Changelog:
============
* Fix bug that caused that challenge was incorrectly reused if invalid or expired.
* Add support for "data-ciphers-fallback" option.
* Add GUI support for "data-ciphers" option.
* Fix export for password connection type that was not exporting some fields.
* Fix mnemonics in editor's Identity - Advanced view
* Auth-dialog ported to GTK4
* Import certificates into the XDG_DATA_HOME directory.
* Update translations: Hindi, Slovenian, Catalan, Polish, Brazilian Portuguese, Ukrainian, Georgian,
Swedish, Hebrew, Russian and Danish.
* Skip release 1.12.1 because of a bug in the release pipeline.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
api: add support for handling DIOCTL_SET_INJECT_DROP
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Moved the iproute2 backend enablement into a new PACKAGECONFIG.
It is enabled to keep the current defaults. Added the explicit
runtime dependency on iproute2-ip (the "ip" command) which this
backend requires.
Added a new PACKAGECONFIG[dco] which enables the libnl backend,
which is mutually incompatible with iproute2 backend in OpenVPN.
With these:
PACKAGECONFIG:remove = "iproute2"
PACKAGECONFIG:append = " dco"
the data channel offload is enabled:
checking for LIBNL_GENL... yes
configure: Enabled ovpn-dco support for Linux
With Linux kernel 6.16 or newer, and CONFIG_OVPN enabled,
the data channel offload will be used.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Includes the provided service and defaults files for using the
tailscale daemon on systemd init machines.
Added the other kernel modules necessary for tailscaled to work
without warnings to RRECOMMENDS.
Tested with `core-image-minimal` under qemu with machines
`qemux86-64`, `genericx86-64` and `qemuarm64`. Ping
host on tailscale network using magicDNS host lookup.
Signed-off-by: Dean Sellers <dean@sellers.id.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add opencommands directive to select remote monitoring commands
- Add interval option to driftfile directive
- Add waitsynced and waitunsynced options to local directive
- Add sanity checks for integer values in configuration
- Add support for systemd Type=notify service
- Add RTC refclock driver
- Allow PHC refclock to be specified with network interface name
- Don’t require multiple refclock samples per poll to simplify filter configuration
- Keep refclock reachable when dropping samples with large delay
- Improve quantile-based filtering to adapt faster to larger delay
- Improve logging of selection failures
- Detect clock interference from other processes
- Try to reopen message log (-l option) on cyclelogs command
- Fix sourcedir reloading to not multiply sources
- Fix tracking offset after failed clock step
- Drop support for NTS with Nettle < 3.6 and GnuTLS < 3.6.14
- Drop support for building without POSIX threads
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixed issues like incompatible hash sections
it was added in 2009 [1], however these errors are
not seen in todays OE builds
On the contrary it regresses build with clang since
it rejects the options which results in some configure
test failures, resulting finally in build/compile failures
arm-yoe-linux-gnueabi-clang: warning: -Wl,-O1: 'linker' input unused [-Wunused-command-line-argument]
[1] https://git.openembedded.org/openembedded/commit/?id=07f750c6382476b799201b5ca47f93a5f7aa7e84
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jan Luebbe <jlu@pengutronix.de>
Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087
The framework directory has been changed into a git submodule.[1][2]
The recipe now uses Git Submodule Fetcher (gitsm)
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
[1] 8cf5666a17
[2] c90c6d8ff7
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Tailscale is a mesh VPN built on the WireGuard protocol.
On the client side, it includes a node agent (tailscaled)
and a client application for configuration (tailscale).
These components can be bundled into a single binary for
a more smaller total size, which is done in this recipe.
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Mark Bath <mark@baggywrinkle.co.uk>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-pki-Fix-signature-of-help-to-match-that-of-a-callbac.patch
0002-callback-job-Replace-return_false-in-constructors-wi.patch
0003-Cast-uses-of-return_-nop-and-enumerator_create_empty.patch
removed since they're included in 6.0.2
Changelog:
=============
- Support for per-CPU SAs (RFC 9611) has been added (Linux 6.13+).
- Basic support for AGGFRAG mode (RFC 9347) has been added (Linux 6.14+).
- POSIX regular expressions can be used to match remote identities.
- Switching configs based on EAP-Identities is supported. Setting
'remote.eap_id' now always initiates an EAP-Identity exchange.
- On Linux, sequence numbers from acquires are used when installing SAs. This
allows handling narrowing properly.
- During rekeying, the narrowed traffic selectors are now proposed instead of
the configured ones.
