Extract mdns-libnss-mdns from the main package so we can mark it as an
RPROVIDE for libnss-mdns (matching avahi-libnss-mdns) and then
RRECOMMEND this when building with glibc.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We want to select libdns_sd.so from either Avahi or mDNSResponder, make
the RPROVIDE match the one in Avahi.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In case "encryption-openssl" PACKAGECONFIG is enabled, do_package_qa fails:
ERROR: open62541-1.3.8-r0 do_package_qa: QA Issue: File /usr/lib/cmake/open62541/open62541Targets.cmake in package open62541-dev contains reference to TMPDIR [buildpaths]
Fix it by changing the value of RECIPE_SYSROOT to CMAKE_SYSROOT variable,
so the qa check passes, and other CMake projects should be still able to find the
CMake package provided by this recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Set the correct LICENSE value
2. Csocket is a submodule of the main znc project. Instead of
cloning it separately in a subfolder, just let the gitsm fetcher
to fetch the correct revisions, at the correct place.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recipes are much more readable with whitespace around the assignment operators.
Fix various assignments in meta-openembedded recipes to show this is definitely
the preferred formatting.
This fixes recipes with larger numbers of issues but there are just under 100
other references left to fix.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Building of net-snmp-native aborted due to
missing dependency with libpci-native.
Fixed by keeping the dependency on for
target recipe and removing it for native
CC: Yoann Congal <yoann.congal@smile.fr>
CC: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Christos Gavros <gavrosc@yahoo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. The do_install:append() deleted the TMPDIR from the cmake file,
however that left two absolute pathes in the file: /usr/lib/libssl.so
and /usr/lib/libcrypto.so. In case another project is trying to link
to civetweb-server with cmake, it fails with the following error:
ninja: error: '/usr/lib/libssl.so', needed by 'examples/prometheus/prometheus_example', missing and no known rule to make it
Instead of only deleting the TMPDIR, change it to ${CMAKE_SYSROOT} -
a variable set by cmake.bbclass. This allows other projects to find
the required interfacing libraries successfully.
2. When linking to civetweb-server from another project using cmake,
the cmake file verifies if the /usr/bin/civetweb binary exists. When using
the class-target package, this file is not included in the sysroot during
build-time, so this check fails with the following error:
CMake Error at ${RECIPE_SYSROOT}/usr/lib/cmake/civetweb/civetweb-targets.cmake:97 (message):
The imported target "civetweb::server" references the file
"${RECIPE_SYSROOT}/usr/bin/civetweb"
but this file does not exist. Possible reasons include:
To avoid this error, this check is deleted for class-target.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recent changes in to the autotools class in core means that it no longer
sets CONFIG_SITE for compile tasks. However, ntp decides to reconfigure
itself mid-build, so the CONFIG_SITE values are lost.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ACLOCALEXTRAPATH is no longer used, so pass the required -I via
EXTRA_AUTORECONF.
Also explicitly disable aclocal as the aclocal is hand-maintained.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- ACLOCALEXTRAPATH is gone in core with commit 878e1517d4890b31332a506ce903d57e1d7dff87
- Add patches to fix build with latest clang and gcc
- Drop disabling warnings as the fixes above take care of the problem
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Refuse clients if username or password is longer than USER_PASS_LEN
- Improve peer fingerprint documentation
- console_systemd: remove the timeout when using 'systemd-ask-password'
- Fix missing spaces in various messages
- GHA: Update macOS runners
- GHA: Simplify macOS builds
- Various typo fixes
- forward: Fix potential unaligned access in drop_if_recursive_routing
- send uname() release as IV_PLAT_VER= on non-windows versions
- preparing release 2.6.13
- Route: remove incorrect routes on exit
- Use a more robust way to get dco-win version
- Fix check_addr_clash argument order
- Add calls to nvlist_destroy to avoid leaks
- proxy.c: Clear sensitive data after use
- Protect cached username, password and token on client
- Fix more of uninitialized struct user_pass local vars
- Fix IPv6 in port-share journal
- Fix port-share journal doc
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Similarly to old openssl versions, proftpd has patch releases with
characters instead of numbers.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Patch releases have character after version
devtool upgrade would currently downgrade 1.3.8b -> 1.3.8
This will make it upgrade 1.3.8b -> 1.3.8c
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
- Support of both Apple Silicon and Intel for macOS package.
- Add cvlan/svlan/tpmr capabilities.
- Disable LLDP in firmware for Intel X7xx cards on FreeBSD.
- Add lldpctl_watch_sync_unblock to liblldpctl.
- Add C++ wrapper for lldpctl.
- Fix AppArmor policy for /run/lldpd/lldpd.socket.lock.
- Do not query stats for a down interface on Linux.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
Enhancements
------------
* Add ntsaeads directive to enable only selected AEAD algorithms for NTS
* Add activate option to local directive to set activation threshold
* Add ipv4 and ipv6 options to server/pool/peer directive
* Add kod option to ratelimit directive for server KoD RATE support
* Add leapseclist directive to read NIST/IERS leap-seconds.list file
* Add ptpdomain directive to set PTP domain for NTP over PTP
* Allow disabling pidfile
* Improve copy server option to accept unsynchronised status instantly
* Log one selection failure on start
* Add offset command to modify source offset correction
* Add timestamp sources to ntpdata report
Workarounds
-----------
* Negotiate use of compliant NTS keys with AES-128-GCM-SIV AEAD algorithm
(by default the keys are generated differently than in RFC 8915 for
compatibility with chrony server and client versions 4.4, 4.5, and 4.6)
* Switch to compliant NTS keys if first response from server is NTS NAK
Bug fixes
---------
* Fix crash on sources reload during initstepslew or RTC initialisation
* Fix source refreshment to not repeat failed name resolving attempts
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change the SRC_URI to the correct value due to the following error:
WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Solves CVE-2024-46613
Update dependencies:
- remove openssl and icu
- add cjson and gettext-native
Remove patch to find gcrypt which is no longer needed.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Per [1] this is fixed by [2].
The commit message says that it is reverting feature added in:
$ git tag --no-contains d7a0084 | grep 1.0.18
1.0.18
This recipe is for the original memcached which is unmaintained now.
Hence the ignore instead of upgrade.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-27478
[2] https://github.com/awesomized/libmemcached/commit/48dcc61a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
After removing old libmemcached recipe version, these is no reasons
anymore to have this split.
The memcached resurrected project uses cmake and different urls.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Solves CVE-2023-46852 and CVE-2023-46853.
Upgrade done via "devtool upgrade".
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Download URL is not listable so devtool upgrade fails.
Using homepage works as it contains link to latest release,
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NVD tracks this as version-less CVE for spice.
It was fixed by [1] and [2] included in 0.13.2.
[1] 6b32af3e17
[2] 359ac42a7a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.74
* Bugfixes
- Fixed a stapling cache deallocation crash.
- Fixed "redirect" with protocol negotiation.
* Features
- "protocolHost" support for "socks" protocol clients.
- More detailed logs in OpenSSL 3.0 or later.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add exact CPE name (from NVD database) in CVE_PRODUCT in order to ensure
CVE filtering and not be disturb by futur potential false-positive CVEs.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."
Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.
[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* since elfutils upgrade to 0.192 in:
https://git.openembedded.org/openembedded-core/commit/?id=1d6ac3c811798732e6addc798656bbe104661d77
json-c is detected in RSS and ov-rest plugin gets enabled, but fails to build:
../../../openhpi-3.8.0/plugins/ov_rest/ov_rest_event.c:78:10: fatal error: amqp_ssl_socket.h: No such file or directory
78 | #include <amqp_ssl_socket.h>
| ^~~~~~~~~~~~~~~~~~~
compilation terminated.
