Add missing kernel module dependencies, fix a script that is trying to
run python instead of python3, and add a patch that fixes a test (submitted
upstream).
There are 2 notes:
1. For the tests to succeed the kernel must be compiled with CONFIG_NFT_TPROXY
2. There is 1 testcase that seems to be flaky: 0002-persist testcase randomly
fails. When it is comparing the test output with the expected output, sometimes
there is a comment present, and sometimes there isn't. Couldn't get to the
bottom of this.
The second point is the reason why the recipe remains on the
PTESTS_PROBLEMS_META_NETWORKING list.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Install missing test files
2. Enable network access by setting a nameserver in resolv.conf
because some tests require this
3. One test tries to ping Google through IPv6 - this test requires
ipv6 DISTRO_FEATURE. In case ipv6 is not enabled, skip this test
from the run-ptest script.
NB: the last mentioned test to work also requires IPv6 support from
your ISP. My ISP is IPv4-only, and I couldn't try it out. The above
comes from my reading of the testcode.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tests execute and pass successfully - I managed to run them
successfully, without a change on x86-64 and aarch64.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
remove the following files which have the following license:
Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
This software may not be redistributed in any form without the prior
written consent of Network RADIUS.
src/modules/rlm_dpsk/rlm_dpsk.c
src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Convert systemd unit to use `-foreground` option removing the need for
the PID file. Also fix `Pending` Upstream-Status to make clear that
upstream doesn't take patches.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-fixes-for-gcc-15.patch
0002-allow-build-with-cmake-4.patch
removed since they're included in 1.6.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fetch the needed Git tag by using BB_GIT_SHALLOW_EXTRA_REFS. This fixes
the following autotools configuration error:
| build-aux/git-version-gen: WARNING: .gitarchivever doesn't contain valid version tag
| build-aux/git-version-gen: ERROR: Can't find valid version. Please use valid git repository, released tarball or version tagged archive
| configure.ac:22: error: AC_INIT should be called with package and version arguments
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
I removed the CVE_STATUS setting for CVE-2016-4983 when this recipe was
updated to 2.4.1-4 - but that was a mistake, the CVE database considers
(incorrectly) even the latest version as vulnerable.
Revert that mistake by adding back the correct CVE_STATUS to the recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop the "datacenter" PACKAGECONFIG, because it became obsolete:
"The --enable-datacenter compile time option is deprecated. Please modify the init script to pass -F datacenter to the daemons instead."
Note: grpc PACKAGECONFIG seems to be broken (it was broken in the previous version also).
At the first sight it looks that the application's Makefile enforces c++11 standard,
but abseil (which is a dependency of grpc) requires at least c++17.
Changelog:
10.4.1:
- bgpd: initialize local variable
- ospfd: Use after free cleanup of lsa
- vtysh: copy config from file should actually apply
- Revert PR #18358: BGP evpn testing and bug fixes related to non default EVPN backbone
- topotests: improve embedded RP test reliability
- lib, zebra: mark singleton nexthops inactive/active on link state changes for wecmp
- bgpd: LL next-hop capabilty fixes
- eigrp: validate hello packets and tlvs better
- bgpd: Fix compilation error in bgpd module: Update TP_ARGS for bgp
- bgpd: Ensure addpath does not withdraw selected route in some situations
- bgpd: [GR] fixed selectionDeferralTimer to display select_defer_time val
- bgpd: LL next-hop capabilty fixes (round 2)
- lib: compute link-state zapi message size
- zebra: Fix buffer overflows found by fuzzing.
10.4:
- BGP BFD Strict-Mode
- BGP Link-Local Next Hop Capability [draft-ietf-idr-linklocal-capability]
- BGP Transparent mode
- BGP Next Hop Dependent Characteristics Attribute [draft-ietf-idr-entropy-label]
- IGMP and MLD group/source limits
- PIM dense and sparse-dense mode support [RFC3973]
- IGMPv2/MLDv1 immediate leave
- v4-via-v6 nexthop support for static routes
- Timeout for vtysh
- Discover PREF64 in Router Advertisements [RFC8781]
10.3.2:
- bgpd: correct no form commands
- bgpd: fix to show exist/non-exist-map in 'show run' properly
- redhat: make FRR RPM build to work on RedHat 10
- build: check for libunwind.h, not unwind.h
- bgpd: use AS4B format for BGP loc-rib messages.
- bgpd: fix for the validity and the presence of prefixes in the BGP VPN table.
