In order to pass reproducible tests, recipes that use the
useradd class must have static ids configured.
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These are test images to build all recipes in layer. Renaming them makes
them refect what they are. Moreover we can rename the ptest images to
match OE-Core naming conventions for meta-oe/meta-perl/meta-python
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These were essentially duplicates of core-image-minimal, however
core-image-base is a better baseline for upper layers, so switched the
consumers of these images to use core-image-base
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recipe for TAYGA - an out-of-kernel stateless NAT64 implementation for Linux
Signed-off-by: Pawel Langowski <pawel.langowski@3mdeb.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Accepted was replaced with Backport in gatesgarth:
https://docs.yoctoproject.org/migration-guides/migration-3.2.html#miscellaneous-changes
* as detected with oe-core/scripts/contrib/patchreview.py:
meta-openembedded $ grep -A 3 Malformed *qa-patches
meta-gnome.qa-patches:Malformed Upstream-Status 'Malformed Upstream-Status in patch
meta-gnome.qa-patches-/OE/layers/meta-openembedded/meta-gnome/recipes-gnome/gnome-tweaks/gnome-tweaks/0002-meson-fix-invalid-positional-argument.patch
meta-gnome.qa-patches-Please correct according to https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#patch-upstream-status :
meta-gnome.qa-patches-Upstream-Status: Accepted [dc9701e187]' (/OE/layers/meta-openembedded/meta-gnome/recipes-gnome/gnome-tweaks/gnome-tweaks/0002-meson-fix-invalid-positional-argument.patch)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add two patches from Debian, pull requests proposed upstream as 2894 and 2895
to make it start only when board is online, and to fix dynamic websockets link failure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix a crash in ntpd if NTS is disabled and an NTS-enabled client request
(mode 3) is received. (CVE-2023-4012) #794https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* it has runtime dependency on mdio-netlink to satisfy:
RDEPENDS:${PN} = "kernel-module-mdio-netlink"
and mdio-netlink is MACHINE_ARCH because inherits module.bbclass
* fixes:
bitbake-diffsigs \
sstate-before/hammerhead-halium/cortexa8t2hf-neon-halium-webos-linux-gnueabi/mdio-tools/1.3.0.do_package_write_ipk.sigdata.1c175d042bd09e59c1329c51fba2569376f395ba79ee9adc62157ee91ad99e80 \
sstate-before/mako/cortexa8t2hf-neon-halium-webos-linux-gnueabi/mdio-tools/1.3.0.do_package_write_ipk.sigdata.4ad94062582b2cbbff07167598c1243aa18ff6c5cc23b3de8bce99081da500d8
Hash for task dependency mdio-netlink:do_packagedata changed from 759076223ccea58a05414b33bcc55c8d4b41a85c75ce56f2ba965004c422fd4c to b3c2ceee91dedb3b40f298d2efe09bbb7d3024f9ae93e83204233dcfd0a66459
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
Copyright: Update copyright date to end 2023 as appropriate
Add in OSCORE support
RIOT: Update to support latest libcoap code
Add BSD-3-Clause
Changelog:
===========
* Source files reformatted according to pre-commit rules.
* Support for RFC8613 (OSCORE).
* Support for RFC8974 (Extended Tokens).
* Support for RFC9177 (Q-Block).
* Support for latest RIOT code and new examples.
* Support for MinGW builds.
* Support for AF_UNIX sockets.
* Support for WebSockets (RFC8323).
* Support for IPv4 only and IPv6 only libcoap builds.
* Support for defining maximum logging level.
* Support for maintaining Observer requests over server restarts.
* Support for Contiki-NG.
* Support for latest LwIP, including using TinyDTLS.
* libcoap now has protocol layered support, separating out the
logical layers. Stack now is:-
- Application
- libcoap - CoAP
- libcoap - CoAP-Session
- libcoap - (D)TLS I/F using external (D)TLS Library
- libcoap - Netif
- libcoap - Sockets
- Kernel Network Stack
* Fixes CVE-2023-30362 and CVE-2023-35862.
* Reported bugs fixed.
* Examples now support separate logging levels for libcoap and (D)TLS.
* syslog LOG_ logging levels replaced with COAP_LOG_ logging levels.
* New public API functions to aid / reduce application coding.
* Remove requirement for applications to have sockaddr knowledge.
* Support for clients sending IPv4 broadcast requests.
* Documentation added and updated (Doxygen and man).
* Fix ABI version.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* lib-oauth2: Allow JWT tokens to be validated with missing typ field.
+ auth: Auth passdb and userdb reply can contain "event_<name>=value"
which will be added to login event and mail user event respectively.