../../../openhpi-3.8.0/plugins/ov_rest/ov_rest_re_discover.c:707:23: error: initialization of 'SaErrorT' {aka 'int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
707 | SaErrorT rv = NULL;
| ^~~~
* keep it explicitly disabled as it was disabled before
* add rabbitmq-c dependency for the first issue, the 2nd issue could be
worked around by:
# openhpi-3.8.0/plugins/ov_rest/ov_rest_re_discover.c:707:23: error: initialization of 'SaErrorT' {aka 'int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
CFLAGS += "-Wno-error=int-conversion"
or better fixed properly by someone actually using this recipe
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Mistakenly removed musl-fixes.patch in previous commit.
update & Include 0001-Musl-build-fix.patch based on latest upstream of ot-br-posix
Remove CXXFLAGS:append:libc-musl:toolchain-clang = " -Wno-error=sign-compare
-Wno-error=unused-but-set-variable", as issue is not reproducible with
current SRCREV of ot-br-posix.
Signed-off-by: deepan.shivap <deepan.shivap@lge.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Conditionnal inherit may be missed when PACKAGECONFIG qt5 is activated
after this inherit, eg in .bbappend. see patch [0]
[0]: https://lists.openembedded.org/g/bitbake-devel/message/16815
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recently, the official nbdkit repo has been changed:
from https://github.com/libguestfs/nbdkit
into https://gitlab.com/nbdkit/nbdkit
Additionally, the newest stable tag version is v1.40.4.
The patch used with version 1.33.11 is also copied
and modified to support the latest changes.
The version 1.33.11 is not removed for reference purposes.
It was tested with one of openbmc images.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
All test cases PASS.
Add openvpn to PTESTS_SLOW because test duration longer than 30s Below is parts of the run log:
[==========] xkey provider tests: Running 3 test(s).
[ RUN ] xkey_provider_test_fetch
[ OK ] xkey_provider_test_fetch
[ RUN ] xkey_provider_test_mgmt_sign_cb
[ OK ] xkey_provider_test_mgmt_sign_cb
[ RUN ] xkey_provider_test_generic_sign_cb
[ OK ] xkey_provider_test_generic_sign_cb
[==========] xkey provider tests: 3 test(s) run.
[ PASSED ] 3 test(s).
PASS: provider_testdriver
The files t_client.sh.in and t_cltsrv.sh were not added because they
require specific environment configuration files. It is recommended that
users configure these based on their environment before testing.
Since the recipe enables iproute2, the condition for t_net.sh based on
HAVE_SITNL is not met, so t_net.sh will not be included in the build.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use the new cython class to avoid duplicated fixup code to remove build
paths.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rewrite ebtables-legacy-save to avoid using bashisms.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
According to [1] the ESI implementation in squid feature is vulnerable
without any fix available.
NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).
This means CVE report would say Patched even if the vulnerability is
still present if someone adapts squid PACKAGECONFIG.
Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.
Based on this, remove vulnerable ESI PACKAGECONFIG already now.
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] 5eb89ef3d8
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: copyright year updated
Add patch to fix new build failure from release tarball.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- daq_netmap: Fix build on Linux with non-system headers
- example: support snap encapsulation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
buildhistory-diff shows few new files in testdata:
packages/core2-64-oe-linux/unbound/unbound-ptest: FILELIST: added "
/usr/lib/unbound/ptest/tests/testdata/rpz_val_block.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_ttl_reset.rpl
/usr/lib/unbound/ptest/tests/testdata/val_negcache_ttl_prefetch.rpl
/usr/lib/unbound/ptest/tests/testdata/val_negcache_ttl.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_max_global_quota.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_unverified_glue.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_val_bogus.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_unverified_glue_fallback.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_client_timeout_val_bogus.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl
/usr/lib/unbound/ptest/tests/testdata/dns64_prefetch_cache.rpl"
wasn't tested in runtime, I don't use it, I just wanted to get rid of
random build failure from world builds (happens at least since kirkstone
which has 1.15.0).
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change the SRC_URI to the correct value due to the following error:
WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Default branch is renamed from `master` to `main`. Commitshas are the
same.
Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The mdio-tools package RDEPENDS on `kernel-module-mdio-netlink` but
this package doesn't exists if the module is built into the kernel.
Use RRECOMMENDS instead as is usually done with kernel modules.
Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
includes the CFLAGS used to build the package in
the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the
absolute build path via (eg.) the -ffile-prefix-map flag.
Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ENABLE_STTD is a typo, correct option is ENABLE_ZSTD.
This patches the following CMake warning in do_configure:
Manually-specified variables were not used by the project: ENABLE_STTD
After, do_configure does not show the warning.
Github issue: https://github.com/openembedded/meta-openembedded/issues/845
Reported-by: Ludovic Jozeau <ludovic.jozeau@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Detect active network interface to use, instead of asking user, this needs
to run in automation
- Find the location of ppp_null.so with find instead of rpm, rpm is a distro choice
it can be assumed to be always there.
- Add missing runtime deps for ptests
- Kill openl2tpd started by run-ptest script before exiting, otherwise
ptest runner hangs forever.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nostrip.patch
refreshed for 1.0.52
License-Update: Copyright year updated to 2024
Changelog:
==========
- The QUIT command is now accepted during a transfer.
- The server can be built with --with-minimal again.
- Fixed an out of bounds read in the MLSD command.
- Larger mmap()ed pages are used on aarch64.
- Improved compatibility with HPUX
- Improved OpenSSL API compatibility
- Improved compatibility with OpenWall Linux
- Improved compatibility with Netfilter
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/sctp/lksctp-tools/blob/v1.0.20/ChangeLog
Drop redundant variables LK_REL, SOLIBVERSION and SOLIBMAJORVERSION in
recipe.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Let getaddrinfo(3) select the default IPv4 or IPv6 protocol version
when it is not explicitly specified on the command line
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.73
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.3.2.
- OpenSSL FIPS Provider updated to version 3.0.9.
* Bugfixes
- Fixed a memory leak while reloading stunnel.conf
sections with "client=yes" and "delay=no".
- Fixed TIMEOUTocsp with values greater than 4.
- Fix the IPv6 test on a non-IPv6 machine.
* Features
- HELO replaced with EHLO in the post-STARTTLS SMTP
protocol negotiation (thx to Peter Pentchev).
- OCSP stapling fetches moved away from server threads.
- Improved client-side session resumption.
- Added support for the mimalloc allocator.
- Check for protocolHost moved to configuration file
processing for the client-side CONNECT protocol.
- Clarified some confusing OpenSSL's certificate
verification error messages.
- stunnel.nsi updated for Debian 13 and Fedora.
- Improved NetBSD compatibility.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The "status" function called by this script calls "pidof" to get the process id. "pidof" does not expect or operate with a full path.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This prepares for using libconfuse for the 'genimage' recipe which
should reside in meta-oe.
Also libftdi (which is in meta-oe already) optionally requires
libconfuse when PACKAGECONFIG option 'ftdi-eeprom' is enabled.
