| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
NetworkManager should only be licensed under LGPL 2.1 or higher. But as far as
I understand, the process is not finished yet and some codes are still under
GPL-2.0.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/RELICENSE.md
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Allow to compile nmcli with libedit (alternative to gplv3 readline)
- Support iwd as well as wpa-supplicant for wifi
- Make vala build-time dependency optional
- Split all plugins into packages. By default all packages are installed
acc. to features in the PACKAGECONFIG but it's now possible to build
images where only some plugins are installed.
- Move FILES:networkmanager to last position to increase the FILES
priority of other packages.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- Switch to meson build-system
- Removed 0003-install-firewalld-to-var-libdir-rather-than-hardcod-.patch
nm-shared.xml gets installed into /usr/lib/firewalld/zones where also
firewalld installs its xml files. Not 100% sure this is as it was
before but it seams to be consistent with firewalld.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Forward port 0002-add-an-option-to-specify-iptables-location.patch
Use distutils3, since it still needs it [1]
[1] https://git.launchpad.net/ufw/tree/setup.py#n28
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
COPYING.LGPL:
Two blank lines were deleted.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Overview of changes since NetworkManager-1.34
=============================================
* The handling of Layer 3 configurations has been substantially reworked.
While this is mostly internal change, it results in more robust
behavior when addressing information from multiple sources (DHCP,
manually configured, VPN) need to be applied simultaneously.
Overall performance and memory use have also slightly improved.
* Manually configured addresses can no longer expire even if the same
addresses are also obtained dynamically.
* Code for systemd-based DHCP and DHCPv6 clients has been updated from
upstream.
* NTP servers obtained via DHCPv6 are now exposed on the DBus API, visible
in nmcli and available for use by dispatcher scripts.
* 5G NR (New Radio) modems are now supported.
* The "rd.znet_ifnames" kernel command line option is now honored on
network bootups on an IBM s390 platform.
* Wi-Fi P2P support does now work with the IWD backend, in addition to
wpa_supplicant backend.
* Support for special route types have been added: "prohibit", "blackhole"
and "unreachable".
* Routes managed by routing daemons are now ignored. This is done to
address a performance bottleneck on specialized routers.
* Handling of IP addressing and routing information is now slightly
more efficient and uses less memory. This is apparent on systems with
large amount of IP configuration information.
* It is now possible to start NetworkManager without root user privileges.
This is experimental doesn't necessarily result in a working daemon.
NetworkManager service already drops many of capabilities available
to the root user.
* WPA3 Wi-FI network security have been improved by enabling new H2E (hash
to element) method for generating SAE password element.
* It is now possible to select the default Wi-Fi backend (wpa_supplicant or
IWD) at build-time.
* Replies from broken DHCP servers that send duplicate address or mask
options are now handled gracefully.
* Bridge support has gained the possibility of turning off MAC ageing.
* "configure-and-quit" mode and nm-iface-helper have been removed.
