summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
...
* networkmanager: Improved SUMMARY and added DESCRIPTIONWilliam Lyu2023-12-141-1/+12
| | | | | | | | The SUMMARY and DESCRIPTION are taken from Arch Linux wiki page: https://wiki.archlinux.org/title/NetworkManager Signed-off-by: William Lyu <William.Lyu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pgpool2: use autotools-brokensep instead of setting Balperak2023-12-121-2/+2
| | | | | Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice-gtk: Set meson version based on PVMarkus Volk2023-11-291-0/+4
| | | | | | | This fixes build for gnome-boxes Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice: Set meson version based on PVMarkus Volk2023-11-291-0/+4
| | | | | | | | | | | | | This fixes: | Dependency spice-server found: NO found UNKNOWN but need: '>=0.14.0' | Run-time dependency spice-server found: NO | | ../qemu-8.1.2/meson.build:1038:10: ERROR: Dependency lookup for spice-server with method 'pkgconfig' failed: Invalid version, need 'spice-server' ['>=0.14.0'] found 'UNKNOWN'. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libcacard: set meson version based on PVMarkus Volk2023-11-292-38/+5
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add systemd servicePatrick Wicki2023-11-291-1/+12
| | | | | | | Integrate the upstream unit file into the recipe. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add url-rewrite-helpers packageconfigPatrick Wicki2023-11-291-1/+2
| | | | | Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: move configs to sub packagePatrick Wicki2023-11-291-2/+6
| | | | | | | | Move the config files to a separate squid-conf package. This allows shipping new configs via a custom conf package. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add auth packageconfigPatrick Wicki2023-11-291-4/+7
| | | | | | | | | Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This allows building squid without authentication support and all its related dependencies. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add nm dispatcher reload hookPatrick Wicki2023-11-292-0/+15
| | | | | | | | | | This enables the networkmanager dispatcher to reload squid automatically on network changes. This idea is from the Fedora package where they do the same: https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207 Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: update from v5.7 to v6.5Patrick Wicki2023-11-299-187/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | Refresh patches and clean up ones that are no longer needed: * dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec * libxml2 variables were removed in 866a092dad01e58986a6e9ecb84ac89037a63e9a * squid-conf-tests no longer run at build time since cd3dc147bf8abc0225237ced865c6660fffcb63a Fix squid-conf-tests to allow running on target device. License change: Update year The version update eliminates the following CVEs: * CVE-2023-5824 (affected: <6.4) * CVE-2023-46724 (affected: >=3.3.0.1, <6.4) * CVE-2023-46728 (affected: <6.0.1) * CVE-2023-46846 (affected: >=2.6, <6.4) * CVE-2023-46847 (affected: >=3.2.0.1, <6.4) * CVE-2023-46848 (affected: >=5.0.3, <6.4) Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* frr: upgrade 9.0.1 -> 9.1Wang Mingyu2023-11-286-514/+2
| | | | | | | | | | | | 0001-tools-make-quiet-actually-suppress-output.patch CVE-2023-46752.patch CVE-2023-46753.patch CVE-2023-47234.patch CVE-2023-47235.patch removed since they're included in 9.1 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: make sub packages to runtime depends on freeradiusHongxu Jia2023-11-281-0/+7
| | | | | | | | | | | | | | | | | Otherwise install packages reported warning at do_rootfs ...log.do_rootfs... Installing : freeradius-ldap-3.0.26-r0.corei7_64 1235/1236 warning: user radiusd does not exist - using root warning: group radiusd does not exist - using root Installing : freeradius-krb5-3.0.26-r0.corei7_64 1236/1236 warning: user radiusd does not exist - using root ...log.do_rootfs... The user/group radiusd is added by package freeradius, explicitly made the sub packages to runtime depends on freeradius Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* system-config-printer: Add packageconfig for polkitMarkus Volk2023-11-251-1/+2
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libcacard: fix version string in libcacard.pcMarkus Volk2023-11-232-1/+38
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libexosip2: package binaries in a separate packageCharles Perry2023-11-221-0/+3
| | | | | | | | Put sip_monitor, sip_reg and sip_storm in a separate libexosip2-tools package as they won't be needed most of the time. Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libexosip2: add c-ares and openssl PACKAGECONFIGCharles Perry2023-11-221-0/+4
| | | | | | | They are enabled by default as libexosip2 works better with those. Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}Jonas Gorski2023-11-225-0/+455