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://git.kernel.org/pub/scm/linux/storage/autofs/autofs.git/tree/CHANGELOG?h=release_5_1_9
* Drop backport patches:
0001-autofs-5.1.8-add-autofs_strerror_r-helper-for-musl.patch
0002-autofs-5.1.8-handle-innetgr-not-present-in-musl.patch
* Drop the following patches as the issues have been fixed upstream:
cross.patch
pkgconfig-libnsl.patch
fix_disable_ldap.patch
add-the-needed-stdarg.h.patch
autofs-5.0.7-fix-lib-deps.patch
0001-Define-__SWORD_TYPE-if-undefined.patch
0001-Define-__SWORD_TYPE-and-_PATH_NSSWITCH_CONF.patch
0001-Bug-fix-for-pid_t-not-found-on-musl.patch
0001-modules-lookup_multi.c-Replace-__S_IEXEC-with-S_IEXE.patch
0002-Replace-__S_IEXEC-with-S_IEXEC.patch
* Reresh the following patches:
no-bash.patch
remove-bashism.patch
mount_conflict.patch
force-STRIP-to-emtpy.patch
0001-include-libgen.h-for-basename.patch
0001-Do-not-hardcode-path-for-pkg.m4.patch
fix-the-YACC-rule-to-fix-a-building-failure.patch
using-pkg-config-to-detect-libxml-2.0-and-krb5.patch
* Add patch to fix build on musl:
0009-hash.h-include-sys-reg.h-instead-of-bits-reg.h.patch
* Backport patch to fix build with gcc14:
0010-autofs-5.1.9-Fix-incompatible-function-pointer-types.patch
* Add PACKAGECONFIG[openldap] and PACKAGECONFIG[sasl]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/snort3/snort3/releases/tag/3.3.4.0
* appid: notify binder on service change
* appid: replaced hsessions vector of raw pointers into vector of smart
pointers
* ftp_telnet: refactoring ftp-data
* latency, dce, stream_ip: fix max pegs incorrectly declared sum
* telnet: avoid flush when cr or lf is between commands
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nftables has a pyproject.toml file since v1.0.9, c.f.
https://git.netfilter.org/nftables/commit/?id=8e603e0f7eec7c0000344a004228a30fbf0ece5c
Styhead has started to complain when a recipe inherits setuptools3 and a
proper pyproject.toml is provided in sources.
This uses python_pep517 functions instead of the setuptools3 ones,
inherits the proper class (still using setuptools3 but through pep517
process).
Notably, the python PACKAGECONFIG has its build dependency on
python3-setuptools-native removed as it's brought in by
python_setuptools_build_meta inherit, which is performed whenever the
python PACKAGECONFIG is selected. This avoids a "duplicate" but no
change in behavior is expected.
This was only build tested.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pass systemdsystemunitdir and systemduserunitdir to set correct directories
instead of using libdir from:
meson.build:systemd_base_path = join_paths(libdir, 'systemd')
which is wrong e.g. with multilib where libdir might be /usr/lib64 instead of
usr/lib used in ${nonarch_base_libdir} which is used by systemd_* variables:
export systemd_system_unitdir="/usr/lib/systemd/system"
export systemd_user_unitdir="/usr/lib/systemd/user"
fixes:
ERROR: Didn't find service unit 'blueman-mechanism.service', specified in SYSTEMD_SERVICE:blueman.
* inherit python3targetconfig to install into right python site-packages
without this it installs into
/usr/lib/python3.12/site-packages/
instead of /usr/lib64/python3.12/site-packages set in PYTHON_SITEPACKAGES_DIR
variable used in FILES, causing
blueman: 295 installed and not shipped files. [installed-vs-shipped]
# $PYTHON_SITEPACKAGES_DIR
# set oe-core/meta/classes-recipe/python3-dir.bbclass:11
# "${libdir}/${PYTHON_DIR}/site-packages"
PYTHON_SITEPACKAGES_DIR="/usr/lib64/python3.12/site-packages"
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts commit: 5edb8335dc
The Networkmanager package must not depend on ModemManager. Only the
Networkmanager-wwan package should depend on the ModemManager package.
The mobile-broadband-provider-info is fully optional and it is often not
required for embedded devices. Let the user choose if it gets installed
or not. Adding it explicitely to IMAGE_INSTALL is simple. Adding an
RRECOMMENS would work as well. But adding an RDEPENDS is bad.
In general, NetworkManager packaging is intended to provide a set of
binary packages suitable for building many different images.
NetworkManager is designed to be used for binary packages distributions
where it is not possible to rebuild NetworkManager just to install
Modemmanager. Also for OE, where a rebuilding is possible, a rebuild is
a disadvantage. So please do not destroy this flexibility by adding
RDEPENDS, which are firstly wrong and secondly only suitable for your
specific needs.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Pass OE's CFLAGS via CC since the Makefile disregards these flags from
environment and has it own notion of it. This ensures that flags to
rewrite debug flags are passed down correctly to compiler.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes emitting buildpaths into binary and also
fixes the issue where these tools wont exist on
the paths they were found on build machine
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/snort3/snort3/releases/tag/3.3.3.0
* control: code cleanup
* control: handle control commands after packet threads are fully
initialised
* daq: add outstanding packets counter
* extractor: add flow hash key
* file_api: max depth is set as part of initial config
* file: remove unused variable in FileFlows destructor
* filters: update dev_notes.txt with details for event_filter
* flow: optimize timeout handling for different packet type
* http_inspect: add peg counts for gzip, known-not-supported, and
unknown
* http_inspect: log normalized URI in extra data
* ips_options: separate main thread pcre counts from packet threads
stats
* memory: account memory for profiler only when packet thread is
involved
* src: resolve various warnings
* stream_tcp: make sure ports are correctly swapped when filling a
meta-ACK packet
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Some of the PACKAGECONFIG can be derived from the DISTRO_FEATURES and
MACHINE_FEATURES.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Our version was copied 2011 and is out of date. The changes in the meantime
affected only comments.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
configure emits its arguments into binaries via PACKAGE_CONFIGURE_INVOCATION
therefore edit the paths from this in generated config.h before it gets into
binaries.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Make this option turned on by default
Fixes
WARNING: wolfssl-5.7.2-r0 do_package_qa: QA Issue: File /usr/lib/libwolfssl.so.42.2.0 in package wolfssl contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ERROR: blueman-2.4.3-r0 do_package: QA Issue: blueman: Files/directories were installed but not shipped in any package:
/usr/lib/systemd/system
/usr/lib/systemd/system/blueman-mechanism.service
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
blueman: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: blueman-2.4.3-r0 do_package: Fatal QA errors were found, failing task.
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove 0001-meson-add-pythoninstalldir-option.patch. It was fixed by:
[https://github.com/blueman-project/blueman/pull/1700]
Remove 0001-Search-for-cython3.patch. It was fixed by:
[2682501e31/module/meson.build (L1)]
Remove 0001-meson-add-pythoninstalldir-option.patch. Not quite sure about this one,
but even without this patch there are no issues to enable bluetooth on my side
Dont add polkit rule. It is now added by default.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
WARNING: tayga-0.9.2-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/tayga in package tayga-dbg contains reference to TMPDIR [buildpaths]
Make sure that the OE provided CFLAGS are passed to the compiler.
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change adds a simple format for the skip results.
The format selected is the automake "simple test" format:
"result: testname"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bugfixes:
===========
* RADIUS dissector's dictionary loading broken in many ways.
* 3.4 -> 3.6.5 ASCII display is broken on CentOS 7.
* Funnel/Lua: Closing child window disconnects buttons of parent.
* Lua detection fails with Alpine Linux: missing: LUA_LIBRARIES.
* vnd.3gpp.5gnas payloads of type SMS not decoded inside HTTP2 5GC.
* TCP Stream Graphs green sliding window line not displayed correctly.
* Wireshark window doesn't fully fit on screen on small resolutions and can't be resized properly on Russian language.
* Wireshark started from command line doesn't set gui.fileopen_remembered_dir correctly on Windows.
* Wireshark expects wrong length for DHCP Relay Agent Information Source Port Suboption.
* SIP P-Access-Network-Info header not correctly decoded.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Support matching a OVS system interface by MAC address.
* When looking up the system hostname from the reverse DNS lookup of
addresses configured on interfaces, NetworkManager now takes into
account the content of /etc/hosts.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- ipset: fix json output format for IPSET_OPT_IP
- tests: add namespace test and take into account delayed
set removal at module remove
- Update autoconfig tools to build cleanly on Debian bookworm
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There was an error with the last modification to the buildpaths warning, which could cause segment error.
fix the following warning about buildpath:
WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The previous fossies.org archive contained a 2.0.6 release.