* A number of bugs that could cause NetworkManager to crash in rare
conditions have been fixed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
this puts python3-nose away from default requirements, nose dependency
should eventually be removed and perhaps converted to pytest
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
refresh patches for 0.104:
0001-Makefile-do-not-use-Werror.patch
0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch
0001-parse-nm-fix-32bit-format-string.patch
removed since it's included in 0.104
Changelog:
=========
Enable embedded-switch-mode setting on SmartNICs (#253)
Permit multiple patterns for the driver globs in match (#202), LP#1918421
Improve routing capabilities (#248), LP#1892272, LP#1805038
Support additional link offload options for networkd (#225) (#242), LP#1771740
Consolidate enum-to-string arrays (#230)
Handle differing ip6-privacy default value for NetworkManager (#263)
YAML state tracking (--state rootdir) for DBus API and netplan try (#231), LP#1943120
Support ConfigureWithoutCarrier (ignore-carrier) for networkd (#215)
Move primary git branch master to main
Documentation improvements (#226)
Compatibility for glib-2.70 (#235)
Cleanup Makefile, install only public headers
Improve test reliability & enable integration testing CI for autopkgtests
Netplan get to use the libnetplan parser (#252)
libnetplan:
- introduce the notion of NetplanState (#232)
- use an explicit parser context (#233)
- expose coherent generator APIs (#239)
- improve overall error handling (#234)
- consolidation of YAML parsing into the library (#241, #249, #250, #251)
Restrict the symbol export to a determined public API (#227)
- WARNING: We dropped some internal symbols from the API that we know
have no external consumers (that we are aware of)
- 0.103: _serialize_yaml, contains_netdef_type, tmp, validate_default_route_consistency
- 0.102: cur_filename, netplan_netdef_new
- 0.100: address_option_handlers, is_hostname, validate_ovs_target, wireguard_peer_handlers
- 0.99: current_file, is_ip4_address, is_ip6_address, missing_id,
missing_ids_found, parser_error, validate_backend_rules, validate_netdef_grammar,
yaml_error
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fixes:
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:125: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:126: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:128: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:129: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:130: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-graphics/ttf-fonts/ttf-mplus_027.bb:18: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio-paranoia_10.2+2.0.1.bb:21: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio_2.1.0.bb:28: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1342: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \-
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1344: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1345: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1348: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1350: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1353: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1355: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1358: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1360: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1365: DeprecationWarning: invalid escape sequence \.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Fixes
ERROR: QA Issue: /usr/sbin/dhcrelay contained in package dhcp-relay requires libisccfg.so.163, but no providers found in RDEPENDS:dhcp-relay? [file-rdeps]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is a security release in order to address the following defects:
CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.
https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- Upgrade license hash due to whitespace changes
- refresh patch 1571.patch
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Fixes build with clang14
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
* initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6".
* core: better handle sd-resolved errors when resolving hostnames.
* nmcli: fix import WireGuard profile with DNS domain and address
family disabled.
* ndisc: send router solicitations before expiry.
* policy: send earlier the ip configs to the DNS manager.
* core: support linking with LLD 13.
* wireguard: importing wg-quick configuration files with nmcli
no longer sets a negative, exclusive "dns-priority". This plays
better with common split DNS setups that use systemd-resolved.
Adjust the "dns-priority" to your liking after import yourself.
* NetworkManager no longer listens for netlink events for traffic
control objects (qdiscs and filters).
* core: add internal nm-priv-helper service for separating privileges
and have a way to drop capabilities from NetworkManager daemon.
* bond: add support for setting queue-id of bond port.
* dns: support configuring DNS over TLS (DoT) with systemd-resolved.
* nmtui: add support for WireGuard profiles.
* nmcli: add aliases `nmcli device up|down` beside connect|disconnect.
* conscious language: Deprecate 'Device.Slaves' D-Bus property in favor of new
'Device.Ports' property. Depracate 'nm_device_*_get_slaves()' in favor of
'nm_device_get_ports()' in libnm.
* nmcli: invoking nmcli command without arguments will now show 'default'
instead of null address in route4 or route6 section.
The following changes were backported to 1.32.x releases between 1.32.0
and 1.32.12 are also present in NetworkManager-1.34:
- 1.32.12:
* Fix wrong order of addresses when restarting NetworkManager.
* Preserve the IPv6 ff00::/8 route added by kernel in the local table,
necessary for multicast communication.
* Fix emitting the signal for changed metered status of devices.
* Fix applying the ethtool autonegotiation and speed settings.
* initrd: fix crash parsing plain '=' without key.
* cloud-setup: use suppress_prefixlength rule to honor
non-default-routes in the main table.
- 1.32.10:
* core: fix the order of IPv6 addresses changing on service restart.
* initrd: add command line option to configure link autonegotiation
and speed.
* ifcfg-rh: fix crash when parsing invalid DNS address.
* ifcfg-rh: extend ifup/ifdown scripts to work with connection profile
names.
* udev: also react to "move" (and "change") udev actions in our rules.