- The default AH/ESP proposals contain all supported key exchange methods plus
'none' to make PFS optional and accept proposals of older peers.
- GRO for ESP in enabled for NAT-T UDP sockets, which can improve performance
if the esp4|6_offload modules are loaded.
- charon-nm sets the VPN connection as persistent, preventing NetworkManager
from tearing down the connection if the network connectivity changes.
- ML-KEM is supported via OpenSSL 3.5+.
- The wolfssl plugin is now compatible to wolfSSL's FIPS module.
- The libsoup plugin has been migrated to libsoup 3, libsoup 2 is not supported
anymore.
- The long defunct uci plugin has been removed.
- Log messages by watcher_t are now logged in a separate log group ('wch').
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bump minimum cmake dialect to be 3.5+, this is an openwrt
component, which does not get many updates these days. Ideally
the cmake files for the project should be fixed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to mosquitto 2.0.21. Update the patch status for issue 2895 and create a
new patch for an issue introduced in 2.0.19 which causes connections to get down
when the clock is changed.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Appends -Wno-error=vla-cxx-extension to CXXFLAGS as a temporary workaround for the following Clang error:
sctpthread.cpp:95:18: error: variable length arrays in C++ are a Clang extension [-Werror,-Wvla-cxx-extension]
95 | uint8_t buffer[m_linkMtuSize];
| ^~~~~~~~~~~~~
An upstream fix has been proposed: https://github.com/mguentner/cannelloni/pull/82
Please remove this workaround once the upstream patch is merged or fixed in some other way. Make sure it is fixed in the new version.
- Drop 0001-include-bits-stdc-.h-only-when-using-libstdc.patch because already fixed in newer version.
Changelog:
https://github.com/mguentner/cannelloni/compare/v1.1.0...v2.0.0
Fix:
| CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix:
| CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix:
| CMake Error at CMakeLists.txt:27 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Drop 0001-Fix-build-with-gcc-15.patch because fixed in the newer version.
Changelog:
https://github.com/snort3/snort3/blob/3.9.1.0/ChangeLog.md
Fix:
| CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix:
| CMake Error at CMakeLists.txt:24 (CMAKE_MINIMUM_REQUIRED):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- decode: add check for ipv4 fragmentation for decode_ip
- example: added IP configs for other systems
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Make connection notifications transient
- StatusNotifierItem: announce children-display
- Manager: Hide bt status switch when PowerManager is not available
- Handling for new StatusNotifierWatcher
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===============
- Updated supported versions for 1.11.0
- Add FreeBSD package/port mention into README
- Fixed grammatical issues and corrected spelling errors in README.md
- Refactored timeout.h: added template ctr and removed redundant ctrs
- fix no-revoke.
- Resolve CURLOPT_SSL_OPTIONS issues
- fix: remove duplicate call in Session::prepareCommonDownload()
- Update To The Latest Clang-Tidy Version
- Enhance: Use unordered_map for CURL error mapping
- Public cpr::Session::GetSharedPtrFromThis
- Replace ubuntu:22.04 and ubuntu:23.04 with ubuntu:latest
- [BUG] Fix cpr::ssl:KeyBlob: Copy blob to curl
- Added handling no_proxy override through Proxies
- fix: let bad-host-tests pass when there is DNS error redirection
- Removed 1.9.x from the supported versions
- Replaced the secureStringClear mechanism with a SecureString class
- Clang-Tidy And cppcheck Fixes
- Getter function for Session::header_ to enable the user to read back all headers set and delete select ones
- Status code int32_t -> long
- Fix windows static library build parameter in CMakeLists.txt
- Fix Seg-fault when setting proxy username + password
- Add Session::RemoveContent()
- Cookie expires date is now only 100 days in the future
- add curl's ANY and ANSAFE authorization options
- Fixed memory leak in threadpool
- Add enforced HTTP/3
- Update README.md to add Bazel extension instructions
- feat: Use CMAKE_MSVC_RUNTIME_LIBRARY for runtime selection in MSVC
- Update CMakeLists.txt project version for 1.11.2 release
- Add std::to_string functionality for ErrorCode to ease human meaningful logging
- Make cpr::async and HTTP (Get, Post, Put, etc.) callbacks cancelable
- Refactor AsyncWrapper to make it safer
- Do Not Check For Sanitizers If They Are Not Enabled
- Fix usage for TLS v1.3 cipher
- Changed LowSpeed to use std::chrono
- Better OpenSSL headers include based on headers version.