(The included "configure" script contained PACKAGE_VERSION='2.0.6')
Switch to the upstream archive hosted on snort.org which look like a
real 2.0.7 version (configure contains PACKAGE_VERSION='2.0.7')
Diff of the before vs after archive includes:
* configure script :
* New option : -runstatedir
* PACKAGE_VERSION='2.0.6' -> '2.0.7' (+ other related variables)
* New copyright year (2014-2021 Cisco) on some files
Use a custom downloadfilename to avoid conflicts with the "wrong" 2.0.7
archive.
CC: Romain Naour <romain.naour@smile.fr>
CC: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The value the configure script uses is picked up
from the host machine ps, and there are cases when
the flag selection can be different. Which would
break reproducablity between builds on different
machines.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adapt the compile 'test' phony target from Makefile and deploy as
ptest for unbound.
All test are successful on a trial and took around >9min and <10min.
Duration of ptest execution was 587 seconds on an average.
Signed-off-by: rajmohan r <semc.2042@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* Support matching a OVS system interface by MAC address.
* Fix port reactivation when the controller is reactivating.
* Save connection timestamps when shutting down, so that the right
connection autoactivates after restart.
* Fix handling of VPN secrets for 2-factor authentication.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The touch command doesn't support file mode setting. Set it with chmod.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The current version (0.9.5.0) is not affected by the CVE which affects versions at least earlier than 0.9.4.0.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
refreshed for 2.6.11
Changelog:
=============
- Implement server_poll_timeout for socks
- Use snprintf instead of sprintf for get_ssl_library_version
- Add bracket in fingerprint message and do not warn about missing verification
- Replace macos11 with macos14 in github runners
- Only run coverity scan in OpenVPN/OpenVPN repository
- Workaround issue in LibreSSL crashing when enumerating digests/ciphers
- Properly handle null bytes and invalid characters in control messages
- Allow to set ifmode for existing DCO interfaces in FreeBSD
- samples: Update sample configurations
- documentation: make section levels consistent
- phase2_tcp_server: fix Coverity issue 'Dereference after null check'
- script-options.rst: Update ifconfig_* variables
- LZO: do not use lzoutils.h macros
- Remove "experimental" denotation for --fast-io
- Implement Windows CA template match for Crypto-API selector
- misc.c: remove unused code
- interactive.c: Improve access control for gui<->service pipe
- Only schedule_exit() once
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Adapt to the new way of handling the 2FA secret by the
daemon, needed by it to fix a bug with certain clients.
Requires NetworkManager >= 1.46.2.
* Update Slovenian and Hungarian translations.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
api: Add DIOCTL_GET_CPU_PROFILE_DATA ioctl to get cpu profile data
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
lib32-tnftp do_compile failed with gcc-14:
../../tnftp-20230507/libedit/terminal.c:597:56: error: passing argument 2 of 'terminal_overwrite' from incompatible pointer type [-Wincompatible-pointer-types]
597 | terminal_overwrite(el, &el->el_display[
| ^~~~~~~~~~~~~~~~
| |
| wint_t * {aka unsigned int *}
598 | el->el_cursor.v][el->el_cursor.h],
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../tnftp-20230507/libedit/refresh.c:114:38: error: initialization of 'wchar_t *' {aka 'long int *'} from incompatible pointer type 'wint_t *' {aka 'unsigned int *'} [-Wincompatible-pointer-types]
114 | wchar_t *firstline = el->el_vdisplay[0];
For 64bit system:
wchar_t is defined as int
wint_t is define as unsigned int
For 32bit system:
wchar_t is defined as long int
wint_t is define as unsigned int
In 64bit case, it works well, but in 32bit case, gcc will take it as
incompatible, and report above error
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Error: Transaction test error:
file /usr/share/yang/ietf-netconf-acm.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.aarch64 and frr-10.0-r0.aarch64
file /usr/share/yang/ietf-netconf-with-defaults.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.aarch64 and frr-10.0-r0.aarch64
file /usr/share/yang/ietf-netconf.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.aarch64 and frr-10.0-r0.aarch64
libsmi also uses the doc 'ietf-netconf-acm.yang ietf-netconf-with-defaults.yang ietf-netconf.yang'.
libsmi has a priority of 50.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- usbredirect: Fix redirecting identical devices
- usbredirect: Fix CPU tight loop when run as TCP server
- usbredirect: Fix some minor memory leaks
- usbredirect: Add documentation about bus-device option
- usbredirtestclient: Fix build on MacOS 10.5
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
udpcast is a file transfer tool that can send data simultaneously to many
destinations on a LAN.
It is an alternative to uftp which is already in meta-networking.
On a lossy network, udpcast provided 10x faster transfer rates
with error correction enabled while using a half as much CPU thanks to a
simpler algorithm.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix incompatible pointer type error for daq:
| ../../daq-2.0.7/os-daq-modules/daq_nfq.c: In function 'SetPktHdr':
| ../../daq-2.0.7/os-daq-modules/daq_nfq.c:394:37: error: passing argument 2
of 'nfq_get_payload' from incompatible pointer type [-Wincompatible-pointer-types]
| 394 | int len = nfq_get_payload(nfad, (char**)pkt);
| | ^~~~~~~~~~~
| | |
| | char **
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Building with autotools is now deprecated and will be completely removed
in the next development cycle. We recommend using meson to build
NetworkManager -- for basic setup, see the CONTRIBUTING.md file.
To ignore this deprecation and still build with Autotools, you can specify
the '--disable-autotools-deprecation' argument when configuring.
* Support changing the OpenSSL ciphers for 802.1X authentication via
connection property "802-1x.openssl-ciphers".
* The reason why a device is unmanaged is now properly set in the
"StateReason" property of the "Device" D-Bus object. The property is
visible in nmcli via "nmcli -f all device show $DEV".
* Deprecated 802-11-wireless and 802-11-wired property 'mac-address-blacklist'
and introduced the 'mac-address-denylist' property.
* Properly restore in-memory connection profiles during the rollback
of a checkpoint.
* Fix detection of 6 GHz band capability for WiFi devices
* Allow IPv6 SLAAC and static IPv6 DNS server assignment for modem broadband
when IPv6 device address was not explicitly passed on by ModemManager
* Fix a performance issue that was leading to 100% CPU usage by NetworkManager
if external programs were doing a big amount of routes updates.
* Patch-level development releases (i.e. 1.48.1-dev) won't be used anymore.
From now on, all the patch releases whithin a stable branch will be normal
releases, like 1.48.0, 1.48.1, 1.48.2, 1.48.3 and so on.
Odd numbers in the minor version number still indicates if it's a development
branch like 1.49 or a stable one like 1.48.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- config file parser dynamically allocates linebuffer to allow multithreaded applications
- parse time values in model configuration file
- config file generator: added missing code for GSEControl
- Config file generator: support multiple access points for GOOSE and SMV control blocks
- config file generator: added code to add SMVCBs to config files
- IED server: added code to create SMVCBs with the dynamic model API
- MMS server: added support for write access with component alternate access
- MMS client: added function MmsConnection_writeVariableComponent to write to variables with alternate component access
- make write access to RCB elements configurable according to ReportSettings
- Added function IedConnection_setLocalAddress to define local IP address and optionally local port of a client connection
- IED server: added ControlAction_getSynchroCheck and ControlAction_getInterlockCheck functions
- fixed - IEC 61580 server: dataset is not released when RCB.Datset is set to empty string by client
- PAL: fixed wrong order of function arguments for fread and fwrite functions
- MMS client: parsing of servicecsSupported in MMS init response is off by one
- fixed - potential memory leaks in goose publisher code
- fixed - server sends dchg report when only dupd is enabled in RCB
- GOOSE subscriber: fixed - possible heap corruption in parseAllData due to missing validity check in bit-string handling
- IED server: fixed problem with implicit ResvTms setting when reserved with RptEna
- IED server: fixed - segmentation fault when compiled with CONFIG_MMS_THREADLESS_STACK
- fixed - MMS server: messages can be corrupted when TCP buffer is full
- fixed - .NET: IedConenction.WriteDataSetValues throws a NullReferenceException
- fixed - server send invalid response- when client uses wrong ctlModel
- fixed - IedConnection_setRCBValuesAsync crashes when RCB is already reserved by other client
- fixed - outstanding call not released in IedConnection_getDataSetDirectoryAsync
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 0015-Add-missing-limits.h.patch (equivalent patch merged upstream),
rebase other patches.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
GCC 14 is more strict regarding const pointers conversion. Fix
conversion to let ntpong build with GCC 14 and updated rrdtool. The
patch is not submitted upstream yet, the project requires singing of
CLA.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use inherit_defer instead of inhert. This way, setuptools3 is not
inherited when python is removed from PACKAGECONFIG in a .bbappend file.