| | | | | | | | | | | | | | | | | Add patches fixing CVE CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, and CVE-2023-47235 to FRR 9.0. Patch order is commit order, not CVE numerical order, to avoid fuzz / need for rebasing of the patches. References: https://nvd.nist.gov/vuln/detail/CVE-2023-46752 https://nvd.nist.gov/vuln/detail/CVE-2023-46753 https://nvd.nist.gov/vuln/detail/CVE-2023-47234 https://nvd.nist.gov/vuln/detail/CVE-2023-47235 Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.11 -> 5.9.12Wang Mingyu2023-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - Fixed a vulnerability in charon-tkm related to processing DH public values that can lead to a buffer overflow and potentially remote code execution. - The new `pki --ocsp` command produces OCSP responses based on certificate status information provided by plugins. - The cert-enroll script handles the initial enrollment of an X.509 host certificate with a PKI server via the EST or SCEP protocols. - The --priv argument for charon-cmd allows using any type of private key. - Support for nameConstraints of type iPAddress has been added (the openssl plugin previously didn't support nameConstraints at all). - SANs of type uniformResourceIdentifier can now be encoded in certificates. - Password-less PKCS#12 and PKCS#8 files are supported. - A new global option allows preventing peers from authenticating with trusted end-entity certificates (i.e. local certificates). - ECDSA public keys that encode curve parameters explicitly are now rejected by all plugins that support ECDSA. - charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can also use the name in connection.interface-name. - The resolve plugin tries to maintain the order of installed DNS servers. - The kernel-libipsec plugin always installs routes even if no address is found in the local traffic selectors. - Increased the default receive buffer size for Netlink sockets to 8 MiB and simplified its configuration. - Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of always generating a hash of the subjectPublicKey. - Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with unrelated traffic selectors. - Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT, instead callbacks are always invoked even if only errors are signaled. - Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when handling invalid messages. - Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs. - Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if CHILD_SA is not found during rekeying. - The testing environment is now based on Debian 12 (bookworm), by default. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* open62541: update to v1.3.8Johannes Kauffmann2023-11-211-1/+1
| | | | | Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ntpsec, net-snmp: drop ${PE}, ${PR} from /usr/src/debug pathsMartin Jansa2023-11-202-2/+2
| | | | | Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mdns: Upgrade 2200.0.8 -> 2200.40.37.0.1Alex Kiernan2023-11-1717-139/+100
| | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* uftp: upgrade 5.0.1 -> 5.0.2Wang Mingyu2023-11-171-1/+1
| | | | | | | | | | Changelog: ========= -Fixed bug that caused crash when a CLIENT_KEY arrived out of order -Fixed option handling on Windows when an argument is missing Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: upgrade 2.6.6 -> 2.6.7Wang Mingyu2023-11-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ============ dco: fix crash when --multihome is used with --proto tcp Mock openvpn_exece on win32 also for test_tls_crypt Add warning for the --show-groups command that some groups are missing Print peer temporary key details Add warning if a p2p NCP client connects to a p2mp server Remove openssl engine method for loading the key Remove saving initial frame code Double check that we do not use a freed buffer when freeing a session Fix using to_link buffer after freed GHA: do not trigger builds in openvpn-build anymore GHA: new workflow to submit scan to Coverity Scan service buffer: use memcpy in buf_catrunc vcpkg-ports/pkcs11-helper: Backport MinGW series from master to release/2.6 CMake: backport CMake buildsystem from master to release/2.6 Remove all traces of the previous MSVC build system doc: fix argument name in --route-delay documentation dns option: remove support for exclude-domains Warn user if INFO control command is too long dco-win: get driver version dco: warn if DATA_V1 packets are sent to userspace Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant Log OpenSSL errors on failure to set certificate configure: disable engines if OPENSSL_NO_ENGINE is defined Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* unbound: upgrade 1.18.0 -> 1.19.0Beniamin Sandu2023-11-151-1/+1
| | | | | | | Full changelog: https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.0 Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pkggrp: drop netkitArmin Kuster2023-11-151-17/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* README: drop netkit maintainerArmin Kuster2023-11-151-1/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* MAINTANERS: drop netkitArmin Kuster2023-11-151-4/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netkit: Drop old and no upstreamArmin Kuster2023-11-1542-3596/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* system-config-printer: Add cups to rdependsMarkus Volk2023-11-141-0/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cannelloni: Fix build with clang and libc++ runtimeKhem Raj2023-11-132-1/+40
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openfortivpn: upgrade 1.20.5 -> 1.21.0alperak2023-11-121-1/+1
| | | | | | | | | | | | Changelog: * fix "Peer refused to agree to his IP address" message, again * deprecate option --plugin * better masking of password in logs * break on reading 0 from ppp pty, for non-Linux systems Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libdnet: upgrade 1.16.3 -> 1.17.0alperak2023-11-123-70/+3
| | | | | | | | | | | | Patches removed because fixed in the new version. Changelog: - Various fixes around the build process (esp. cmake support + string.h include fixes) - Stronger cmake support, updated autotools and a few smaller fixes. Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* civetweb: upgrade 1.12 -> 1.16alperak2023-11-121-3/+4
