>From [1]
* Increase cache buffers size to accomodate VLAN edits (#594)
* Correct L2 header length to correct IP header offset (#583)
* Fix warnings from gcc version 10 (#580)
* Heap Buffer Overflow in randomize_iparp (#579)
* Use after free in get_ipv6_next (#578)
* Heap Buffer Overflow in git_ipv6_next (#576)
* Call pcap_freecode() on pcap_compile() (#572)
* Increase max snaplen to 262144 (#571)
* Fix divide by zero in fuzzing (#570)
* Unique IP repeats at very high iteration counts (#566)
* Fails to compile on FreeBSD amd64 13.0 (#558)
* Heap Buffer Overflow in do_checksum (#556) (#577)
* Attempt to correct corrupt pcap files, if possible (#557)
* Fix GCC v10 warnings (#555)
* Remove some duplicated SOURCES entries (#551)
* Expand /dev/bpfX hard limit to fix macOS Mojave (#550)
* Implement --loopdelay-ms when using --loop=0 (#546)
* Heap overflow packet2tree and get_l2len (#530)
[1] https://github.com/appneta/tcpreplay/releases
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
https://samba.org seems to be gone, switch to https://www.samba.org
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The "ssl" PACKAGECONFIG setting contains WITH_EC_OFF instead of
WITH_EC=OFF, resulting in a build break when "ssl" is not set.
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As ??= assignment will be overwritten by += in any case,
one can't define a default of PACKAGECONFIG in this recipe.
Using _append instead mitigates chances of accidental overwriting
the default
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-0001-chdeck-for-gettid-API-during-configure.patch
Removed since this is included in 2.9.16
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refreshed patches for 5.8 due to the following:
ERROR: net-snmp-5.8-r0 do_patch: Command Error: 'quilt --quiltrc .../net-snmp/5.8-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output:
Applying patch 0001-Add-pkg-config-support-for-building-applications-and.patch
patching file configure
...
Hunk #1 succeeded at 32248 with fuzz 2 (offset 1826 lines).
Hunk #2 FAILED at 31447.
1 out of 2 hunks FAILED -- rejects in file configure
...
Patch 0001-Add-pkg-config-support-for-building-applications-and.patch does not apply (enforce with -f)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Full changelog:
Version 5.0 - 4/22/2020
Major security updates. The key exchange and key derivation algorithms
were modified and supported algorithms were pruned using TLS 1.3 as a
basis. This includes:
- HKDF used in multiple stages for key derivation from raw shared secrets.
- Included addtional context in key derivation and signatures to protect
against replay attacks and downgrade attacks.
- Reduced set of supported EC curves to those supported by TLS 1.3
- Removed RSA key exchange which does not provide perfect forward secrecy.
All key exchanges now use ECDH.
- Removed support for SHA-1 hashes in key exchanges.
- Supported symmetric ciphers are AES in AEAD mode (GCM or CCM).
- Increased supported RSA key sizes
Encrypted sessions are now enabled by default. It can be disabled by
specifying "none" for the key type in the server's -Y option.
Backward compatibility retained for version 4.x in clients and proxies.
When communicating with a 4.x server, only allow algorithms and key
exchange modes permitted in the new version.
Clients and proxies no longer need to use signature keys that match the
type and size used by the server. As a result, the -k and -K options to
the client now only accept a single key instead of multiple. The proxy
still supports multiple keys for 4.x compatibility, however only the first
key listed is used for any version 5.x session.
Proxies now send their keys in a separate message instead of injecting them
in the ANNOUNCE sent by the server. This allows clients to be fully
aware of proixes and allows them to authenticate servers and proxies
separately.
Format of client's server list modified to specify the proxy that a server
communicates through. Fingerprints listed in this file now always
specify the server as opposed to having the proxy's key in some cases.
Added -R option to client to specify a list of proxies along with their
public key fingerprints. The old use of -R to specify a version 4.x
response proxy has moved to -r.
Previously, using -S in the client or proxy to specify a server list would
automatically enable source specific multicast (SSM). The use of SSM is
now enabled separately via the -o option on both the client and proxy.
Fixed a bug that caused ECDSA signatures created on Linux with curve
secp521r1 from being verified successfully on Windows.