This avoids dependencies added by setuptools3.
Don't add nftables-python to PACKAGES if python is disabled. It adds
extra runtime dependencies on python3-core and python3-json.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Enable IPv6 name record lookups for dig-wrapper. This indirectly enables
IPv6/AAAA-record support for dyndns-host-open (& traffic-accounting) plugin
! Prevent systemd from terminating the job manager when some rules fail
* Renamed xxx_OUTPUT to INET_OUTPUT_xxx for clarity/consistency
+ Additional INET_OUTPUT_xxx settings to have better control
of internet access on this machine
* Reorder some code/settings for clarity/consistency
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the UNPACKDIR changes in place the layers are no longer compatible
with the scarthgap release. Drop it from LAYERSERIES_COMPAT and limit
compatibility to styhead only.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It does not provide/enable systemd script generation which results in
ERROR: nbd-3.26.1-r0 do_package: nbd does not appear in package list, please add it
Signes-off-by: Khem Raj <raj.khem@gmail.com>
mdio-netlink source make reference to ${S}/.. which breaks
-fdebug-prefix-map and results in the full TMPDIR path being present in
the -dbg package and, also, change a related CRC in the main package.
This changes ${S} to enclose the whole SRC_URI repo and adapt relative paths to
build (MODULES_MODULE_SYMVERS_LOCATION)
This make mdio-netlink reproducible and fixes this warning:
WARNING: mdio-netlink-1.3.1-r0 do_package_qa: QA Issue: File /lib/modules/6.6.29-yocto-standard/updates/.debug/mdio-netlink.ko in package mdio-netlink-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When build on Debian 11 (gcc10), squid fails to build[0] because of a
bug[1] in the configure step (it mixes options between old native compiler
and recent target compiler: the former needs the std=c++17 option, the latter
doesn't).
The workaround is to force the "-std=c++17" option for the native build.
NB: Our Buildroot friends have the same workaround[2].
[0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/23/steps/28/logs/stdio
[1]: https://bugs.squid-cache.org/show_bug.cgi?id=5376
Bug closed as invalid by upstream
[2]: 932b52fad8/package/squid/squid.mk (L24)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Fix#207: crash when adding IPv6 multicast route on a kernel without IPv6 multicast support
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* Improve the support for 2FA dynamic challenge, not
saving the response into the profile.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When PACKAGECONFIG does not contains 'programs', the hello binary will
not be generated, but the ALTERNATIVE 'hello' is still set, causing the
update-alternatives bbclass to generate warnings for the missing
'hello' binary.
This commit fixes that by only populating ALTERNATIVES when 'programs'
is enabled.
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-fping-Initialize-msghdr-struct-in-a-portable-way.patch
removed since it's included in 5.2
Changelog:
============
-New option -X / --fast-reachable to exit immediately once N hosts have been found
-New option -k / -fwmark to set Linux fwmark mask
-Always output fatal error messages
-Fallback to SO_TIMESTAMP if SO_TIMESTAMPNS is not available
-Fix "not enough sequence numbers available" error on BSD-like systems
-Fix running in unprivileged mode
-Fix build issue for NetBSD/alpha
-Fix build issue for OpenBSD/alpha
-Fix build warning for long int usage
-Fix build error with musl libc
-Fix to guard against division by zero
-Decouple -a/-u effects from -c
-Added contrib/Dockerfile
-Remove host from Netdata chart titles
-Add additional tests
-Update github action os images
-Fix Azure pipeline tests
-Various autoconf fixes
-Extended configure script with --enable-debug and output cpu usage
-Documentation: Update Netdata website link
-Documentation: fix description of --file option
-Documentation: improve exit status description
-Documentation: move description of -i MSEC
-Documentation: improve help output for options -c and -C
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- also copy GLib*Typelib to STAGING_LIBDIR_NATIVE to avoid:
| gi.RepositoryError: Typelib file for namespace 'GLib', version '2.0' not found
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Basically what is done in:
https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=4c40897893f43a99e6ae12e652c0cf789d89df90
This fixes:
| gi.RepositoryError: Typelib file for namespace 'Gobject', version '2.0' not found
| gi.RepositoryError: Typelib file for namespace 'Gio', version '2.0' not found
| gi.RepositoryError: Typelib file for namespace 'GModule', version '2.0' not found
- Remove uneeded do_compile:prepend. It was broken because of {B}} and seems to be unneeded anyway
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For now, the known non-reproducible packages list is stored inside the
autobuilder config.json file. This is not ideal. Let's move this list
into each layers of meta-openembedded.
These lists can be used with, in local.conf:
include conf/include/non-repro-meta-oe.inc
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "${KNOWN_NON_REPRO_META_OE}"
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
spice-gtk seems to be the last recipe in meta-openembedded that uses
usbids instead of hwdata.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* make sure Homebrew packages for macOS are built with --enable-legacy-pppd
* do not print TLS socket options in log (revert change from 1.16.0)
* add option to specify SNI
* change most occurrences of "SSL" to "TLS" in user-visible text
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it's used since:
da679d27c5
included with the upgrade to 1.5.0 in:
https://git.openembedded.org/meta-openembedded/commit/?id=47ccb88d94852e327f3bdd45425f33e56983b50c
* libidn2 is usually pulled into the RSS by the dependency from gnutls
but when gnutls doesn't depend on it, the build fails with:
-- Checking for module 'libidn2'
-- No package 'libidn2' found
CMake Error at include/freeDiameter/CMakeLists.txt:144 (MESSAGE):
Unable to find libidn2, please install libidn2-dev or equivalent, or set
DIAMID_IDNA_IGNORE or DIAMID_IDNA_REJECT
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
-Merge pull request #1444 from yishaih/mlx5_dr
-Merge pull request #1439 from Kamalheib/qedr_pr
-mlx5: DR, Using sq ts format when RoCE is disabled
-Merge pull request #1440 from Honggang-LI/doc
-librdmacm: adjust ECE function name in man page
-providers/qedr: Remove unused debug files
-roviders/qelr: Replace DP_ERR with verbs_err
-providers/qelr: Replace DP_VERBOSE with verbs_debug
-providers/qelr: Remove unused macros
-Merge pull request #1438 from amzn/fix-rdma-tracepoint
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The following paths have been replaced with PYTHON_SITEPACKAGES_DIR:
- "${libdir}/${PYTHON_DIR}/site-packages"
- "${libdir}/python${PYTHON_BASEVERSION}/site-packages"
- "${libdir}/python*/site-packages"
- "${libdir}/python3.*/site-packages"
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This also fixes all ptests, therefore move freediameter
out of PTESTS_PROBLEMS_META_NETWORKING to PTESTS_FAST_META_NETWORKING
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2024-0962:
A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow.
Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311]
WARNING: libcoap-4.3.4-r0 do_cve_check: Found unpatched CVE (CVE-2024-0962)
This vulnerability is only exist in 4.3.4.
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
oldincludedir was removed in oe-core by
commit 506c91cbc6a604a84e37e53ccff430436369802e
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It gets OOMs with memory < 2G on x86_64 qemu
Export NFT variable in run-ptest script its used by few tests
Add required runtime dependencies for ptests to pass
This also requires changes to kernel config
features/nf_tables/nft_test.scc and CONFIG_VETH
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch the SRC_URI to http since the postfix site does not yet use https.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch SRC_URI to https (yes, the URI still has ftp in the path!).
