| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
musl does not need _IO_stdin_used, since its not provided by toolchain
runtime ( crt files ) lld linker complains about undefined global symbol
on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Release Notes:
https://www.samba.org/samba/history/samba-4.18.6.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
* Introduce a new "link" setting that holds properties related to the
kernel link such as "tx-queue-length", "gso-max-size",
"gso-max-segments", "gro-max-size".
* Support sending a DHCPv6 prefix delegation hint via the
"ipv6.dhcp-pd-hint" connection property.
* Support new bond options: "arp_missed_max", "lacp_active",
"ns_ip6_target".
* Add new "initial-eps-bearer-configure" and "initial-eps-bearer-apn"
properties in the GSM setting.
* Setting "connection.stable-id=default${CONNECTION}" changed behavior to
be identical to the built-in default value when the stable-id is not set.
* Add a "[keyfile].rename" option to NetworkManager.conf to force renaming
profiles on disk when their name changes.
* The ifcfg-rh plugin is deprecated; it will only receive bugfixes and
no new features. A warning is emitted the log when a connection in
ifcfg-rh format is found.
* To automatically migrate existing ifcfg-rh connections to the
keyfile format, a new configuration option "main.migrate-ifcfg-rh"
is provided. Migration is disabled by default, but the default value
can be changed at build time via
"--with-config-migrate-ifcfg-rh-default=yes".
* When configuring hostnames in non-public TLD (like "example.local"), use
the TLD as default search domain instead of the full hostname.
* Always apply DNS options from the [global-dns] configuration section
* The NetworkManager daemon now acquires the D-Bus name only after
populating the D-Bus tree. This can add a delay during startup but
it is required to avoid race conditions with other services
depending on NM.
* Add a "version-id" argument to the Update2() D-Bus call to guard
against concurrent modifications of profiles.
* Don't use tentative IPv6 addresses to resolve the system hostname
via DNS.
* Track the number of autoconnect retries left for each device and
connection. Previously it was tracked only per connection and this
lead to unexpected behaviors in case of multiconnect profiles.
* Set VLAN filtering options on bridge via netlink instead of sysfs.
* nm-cloud-setup now supports IMDSv2 on Amazon EC2.
* nmtui now allows to enable or disable Wi-Fi and WWAN radios.
* Honor ignore-carrier=no for bond/bridge/team devices.
* Add version mismatch warning when running nmcli commands.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
No longer used in generating packages
Also creates a possible confusion with the recipe maintainer
name.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Conversion from CVE_CHECK_IGNORE to CVE_STATUS had some copy+paste
issues.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NFQ is the new and improved way to process iptables packets. Snort IPS
mode requires this module in some cases.
Before the patch:
$ snort --daq-list
Available DAQ modules:
pcap(v3): readback live multi unpriv
ipfw(v3): live inline multi unpriv
dump(v3): readback live inline multi unpriv
afpacket(v5): live inline multi unpriv
After the patch:
$ snort --daq-list
Available DAQ modules:
pcap(v3): readback live multi unpriv
nfq(v7): live inline multi
ipfw(v3): live inline multi unpriv
dump(v3): readback live inline multi unpriv
afpacket(v5): live inline multi unpriv
Also update 0001-correct-the-location-of-unistd.h.patch to fix build
with musl.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a security release in order to address the following defects:
CVE-2022-2127
CVE-2023-3347
CVE-2023-34966
CVE-2023-34967
CVE-2023-34968
Release Notes:
https://www.samba.org/samba/history/samba-4.18.5.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures that host tools like 'gen' are built for build host and not
target. internal bind build supplies its own options to configuring it,
where it does not pass --host option and as a result it does not deduce
it to be a cross compile and hence these variables are not set property
inside bind build
Fixes
| ./gen: /usr/lib/libc.so.6: version `GLIBC_2.38' not found (required by ./gen)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Release Notes:
https://www.samba.org/samba/history/samba-4.18.4.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add systemd unit file snort.service.
Reference: https://salsa.debian.org/lts-team/packages/snort/-/blob/debian/buster/debian/snort.service.example
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
* Add support for ppp 2.5.0.
* Fix nft rules for balance-slb bonding.
* Support port priority for bonding.
* Fix regression handling the PKEY_ID for infiniband profiles
in ifcfg-rh format.
* Fix race in nm-cloud-setup that caused partial configuration
and loss of connectivity with multiple interfaces.
* Don't touch "net.ipv6.conf.$IFACE.forwarding" unless explicitly
required for IPv6 sharing.