+ lib-master: Set process title during various initialization stages to
clearly describe what the process is waiting on.
+ lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it
by 0..30% based on username's hash to reduce the chance of load spikes.
+ lib-storage: The temp file scan has been moved from the open of the
mailbox to the close, to reduce the latency perceived by users.
+ stats: If metric has fields specified, all these fields are
exported as counters to prometheus exposition.
- *-login: Processes might have crashed when a SSL connection disconnects
uncleanly.
- acl: When plugin was loaded \HasChildren and \HasNoChildren flags
were calculated incorrectly for mailboxes containing '*' and '%'
in their names.
- auth: Crash occured if a connection to PostgreSQL database server
failed during startup.
- auth: Logins with invalid passwords (e.g. unknown scheme) in passdb
were failing with "password mismatch" instead of "internal error".
- auth: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol
specific error message on all errors. This especially broke OIDC
discovery.
- dbox: When last_temp_file_scan header wasn't set (especially after
dsync migration), the next mailbox open always triggers the temp file
scan.
- dict-redis: A crash would occur on transaction rollback.
- dsync: Infinite loop causing out of memory would occur when handling
mailbox deletion from remote end and hierarchy separators would differ.
- dsync: Incremental dsync failed for folder names ending with '%',
unless BROKENCHAR was set. Also folder names with '%' elsewhere in
them caused each incremental dsync to unnecessarily rename the folder
to a temporary name and back. v2.3.19 regression.
- imap-hibernate: If an IMAP client unhibernation timed out with
"(version received)", the unhibernation could still have successfully
finished later on and continued working normally. This was rather
confusing, because imap-hibernate already logged that the client got
disconnected.
- imapc: Crashed when a folder mapped through the virtual plugin
disappears from the storage.
- imapc: EXPUNGE, EXISTS or FETCH replies from a server for a previously
selected mailbox could have been processed as if they belonged to the
new mailbox currently being selected.
- lib-http: Dovecot HTTP server (doveadm, stats/openmetrics) may have
disconnected HTTP clients before the response is fully sent. This
happened only on busy servers where kernel's socket buffers were
rather full.
- lib-http: Fixed a potential crash on http-server if a client
disconnected early. v2.3.18 regression.
- lib-index: Index file corruption could have caused a crash. Fixes:
Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set):
assertion failed: (min_file_seq <= max_file_seq).
- lib-index: Purging an existing >1GB cache file can crash. Now cache
files still above 1GB after purging are removed. Fixes:
Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset):
assertion failed: (offset < 0x40000000)
- lib-lua: A HTTP client could not resolve DNS names in mail processes,
because it expected "the dns-client" socket to exist in the current
directory.
- lib-oauth2: Dovecot would send client_id and client_secret as POST
parameters to the introspection server. These need to be optionally in
Basic auth instead.
- lib-oauth2: JWT aud validation was not performed if aud was missing
from a token, but was configured on Dovecot.
- lib-oauth2: JWT key type check was too strict.
- lib-oauth2: JWT token audience was not validated against client_id as
required by the specification.
- lib-ssl-iostream: Using the ssl_require_crl=yes setting may have caused
CRL check failures for outgoing SSL/TLS connections, although it was
supposed to affect checking CRLs only for client-side SSL
certificates. v2.3.17 regression.
- lib-sql: MySQL driver leaked memory when connection failed.
- lib-storage: Various fixes when running into out of disk space.
- master: Service idle_kill setting didn't work properly on busy
servers.
- mdbox: Temp file scan was done for always empty directories.
- mdbox: The fdatasync() call was done in wrong parent directory when
writing mails. Also on a failure it crashed instead of logging an error.
- notify_status: The plugin crashes if any user initialization fails.
- pop3: Sending command with the ':' character caused an assert-crash.
v2.3.18 regression. Fixes: Panic: event_reason_code_prefix(): name has ':'
- stats: Fix panic when a nonexistent event exporter was referenced while
adding a new metric dynamically via doveadm stats add.
- stats: If process exported a lot of events and then exited, some of
the last events may have become lost.
- stats: Invalid Prometheus label names were created with specific
histogram group_by configurations. Prometheus rejected these labels.
- welcome: The plugin didn't execute in some situations that created
INBOX but didn't open it.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
add EXTRA_CFLAGS to Fix reproducibility.
upstream fixed compilation on RHEL 9, which should be same problem fixed
with 0001-layer4-Change-order-of-include-files.patch. hence drop the
patch file.