- bgpd: Force adj-rib-out updates if MRAI is kicked in
- zebra: Provide SID value when sending SRv6 SID release notify message
- bgpd: Fix crash when fetching statistics for bgp instance
- nhrpd: fix crash when accessing invalid memory zone
- zebra: Initialize RB tree for router tables
- zebra: fix null pointer dereference in zebra_evpn_sync_neigh_del
- zebra: fix stale NHG in kernel
- bgpd: Fix incorrect stripping of transitive extended communities
- lib: Fix no on-match goto NUM command
- bgpd: Fix extended community check for IP non-transitive type
- bgpd: Fix DEREF_OF_NULL.EX.COND in bgp_updgrp_packet
- lib: revert addition of vtysh_flush() call in vty_out()
- bgpd: Extract link bandwidth value from extcommunity before using for WCMP
- Use ipv4 class E addresses (240.0.0.0/4) as connected routes by default
- bfdd: Set bfd.LocalDiag when transitioning to AdminDown
- zebra: clean up a json object leak
- bgpd: Do not try to reuse freed route-maps
- lib: fix routemap crash
- bgpd: initialize local variable
- ospfd: Use after free cleanup of lsa
- vtysh: copy config from file should actually apply
- bgpd : Fix compilation error in bgpd module: Update TP_ARGS for bgp
- bgpd: Ensure addpath does not withdraw selected route in some situations
- lib, zebra: mark singleton nexthops inactive/active on link state changes for wecmp
- eigrp: validate hello packets and tlvs better
- bgpd: [GR] fixed selectionDeferralTimer to display select_defer_time val
10.3.1:
- Check valid babel port
- Fix incorrect type assignment in parse_request_subtlv
- Fix `set evpn gateway-ip ipv[46]` route-map
- Fix bmp heap use after free on non connected session
- Fix evpn attributes being dropped on input
- Fix holdtime not working properly when busy
- Fix leaked memory when showing some bgp routes
- Fixed crash upon bgp network import-check command
- On shutdown free up memory leak found by topotest
- Prevent crash when issuing a show rpki connections
- Remove unused defines from bgp_label.h
- Retain the routes if we do a clear with n-bit set for graceful-restart
- Set the label for mp_unreach_nlri 0x800000 instead of 0x000000
- Treat the peer as not active due to bfd down only if established
- Fix incorrect bestpath reasoning in some situations
- Fix show bgp vpn rd json
- Add total path count for bgp net in json output
- Fix import all adj-rib-in and loc-rib after bmp connects
- On shutdown prefix/access list memory was being leaked
- Fix srv6_sid memory leak
- Free up leaked prefix-list memory on shutdown
- Create vrf if needed
- Return duplicate ipv6 prefix-list entry test
- Return duplicate prefix-list entry test
- Add hop count validation before forwarding in nhrp_peer_recv()
- Disable and delete ospfv3 areas that no longer have interfaces or configuration.
- Fix lsa memory leaks related to graceful restart
- Fix crash when ospf client connects before doing 'router ospf'
- Fix for crash during networking restart
- Fix memory leak on shutdown
- Initialize gm proxy to false
- Make docs and rpki optional for rpm package build
- Make sure zeromq is always disabled
- Revert - Add option to build pkg without docs and rpki support
- Add Workaround for inet_ntop replacement which breaks rpms
- Avoid requesting srv6 sid from zebra when loc and sid block dont match
- Add more tests to bgp_rpki_topo1 test
- Add nb test binary to .gitignore
- Add route-map evpn set gateway-ip topotest
- Check if routes are marked as stale and retained with n-bit for gr
- Fix typo when configuring delayopen timer
- Fix wait times in test_ospf6_gr_topo1 topotest
- Use label 0x800000 instead of 0x000000 for bmp tests
- Use little-endian order for libyang api
- Fix reload script for srv6 locators and formats
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
After commit 1997d3d6c4 (net-snmp: Do not
pass LDFLAGS to compiler), some linker flags, like "-Wl,--as-needed",
appear too late on the linker command line. Backport a patch that
corrects the order of the arguments given to the linker.
Unfortunately, the patch is not enough. libtool reorders the arguments
given to libtool --mode=link so that any lib dependencies appear before
other linker arguments. Therefore it is needed to inject -Wl,--as-needed
on the linker command line that libtool produces.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh all patches.
ptest patches needed larger rework for new test testHeader.
License-Update: copyright years refreshed
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Devtool could not find latest versions before.
Download page [1] shows message
"Squid sources are released through GitHub. Please refer to the Releases
Page to find all released versions."
Note that also squid security advisories were moved to Github.
[1] https://www.squid-cache.org/Versions/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
this release addressed below CVE:
CVE-2025-41244
Drop 0001-Fix-build-when-compiling-with-std-c23.patch which have been
merged upstream.
Changelog:
https://github.com/vmware/open-vm-tools/releases
Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop 0001-fix-compiling-on-32-bit-systems.patch, and change to another
patch that solves the same issue in OE, but is more likely to be
adapted by upstream (after discussion with upstream in
https://github.com/pgpool/pgpool2/pull/128)
Shortlog: https://github.com/pgpool/pgpool2/compare/V4_5_5...V4_6_3
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
While working on it, also ignore CVE-2025-47711 and CVE-2025-47712.