* Various bugfixes related to team, Wi-Fi P2P, IPv6LL.
* Automatically unblock autoconnect of profiles during reapply.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Version 3.4.0 adds a lot of improvements and fixes (a notable one
being initial support for PKCS7 CMS), but since this is a pretty
big jump, let's keep both versions for a while, so the v2.x users
can upgrade to 3.x in a timely manner if needed.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
This fixes the commit 1f04864065ec1cbd4b835ad47cbc50ff6ebc8e30.
The correct DISTRO_FEATURE is gobject-introspection-data.
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
CCFLAGS is used in Make rules which will ensure file remapping options
are used when compiling
Fixes
WARNING: vlan-1.9-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/vconfig.vlan in package vlan-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The build of NM involves running Python that uses PyGObject, so add that
to DEPENDS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This project uses gobject-introspection, so depend on the DISTRO_FEATURE.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
dhcp-relay contains a bundled bind thus their development packages
conflict each other.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Enable it only if ppp is in distro features
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Integration of the OpenConnect VPN client to the NetworkManager
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fortinet SSLVPN support for NetworkManager
https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
A client for PPP+SSL VPN tunnel services, compatible with Fortinet VPNs.
https://github.com/adrienverge/openfortivpn
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
* Emit the dhcp-change dispatcher event also after a lease renewal.
* Fix assertion failure on DHCP renewal.
* Add support for EC2 IMDSv2 in nm-cloud-setup.
* Allow setting tunnel flags for ip6gre & ip6gretap connection
profiles.
* Improve the Wi-Fi hotspot functionality.
* Fix setting the Wi-Fi roaming policy based on the number of seen
BSSIDs.
* Support the "no-aaaa" resolv.conf option.
* Some oFono fixes.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
* do_populate_lic as well as do_configure fails in multilib builds, because S points to empty:
lib32-restinio/0.6.13-r0/lib32-restinio-0.6.13/dev
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Fix build with upcoming autoconf 1.16.3
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Correct "startline=" to "beginline=" in LIC_FILES_CHKSUM so that the
correct lines from autossh.c and daemon.h are used. Also remove
autossh.spec from LIC_FILES_CHKSUM as it doesn't really contain any
license information.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Release Notes:
https://www.samba.org/samba/history/samba-4.18.1.html
This is a security release in order to address the following defects:
CVE-2023-0225
CVE-2023-0922
CVE-2023-0614
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-configure-check-for-ns_get16-and-ns_get32-as-well.patch
Fixed-build-error-on-musl.patch
removed since they're included in 0.9.2.
Changelog:
==========
- adenroll: set password via LDAP instead Kerberos [#27]
- disco: fall back to LDAPS if CLDAP ping was not successful [#31]
- tools: replace getpass() [#10]
- adenroll: write SID before secret to Samba's db [rhbz#1991619]
- doc: add clarification to add-member command on doc/adcli.xml
- tools: Set umask before calling mkdtemp()
- Avoid undefined behaviour in short option parsing
- library: include endian.h for le32toh
- man: Fix typos and use consistent upper case for some keywords
- doc: avoid gnu-make specific usage of $< [#26]
- configure: check for ns_get16 and ns_get32 as well [rhbz#1984891]
- Add setattr and delattr options [rhbz#1690920]
- entry: add passwd-user sub-command [rhbz#1952828]
- Add dont-expire-password option [rhbz#1769644]
- build: add --with-vendor-error-message configure option [rhbz#1889386]
- tools: add show-computer command [rhbz#1737342]
- add description option to join and update [rhbz#1737342]
- Use GSS-SPNEGO if available [rhbz#1762420]
- add option use-ldaps [rhbz#1762420]