3fd0c21e4f
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
The following vulnerabilities have been fixed:
wnpa-sec-2023-23 CBOR dissector crash. Issue 19144.
wnpa-sec-2023-24 BT SDP dissector infinite loop. Issue 19258.
wnpa-sec-2023-25 BT SDP dissector memory leak. Issue 19259.
wnpa-sec-2023-26 CP2179 dissector crash. Issue 19229.
The following bugs have been fixed:
TShark cannot capture to pipe on Windows correctly. Issue 17900.
Wireshark wrongly blames group membership when pcap capabilities are removed. Issue 18279.
Packet bytes window broken layout. Issue 18326.
RTP Player only shows waveform until sequence rollover. Issue 18829.
Valid Ethernet CFM DMM packets are shown as malformed. Issue 19198.
Crash on DICOM Export Objects window close. Issue 19207.
The QUIC dissector is reporting the quic_transport_parameters max_ack_delay with the title \"GREASE\" Issue 19209.
Preferences: Folder name editing behaves weirdly, cursor jumps. Issue 19213.
DHCPFO: Expert info list does not show all expert infos. Issue 19216.
Websocket packets not decoded and displayed for Field type=Custom and Field name websocket.payload.text. Issue 19220.
Cannot read pcapng file captured on OpenBSD and read on FreeBSD. Issue 19230.
UI: While capturing the Wireshark icon changes from green to blue when new file is created. Issue 19252.
Conversation: heap-use-after-free after wmem_leave_file_scope. Issue 19265.
IP Packets with DSCP 44 does not indicate "Voice-Admit" Issue 19270.
NAS 5GS Malformed Packet Decoding SOR transparent container PLMN ID and access technology list. Issue 19273.
UI: Auto scroll button in the toolbar is turned on when manually scrolling to the end of packet list. Issue 19274.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Some perl modules are required by ntptrace:
$ ntptrace
Can't locate lib.pm in @INC (you may need to install the lib module)
(@INC contains: /usr/lib/perl5/site_perl/5.36.0/x86_64-linux
/usr/lib/perl5/site_perl/5.36.0
/usr/lib/perl5/vendor_perl/5.36.0/x86_64-linux
/usr/lib/perl5/vendor_perl/5.36.0 /usr/lib/perl5/5.36.0/x86_64-linux
/usr/lib/perl5/5.36.0) at /usr/sbin/ntptrace line 10.
BEGIN failed--compilation aborted at /usr/sbin/ntptrace line 10.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vsomeip stack implements the http://some-ip.com/ (Scalable
service-Oriented MiddlewarE over IP (SOME/IP)) protocol.
The stack consists out of:
a shared library for SOME/IP (libvsomeip3.so)
a shared library for SOME/IP's configuration module
(libvsomeip3-cfg.so)
a shared library for SOME/IP's service discovery
(libvsomeip3-sd.so)
a shared library for SOME/IP's E2E protection module
(libvsomeip3-e2e.so)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* use BPN, BP where useful
* use prefix instead of hardcoding /usr
* add patch to search also in lib32 subdir of --with-libpcap value
to fix:
checking for libpcap... configure: error: "Unable to find matching library for header file in TOPDIR/BUILD/work/raspberrypi4_64-oemllib32-linux-gnueabi/lib32-tcpreplay/4.4.4-r0/lib32-recipe-sysroot/usr"
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
musl does not need _IO_stdin_used, since its not provided by toolchain
runtime ( crt files ) lld linker complains about undefined global symbol
on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes installed-vs-shipped QA issue with multilib:
ERROR: lib32-phodav-3.0-r0 do_package: QA Issue: lib32-phodav: Files/directories were installed but not shipped in any package:
/usr/lib/systemd
/usr/lib/systemd/system
/usr/lib/systemd/system/spice-webdavd.service
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
lib32-phodav: 3 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2023-3748:
A flaw was found in FRRouting when parsing certain babeld unicast hello
messages that are intended to be ignored. This issue may allow an
attacker to send specially crafted hello messages with the unicast flag
set, the interval field set to 0, or any TLV that contains a sub-TLV
with the Mandatory flag set to enter an infinite loop and cause a denial
of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3748
Patch from:
ae1e0e1fed
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
spice depends on spice-protocol, when IMAGE_INSTALL contains spice,
do_populate_sdk fails with the following error:
Error:
Problem: package libspice-server-dev-0.14.2+git0+7cbd70b931_4fc4c2db36-r0.core2_64 requires spice-protocol-dev, but none of the providers can be installed
- conflicting requests
- nothing provides spice-protocol = 0.14.4-r0 needed by spice-protocol-dev-0.14.4-r0.core2_64
(try to add '--skip-broken' to skip uninstallable packages)
For spice-protocol, it's a development package and all things are in
the dev package, so set ALLOW_EMPTY to fix the above error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The spice-vdagent needs to be running alongside qemu-guest-agent on
virtualizationguest systems that are using the spice protocol to
get seamless integration.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
phodav is a small webdav server, that was originally created as a tool to
provide folder sharing for spice but it can be used on a wider range
of applications.
