summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
...
* strongswan: upgrade 5.9.12 -> 5.9.13Wang Mingyu2023-12-181-1/+1
| | | | | | | | | | | Changelog: - Fixes a regression with handling OCSP error responses and adds a new option to specify the length of nonces in OCSP requests. Also adds some other improvements for OCSP handling and fuzzers for OCSP requests/responses. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: add missing modemmanager rdependsThomas Perrot2023-12-181-1/+1
| | | | | | | Fix rdepends with modemmanager PACKAGECONFIG enabled. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ifenslave: upgrade 2.13 -> 2.14Wang Mingyu2023-12-181-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: Improved SUMMARY and added DESCRIPTIONWilliam Lyu2023-12-141-1/+12
| | | | | | | | The SUMMARY and DESCRIPTION are taken from Arch Linux wiki page: https://wiki.archlinux.org/title/NetworkManager Signed-off-by: William Lyu <William.Lyu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pgpool2: use autotools-brokensep instead of setting Balperak2023-12-121-2/+2
| | | | | Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice-gtk: Set meson version based on PVMarkus Volk2023-11-291-0/+4
| | | | | | | This fixes build for gnome-boxes Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice: Set meson version based on PVMarkus Volk2023-11-291-0/+4
| | | | | | | | | | | | | This fixes: | Dependency spice-server found: NO found UNKNOWN but need: '>=0.14.0' | Run-time dependency spice-server found: NO | | ../qemu-8.1.2/meson.build:1038:10: ERROR: Dependency lookup for spice-server with method 'pkgconfig' failed: Invalid version, need 'spice-server' ['>=0.14.0'] found 'UNKNOWN'. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libcacard: set meson version based on PVMarkus Volk2023-11-292-38/+5
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add systemd servicePatrick Wicki2023-11-291-1/+12
| | | | | | | Integrate the upstream unit file into the recipe. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add url-rewrite-helpers packageconfigPatrick Wicki2023-11-291-1/+2
| | | | | Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: move configs to sub packagePatrick Wicki2023-11-291-2/+6
| | | | | | | | Move the config files to a separate squid-conf package. This allows shipping new configs via a custom conf package. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add auth packageconfigPatrick Wicki2023-11-291-4/+7
| | | | | | | | | Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This allows building squid without authentication support and all its related dependencies. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add nm dispatcher reload hookPatrick Wicki2023-11-292-0/+15
| | | | | | | | | | This enables the networkmanager dispatcher to reload squid automatically on network changes. This idea is from the Fedora package where they do the same: https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207 Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: update from v5.7 to v6.5Patrick Wicki2023-11-299-187/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | Refresh patches and clean up ones that are no longer needed: * dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec * libxml2 variables were removed in 866a092dad01e58986a6e9ecb84ac89037a63e9a * squid-conf-tests no longer run at build time since cd3dc147bf8abc0225237ced865c6660fffcb63a Fix squid-conf-tests to allow running on target device. License change: Update year The version update eliminates the following CVEs: * CVE-2023-5824 (affected: <6.4) * CVE-2023-46724 (affected: >=3.3.0.1, <6.4) * CVE-2023-46728 (affected: <6.0.1) * CVE-2023-46846 (affected: >=2.6, <6.4) * CVE-2023-46847 (affected: >=3.2.0.1, <6.4) * CVE-2023-46848 (affected: >=5.0.3, <6.4) Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* frr: upgrade 9.0.1 -> 9.1Wang Mingyu2023-11-286-514/+2
| | | | | | | | | | | | 0001-tools-make-quiet-actually-suppress-output.patch CVE-2023-46752.patch CVE-2023-46753.patch CVE-2023-47234.patch CVE-2023-47235.patch removed since they're included in 9.1 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: make sub packages to runtime depends on freeradiusHongxu Jia2023-11-281-0/+7
| | | | | | | | | | | | | | | | | Otherwise install packages reported warning at do_rootfs ...log.do_rootfs... Installing : freeradius-ldap-3.0.26-r0.corei7_64 1235/1236 warning: user radiusd does not exist - using root warning: group radiusd does not exist - using root Installing : freeradius-krb5-3.0.26-r0.corei7_64 1236/1236 warning: user radiusd does not exist - using root ...log.do_rootfs... The user/group radiusd is added by package freeradius, explicitly made the sub packages to runtime depends on freeradius Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* system-config-printer: Add packageconfig for polkitMarkus Volk2023-11-251-1/+2
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libcacard: fix version string in libcacard.pcMarkus Volk2023-11-232-1/+38
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libexosip2: package binaries in a separate packageCharles Perry2023-11-221-0/+3
| | | | | | | | Put sip_monitor, sip_reg and sip_storm in a separate libexosip2-tools package as they won't be needed most of the time. Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libexosip2: add c-ares and openssl PACKAGECONFIGCharles Perry2023-11-221-0/+4