Also drop the obsolete SRC_URI[md5sum].
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch the SRC_URI from "ftp:" to "https:". Drop the obsolete SRC_URI[md5sum].
Drop ncftp-3.2.5-gcc10.patch since we're using gcc13 and upstream has fixed the build
to work by adding an extern to sh_util/gpshare.c for example.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is an LTS release.
Includes security fixes:
* CVE-2024-28960 - Insecure handling of shared memory in PSA Crypto APIs
Full release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The following ShellCheck violations in "run-ptest" are fixed:
- line 4:
SC2164: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
- line 7:
SC2086: Double quote to prevent globbing and word splitting.
- line 9:
SC2006: Use $(...) notation instead of legacy backticks `...`.
SC2086: Double quote to prevent globbing and word splitting.
SC2126: Consider using 'grep -c' instead of 'grep|wc -l'.
- line 10:
SC2006: Use $(...) notation instead of legacy backticks `...`.
SC2086: Double quote to prevent globbing and word splitting.
SC2126: Consider using 'grep -c' instead of 'grep|wc -l'.
- line 17:
SC2086: Double quote to prevent globbing and word splitting.
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the following ptest output format issues:
- For "sed" command, change "-e" option to "-E" option. I believe the
previous "-e" option is a typo based on the manual page of "sed":
-e script, --expression=script
add the script to the commands to be executed
"-E" option, on the other hand, makes "sed" "use extended regular
expressions in the script" according to the manual page.
- The test result summary line is being treated as both a passed
testcase and a failed testcase due to this line containing substring
"[OK]" and "[FAILED]". The following is a sample test result summary
line:
I: results: [OK] 379 [SKIPPED] 1 [FAILED] 0 [TOTAL] 380
The fix is to change run-ptest to look for "I: [OK]" and
"W: [FAILED]" when determining which lines correspond to
passed/failed testcases.
- Previously, only "W: [FAILED]" out of the following testcase failure
prompts is parsed:
W: [CHK DUMP]
W: [VALGRIND]
W: [TAINTED]
W: [DUMP FAIL]
W: [FAILED]
Adding parsing for all testcase failure prompts.
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Add --without-rlm_json to fix:
configure: error: set --without-rlm_json to disable it explicitly
* Add --without-rlm_cache_redis to fix:
configure: error: set --without-rlm_cache_redis to disable it explicitly.
* Drop 0017-add-python.m4-for-detecting-python-3.10.patch and add
0017-Add-acinclude.m4-to-include-required-macros.patch to fix python3 related
build errors
* Rebased other patches for 3.2.3.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bugfix:
=========
-wnpa-sec-2024-06 T.38 dissector crash.
-Extcap with configuration never starts; "Configure all extcaps before start of capture." is shown instead.
-Packet Dissection CSV Export includes last column even if hidden.
-Inject TLS secrets closes Wireshark on Windows.
-Wireshark crashes when adding another port to the HTTP dissector.
-When adding a new row to a table an error report may be inserted.
-'--export-objects' does not work as expected on tshark version later than 3.2.10.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Curl for People C++ Requests is a simple wrapper around
libcurl inspired by the excellent Python Requests project.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The last patch 0012-Fix-configuration-of-NETSNMP_FD_MASK_TYPE.patch
brought in with 5.9.4 upgrade is not sufficient and infact has a regression
introduced for clang+musl builds.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Update copyright years to 2024
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst
Security fixes:
CVE-2024-27459: Windows: fix a possible stack overflow in the
interactive service component which might lead to a local privilege
escalation.
CVE-2024-24974: Windows: disallow access to the interactive service pipe
from remote computers.
CVE-2024-27903: Windows: disallow loading of plugins from untrusted
installation paths, which could be used to attack openvpn.exe via a
malicious plugin. Plugins can now only be loaded from the OpenVPN
install directory, the Windows system directory, and possibly from a
directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.
CVE-2024-1305: Windows TAP driver: Fix potential integer overflow in
!TapSharedSendPacket.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Improve performance when getting interface status
- update project URL
- Add environment variables to manpage.
- Don't start the daemon if there's nothing to do
- _interface_scan: fix wrong index into iface map
- _interface_scan: force handle_state for new interfaces
- Add missing administrative state 'initialized'
- use os.path.dirname instead of os.path.basename
- make sure scripts are not writeable by non-root users
- don't allow unknown operational/admin states (CVE-2022-29799, CVE-2022-29800)
- Fix missing word in exception message
- fix some new linting issues from pylint
- manpage: fix missing slash in "configured.d" directory name
- Normalize parsed IP address value
- Drop support for Python 3.4
- Add testing for Python 3.10
- README.md: fix code formatting
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* as oe-core did in:
https://git.openembedded.org/openembedded-core/commit/?id=d4c346e8ab
* when people are have to maintain own PRs for recipes in oe-core, they
might add them for meta-oe recipes at the same time when upgrading
to next LTS
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* add Pending to .patch files where it was accidentally droped
with upgrades or modifications in:
f88e5b146e postgresql: upgrade 15.5 -> 16.2
c904e169db multipath-tools: upgrade 0.9.3 -> 0.9.8
105be9b3d9 unionfs-fuse: upgrade 2.2 --> 3.4
or new patches where the author didn't notice/care:
2a7f74cdb0 dropwatch: Use header files from sysroot instead of build host
f5cc9f272a yasm: improve reproducibility
39028d0d9d python3-pybind11: Restore strip prevention patch
authors of these added to CC, please be more careful with removing
or not adding these or enable patch-status in ERROR_QA for your
builds, see:
https://lists.openembedded.org/g/openembedded-core/topic/104922136#197113
* added with:
for p in `/OE/layers/openembedded-core/scripts/contrib/patchreview.py -v . | grep Missing.Upstream-Status.tag | sed 's/.*(//g;s/)$//g'`; do grep -q ^Upstream-Status: $p || sed -i "s/^---$/\nUpstream-Status: Pending\n---/g" $p; grep -q ^Upstream-Status: $p || sed -i "1iUpstream-Status: Pending\n" $p; done
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We're seeing errors like below in log.do_configure:
./conftest: cannot execute binary file: Exec format error
The tcprelay's configure have two places to execute ./conftest.
And the result happens to be correct even with the error above.
Instead of leaving the errors as they are, we explicitly skip
running ./conftest in case of cross compiling. The build will
continue to succeed and result will remain the same.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/net-snmp/net-snmp/blob/V5-9-patches/CHANGES
* Refresh patches
* Drop backport CVE patch
* Drop 0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch as the
issue has been fixed upstream.
* Add a patch to fix build on musl
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.46.0/NEWS
Highlights:
- Drop build with python2, python3 is now required
- Support randomizing the MAC address based on the Wi-Fi network
- IPv4 DAD (Duplicate Address Detection) enabled by default
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.72
License-Update: Copyright year updated to 2024.
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.2.1.
- OpenSSL FIPS Provider updated to version 3.0.8.
* Bugfixes
- Fixed SSL_CTX_new() errors handling.
- Fixed OPENSSL_NO_PSK builds.
- Android build updated for NDK r23c.
- stunnel.nsi updated for Debian 12.
- Fixed tests with OpenSSL older than 1.0.2.
- Fixed the console output of tstunnel.exe.
- Fixed TLS socket EOF handling with OpenSSL 3.x.
This bug caused major interoperability issues between
stunnel built with OpenSSL 3.x and Microsoft's
Schannel Security Support Provider (SSP).
- Fixed reading certificate chains from PKCS#12 files.
* Features sponsored by SAE IT-systems
- OCSP stapling is requested and verified in the client mode.
- Using "verifyChain" automatically enables OCSP
stapling in the client mode.