It is usable e.g. in virt-viewer or gnome-boxes
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
Bug fixes::
-----------
* core: fix integer overflow when setting integer option with '++N' or '--N'
* core: fix increment/decrement of options weechat.notify.*
* irc: add missing tags on multiline messages (issue #1987)
* irc: fix redirection of command '/list' when the reply doesn't start with message 321 (start of /list)
* irc: fix wrong time displayed for CTCP messages received from self nick (issue #2000)
* logger: remove trailing empty line in display of backlog (issue #2002)
* perl: fix display of non-ASCII chars after load of a script with Perl >= 5.38 (issue #1996)
* script: adjust scroll after command '/script go N'
* scripts: fix function string_parse_size on 32-bit systems (python and ruby) (issue #1999)
* xfer: fix conversion of string to IPv4 on 32-bit systems (issue #1999)
Tests::
------------
* irc: fix tests on function irc_join_compare_join_channel (issue #1997)
* scripts: fix tests of functions print_date_tag, print_y_date_tags and hook_timer on 32-bit systems
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- add support for smartcard
- add missing rdepend on usbids
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-switch to meson buildsystem
-remove patches
-update dependencies
-fetch spice-common as a submodule
Major Changes in 0.15.2:
Really minor fix release, mainly to fix a distribution issue
Add missing file to distribution
Fix sound recording fix in case of buffer wrapping
Major Changes in 0.15.1:
Fix some compatibility issues with FreeBSD
Fix some minor issue with build
Improve packaging with Meson
Lot of C++ improves (clang-tidy)
Fix some compatibility with no-Glibc libraries (like Musl)
Fix minor leaks shutting down library
Add Doxygen file to distribution
Fix a longstanding issue related to surface updates where wrong surfaces were possibly used
Fix compatibility with OpenSSL 3
Updates and fixes for CI
Use more random connection IDs to fix possible issues with proxies
Major Changes in 0.15:
This is the first release in the new 0.15.x stable series. This release should
be ready for production use.
Minor updates to CI
Some compatibility with OpenSSL
Change the behavior of handle_dev_start ignoring multiple start requests
Ignore multiple calls to handle_dev_stop
Pick up newer spice-common to fix a buffer overflow issue
Major Changes in 0.14.91:
IMPORTANT
0.14.91 is the first release candidate for the stable 0.15.x series. While some
bugs might still be present, it should be reasonably stable. If you are looking
for stability for daily use, please keep using the latest 0.14.x release.
Support UNIX abstract sockets
Fix some potential thread race condition in RedClient
Many cleanups in the code
Improve migration test script
Update in protocol documentation
Improve Meson build
Removed CELT support
Update CI
Removed QXLWorker definition, it was deprecated 6 years ago
Fix some compatibility with MacOS
Fix some compatibility with Windows
Move the project to C++
Some fixes for SASL dealing with WebDAV
Fix minor Coverity reports
Add Doxygen support, manually built with "make doxy"
Support more mouse buttons (up to 16 buttons)
CVE-2020-14355 multiple buffer overflow vulnerabilities in QUIC decoding
code
Major Changes in 0.14.3:
Main changes are WebSocket and support for Windows.
Add support for WebSocket, this will allow to use spice-html5 without proxy
Support Windows, now Qemu Windows can be build enabling Spice
Fix some alignment problem
Converted some documentation to Asciidoc format to make easier to update,
updated some
Minor compatibility fix for PPC64EL and ARMHF
Minor fixes for big endian machines like MIPS
Avoid some crashes with some buggy guest drivers, simply ignore the invalid
request
Fix for old OpenSSL versions
Minor fix for Windows clients and brushes, fixed an issue with Photoshop
under Windows 7
Add ability to query video-codecs
Small use-after-free fix
Fix for debugging recording/replaying using QUIC images
Fix a regression where spice reported no monitors to the client
Fix DoS in spicevmc if WebDAV used
Updated and improved test migration script
Some minor fixes to smartcard support
Avoid possible disconnection using proxies using a in-flow keepalive
mechanism
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libcacard is a library that adds smartcard support to qemu and/or spice
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