- tools: disable SSSD's locator plugin [rhbz#1762633]
- doc: explain required AD permissions [gfo#20]
- computer: add create-msa sub-command [rhbz#1854112}
- Add account-disable option [gfo#21]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Results:
$ ptest-runner mbedtls
START: ptest-runner
2023-03-20T08:11
BEGIN: /usr/lib/mbedtls/ptest
PASS: test_suite_aes.cbc
PASS: test_suite_aes.cfb
PASS: test_suite_aes.ecb
PASS: test_suite_aes.ofb
PASS: test_suite_aes.rest
PASS: test_suite_aes.xts
PASS: test_suite_arc4
PASS: test_suite_aria
PASS: test_suite_asn1parse
PASS: test_suite_asn1write
PASS: test_suite_base64
PASS: test_suite_bignum.generated
PASS: test_suite_bignum.misc
PASS: test_suite_blowfish
PASS: test_suite_camellia
PASS: test_suite_ccm
PASS: test_suite_chacha20
PASS: test_suite_chachapoly
PASS: test_suite_cipher.aes
PASS: test_suite_cipher.arc4
PASS: test_suite_cipher.aria
PASS: test_suite_cipher.blowfish
PASS: test_suite_cipher.camellia
PASS: test_suite_cipher.ccm
PASS: test_suite_cipher.chacha20
PASS: test_suite_cipher.chachapoly
PASS: test_suite_cipher.des
PASS: test_suite_cipher.gcm
PASS: test_suite_cipher.misc
PASS: test_suite_cipher.nist_kw
PASS: test_suite_cipher.null
PASS: test_suite_cipher.padding
PASS: test_suite_cmac
PASS: test_suite_constant_time
PASS: test_suite_constant_time_hmac
PASS: test_suite_ctr_drbg
PASS: test_suite_debug
PASS: test_suite_des
PASS: test_suite_dhm
PASS: test_suite_ecdh
PASS: test_suite_ecdsa
PASS: test_suite_ecjpake
PASS: test_suite_ecp
PASS: test_suite_entropy
PASS: test_suite_error
PASS: test_suite_gcm.aes128_de
PASS: test_suite_gcm.aes128_en
PASS: test_suite_gcm.aes192_de
PASS: test_suite_gcm.aes192_en
PASS: test_suite_gcm.aes256_de
PASS: test_suite_gcm.aes256_en
PASS: test_suite_gcm.camellia
PASS: test_suite_gcm.misc
PASS: test_suite_hkdf
PASS: test_suite_hmac_drbg.misc
PASS: test_suite_hmac_drbg.nopr
PASS: test_suite_hmac_drbg.no_reseed
PASS: test_suite_hmac_drbg.pr
PASS: test_suite_md
PASS: test_suite_mdx
PASS: test_suite_memory_buffer_alloc
PASS: test_suite_mps
PASS: test_suite_net
PASS: test_suite_nist_kw
PASS: test_suite_oid
PASS: test_suite_pem
PASS: test_suite_pk
PASS: test_suite_pkcs12
PASS: test_suite_pkcs1_v15
PASS: test_suite_pkcs1_v21
PASS: test_suite_pkcs5
PASS: test_suite_pkparse
PASS: test_suite_pkwrite
PASS: test_suite_poly1305
PASS: test_suite_psa_crypto
PASS: test_suite_psa_crypto_attributes
PASS: test_suite_psa_crypto_driver_wrappers
PASS: test_suite_psa_crypto_entropy
PASS: test_suite_psa_crypto_generate_key.generated
PASS: test_suite_psa_crypto_hash
PASS: test_suite_psa_crypto_init
PASS: test_suite_psa_crypto_metadata
PASS: test_suite_psa_crypto_not_supported.generated
PASS: test_suite_psa_crypto_not_supported.misc
PASS: test_suite_psa_crypto_op_fail.generated
PASS: test_suite_psa_crypto_op_fail.misc
PASS: test_suite_psa_crypto_persistent_key
PASS: test_suite_psa_crypto_se_driver_hal
PASS: test_suite_psa_crypto_se_driver_hal_mocks
PASS: test_suite_psa_crypto_slot_management
PASS: test_suite_psa_crypto_storage_format.current
PASS: test_suite_psa_crypto_storage_format.misc
PASS: test_suite_psa_crypto_storage_format.v0
PASS: test_suite_psa_its
PASS: test_suite_random
PASS: test_suite_rsa
PASS: test_suite_shax
PASS: test_suite_ssl
PASS: test_suite_timing
PASS: test_suite_version
PASS: test_suite_x509parse
PASS: test_suite_x509write
PASS: test_suite_xtea
DURATION: 83
END: /usr/lib/mbedtls/ptest
2023-03-20T08:13
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-libnm-std-aux-Adjust-signature-of-_nm_assert_fail_in.patch
removed since it's not available in 1.42.4
Changelog:
==========
* Fix a possible crash when [global-dns] is used and improve the
documentation.
* Documentation improvements.
* Add build option to set the mobile-broadband-provider-info database
path.
* Add new "ipv[46].replace-local-rule" setting to control whether to
remove the local route rule that is automatically generated.
* Add the DHCPv6 IAID to the lease information exposed in /run and on
D-Bus.
* Fix assuming team connections at boot.
* Fix race condition when setting the MAC address of an OVS interface.
* Fix constructing the IPv4 name servers variable passed to dispatcher
scripts.
