some typos (Patch from Jan Kundrát)
(https://github.com/nghttp2/nghttp2/pull/1550)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
add note:
** NOTE! The following LGPL license applies to the talloc
** library. This does NOT imply that all of Samba is released
** under the LGPL
"GNU General Public License" changed to "GNU Lesser General Public License"
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin.
- Added AES_CCM and SHA-3 signature support to openssl plugin.
- The x509 and openssl plugins now consider the authorityKeyIdentifier, if
available, before verifying signatures, which avoids unnecessary signature
verifications after a CA key rollover if both certificates are loaded.
- The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which
previously depended on a version check.
- charon-nm now supports using SANs as client identities, not only full DNs.
- charon-tkm now handles IKE encryption.
- A MOBIKE update is sent again if a a change in the NAT mappings is detected
but the endpoints stay the same.
- Converted most of the test case scenarios to the vici interface
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bug fix only release.
$ git shortlog --grep "^fix" v0.9.3..v0.9.4
Eric Garver (10):
fix(dbus): conf: setting deprecated properties should be ignored
fix(dbus): properties: IPv4 and IPv6 should be true if using nftables
fix(fw): when checking tables make sure to check the actual backend
fix(ipset): nftables: use interval flag for "ip" types
fix(rpm): applet: don't replace config modified by admin
fix(rpm): logrotate: don't replace config modified by admin
fix(ipv6_filter): match fwmark
fix(direct): rule order with multiple address with -s/-d
fix(nm): reload: only consider NM connections with a real interface
fix(policy): warn instead of error for overlapping ports
Fabrizio D'Angelo (1):
fix(ipset): fix hash:net,net functionality
Robert Richmond (1):
fix(ipset): entry delete with timeout
Ye Shu (1):
fix(applet): Show a basic tooltip instead of HTML
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Did not find hints upstream but musl build turned painless!
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Manually refresh 0002-fix-fail-to-enable-bluetooth.patch - it did not apply
2.2.1
Bugs fixed
Hard dependency of DBusService on NetworkManager
2.2
New features
Disconnect items in applet menu (plugin)
Desktop notifications on connect / disconnect (plugin)
Notifications with battery level for connecting devices (applet plugin)
Stop discovery and retry connection for broken adapter drivers
Auto-connect settings for supported services
Changes
Drop blueman-report
Drop blueman-assistant
Raise minimum Python version to 3.6
Raise GTK+ 3 version to 3.22
Raise minimum BlueZ version to 5.48
Allow opening device menus via keyboard (Shift+F10 or menu key)
Add Ctrl+Q and Ctrl+W accelerators for closing blueman-manager
Allow cancelling device connection attempts
Improved passkey handling (fixed padding, highlighting, single notifitication)
Hide devices with no name
Bugs fixed
Fix disconnecting NMDevice
Exceptions from asynchronous DBus calls (getting picked up by tools like Apport or ABRT)
DiscvManager plugin showed its icon unreliably
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add libparse-yapp-perl to RDEPENDS for pidl.
Fixes:
$ pidl
Can't locate Parse/Yapp/Driver.pm in @INC (you may need to install the Parse::Yapp::Driver module)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The shebang in pidl points to wrong location:
$ pidl
-sh: /usr/bin/pidl: /buildarea/build/tmp-glibc/hosttools/env: bad interpreter: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When using systemd, ntpdate-sync script will start in background
triggering the start of ntpd without actually exiting.
This results in an bind error in ntpd startup.
Add wait at the end of ntpdate script to ensure that when the ntpdate.service
is marked as finished the oneshot script ntpdate-sync finished and unbind the
ntp port
Fixes#386
Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.
Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We're not living in a perfect world so avoid build failures like:
ERROR: samba-4.14.5-r0 do_package_qa: QA Issue: samba-pidl contains perllocal.pod (/usr/lib/perl5/5.34.0/x86_64-linux/perllocal.pod), should not be installed [perllocalpod]
ERROR: samba-4.14.5-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Due to the sed commands in do_install_append() that removed
${STAGING_DIR_HOST} and it being empty when building for native, it was
impossible to add support for building this as native using a bbappend.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove the explicit dependency on libnl as the libnl PACKAGECONFIG
depends on it as necessary.
* Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF
directly.
* Sort the PACKAGECONFIGs.
* Some whitespace clean up.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Configure the recipe to use the module_install function from the module
source code and remove the overriden modules_install function from the
recipe.
Using the default modules_install (instead of the function defined in
the recipe file) the module is signed when DISTRO_FEATURE contains modsign.
Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: notice.html does not exist in this version, use NOTICE.md to
check.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes cif-utils recipe build when DISTRO_FEATURES includes 'usrmerge'
Add do_configure_prepend() to override ROOTSSBINDIR environment variable
so that the utilities are installed in /usr/sbin rather than /sbin.
Setting --exec-prefix or --prefix in EXTRA_OECONF does not work.
Update do_install_append() to NOT remove /usr/bin /usr/sbin if usrmerge
is set in DISTRO_FEATURES
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For distros that want to use the ENABLE_LIB_ONLY option, the rm call
will fail, because ENABLE_HPACK_TOOLS (set implicitly as part of
ENABLE_LIB_ONLY) removes those two binaries from the build, so they then
can't be removed again. This commit sets ENABLE_HPACK_TOOLS=OFF, which not
only allows for the option to be overridden in other meta layers, also
allows a simplified use of ENABLE_LIB_ONLY in meta layers that don't
want to ship the binaries.
Signed-off-by: Ed Tanous <ed@tanous.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes since 4.4.2 (Bug Fixes)
Corrected a buffer overwrite possible when parsing hexadecimal
literals with more than 1024 octets. Reported by Jon Franklin from Dell,
and also by Pawel Wieczorkiewicz from Amazon Web Services.
[Gitlab #182]
CVE: CVE-2021-25217
See: https://downloads.isc.org/isc/dhcp/4.4.2-P1/dhcp-4.4.2-P1-RELNOTES
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable backtrace in bundled bind to fix build error for qemuarm on
musl.
Fixes:
bind/bind-9.11.32/lib/isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update the bundled bind from 9.11.14 to 9.11.32.
Fixes build error on qemuarmv5:
stats.c: In function 'setcounter':
stats.c:300:36: error: 'val' undeclared (first use in this function); did you mean 'value'?
300 | stats->counters[counter] = val;
| ^~~
| value
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-dbus-Remove-unused-variabes.patch
0002-Makefile-Exclude-.h-files-from-target-rule.patch
Removed since these are included in 0.102.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
