Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX.
Changes:
Dave Rodgman (12):
Header updates
Fix some non-standard headers
Update documentation
Add Changelog for license
Update license for p256-m
README improvements to 3rdparty section
assemble Changelog
Fix typos in changelog
Bump version
Update BRANCHES
Update Changelog with bugfix entry
Add docs re Everest license
David Horstmann (1):
Fix 3rdparty target names for custom config
License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The SUMMARY and DESCRIPTION are taken from Arch Linux wiki page:
https://wiki.archlinux.org/title/NetworkManager
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes:
| Dependency spice-server found: NO found UNKNOWN but need: '>=0.14.0'
| Run-time dependency spice-server found: NO
|
| ../qemu-8.1.2/meson.build:1038:10: ERROR: Dependency lookup for spice-server
with method 'pkgconfig' failed: Invalid version, need 'spice-server'
['>=0.14.0'] found 'UNKNOWN'.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Integrate the upstream unit file into the recipe.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Move the config files to a separate squid-conf package. This allows
shipping new configs via a custom conf package.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This
allows building squid without authentication support and all its related
dependencies.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This enables the networkmanager dispatcher to reload squid automatically
on network changes. This idea is from the Fedora package where they do
the same:
https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh patches and clean up ones that are no longer needed:
* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
cd3dc147bf8abc0225237ced865c6660fffcb63a
Fix squid-conf-tests to allow running on target device.
License change: Update year
The version update eliminates the following CVEs:
* CVE-2023-5824 (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-tools-make-quiet-actually-suppress-output.patch
CVE-2023-46752.patch
CVE-2023-46753.patch
CVE-2023-47234.patch
CVE-2023-47235.patch
removed since they're included in 9.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Otherwise install packages reported warning at do_rootfs
...log.do_rootfs...
Installing : freeradius-ldap-3.0.26-r0.corei7_64 1235/1236
warning: user radiusd does not exist - using root
warning: group radiusd does not exist - using root
Installing : freeradius-krb5-3.0.26-r0.corei7_64 1236/1236
warning: user radiusd does not exist - using root
...log.do_rootfs...
The user/group radiusd is added by package freeradius,
explicitly made the sub packages to runtime depends on freeradius
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Put sip_monitor, sip_reg and sip_storm in a separate libexosip2-tools
package as they won't be needed most of the time.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
They are enabled by default as libexosip2 works better with those.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fixed a vulnerability in charon-tkm related to processing DH public values
that can lead to a buffer overflow and potentially remote code execution.
- The new `pki --ocsp` command produces OCSP responses based on certificate
status information provided by plugins.
- The cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
- The --priv argument for charon-cmd allows using any type of private key.
- Support for nameConstraints of type iPAddress has been added (the openssl
plugin previously didn't support nameConstraints at all).
- SANs of type uniformResourceIdentifier can now be encoded in certificates.
- Password-less PKCS#12 and PKCS#8 files are supported.
- A new global option allows preventing peers from authenticating with trusted
end-entity certificates (i.e. local certificates).
- ECDSA public keys that encode curve parameters explicitly are now rejected by
all plugins that support ECDSA.
- charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can
also use the name in connection.interface-name.
- The resolve plugin tries to maintain the order of installed DNS servers.
- The kernel-libipsec plugin always installs routes even if no address is found
in the local traffic selectors.
- Increased the default receive buffer size for Netlink sockets to 8 MiB and
simplified its configuration.
- Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of
always generating a hash of the subjectPublicKey.
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors.
- Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT,
instead callbacks are always invoked even if only errors are signaled.
- Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when
handling invalid messages.
- Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs.
- Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if
CHILD_SA is not found during rekeying.
- The testing environment is now based on Debian 12 (bookworm), by default.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
-Fixed bug that caused crash when a CLIENT_KEY arrived out of order
-Fixed option handling on Windows when an argument is missing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
dco: fix crash when --multihome is used with --proto tcp
Mock openvpn_exece on win32 also for test_tls_crypt
Add warning for the --show-groups command that some groups are missing
Print peer temporary key details
Add warning if a p2p NCP client connects to a p2mp server
Remove openssl engine method for loading the key
Remove saving initial frame code
Double check that we do not use a freed buffer when freeing a session
Fix using to_link buffer after freed
GHA: do not trigger builds in openvpn-build anymore
GHA: new workflow to submit scan to Coverity Scan service
buffer: use memcpy in buf_catrunc
vcpkg-ports/pkcs11-helper: Backport MinGW series from master to release/2.6
CMake: backport CMake buildsystem from master to release/2.6
Remove all traces of the previous MSVC build system
doc: fix argument name in --route-delay documentation
dns option: remove support for exclude-domains
Warn user if INFO control command is too long
dco-win: get driver version
dco: warn if DATA_V1 packets are sent to userspace
Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant
Log OpenSSL errors on failure to set certificate
configure: disable engines if OPENSSL_NO_ENGINE is defined
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
* fix "Peer refused to agree to his IP address" message, again
* deprecate option --plugin
* better masking of password in logs
* break on reading 0 from ppp pty, for non-Linux systems
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Patches removed because fixed in the new version.
Changelog:
- Various fixes around the build process (esp. cmake support + string.h include fixes)
- Stronger cmake support, updated autotools and a few smaller fixes.
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
=========================
- Added "-DCIVETWEB_SSL_OPENSSL_API_3_0=ON" because of following error:
civetweb.c:1561:2: error: #error "Please define OPENSSL_API_#_# or USE_MBEDTLS"
You may also want to check out the available CMake options here:
d7ba35bbb6/CMakeLists.txt
=========================
Changelog:
d7ba35bbb6/RELEASE_NOTES.md
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Condition the creation of some files and their consequences to a
PACKAGECONFIG, which can be overridden outside the meta layer.
It removes the sub package wireguard-tools-wg-quick as PACKAGECONFIG is
supposed to work to configure a package only, and not deal with
sub packages.
Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