| | | | | | | | | | | | | | | | | | | ========================= - Added "-DCIVETWEB_SSL_OPENSSL_API_3_0=ON" because of following error: civetweb.c:1561:2: error: #error "Please define OPENSSL_API_#_# or USE_MBEDTLS" You may also want to check out the available CMake options here: https://github.com/civetweb/civetweb/blob/d7ba35bbb649209c66e582d5a0244ba988a15159/CMakeLists.txt ========================= Changelog: https://github.com/civetweb/civetweb/blob/d7ba35bbb649209c66e582d5a0244ba988a15159/RELEASE_NOTES.md Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cannelloni: upgrade 1.0.0 -> 1.1.0alperak2023-11-121-1/+1
| | | | | | | | | | | | | Changelog: - Typo fix in cannelloni.h - workflows: add nix-test.yml - Add TCP mode - No peer checking - Add -Wall switch and fix all warnings Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta-networking: Use autotools make systemKhem Raj2023-11-123-0/+3
| | | | | | OE-core is switching to default to meson for gnome recipes Signed-off-by: Khem Raj <raj.khem@gmail.com>
* drop GNOMEBASEBUILDCLASS = "meson"Markus Volk2023-11-112-2/+0
| | | | | | It is set to meson by default Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireguard-tools: Use PACKAGECONFIG to select wg-quick and bash-completionDaiane Angolini2023-11-091-7/+5
| | | | | | | | | | | | Condition the creation of some files and their consequences to a PACKAGECONFIG, which can be overridden outside the meta layer. It removes the sub package wireguard-tools-wg-quick as PACKAGECONFIG is supposed to work to configure a package only, and not deal with sub packages. Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tnftp: upgrade 20210827 -> 20230507Khem Raj2023-11-061-4/+3
| | | | | | License-Update: Its now under BSD-2-Clause Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: upgrade 5.5.4 -> 5.6.4Khem Raj2023-11-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-scapy: upgrade to latest revisionKhem Raj2023-11-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usrsctp: upgrade to latest revisionKhem Raj2023-11-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nng: upgrade 1.5.2 -> 12Khem Raj2023-11-061-0/+0
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: upgrade 2.6.3 -> 2.6.6Khem Raj2023-11-061-2/+2
| | | | | | License-Update: Added Apache2 linking exception Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ipset: upgrade 7.15 -> 7.19Khem Raj2023-11-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: upgrade 3.4.1 -> 3.5.0Beniamin Sandu2023-10-304-70/+89
| | | | | | | | | | | | | * Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites * Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH * Includes aesce compilation fixes Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0 The extra patch fixes x86 32-bit builds. Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mdio-tools: Add virtual/kernel dependency to avoid stale SPDX referenceAndrew Jeffery2023-10-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenBMC enables SPDX SBOM generation by default. For Meta's Bletchley platform we found that mdio-tools and its relationships with both mdio-netlink and the mdio-netlink kernel module break SPDX processing while generating the rootfs after a kernel bump. For example, the following output was generated by `bitbake obmc-phosphor-image`: ERROR: obmc-phosphor-image-1.0-r0 do_rootfs: Cannot find any SPDX file for document http://spdx.org/spdxdoc/kernel-module-mdio-netlink-6.5.4-da279e9-00089-gda279e98c07f-89187488-3164-50cb-94c5-8b76a30ea093 The error occurred after the following patch was applied (again, in the context of OpenBMC): diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb index e6f98297c540..b852e993f0f6 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb @@ -1,6 +1,6 @@ KBRANCH ?= "dev-6.5" -LINUX_VERSION ?= "6.5.4" +LINUX_VERSION ?= "6.5.9" -SRCREV="da279e98c07f9c948c60a434ab0043a55c26ea1d" +SRCREV="fc8d4fdba5bd2b9b1cea2aa8a731531943c45aa7" require linux-aspeed.inc With the lack of a dependency the mdio-tools package is not rebuilt subsequent to the kernel bump and the package information remains stale, leading to an incorrect SPDX path being generated. Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* network-manager-applet,networkmanager-openvpn, networkmanager: Apply linker ↵Khem Raj2023-10-283-2/+2
| | | | | | | | | versioning patch when using lld only This patch caused GNU linker to fail linking, therefore limit it to just lld. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mosquitto: Support building for native againPeter Kjellerstedt2023-10-261-0/+2
| | | | | | | | | | Support for building from native was removed in commit e1b332f2e (meta-networking: Drop broken BBCLASSEXTEND variants), most likely due to no support for building libwebsockets-native. That support has now been added, so it is now possible to build mosquitto-native again. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta-networking: Drop broken BBCLASSEXTEND variantsRichard Purdie2023-10-242-3/+1
| | | | | | | | | | | | | | | | | | The command "bitbake universe -c fetch" currently throws a ton of warnings as there are many 'impossible' dependencies. In some cases these variants may never have worked and were just added by copy and paste of recipes. In some cases they once clearly did work but became broken somewhere along the way. Users may also be carrying local bbappend files which add further BBCLASSEXTEND. Having universe fetch work without warnings is desireable so clean up the broken variants. Anyone actually needing something dropped here can propose adding it and the correct functional dependencies back quite easily. This also then ensures we're not carrying or fixing things nobody uses. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 13:27:29 +0000