Changelog:
==========
-updates translations, and tightens OpenSSL/wolfSSL version requirements in order
to track their security fixes and deprecations.
OpenSSL 3.0.9, 3.1.4, 3.2.0 and wolfSSL 5.6.2 (or newer on the respective compatible branches) remain supported.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
drbd-utils configure step check the build host udev version to enable
or disable the target udev rule. This leads to a clear
non-reproducibility.
This patch fixes this by adding a configure option to the configure step
which allows to skip the udev version checks and unconditionally enable
the udev rule.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Line "DRBD mirrors a block device over the network to another machine"
is written twice in DESCRIPTION.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
rebased patches:
0001-drbd-utils-support-usrmerge.patch
0001-drbdmon-add-LDFLAGS-when-linking.patch
removed patches that already in upstream code repository
0001-replace-off64_t-with-off_t.patch
0002-drbdadm-drop-use-of-GLOB_MAGCHAR-use-strchr-heuristi.patch
add keyutils depends
Change log
==========
9.27.0
* adjust,v9: retry for diskless primaries
* tests: sanitize env (e.g., TZ)
* drbdmeta: dump and restore the members field
9.26.0
* config,v9: new config option load-balance-paths
* config,v9: new config options rdma-ctrls-(snd|rcv)buf-size
* drbdadm,v9: fix segfault if proxy has no path
* drbd: increase maximum CPU mask size
* systemd: introduce drbd-graceful-shutdown.service
* drbdmeta,v9: fix regression, allow attach after offline resize
* drbdsetup,v9: add path established information to JSON status
* events2: terminate on module unload even under --poll
* events2: specif exit code if module unload
* docs: add spdx license file
* drbdmon: various smaller improvements
* drbdsetup,v9: support for TLS/kTLS
9.25.0
* drbdsetup,v9,show: fix meta disk format for json
* drbdmon: various updates
* build: fix RHEL6 spec builds
* drbdmeta: {hex,}dump superblock
* drbdmon: major rewrite
* build: gcc v12 cleanups
* misc: put locks into separate dir
* selinux: add fowner fsetsid, they dropped a global noaudit rule
9.24.0
* windrbd: various fixes
* v9: Support user-defined block-size
* doc,v9: improvements all over the place
* drbdadm,v9: implement drbdadm role <res:peer>
* drbdadm,v9: pass --verbose/--statistics to drbdsetup status
* drbd{adm,meta}: add repair-md subcommand
9.23.1
* drbdadm,v9,resync-after: fix too strict check
9.23.0
* drbdadm,v9,floating: fixup fake uname for 9.2.x strict_names=1
* drbdadm,v9,parser: fixup globs, also rm GNU libc specific extensions
* drbdadm,v9,parser: allow via outside-address for NATed peers
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We encountered a do_configure error when using dash on Ubuntu 20.04:
conftest.c:31:26: fatal error: Python.h: No such file or directory
31 | #include <Python.h>
| ^~~~~~~~~~
It seems that PYTHON_CPPFLAGS is not passed to configure command
correctly. Use configuration option --with-pythoncflags instead of
passing it in cmdline.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it uses gdbus-codegen from glib-2.0-native which depended
on python3-distutils-native until
https://lists.openembedded.org/g/openembedded-core/message/196136
but distutils on host was enforced by sanity check only until mickledore with:
https://git.openembedded.org/openembedded-core/commit/?id=8e3a5b0709384f2b455a82ac1e8e212686fe4456
so on hosts without distutils this was already failing with:
http://errors.yoctoproject.org/Errors/Details/754697/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import distutils.version
ModuleNotFoundError: No module named 'distutils'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
and the glib-2.0-native change only changes the dependency from
distutils to packaging which results in:
http://errors.yoctoproject.org/Errors/Details/754693/
gdbus-codegen \
--generate-c-code src/nm-fortisslvpn-pppd-service-dbus \
--c-namespace NMDBus \
--interface-prefix org.freedesktop.NetworkManager \
../NetworkManager-fortisslvpn-1.4.0/src/nm-fortisslvpn-pppd-service.xml
Traceback (most recent call last):
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "TOPDIR/tmp-glibc/work/core2-64-oe-linux/networkmanager-fortisslvpn/1.4.0/recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import packaging.version
ModuleNotFoundError: No module named 'packaging'
make: *** [Makefile:2081: src/nm-fortisslvpn-pppd-service-dbus.h] Error 1
* packaging probably isn't as wide spread on host distros as old
distutils was, so make sure it's available by using
python3-native with python3-packaging-native from OE build
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes CVE-2023-50387 and CVE-2023-50868
Remove backported CVE patch.
Remove patch for lua as hardcoding lua version was removed.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: lib32-snort3-3+git-r0 do_populate_sysroot: QA Issue: snort.pc failed sanity test (tmpdir) in path lib32-snort3/3+git/sysroot-destdir/usr/lib/pkg
* it's broken for non-multilib builds as well, the issue is that
FLEX_CPPFLAGS points to native include dir, e.g.
FLEX_CPPFLAGS=-I/OE/../lib32-snort3/3+git/recipe-sysroot-native/usr/include
and the work around from:
9736478480
sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/pkgconfig/snort.pc
strips the "/OE/../lib32-snort3/3+git/recipe-sysroot" part in non-multilib
case, but leaves:
FLEX_CPPFLAGS=-I-native/usr/include
which is still wrong, but not detected by buildpaths QA check anymore
and in multilib case, this didn't strip the first part because the
target sysroot is:
"/OE/../lib32-snort3/3+git/lib32-recipe-sysroot"
so it didn't strip anything from native sysroot:
"/OE/../lib32-snort3/3+git/recipe-sysroot-native"
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
wavemon is an ncurses-based monitoring application for wireless network
devices on Linux.