Both vulnerabilities are fixed already (they were fixed before the
upgrade also, but there is no version-range associated with the CVE report).
CVE-2025-47711: e6f96bd1b7
CVE-2025-47712: a486f88d1e
Shortlog:
Merge branch '2025-optional-qemu-img' into 'master'
build: Check for qemu-img and disable some tests if not present
tests/curl: Skip test if 'disk' was not created
server/public.c: Use common/include parse_bool function
common/include: Extra bool parsing into a mini-library
docs: Shorter title and tweaks to the description
indexed-gzip: Include <stddef.h> to get ptrdiff_t
indexed-gzip: Move variable decl outside for loop
vddk: Sort synopsis into alphabetical order
ext2: Update docs since filter supports concurrent connections
docs: Move --short/--long-options to right place in synopsis
(origin/rhel-10.2) docs: Document how to probe for server command line options
server: Document --long-options and --short-options
docs/nbdkit-probing.pod: Rearrange synopsis to match description
server: Add --name parameter
docs: Fix bolding of --log=/path option
tests/test-python-plugin.py: Remove unused variables
python: Add binding for nbdkit_parse_bool
tests/test-python-plugin.py: Add name of test for test_parse_size
(tag: v1.45.6) Version 1.45.6.
Merge branch '2025-rounding' into 'master'
server/public.c: Use lrint() instead of implicit conversion to int
indexed-gzip: Fixes for 32-bit support
indexed-gzip: More editorially neutral content
Merge branch 'add-indexed-gzip-filter' into 'master'
Introduce index-gzip filter
Move unmodified index build/extract to ig_zran.h/c
Add serialize/deserialize fn for zran structs
Restructure zran.h, zran.c for use as library
Import zran.c/zran.h v1.6 (2 Aug 2024) from zlib
Merge branch '2025-delay-trigger' into 'master'
delay: Add new delay-trigger option
delay: Rearrange the options in alphabetical order in the documentation
tests/test-map.sh: Fix "nbd_pread: count cannot be 0: Invalid argument"
docs/nbdkit-client.pod: Document attaching NBD devices to QEMU VMs
docs/nbdkit-client.pod: Combine and rename "LIMITATIONS" section
Merge branch '2025-fix-golang-test' into 'master'
tests/test-golang-fork-warning.sh: Fix hanging test
Merge branch '2025-misc-fixes' into 'master'
tests: Use 'define script' in a few more places
tests: Modify make-pki and make-psk scripts to be atomic
tests: Define common functions for requiring TLS certs and PSK
tests/test-tls.sh: Remove unused export of pkidir
tests: Generate make-psk.sh
tests/make-psk.sh: Fix typo "pkstool" -> "psktool"
tests: Fix typo "An good" -> "A good"
map: Implement map-size feature
tests/test-at-file.sh: Fix srcdir != builddir
tests: Work around realpath error on BSDs
Merge branch '2025-eq-file' into 'master'
Merge branch '2025-server-debug' into 'master'
server: Use debug() instead of nbdkit_debug() consistently in the server
map: Refer to @PATH syntax in documentation
server: Add @PATH syntax
server/main.c: Factor out the function that parses key=value
server/main.c: Fix comment
server/main.c: Move key=value parsing to a new function
server/options.h: Reject empty string ("") as a short name
server/options.h: Add comment to is_short_name
server/main.c: Reject empty string as a plugin name or filter name
common: utils: Add const to <vector>_duplicate variable decls
data: Use new vector_append_array in a couple of places
map: Use new vector_append_array function instead of loop
common: utils: vector: Fix vector_uniq prototype and add a test
common: utils: vector: Add range functions for insert, append and remove
common: utils: vector: Prefer vector_reset over free()
Merge branch '2025-map-filter' into 'master'
New filter: map for remapping arbitrary blocks
common: utils: vector: Add new vector_uniq function
tests/functions: Factor out 2^63-1 constant used by a few tests
tests/test-cache-block-size.sh: Remove unused socket
data: Minor revisions to the documentation for clarity
full: Remove reference to equivalence of nbdkit-readonly-filter
tests/test-floppy.sh: Simplify this test
count: Add an example to the documentation
common/include/test-once.c: Further fixes for pthread_barrier_t
common/include/test-once.c: Skip test on macOS which lacks pthread_barrier_t
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For Samba's Active Directory Domain Controller functionality, it needs
to have python3-markdown listed as an RDEPENDS as well as a DEPENDS.