- OCSP stapling is always available in the server mode.
- An inconclusive OCSP verification breaks TLS negotiation.
This can be disabled with "OCSPrequire = no".
- Added the "TIMEOUTocsp" option to control the maximum
time allowed for connecting an OCSP responder.
* Features
- Added support for Red Hat OpenSSL 3.x patches.
- Added configurable delay for the "retry" option.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
-updates translations, and tightens OpenSSL/wolfSSL version requirements in order
to track their security fixes and deprecations.
OpenSSL 3.0.9, 3.1.4, 3.2.0 and wolfSSL 5.6.2 (or newer on the respective compatible branches) remain supported.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
drbd-utils configure step check the build host udev version to enable
or disable the target udev rule. This leads to a clear
non-reproducibility.
This patch fixes this by adding a configure option to the configure step
which allows to skip the udev version checks and unconditionally enable
the udev rule.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Line "DRBD mirrors a block device over the network to another machine"
is written twice in DESCRIPTION.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
rebased patches:
0001-drbd-utils-support-usrmerge.patch
0001-drbdmon-add-LDFLAGS-when-linking.patch
removed patches that already in upstream code repository
0001-replace-off64_t-with-off_t.patch
0002-drbdadm-drop-use-of-GLOB_MAGCHAR-use-strchr-heuristi.patch
add keyutils depends
Change log
==========
9.27.0
* adjust,v9: retry for diskless primaries
* tests: sanitize env (e.g., TZ)
* drbdmeta: dump and restore the members field
9.26.0
* config,v9: new config option load-balance-paths
* config,v9: new config options rdma-ctrls-(snd|rcv)buf-size
* drbdadm,v9: fix segfault if proxy has no path
* drbd: increase maximum CPU mask size
* systemd: introduce drbd-graceful-shutdown.service
* drbdmeta,v9: fix regression, allow attach after offline resize
* drbdsetup,v9: add path established information to JSON status
* events2: terminate on module unload even under --poll
* events2: specif exit code if module unload
* docs: add spdx license file
* drbdmon: various smaller improvements
* drbdsetup,v9: support for TLS/kTLS
9.25.0
* drbdsetup,v9,show: fix meta disk format for json
* drbdmon: various updates
* build: fix RHEL6 spec builds
* drbdmeta: {hex,}dump superblock
* drbdmon: major rewrite
* build: gcc v12 cleanups
* misc: put locks into separate dir
* selinux: add fowner fsetsid, they dropped a global noaudit rule
9.24.0
* windrbd: various fixes
* v9: Support user-defined block-size
* doc,v9: improvements all over the place
* drbdadm,v9: implement drbdadm role <res:peer>
* drbdadm,v9: pass --verbose/--statistics to drbdsetup status
* drbd{adm,meta}: add repair-md subcommand
9.23.1
* drbdadm,v9,resync-after: fix too strict check
9.23.0
* drbdadm,v9,floating: fixup fake uname for 9.2.x strict_names=1
* drbdadm,v9,parser: fixup globs, also rm GNU libc specific extensions
* drbdadm,v9,parser: allow via outside-address for NATed peers
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We encountered a do_configure error when using dash on Ubuntu 20.04:
conftest.c:31:26: fatal error: Python.h: No such file or directory
31 | #include <Python.h>
| ^~~~~~~~~~
It seems that PYTHON_CPPFLAGS is not passed to configure command
correctly. Use configuration option --with-pythoncflags instead of
passing it in cmdline.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it uses gdbus-codegen from glib-2.0-native which depended
on python3-distutils-native until
https://lists.openembedded.org/g/openembedded-core/message/196136
but distutils on host was enforced by sanity check only until mickledore with:
https://git.openembedded.org/openembedded-core/commit/?id=8e3a5b0709384f2b455a82ac1e8e212686fe4456
so on hosts without distutils this was already failing with:
http://errors.yoctoproject.org/Errors/Details/754697/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import distutils.version
ModuleNotFoundError: No module named 'distutils'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
and the glib-2.0-native change only changes the dependency from
distutils to packaging which results in:
http://errors.yoctoproject.org/Errors/Details/754693/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import packaging.version
ModuleNotFoundError: No module named 'packaging'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
* packaging probably isn't as wide spread on host distros as old
distutils was, so make sure it's available by using
python3-native with python3-packaging-native from OE build
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes CVE-2023-50387 and CVE-2023-50868
Remove backported CVE patch.
Remove patch for lua as hardcoding lua version was removed.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: lib32-snort3-3+git-r0 do_populate_sysroot: QA Issue: snort.pc failed sanity test (tmpdir) in path lib32-snort3/3+git/sysroot-destdir/usr/lib/pkg
* it's broken for non-multilib builds as well, the issue is that
FLEX_CPPFLAGS points to native include dir, e.g.
FLEX_CPPFLAGS=-I/OE/../lib32-snort3/3+git/recipe-sysroot-native/usr/include
and the work around from:
9736478480
sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/pkgconfig/snort.pc
strips the "/OE/../lib32-snort3/3+git/recipe-sysroot" part in non-multilib
case, but leaves:
FLEX_CPPFLAGS=-I-native/usr/include
which is still wrong, but not detected by buildpaths QA check anymore
and in multilib case, this didn't strip the first part because the
target sysroot is:
"/OE/../lib32-snort3/3+git/lib32-recipe-sysroot"
so it didn't strip anything from native sysroot:
"/OE/../lib32-snort3/3+git/recipe-sysroot-native"
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
wavemon is an ncurses-based monitoring application for wireless network
devices on Linux.
We have to provide the path to libnl3 headers since the build system is
not able to find them.
In order to workaround a link issue with pthread library, we have to
add -pthread to CFLAGS in order to add the library after the object
file.
arm-none-linux-gnueabihf/bin/ld: info_scr.o: undefined reference to symbol 'pthread_mutex_trylock@@GLIBC_2.4'
[...]/wavemon/0.9.5-r0/recipe-sysroot/lib/libpthread.so.0: error adding symbols: DSO missing from command line
"We should mention the library on the command line after the object files being compiled" [1]
[1] https://stackoverflow.com/questions/19901934/libpthread-so-0-error-adding-symbols-dso-missing-from-command-line
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If llvm unwind is present then disable unwinding support since it will
not have all unw_* functions eg. unw_strerror
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort2 is legacy now.
See more: https://github.com/snort3/snort3
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort3 depends on it.
snort3 recipe will be provided in next commit.
See more: https://github.com/snort3/libdaq
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ERROR: samba-4.19.4-r0 do_package: QA Issue: samba: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/samba/domain_update.py
/usr/lib/python3.12/site-packages/samba/ntstatus.so
/usr/lib/python3.12/site-packages/samba/descriptor.py
......
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python 2 is long unsupported, so we no longer need this variable
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it does not match with our real head file form kernel.(net_dropmon.h)
net_dropmon.h in dropwatch local src/net_dropmon.h.
linux kernel also have it in include/uapi/linux/net_dropmon.h
for example,our kernel is linux5.10:
diff tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/recipe-sysroot/usr/
include/linux/net_dropmon.h tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/git/src/net_dropmon.h
1c1,3
<
95a94
> NET_DM_ATTR_REASON, /* string */
it will cause mismatch when we use dropwatch in older kernel version(v5.10),
will cause dropwatch and kernel drop_monitor module mismatch with netlink talk.
we should build it with header from sysroot which comes from matching
kernel.
Signed-off-by: chenheyun <chen_heyun@163.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In reproducible test, useradd config comes from static files:
meta-networking/files/static-{passwd,group}-meta-networking
Those files were not coherent :
* an unused "rasvd" was defined (a typo for "radvd")
* passwd referenced a unexisting group id.
This patch aligns static files to the USERADD_PARAM recipe value.
This will fix the errors seen during reproducibility tests:
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: radvd: useradd command did not succeed.