- 1.32.8:
* firewalld: configure zones on "Reloaded" signal.
* core: fix wrong MTU for bridge interfaces.
* cloud-setup: fix gateway address for Aliyun cloud.
- 1.32.6:
* core: fix adding stale local routes when address changes.
* initrd: tag generated profiles with origin in user data.
* core: introduce "allowed-connections" option to disallow
profiles on a device. This allows to filter out profiles
that originate from initrd.
* core: introduce "keep-configuration" device option to forcefully
activate a profile on start.
* dhcp: handle filename/bootfile_name DHCP option and write it to
device state file for initrd/kickstart.
* initrd: add "ib.pkey=" command line option
- 1.32.4:
* core: remove stale entries from "seen-bssids" and "timestamp"
files in "/var/lib/NetworkManager".
* bond: support the peer_notif_delay option.
* core: add ipv[46].required-timeout option to wait for IP
configuration while activating.
* core: send ARP announcements when there is carrier.
* core: start DHCPv6 when a prefix delegation is needed for shared
mode.
* firewall: fix nftables backend to create "ip" table for
IPv4 only.
* initrd: set required-timeout of 20 seconds for default IPv4 configuration
to opportunistically wait for IPv4.
* ifcfg: log warning about invalid keys in ifcfg files.
* ifcfg: reject non-UTF-8 from ifcfg files.
* nmcli: show DNS SEARCH field in device information.
* cloud-setup: add support for Aliyun cloud.
- 1.32.2:
* hostname: prefer IPv4 addresses for reverse DNS lookup.
* dhcp: ignore unauthenticated FORCERENEW messages with
internal, systemd-based DHCPv4 plugin (CVE-2020-13529).
This plugin is not used, unless the undocumented dhcp=systemd
option was set.
* cloud-setup: preserve IP addresses, routes and rules from
currently active connection profile.
* Various bugfixes and performance improvements.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2.2.3:
Bugs fixed
Recent connections disabled after suspend and resume
Service authorization notifications did not respond
Passkeys did not get displayed
2.2.2:
Bugs fixed
Issues with power level bars
Error message in blueman-mechanism
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
There have been a few regressions in the security release 4.14.10:
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
PLEASE [RE-]READ!
The instructions have been updated and some workarounds
initially adviced for 4.14.10 are no longer required and
should be reverted in most cases.
o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable. While this release should fix this bug, it is
adviced to have a look at the bug report for more detailed
information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
Changes since 4.14.10
---------------------
* BUG 14878: Recursive directory delete with veto files is broken.
* BUG 14879: A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory.
* BUG 14656: Spaces incorrectly collapsed in ldb attributes.
* BUG 14694: Ensure that the LDB request has not timed out during filter
processing as the LDAP server MaxQueryDuration is otherwise not honoured.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-
deletable.
* BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk
* BUG 14922: Kerberos authentication on standalone server in MIT realm
broken.
* BUG 14923: Segmentation fault when joining the domain.
* BUG 14903: Support for ROLE_IPA_DC is incomplete.
* BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
smbd_smb2_ioctl_send.
* BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14694: Ensure that the LDB request has not timed out during filter
processing as the LDAP server MaxQueryDuration is otherwise not honoured.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dhcp-relay needs a fresh tarball of bind unpacked in ${S}, but this is
done by fetching the tarball to ${WORKDIR}, then in do_configure moving
it to ${S} and unpacking it.
If dhcp-relay is re-configured, the tarball no longer exists in ${WORKDIR}
so this fails. Copy instead of moving so rebuilds work.
Also don't rename the downloaded file to just bind.tar.gz as that can
cause probems if the version changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
changelog:
=========
* src/snort.c :
Fixed an issue where verdict will be applied onto next session when timeout
occurs in some scenarios.
* rc/file-process/file_service.c :
Removed an excessively flooding log.
* src/dynamic-preprocessors/modbus/modbus_decode.c :
Fixed possible integer overflow.
