The current handling of /etc/resolv.conf by NM has some problems.
When networkd is not configuring network, and there's 'ip=dhcp'
in kernel command line, the /run/NetworkManager/resolv.conf file
is not created, resulting in /etc/resolv.conf being a dead symlink.
This is because NM is treating the network interface as externally
configured and will not try to reconfigure it again.
This means if we want NM to work properly with /etc/resolv.conf,
we've got to either ensure there's no 'ip=dhcp' in kernel command
line, or we've got to ensure networkd is configuring network. This
is weird because normally we should not enable two network managers
at the same time. Note that NM syncs part of its codes with networkd,
which is the reason I think it happens to work when these two network
configuration tools are configuring the same interface at the same
time.
In fact, NM now works well with resolved. It sends the DNS info it
gets to resolved unconditionally by default (the behavior could be
disabled in configuration file).
Looking at the original commit that sets up the update-alternatives
mechanism, it says:
"""
This brings the networkmanager in sync with how systemd-resolved and connman
work. Additionally this allows it to function with a read-only rootFS.
"""
I guess the author was using systemd but disabling resolved, and the author
wanted to use read-only rootFS. In order to keep such combination still works,
change to use PACKAGECONFIG to handle things, and when 'man-resolv-conf' is
enabled, the above combination could still work.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a8ebf23dde)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The kernel_add_regdb should run before do_compile to make it take
effect.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
(CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic
(CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and
ZRANDMEMBER
commands can lead to denial-of-service
Bug Fixes:
Avoid possible hang when client issues long KEYS, SRANDMEMBER,
HRANDFIELD,
and ZRANDMEMBER commands and gets disconnected by client output buffer
limit (#11676)
Fix sentinel issue if replica changes IP (#11590)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
(CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic
(CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and
ZRANDMEMBER
commands can lead to denial-of-service
Bug Fixes
Avoid possible hang when client issues long KEYS, SRANDMEMBER,
HRANDFIELD,
and ZRANDMEMBER commands and gets disconnected by client output buffer
limit (#11676)
Make sure that fork child doesn't do incremental rehashing (#11692)
Fix a bug where blocking commands with a sub-second timeout would block
forever (#11688)
Fix sentinel issue if replica changes IP (#11590)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This upgrade include fix for CVE-2022-3647
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This upgrade include fix for CVE-2022-3647
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The current location has no effect, because NetworkManager
is not looking for config files there.
In meson.build, we have:
nm_pkglibdir = join_paths(nm_prefix, 'lib', nm_name)
config_extra_h.set_quoted('NMLIBDIR', nm_pkglibdir)
It's clear that the configuration directory should be
nonarch_libdir instead of libdir.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 15893f46f8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Without this patch, even if dhcpcd is enabled, the NetworkManager
cannot find it. Below are the messages from NetworkMananger:
dhcp: init: DHCP client 'dhcpcd' not available
dhcp: init: Using DHCP client 'internal'
The problem is that dhcpcd needs to be specified as a path, otherwise
NetworkManager tries to find it in /usr/sbin/dhcpcd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 178123a006)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
When cleaning the package during rebuild in base_do_configure()
'make clean' deletes docs/dool.1. This files comes from source repository
but can't be recreated using 'make docs'.
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 19f28fb34e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It fails to install postfix and lib32-postfix at same time:
| Error: Transaction test error:
| file /etc/postfix/sample-main.cf conflicts between attempted installs of
lib32-postfix-cfg-3.7.3-r0.i586 and postfix-cfg-3.7.3-r0.core2_64
Rename sample-main.cf with ${MLPREFIX}.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b75c138a1c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
- Add smcroutectl batch support, issue #189. Based on the IPC support added in issue #185
- Fix#178: invalid systemd daemon type Simple/Notify vs simple/notify
- Fix#179: typo in wildcard routes section of README
- Fix#180: minor typo in file and directory names in documentation
- Fix#183: casting in IPC code hides error handling of recv()
- Fix#186: NULL pointer dereference in utimensat() replacement function.
Found accidentally by Alexey Smirnov. Only triggered on systems that don't
have a native utimensat() in their C-library, or if you try to build
SMCRoute without using its own build system ...
- Fix#187: strange behavior joining/leaving the same group
- Fix#192: typo in README
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit abc501113a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It currently ends up using native python3-config which adds native paths
to compiler includes which is not what we want.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aac23a0407)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It uses python3-config during build to grok the python specific
includedirs, therefore its important to ensure that target specific
python3-config is used, otherwise currently it defaults to native
python3-config which ends up adding native python3 include paths
which might work out ok but is exposed when target is 32bit + lfs
enabled, the headers don't match between native and target python
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c7fcebd05d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It uses python3-config during build to grok the python specific
includedirs, therefore its important to ensure that target specific
python3-config is used, otherwise currently it defaults to native
python3-config which ends up adding native python3 include paths
which might work out ok but is exposed when target is 32bit + lfs
enabled, the headers don't match between native and target python
and compile fails e.g.