* Don't use tentative IPv6 address to resolve the system hostname via DNS.
* Deprecate the "Master" property of the NMActiveConnection D-Bus object
in favor of the new "Controller" property.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Release Notes:
https://www.samba.org/samba/history/samba-4.18.0.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add UPSTREAM_CHECK_GITTAGREGEX to check the correct latest stable
verison.
Before the patch:
$ devtool latest-version freeradius
INFO: Current version: 3.0.26
INFO: Latest version: 4.0.0
INFO: Latest version's commit: 8b5bff2d8a2cd2be1da58a417787d907c7a5d8f1
4.0.0 is not a stable version tag[1].
After the patch:
$ devtool latest-version freeradius
INFO: Current version: 3.0.26
INFO: Latest version: 3.2.2
INFO: Latest version's commit: b9ed73ef2d2628fa6e2a6d15a7782f8217966be0
[1] https://github.com/FreeRADIUS/freeradius-server/tags
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
As mbedtls installs this rather generically-named /usr/bin/hello binary,
it conflicts with the one provided by lmbench, hence set it up as an
alternative to avoid conflicts when both are installed to rootfs or SDK.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
from oe-core
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
* Convert repo to git
* Remove sig unsafe functions from signal handler (Ticket #22).
* Allow -e to explicitly specify the environment variable to use
(Ticket #5).
* Unset the variable specified with -e before calling subprogram
(Ticket #25).
* Change the logic for setting a controlling TTY. Fixes compatibility
issues with OpenSolaris and MSYS/Cygwin. Thanks Marcin Olszewski for
the fix.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
__assert_fail signature is assuming glibc which is fine for glibc
systems but we have to consider musl case too.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
* Added support for source load balancing for Ethernet Bonds.
* Allow specifying vhost name (SNI) for a manually DNS-over-TLS server.
Only works with systemd-resolved plugin.
* Connections can now be activated on a loopback interface.
* Added support of IPv4 ECMP routes. The ECMP routes will get merged
automatically but the user need to configure them as single-hop routes
specifying a valid weight.
* Add new "reapply" dispatcher event.
* Added support of VTI and VTI6 ip-tunnels along with a new property,
"ip-tunnel.fwmark".
* VLAN can now support 802.1ad tagging instead of 802.1Q.
* Invocations of iptables now use "--wait 2" to handle races with concurrent
calls. This fixes misbehavior with IPv4 shared mode.
* The DHCP client-id and DHCPv6 DUID are now exposed along with the lease
information.
* Optionally suppress adding direct route to an external VPN gateway
with the new "ipv[46].auto-route-ext-gw" property.
* Open vSwitch support gained new properties: "ovs-dpdk.n-rxq-desc",
"ovs-dpdk.n-txq-desc", "ovs-interface.ofport-request" and
"ovs-port.trunks".
* Added support of "other_config" for OVS bridge, port or interface. This
property is not supported by nmcli.
* nmtui now supports editing Wi-Fi WPA-Enterprise, Ethernet with 802.1X
authentication and MACsec connection profiles.
* nmcli now allows changing "connection.uuid" and "connection.type"
properties in offline mode and setting the UUID when creating a
connection.
* nmcli now accepts abbreviations for the UUID with the connection selector
in `nmcli connection $operator uuid $uuid`.
* DHCPv6 leases are now declined when addresses fail DAD.
* Documentation improvements.
* Many internal improvements and bug fixes.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add a missing runtime dependency on python3-ctypes
Add a polkit rule to allow users of group wheel to use blueman without authentification
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
This helps clang to not warn about this variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Release Notes:
https://www.samba.org/samba/history/samba-4.17.5.html
Drop 0007-waf-Fix-errors-with-Werror-implicit-function-declara.patch
as the issue has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Arm Trusted Firmware uses a list of mbedtls source files/headers to build
a static library used for crypto functionality:
https://github.com/ARM-software/arm-trusted-firmware/blob/master/drivers/auth/mbedtls/mbedtls_common.mk#L10
At the moment, any ATF version that wants to build with yocto and enable
for example secure boot, needs to download and patch a version of mbedtls
separately, e.g. :
https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb#n10
This commit enables a simple way for ATF recipes to use the existing oe
version of mbedtls by adding it as a dependency, and simply extending the
build flags with:
EXTRA_OEMAKE += 'MBEDTLS_DIR="${STAGING_DATADIR}/mbedtls-source"'
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) can recover an RSA private key after observing the victim
performing a single private-key operation, if the window size
(MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
https://nvd.nist.gov/vuln/detail/CVE-2022-46393
Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