- Ensure cpr::LowSpeed properties are cased to long for curl
- Implemented cpr::BodyView.
- Add primary_ip primary_port to Response
- Bump stefanzweifel/git-auto-commit-action from 5 to 6
- Load all certs in a CaBuffer
- WIP CURL 8.13 Support
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Issue was related to latest UNPACKDIR changes -> https://git.openembedded.org/openembedded-core/commit/?id=46480a5e66747a673041fe4452a0ab14a1736d5e
ERROR: autossh-1.4g-r0 do_compile: Execution of '/srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/autossh/1.4g/temp/run.do_compile.2252' failed with exit code 1
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Issue was related to latest UNPACKDIR changes -> https://git.openembedded.org/openembedded-core/commit/?id=46480a5e66747a673041fe4452a0ab14a1736d5e
WARNING: mdio-netlink-1.3.1-r0 do_populate_lic: Could not copy license file - [Errno 2] No such file or directory: '/srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/mdio-netlink/1.3.1/git/COPYING'
ERROR: mdio-netlink-1.3.1-r0 do_populate_lic: QA Issue: mdio-netlink: LIC_FILES_CHKSUM points to an invalid file: /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/mdio-netlink/1.3.1/git/COPYING [license-checksum]
WARNING: mdio-tools-1.3.1-r0 do_populate_lic: Could not copy license file - [Errno 2] No such file or directory: '/srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/mdio-tools/1.3.1/git/COPYING'
ERROR: mdio-tools-1.3.1-r0 do_populate_lic: QA Issue: mdio-tools: LIC_FILES_CHKSUM points to an invalid file: /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/mdio-tools/1.3.1/git/COPYING [license-checksum]
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Please see
https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265
for what changes are needed, and sed commands that can be used to make them en masse.
I've verified that bitbake -c patch world works with these, but did not run a world
build; the majority of recipes shouldn't need further fixups, but if there are
some that still fall out, they can be fixed in followups.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
samba-common installs a volatiles configuration file but had not been
calling populate-volatile.sh to apply the configuration. This causes
samba installation to fail on a running target due to missing
directories.
Call "populate-volatile.sh update" in samba-common's postinst which
creates the required directories and enables samba to work.
Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@emerson.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The current include file that stores the known non-reproducible packages
is layer dependent and that forces the user of the layers to maintain
the list of the files (for example, see AB config[0]).
By moving the exclude list to each layer.conf and extending the common
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES variable, the known non-reproducible
packages will be automatically excluded for each layer used in the
reproducibility test without any special knowledge in the test
environment.
NB: the empty list for meta-initramfs was just removed not moved.
[0]: https://git.yoctoproject.org/yocto-autobuilder-helper/tree/config.json?id=7d8933e75bdf7fb821a25617cb2dcabf1f3f8700#n322
Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Co-Developed-by: Guillaume Swaenepoel <guillaume.swaenepoel@smile.fr>
Signed-off-by: Guillaume Swaenepoel <guillaume.swaenepoel@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop backport of CVE-2024-0962.
Change summary for version 4.3.5:
* Support for wolfSSL TLS library.
* Support for DTLS1.3 (using wolfSSL).
* Support for Mbed TLS 3.6.0.
* Support for EC-JPAKE (Mbed TLS)
* TinyDTLS version update.
* Support for RIOT using SOCK i/f.
* Support for LwIP 2.2.0.
* Support for LwIP using NO_SYS set to 0.
* Support for (Posix based) Zephyr.
* Support for QNX builds.
* Support for ESP32 xtensa builds.
* Updated Contiki-NG support.
* Support for multi-thread safe libcoap usage.
* Support for defining binary PSK for coap-client and coap-server.
* Support for Connection-ID (CID) (Mbed TLS, wolfSSL and TinyDTLS).
* Added new define types for defining PKI parameters.
* Support for user definable ENGINE for OpenSSL.
* Support for using noTLS and TinyDTLS with WebSockets.
* Support for providing list of compilation #defines.
* Support for proxy code running within lbcoap.
* Cleaned up support for building .h files.
* Additional scan-build and pre-commit checks in build tests.
* Updated CI build tests to use latest action versions.
* Fixes CVE-2023-35862.
* Reported bugs fixed.
* Documentation added and updated (Doxygen and man).
License-Update: Updated years
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This dependency was removed in bridge-utils 1.2 back in 2006[1].
[1] bridge-utils 29cd6d997cacb9191d1f869ec83fc86045885527.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Copyright year updated to 2025
fix-openssl-no-des.patch
refreshed for 5.75
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