| In file included from /mnt/b/yoe/master/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/volume-key/0.3.12-r0/recipe-sysroot-native/usr/include/python3.11/Python.h:38:
| /mnt/b/yoe/master/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/volume-key/0.3.12-r0/recipe-sysroot-native/usr/include/python3.11/pyport.h:601:2: error: "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| ^
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 44384179db)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes
| /mnt/b/yoe/master/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/aufs-util/4.9+gitAUTOINC+8f35db59ef-r0/recipe-sysroot-native/usr/bin/arm-yoe-linux-gnueabi/arm-yoe-linux-gnueabi-ld: rdu64.o: in function `readdir64':
| <unknown>:122: multiple definition of `readdir64'; rdu.o:<unknown>:122: first defined here
| /mnt/b/yoe/master/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/aufs-util/4.9+gitAUTOINC+8f35db59ef-r0/recipe-sysroot-native/usr/bin/arm-yoe-linux-gnueabi/arm-yoe-linux-gnueabi-ld: rdu64.o: in function `readdir64_r':
| <unknown>:139: multiple definition of `readdir64_r'; rdu.o:<unknown>:139: first defined here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c8e7f93867)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
Bugfixes:
- Add missing copyright notices
- Add Spyder X entry
- Document where to send patches
- Don't use exact floating point comparisons
- Drop option for removed reverse engineering tools
- Drop references to hughski.com
- Fix a small memory leak in sqlite3_exec()
- Fix typo in device-removed signal documentation
- Make introspection optional in meson
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 706cfeb250)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
===========
In auditd, release the async flush lock on stop
Don't allow auditd to log directly into /var/log when log_group is non-zero
Cleanup krb5 memory leaks on error paths
Update auditd.cron to use auditctl --signal
In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
In auparse, special case kernel module name interpretation
If overflow_action is ignore, don't treat as an error
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 01eb5561da)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Version 2.19.3, 2022-11-16
CVE-2022-43705: A malicious OCSP responder could forge OCSP responses due to a
failure to validate that an embedded certificate was issued by the end-entity
issuing certificate authority.
Signed-off-by: Chen Pei <cp0613@linux.alibaba.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2392dc7925)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
If protoc is enabled for the build, recipes using protobuf will
fail when protoc is not available in the recipe sysroot:
| The imported target "protobuf::protoc" references the file
|
| ".../recipe-sysroot/usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/usr/bin/protoc-3.21.5.0"
|
| but this file does not exist. Possible reasons include:
|
| * The file was deleted, renamed, or moved to another location.
|
| * An install or uninstall procedure did not complete successfully.
|
| * The installation package was faulty and contained
|
| ".../recipe-sysroot/usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/usr/lib/cmake/protobuf/protobuf-targets.cmake"
|
| but not all the files it references.
Use SYSROOT_DIRS to stage the binary to sysroot so it's always
available for other recipes.
Signed-off-by: Samuli Piippo <samuli.piippo@qt.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d7f46fa816)
* Drop Openssl legacy provider patch and install both binaries patch
which are already available in 16.x
* Refresh native binaries patch against 16.x base
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It fails to start radiusd.service from lib32-freeradius that the
configure directory is /etc/lib32-raddb rather than /etc/raddb. So add
an environment file to export a variable MLPREFIX for the service file
to make it start successfully.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 172c707251)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It depends on it, but it was being pulled in via glib-2.0
which now uses libpcre2
Fixes
TOPDIR/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/ettercap/0.8.3.1-r0/recipe-sysroot-native/usr/lib/libpcre.so: file not recognized: file format not recognized
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d8bc689ee7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libpcre is needed. glib-2.0 now uses libpcre2 instead of libpcre which
was indirectly satisfying this
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b08c4ab7c8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libpcre is needed. Previously, it's available because glib-2.0 depends
on it. Now glib-2.0 has been upgraded and it now depends on libpcre2.
So add this explicit dependency to fix the do_configure failure.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03708a875f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* http://ftp.mozilla.org/pub/mozilla.org now returns 404, but the SRC_URI still works without
"mozilla.org" directory
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 74f131ffe8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
After updating current poky master python3-fcntl is not installed
into my image anymore. Blueman-applet fails to run with
Error: No module named 'fcntl''Module fcntl not found'
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 25c3860701)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There is no need for these configs on their own and they would only mess
up the sechash and privdrop configs. To actually enable sechash one also
had to enable nss, and to enable privdrop one also had to enable libcap.
This also avoids passing --with-libcap if privdrop is enabled since the
option does not exist.
Change-Id: I64a49741f61385e87ddbc83b9e87213a6fc7668e
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Support for readline was dropped in Chrony 4.2. However, the
--disable-readline option still remains (it is used to completely ignore
all forms of command line editing, even though the only remaining
variant is editline). So keeping the readline PACKAGECONFIG and making
it pass --disable-readline when it is not enabled disabled support for
editline, and if it was enabled it instead passed --without-editline,
which also disabled support for editline. Thus there was no way to
enable editline support.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Changelog:
lregex: warn if mgroup= flag is not given in --mline-regex-<LANG>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e72998c004)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The main package is empty so it was not possible to install
dev package to sdk as it depends on main package.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8210e5904c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.1.4:
- count parameter can now go beyond 16-bit
- README.md is updated to describe how the module works in detail
- Linting issues have been fixed
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6b4f2590d8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