When trying to provision a domain with samba-tool without this change
then it will error out like:
$ samba-tool domain provision --realm=EXAMPLE.COM --domain=EXAMPLE \
--adminpass='YourPassword123!' --server-role=dc \
--dns-backend=SAMBA_INTERNAL --use-rfc2307
<snip>
Temporarily overriding 'dsdb:schema update allowed' setting
ERROR(<class 'ModuleNotFoundError'>): uncaught exception - No module named 'markdown'
File "/usr/lib/python3.13/site-packages/samba/netcmd/init.py", line 279, in _run
return self.run(*args, **kwargs)
~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/samba/netcmd/domain/provision.py", line 343, in run
result = provision(self.logger,
session, smbconf=smbconf, targetdir=targetdir,
...<16 lines>...
backend_store=backend_store,
backend_store_size=backend_store_size)
File "/usr/lib/python3.13/site-packages/samba/provision/init.py", line 2404, in provision
raise e
File "/usr/lib/python3.13/site-packages/samba/provision/init.py", line 2394, in provision
forest = ForestUpdate(samdb, fix=True)
File "/usr/lib/python3.13/site-packages/samba/forest_update.py", line 212, in init
from samba.ms_forest_updates_markdown import read_ms_markdown
File "/usr/lib/python3.13/site-packages/samba/ms_forest_updates_markdown.py", line 27, in <module>
import markdown
Signed-off-by: Andrew Bradford <andrew.bradford@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove obsolete CVE_STATUS variable: CVE-2016-4983 is marked for v2.3.
Drop 0001-not-check-pandoc.patch because it became obsolete, pandoc is
not used anymore.
Drop 1ccd5b54a408d12fce0c94ab0bbaedbb5ef69830.patch, because it is
included in this release.
Add a backported patch to fix compiling with musl.
Changelog:
2.4: https://github.com/dovecot/core/releases/tag/2.4.0
2.4.1: https://github.com/dovecot/core/releases/tag/2.4.1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This update contains a fix for CVE-2025-55763.
License-Update: copyright year bump to 2025.
Shortlog since last update:
5864b55a94...b6ef58f4c4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When enabling multilib with lib32, the radiusd will use etc file for lib32 as default
#systemctl status radiusd
......
/usr/sbin/radiusd -d /etc/lib32-raddb
It should be lib64 as default.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The project has switched to cmake since the last update.
The changelog is long, but there is a link:
https://github.com/znc/znc/blob/master/ChangeLog.md
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- dig wrapper function was broken since 2.1.2
- No longer send nslookup/dig stderr to /dev/null
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/appneta/tcpreplay/releases/tag/v4.5.2
Drop patches that have been merged upstream.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The patches were submitted to upstream, they are not pending anymore.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When compiling for 32-bit targets, two issues came to surface:
1. gcc was complaining that math.h is not included in snprintf, and some
calls were implicitly defined. Added a patch that includes the required
headers in snprintf.c file:
| snprintf.c: In function 'fmtfloat':
| snprintf.c:1232:13: error: implicit declaration of function 'isnan' [-Wimplicit-function-declaration]
| 1232 | if (isnan(value))
| | ^~~~~
| snprintf.c:50:1: note: include '<math.h>' or provide a declaration of 'isnan'
2. The code passes a time_t argument to a function that expects a long. This works for
64-bit targets, because on those usually time_t is long.
However on 32-bit systems time_t is usually long long, which makes compilation fail
with the following error:
| wd_json_data.c:540:66: error: passing argument 3 of 'json_get_long_value_for_key' from incompatible pointer type [-Wincompatible-pointer-types]
| 540 | if (json_get_long_value_for_key(root, "StartupTimeSecs", &wdNode->startup_time.tv_sec))
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
To account for this, add a new helper method in a patch that returns the required json value
as a time_t value.
The patches are in pending state, because the mailing list of the project is sufferring from
technical problems - when the site loads, sign up attempts throw internal server errors.
It is planned to submit the patches and to update the status once their infrastructure is back.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
- Memory allocation safety checks for event storage (thanks David.A for bug report)
- Fix off-by-one boundary check in seqmap code
- The minimum value for the period (-p flag) is now 0.001 milliseconds,
since it probably never makes sense to use a smaller value, and to avoid doing
a very large memory allocation for event storage.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The format selected is the automake "simple test" format: "result: testname".
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Fix bug that caused that challenge was incorrectly reused if invalid or expired.
* Add support for "data-ciphers-fallback" option.
* Add GUI support for "data-ciphers" option.
* Fix export for password connection type that was not exporting some fields.
* Fix mnemonics in editor's Identity - Advanced view
* Auth-dialog ported to GTK4
* Import certificates into the XDG_DATA_HOME directory.
* Update translations: Hindi, Slovenian, Catalan, Polish, Brazilian Portuguese, Ukrainian, Georgian,
Swedish, Hebrew, Russian and Danish.
* Skip release 1.12.1 because of a bug in the release pipeline.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