Fixed cleanup on clients and proxies to prevent occasional crashes on
shutdown under Windows.
Update timstamps in messages to use 64-bit microseconds since the epoch,
addressing Y2038 issues.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Make sure PNBLACKLIST assignments in recipe files use weak assignment,
so they can be overridden in, for example, local.conf files.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-dnsmasq/0001-dnsmasq-fix-build-against-5.2-headers.patch
-dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch
Removed since these are included in 2.81
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it needs to link with libsystemd when using systemd as init system
Fixes
Package libsystemd was not found in the pkg-config search path.
Perhaps you should add the directory containing `libsystemd.pc'
to the PKG_CONFIG_PATH environment variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a security release in order to address the following defects:
CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes building TCPDump without OpenSSL. Current version does not
recognize the option --without-openssl.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It is unnecessary, and libbsd uses the "BSD-4-Clause" license, which can
be problematic.
To make it deterministic, a patch is introduced to allow libbsd support
to be disabled. It resembles similar patches in, e.g., libldb,
libtalloc, libtdb and libtevent.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Release 4.4.0 of wolfSSL embedded TLS has bug fixes, new features
and fixes for security vulnerabilities.
See full changelog https://github.com/wolfSSL/wolfssl/releases/tag/v4.4.0-stablefixes
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are some shell scripts such as kea-admin,
upgrade_4.0_to_5.0.sh, wipe_data.sh and etc contain
build path.
Actually the build path is meanlingless on the target,
so replace abs_top_builddir to abs_top_builddir_placeholder
to avoid expanding abs_top_builddir which introduces
build path.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commit 89d86b96f8 which tries to fix
the installation issue for ostree introduces a recursive dependency
issue. When installing the postfix package on target via online
repository, the postinst function for postfix-cfg package needs
newaliases but this command is from postfix package which causes an
error:
Configuring postfix-cfg.
/var/lib/opkg/info/postfix-cfg.postinst: line 9: newaliases: not found
pkg_run_script: package "postfix-cfg" postinst script returned status 127.
Split a new package postfix-bin from postfix and make it as the runtime
dependency for postfix-cfg.
Set USERADD_PACKAGES to ${PN}-bin to avoid image do_rootfs warnings when
installing postfix via IMAGE_INSTALL:
[log_check] warning: group postdrop does not exist - using root
[log_check] warning: user postfix does not exist - using root
Set ALTERNATIVE to ${PN}-bin to make sure the newaliases symbolic link
is installed before installing postfix-cfg.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This gets it in sync with libhugetlbfs which according to the comment,
is supposed to be correct.
Signed-off-by: Drew Moseley <drew.moseley@northern.tech>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This includes:
Version 4.10.2
Fixed security issue where using sha384 or sha512 would set encryption keys
to all bytes 0
When using ECDH key exchange with closed group membership, an incorrect
signature would be applied to the ANNOUCE message, causing the session
to fail. Bug fixes.
Relaxed server side checks on the type of key supplied by a client when not
using public key signatures on all messages. This will assist in the
upgrade process to the upcoming version 5.0.
Fixed various small memory leaks
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Nbdkit uses plugins to add more sources of data for nbd client.
Nbdkit can also spawn nbd-client, uses unix or network socket to
communicate with client, uses different plugins to serve data for nbd
device eg. curl, file, custom plugins in many languages (perl, python)
and some others.
Fix build when printf is a macro instead of function
Use BSD-3-Clause for license
inherit bash-completion so these are packaged correctly
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License has been changed due to date time, no new stuff added.
delete source patch reproducibility-respect-source-date-epoch.patch
for new version source tree contains it.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for NVM-Express target user space configuration utility. It
contains a command line interface to the NVMe over Fabrics nvmet in
the Linux kernel. It allows configuring the nvmet interactively as well
as saving/restoring the configuration to/from a json file.
Signed-off-by: Jonathan Richardson <jonathan.richardson@broadcom.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As per discussed in a previous email under the subject "Regarding
poppler auto PACKAGECONFIG when qt5-layer exists", adding a layer
but not using it should not change PACKAGECONFIG automatically. It
may result unexpected error.
Signed-off-by: Matthew Zeng <matthew.zeng@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