| | | | | | | They are enabled by default as libexosip2 works better with those. Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}Jonas Gorski2023-11-225-0/+455
| | | | | | | | | | | | | | | | | Add patches fixing CVE CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, and CVE-2023-47235 to FRR 9.0. Patch order is commit order, not CVE numerical order, to avoid fuzz / need for rebasing of the patches. References: https://nvd.nist.gov/vuln/detail/CVE-2023-46752 https://nvd.nist.gov/vuln/detail/CVE-2023-46753 https://nvd.nist.gov/vuln/detail/CVE-2023-47234 https://nvd.nist.gov/vuln/detail/CVE-2023-47235 Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.11 -> 5.9.12Wang Mingyu2023-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - Fixed a vulnerability in charon-tkm related to processing DH public values that can lead to a buffer overflow and potentially remote code execution. - The new `pki --ocsp` command produces OCSP responses based on certificate status information provided by plugins. - The cert-enroll script handles the initial enrollment of an X.509 host certificate with a PKI server via the EST or SCEP protocols. - The --priv argument for charon-cmd allows using any type of private key. - Support for nameConstraints of type iPAddress has been added (the openssl plugin previously didn't support nameConstraints at all). - SANs of type uniformResourceIdentifier can now be encoded in certificates. - Password-less PKCS#12 and PKCS#8 files are supported. - A new global option allows preventing peers from authenticating with trusted end-entity certificates (i.e. local certificates). - ECDSA public keys that encode curve parameters explicitly are now rejected by all plugins that support ECDSA. - charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can also use the name in connection.interface-name. - The resolve plugin tries to maintain the order of installed DNS servers. - The kernel-libipsec plugin always installs routes even if no address is found in the local traffic selectors. - Increased the default receive buffer size for Netlink sockets to 8 MiB and simplified its configuration. - Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of always generating a hash of the subjectPublicKey. - Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with unrelated traffic selectors. - Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT, instead callbacks are always invoked even if only errors are signaled. - Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when handling invalid messages. - Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs. - Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if CHILD_SA is not found during rekeying. - The testing environment is now based on Debian 12 (bookworm), by default. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* open62541: update to v1.3.8Johannes Kauffmann2023-11-211-1/+1
| | | | | Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ntpsec, net-snmp: drop ${PE}, ${PR} from /usr/src/debug pathsMartin Jansa2023-11-202-2/+2
| | | | | Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mdns: Upgrade 2200.0.8 -> 2200.40.37.0.1Alex Kiernan2023-11-1717-139/+100
| | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* uftp: upgrade 5.0.1 -> 5.0.2Wang Mingyu2023-11-171-1/+1
| | | | | | | | | | Changelog: ========= -Fixed bug that caused crash when a CLIENT_KEY arrived out of order -Fixed option handling on Windows when an argument is missing Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: upgrade 2.6.6 -> 2.6.7Wang Mingyu2023-11-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ============ dco: fix crash when --multihome is used with --proto tcp Mock openvpn_exece on win32 also for test_tls_crypt Add warning for the --show-groups command that some groups are missing Print peer temporary key details Add warning if a p2p NCP client connects to a p2mp server Remove openssl engine method for loading the key Remove saving initial frame code Double check that we do not use a freed buffer when freeing a session Fix using to_link buffer after freed GHA: do not trigger builds in openvpn-build anymore GHA: new workflow to submit scan to Coverity Scan service buffer: use memcpy in buf_catrunc vcpkg-ports/pkcs11-helper: Backport MinGW series from master to release/2.6 CMake: backport CMake buildsystem from master to release/2.6 Remove all traces of the previous MSVC build system doc: fix argument name in --route-delay documentation dns option: remove support for exclude-domains Warn user if INFO control command is too long dco-win: get driver version dco: warn if DATA_V1 packets are sent to userspace Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant Log OpenSSL errors on failure to set certificate configure: disable engines if OPENSSL_NO_ENGINE is defined Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* unbound: upgrade 1.18.0 -> 1.19.0Beniamin Sandu2023-11-151-1/+1
| | | | | | | Full changelog: https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.0 Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pkggrp: drop netkitArmin Kuster2023-11-151-17/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* README: drop netkit maintainerArmin Kuster2023-11-151-1/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* MAINTANERS: drop netkitArmin Kuster2023-11-151-4/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netkit: Drop old and no upstreamArmin Kuster2023-11-1542-3596/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* system-config-printer: Add cups to rdependsMarkus Volk2023-11-141-0/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cannelloni: Fix build with clang and libc++ runtimeKhem Raj2023-11-132-1/+40