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: ExecutionError('/home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/run.useradd_sysroot.1178426', 1, None, None)
stdio: ERROR: Logfile of failure stored in: /home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/log.do_prepare_recipe_sysroot.1178426
stdio: ERROR: Task (/home/pokybuild/yocto-worker/reproducible-meta-oe/build/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb:do_prepare_recipe_sysroot) failed with exit code '1'
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Use "git archive" for the "make releasetar" process.
- Makefile.in: Add the releasecheck target.
- Cirrus CI: Add the "make releasecheck" command in the Linux task.
- INSTALL.md: Add missing files.
- Makefile.in: Add "make -s install" in the releasecheck target.
- Makefile.in: Add the whitespacecheck target.
- Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
- Makefile.in: Add some missing files in the distclean target.
- autoconf: Add autogen.sh, remove configure and config.h.in.
- autoconf: Require at least autoconf 2.69.
- autoconf: Address most warnings from Autoconf 2.71.
- autoconf: Update install-sh script to the latest available version.
- autoconf: Update config.{guess,sub}, timestamps 2024-01-01
- Fix a build error on Haiku.
- Do the version number the same way as in tcpdump and libpcap.
- Lose unused missing/strlcpy.c.
- Use posix_fadvise() on input files if available.
- Prefer calloc() over malloc().
- Fix --static-pcap-only test on Solaris 10.
- autoconf: replace --with-system-libpcap with --disable-local-libpcap.
- autoconf: Find a local libpcap even with rcX directory suffix
- configure: special-case macOS /usr/bin/pcap-config
- On Solaris, for 64-bit builds, use the 64-bit pcap-config.
- configure: don't use egrep, use $EGREP.
- Add some warning flags for Clang 13 or newer.
- Fix some warnings with -Wmissing-variable-declarations.
- Make various improvements to the instrument functions.
- autoconf: Remove many obsolete elements, including workarounds for BSD/OS,
IRIX, OSF/1, Solaris, Ultrix and possibly other OSes.
- autoconf: Refine reporting of os-proto.h.
- tcpslice(1): Use bold font more consistently.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- MS Windows portability improvements and some documentation improvements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
-Fixed #1105 which caused a SIGBUS on some some platforms due misaligned accesses.
-Fixed a problem when using absolute CMake target directories.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
DumpStateLog() calls LogMsgWithLevelv() with category == NULL, avoid
crashing in this case.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When adding scapy to core-image-base from poky those dependecies were
missing causing scapys start to fail.
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
-sharkd is not installed by the Windows installer.
-Fuzz job crash output: fuzz-2024-01-01-7740.pcap.
-Can't open a snoop file from the Open dialog box unless I select \"All files\" as the file type.
-Add s4607 dissector to \"decode as\"
-Updater for 4.2.1 hangs.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Dropwatch is a utility to help developers and system administrators to
diagnose problems in the Linux Networking stack, specifically their
ability to diagnose where packets are getting dropped.
References:
* https://github.com/nhorman/dropwatch
Signed-off-by: Christophe Vu-Brugier <christophe.vu-brugier@seagate.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes installed-vs-shipped when libdir in target is different than in
native python e.g. with multilib enabled:
ERROR: QA Issue: libtdb: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/tdb.so
/usr/lib/python3.12/site-packages/_tdb_text.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libtdb: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: QA Issue: libtalloc: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/talloc.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libtalloc: 1 installed and not shipped files. [installed-vs-shipped]
ERROR: QA Issue: libtevent: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/_tevent.so
/usr/lib/python3.12/site-packages/tevent.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-libtevent: 2 installed and not shipped files. [installed-vs-shipped]
* waflib has some fallback to query distutils when PYTHONARCHDIR isn't
set in environment as in:
84c26588fc
but this still returns wrong value from
print(get_python_lib(plat_specific=1, standard_lib=0, prefix='/usr'))
e.g.
/usr/lib/python3.12/site-packages
matching native layout instead of:
/usr/lib64/python3.12/site-packages
* python3targetconfig inherit breaks waflib as well as shown in config.log:
['libtdb/1.4.9/recipe-sysroot-native/usr/bin/python3-native/python3', '-c', "\ntry:\n\tfrom distutils.sysconfig import get_config_var, get_python_lib\nexcept ImportError:\n\tfrom sysconfig import get_config_var, get_path\n\tdef get_python_lib(*k, **kw):\n\t\tkeyword='platlib' if kw.get('plat_specific') else 'purelib'\n\t\tif 'prefix' in kw:\n\t\t\treturn get_path(keyword, vars={'installed_base': kw['prefix'], 'platbase': kw['prefix']})\n\t\treturn get_path(keyword)\n\nprint(repr(get_python_lib(standard_lib=0, prefix='/usr') or ''))"]
err: Traceback (most recent call last):
File "<string>", line 12, in <module>
File "<string>", line 9, in get_python_lib
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 636, in get_path
return get_paths(scheme, vars, expand)[name]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 626, in get_paths
return _expand_vars(scheme, vars)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 270, in _expand_vars
_extend_dict(vars, get_config_vars())
^^^^^^^^^^^^^^^^^
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 728, in get_config_vars
_init_config_vars()
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 670, in _init_config_vars
_init_posix(_CONFIG_VARS)
File "libtdb/1.4.9/recipe-sysroot-native/usr/lib/python3.12/sysconfig.py", line 536, in _init_posix
_temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ModuleNotFoundError: No module named '_sysconfigdata'
* setting PYTHONARCHDIR is simplest fix
* this also fixes libldb failure when it fails to find e.g. tevent after
these installed-vs-shipped issues instealled it in wrong libdir:
Checking for system tevent (>=0.15.0) : yes
Traceback (most recent call last):
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 159, in waf_entry_point
run_commands()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 255, in run_commands
ctx = run_command(cmd_name)
^^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Scripting.py", line 239, in run_command
ctx.execute()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Configure.py", line 159, in execute
super(ConfigurationContext, self).execute()
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 214, in execute
self.recurse([os.path.dirname(g_module.root_path)])
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 296, in recurse
user_function(self)
File "lib32-libldb/2.8.0/ldb-2.8.0/wscript", line 54, in configure
conf.RECURSE('lib/tevent')
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 66, in fun
return f(*k, **kw)
^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 469, in RECURSE
return ctx.recurse(relpath)
^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/third_party/waf/waflib/Context.py", line 296, in recurse
user_function(self)
File "lib32-libldb/2.8.0/ldb-2.8.0/lib/tevent/wscript", line 51, in configure
conf.CHECK_BUNDLED_SYSTEM_PYTHON('pytevent', 'tevent', minversion=VERSION):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_utils.py", line 66, in fun
return f(*k, **kw)
^^^^^^^^^^^
File "lib32-libldb/2.8.0/ldb-2.8.0/buildtools/wafsamba/samba_bundled.py", line 270, in CHECK_BUNDLED_SYSTEM_PYTHON
if not found and not conf.LIB_MAY_BE_BUNDLED(libname):
^^^^^
UnboundLocalError: cannot access local variable 'found' where it is not associated with a value
and then it needs PYTHONARCHDIR as well to fix:
ERROR: libldb-2.8.0-r0 do_package: QA Issue: libldb: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/python3.12
/usr/lib/python3.12/site-packages
/usr/lib/python3.12/site-packages/_ldb_text.py
/usr/lib/python3.12/site-packages/ldb.so
/usr/lib/python3.12/site-packages/.debug
/usr/lib/python3.12/site-packages/.debug/ldb.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
libldb: 7 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Error: Transaction test error:
file /usr/share/yang/ietf-interfaces.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.cortexa57 and frr-9.1-r1.cortexa57
libsmi also uses the doc 'ietf-interfaces.yang'.
libsmi has a priority of 50.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
* Multiple registers can now be dumped at once, via the generic dump
operation.
* Relax the driver matching to accept the strings used in kernels 6.2
and newer.
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