* src/fpcreate.c :
Added fix to GCC compiled snort to use AC-BNFA-Q search-method when Intel-cpm
is enabled.
* src/generators.h
src/preprocessors/Stream6/snort_stream_tcp.c :
Added fix to not to drop packets when window size is 0 by TCP normalizer
and Added new alert with GID 129 and SID 21 when such packets are seen.
* src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c
src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c :
Added support for Appid to detect login success and failure for IMAP and POP3
protocols.
* src/dynamic-preprocessors/reputation/reputation_config.c
src/dynamic-preprocessors/reputation/spp_reputation.c
src/dynamic-preprocessors/reputation/spp_reputation.h
src/pkt_tracer.c
src/snort.c
src/util.c :
Fixed terminology to be bias-free in log/error messages.
* src/snort.c :
Fixed a potential race condition.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
This dependency is already handled through a PACKAGECONFIG so there is
no need for it in DEPENDS anymore.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Replace the configure tests UNKNOWN answers with the correct answers.
Then drop the related patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
$ python3
>>> import samba
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.10/site-packages/samba/__init__.py", line 28, in <module>
import ldb
ModuleNotFoundError: No module named 'ldb'
>>>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib -name \*cpython\*
/usr/lib/pkgconfig/samba-policy.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so
/usr/lib/samba/libsamba-python.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/samba/libsamba-net.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so
[snip]
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/
/usr/lib/pkgconfig/samba-policy.pc
/usr/lib/libsamba-policy.so
/usr/lib/samba/libsamba-python-samba4.so
/usr/lib/samba/libsamba-net-samba4.so
/usr/lib/libsamba-policy.so.0
/usr/lib/libsamba-policy.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.so
/usr/lib/python3.10/site-packages/samba/dsdb.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.so
/usr/lib/python3.10/site-packages/samba/_ldb.so
/usr/lib/python3.10/site-packages/samba/gensec.so
[snip]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a security release in order to address the following defects:
CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets
issued by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in
Kerberos tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
CVE-2020-25721: Kerberos acceptors need easy access to stable AD
identifiers (eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
See: https://www.samba.org/samba/history/samba-4.14.10.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The hardcoded path /lib/netplan causes a runtime error on multilib
image:
$ netplan try
An error occurred: [Errno 2] No such file or directory: '/lib/netplan/generate'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Marco Cavallini <m.cavallini@koansoftware.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Also organize the recipe to to match OE style
Remove PYTHON_PN from DEPENDS, setuptools should be enough
Correct setting LIC_FILES_CHKSUM
Move setting git SHA to SRCREV
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Marco Cavallini <m.cavallini@koansoftware.com>
Cc: Martin Jansa <martin.jansa@gmail.com>
|
| |
|
|
|
|
|
| |
Linux (v2)
Signed-off-by: Marco Cavallini <koansoftware@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This addresses openssl 3.x deprecation warnings turning into errors.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Release notes:
https://www.samba.org/samba/history/samba-4.14.8.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
snort 2.9.18.1
* snort/src/dynamic-preprocessors/dcerpc2/dce2_smb.c:
Fixed possible memory corruption in SMB preprocessor.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Fixes
Checking for program 'pkg-config' : not found
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Fixes
logging.c:(.text+0x218): undefined reference to `dlt_register_app'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes
../firewalld-0.9.4/configure: line 3408: pkg.m4: command not found
../firewalld-0.9.4/configure: line 3422: syntax error near unexpected token `0.16'
../firewalld-0.9.4/configure: line 3422: ` PKG_PROG_PKG_CONFIG(0.16)'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Fixes
/bin/sh: pkg-config: command not found
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fixes
../blueman-2.2.1/configure: line 15660: syntax error near unexpected token `PYTHON,'
../blueman-2.2.1/configure: line 15660: `PKG_CHECK_MODULES(PYTHON, python-${PYTHON_VERSION})'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://www.samba.org/samba/history/samba-4.14.7.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
One file is BSD-1-Clause while another is BSD-4-Clause
Set and check accourdingly
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