We have to provide the path to libnl3 headers since the build system is
not able to find them.
In order to workaround a link issue with pthread library, we have to
add -pthread to CFLAGS in order to add the library after the object
file.
arm-none-linux-gnueabihf/bin/ld: info_scr.o: undefined reference to symbol 'pthread_mutex_trylock@@GLIBC_2.4'
[...]/wavemon/0.9.5-r0/recipe-sysroot/lib/libpthread.so.0: error adding symbols: DSO missing from command line
"We should mention the library on the command line after the object files being compiled" [1]
[1] https://stackoverflow.com/questions/19901934/libpthread-so-0-error-adding-symbols-dso-missing-from-command-line
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If llvm unwind is present then disable unwinding support since it will
not have all unw_* functions eg. unw_strerror
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort2 is legacy now.
See more: https://github.com/snort3/snort3
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I am adding this recipe as snort3 depends on it.
snort3 recipe will be provided in next commit.
See more: https://github.com/snort3/libdaq
Signed-off-by: Khawaja Shaheryar <behzadshaheryar@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ERROR: samba-4.19.4-r0 do_package: QA Issue: samba: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/samba/domain_update.py
/usr/lib/python3.12/site-packages/samba/ntstatus.so
/usr/lib/python3.12/site-packages/samba/descriptor.py
......
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python 2 is long unsupported, so we no longer need this variable
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
it does not match with our real head file form kernel.(net_dropmon.h)
net_dropmon.h in dropwatch local src/net_dropmon.h.
linux kernel also have it in include/uapi/linux/net_dropmon.h
for example,our kernel is linux5.10:
diff tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/recipe-sysroot/usr/
include/linux/net_dropmon.h tmp/work/cortexa57-poky-linux/dropwatch/1.5.4+git-r0/git/src/net_dropmon.h
1c1,3
<
95a94
> NET_DM_ATTR_REASON, /* string */
it will cause mismatch when we use dropwatch in older kernel version(v5.10),
will cause dropwatch and kernel drop_monitor module mismatch with netlink talk.
we should build it with header from sysroot which comes from matching
kernel.
Signed-off-by: chenheyun <chen_heyun@163.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In reproducible test, useradd config comes from static files:
meta-networking/files/static-{passwd,group}-meta-networking
Those files were not coherent :
* an unused "rasvd" was defined (a typo for "radvd")
* passwd referenced a unexisting group id.
This patch aligns static files to the USERADD_PARAM recipe value.
This will fix the errors seen during reproducibility tests:
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: radvd: useradd command did not succeed.
stdio: ERROR: radvd-2.19-r0 do_prepare_recipe_sysroot: ExecutionError('/home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/run.useradd_sysroot.1178426', 1, None, None)
stdio: ERROR: Logfile of failure stored in: /home/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-networking/build-st/reproducibleA/tmp/work/core2-64-poky-linux/radvd/2.19/temp/log.do_prepare_recipe_sysroot.1178426
stdio: ERROR: Task (/home/pokybuild/yocto-worker/reproducible-meta-oe/build/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb:do_prepare_recipe_sysroot) failed with exit code '1'
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Use "git archive" for the "make releasetar" process.
- Makefile.in: Add the releasecheck target.
- Cirrus CI: Add the "make releasecheck" command in the Linux task.
- INSTALL.md: Add missing files.
- Makefile.in: Add "make -s install" in the releasecheck target.
- Makefile.in: Add the whitespacecheck target.
- Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
- Makefile.in: Add some missing files in the distclean target.
- autoconf: Add autogen.sh, remove configure and config.h.in.
- autoconf: Require at least autoconf 2.69.
- autoconf: Address most warnings from Autoconf 2.71.
- autoconf: Update install-sh script to the latest available version.
- autoconf: Update config.{guess,sub}, timestamps 2024-01-01
- Fix a build error on Haiku.
- Do the version number the same way as in tcpdump and libpcap.
- Lose unused missing/strlcpy.c.
- Use posix_fadvise() on input files if available.
- Prefer calloc() over malloc().
- Fix --static-pcap-only test on Solaris 10.
- autoconf: replace --with-system-libpcap with --disable-local-libpcap.
- autoconf: Find a local libpcap even with rcX directory suffix
- configure: special-case macOS /usr/bin/pcap-config
- On Solaris, for 64-bit builds, use the 64-bit pcap-config.
- configure: don't use egrep, use $EGREP.
- Add some warning flags for Clang 13 or newer.
- Fix some warnings with -Wmissing-variable-declarations.
- Make various improvements to the instrument functions.
- autoconf: Remove many obsolete elements, including workarounds for BSD/OS,
IRIX, OSF/1, Solaris, Ultrix and possibly other OSes.
- autoconf: Refine reporting of os-proto.h.
- tcpslice(1): Use bold font more consistently.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- MS Windows portability improvements and some documentation improvements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
-Fixed #1105 which caused a SIGBUS on some some platforms due misaligned accesses.
-Fixed a problem when using absolute CMake target directories.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
DumpStateLog() calls LogMsgWithLevelv() with category == NULL, avoid
crashing in this case.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When adding scapy to core-image-base from poky those dependecies were
missing causing scapys start to fail.
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