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openfortivpn: upgrade 1.20.5 -> 1.21.0alperak2023-11-121-1/+1
| | | | | | | | | | | | Changelog: * fix "Peer refused to agree to his IP address" message, again * deprecate option --plugin * better masking of password in logs * break on reading 0 from ppp pty, for non-Linux systems Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libdnet: upgrade 1.16.3 -> 1.17.0alperak2023-11-123-70/+3
| | | | | | | | | | | | Patches removed because fixed in the new version. Changelog: - Various fixes around the build process (esp. cmake support + string.h include fixes) - Stronger cmake support, updated autotools and a few smaller fixes. Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* civetweb: upgrade 1.12 -> 1.16alperak2023-11-121-3/+4
| | | | | | | | | | | | | | | | | | | ========================= - Added "-DCIVETWEB_SSL_OPENSSL_API_3_0=ON" because of following error: civetweb.c:1561:2: error: #error "Please define OPENSSL_API_#_# or USE_MBEDTLS" You may also want to check out the available CMake options here: https://github.com/civetweb/civetweb/blob/d7ba35bbb649209c66e582d5a0244ba988a15159/CMakeLists.txt ========================= Changelog: https://github.com/civetweb/civetweb/blob/d7ba35bbb649209c66e582d5a0244ba988a15159/RELEASE_NOTES.md Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cannelloni: upgrade 1.0.0 -> 1.1.0alperak2023-11-121-1/+1
| | | | | | | | | | | | | Changelog: - Typo fix in cannelloni.h - workflows: add nix-test.yml - Add TCP mode - No peer checking - Add -Wall switch and fix all warnings Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta-networking: Use autotools make systemKhem Raj2023-11-123-0/+3
| | | | | | OE-core is switching to default to meson for gnome recipes Signed-off-by: Khem Raj <raj.khem@gmail.com>
* drop GNOMEBASEBUILDCLASS = "meson"Markus Volk2023-11-112-2/+0
| | | | | | It is set to meson by default Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireguard-tools: Use PACKAGECONFIG to select wg-quick and bash-completionDaiane Angolini2023-11-091-7/+5
| | | | | | | | | | | | Condition the creation of some files and their consequences to a PACKAGECONFIG, which can be overridden outside the meta layer. It removes the sub package wireguard-tools-wg-quick as PACKAGECONFIG is supposed to work to configure a package only, and not deal with sub packages. Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tnftp: upgrade 20210827 -> 20230507Khem Raj2023-11-061-4/+3
| | | | | | License-Update: Its now under BSD-2-Clause Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: upgrade 5.5.4 -> 5.6.4Khem Raj2023-11-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-scapy: upgrade to latest revisionKhem Raj2023-11-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usrsctp: upgrade to latest revisionKhem Raj2023-11-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nng: upgrade 1.5.2 -> 12Khem Raj2023-11-061-0/+0
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: upgrade 2.6.3 -> 2.6.6Khem Raj2023-11-061-2/+2
| | | | | | License-Update: Added Apache2 linking exception Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ipset: upgrade 7.15 -> 7.19Khem Raj2023-11-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: upgrade 3.4.1 -> 3.5.0Beniamin Sandu2023-10-304-70/+89
| | | | | | | | | | | | | * Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites * Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH * Includes aesce compilation fixes Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0 The extra patch fixes x86 32-bit builds. Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mdio-tools: Add virtual/kernel dependency to avoid stale SPDX referenceAndrew Jeffery2023-10-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenBMC enables SPDX SBOM generation by default. For Meta's Bletchley platform we found that mdio-tools and its relationships with both mdio-netlink and the mdio-netlink kernel module break SPDX processing while generating the rootfs after a kernel bump. For example, the following output was generated by `bitbake obmc-phosphor-image`: ERROR: obmc-phosphor-image-1.0-r0 do_rootfs: Cannot find any SPDX file for document http://spdx.org/spdxdoc/kernel-module-mdio-netlink-6.5.4-da279e9-00089-gda279e98c07f-89187488-3164-50cb-94c5-8b76a30ea093 The error occurred after the following patch was applied (again, in the context of OpenBMC): diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb index e6f98297c540..b852e993f0f6 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb @@ -1,6 +1,6 @@ KBRANCH ?= "dev-6.5" -LINUX_VERSION ?= "6.5.4" +LINUX_VERSION ?= "6.5.9" -SRCREV="da279e98c07f9c948c60a434ab0043a55c26ea1d" +SRCREV="fc8d4fdba5bd2b9b1cea2aa8a731531943c45aa7" require linux-aspeed.inc With the lack of a dependency the mdio-tools package is not rebuilt subsequent to the kernel bump and the package information remains stale, leading to an incorrect SPDX path being generated. Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 18:36:00 +0000