summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
* open-vm-tools: Security fix CVE-2023-20867Yi Zhao2023-06-292-0/+164
| | | | | | | | | | | | | | | | CVE-2023-20867: A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-20867 Patch from: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpreplay: upgrade 4.4.3 -> 4.4.4Archana Polampalli2023-06-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This release contains bug fixes only. The following CVEs have been addressed: CVE-2023-27783 CVE-2023-27784 CVE-2023-27785 CVE-2023-27786 CVE-2023-27787 CVE-2023-27788 CVE-2023-27789 Changelog: ========= dlt_jnpr_ether_cleanup: check subctx before cleanup by @Marsman1996 in #781 Bug #780 assert tcpedit dlt cleanup by @fklassen in #800 Fix bugs caused by strtok_r by @Marsman1996 in #783 Bug #782 #784 #785 #786 #787 #788 strtok r isuses by @fklassen in #801 Update en10mb.c by @david-guti in #793 PR #793 ip6 unicast flood by @fklassen in #802 Bug #719 fix overflow check for parse_mpls() by @fklassen in #804 PR #793 - update tests for corrected IPv6 MAC by @fklassen in #805 PR #793 - update tests for vlandel by @fklassen in #806 Feature #773 gh actions ci by @fklassen in #807 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* unbound: add option to build with libeventBeniamin Sandu2023-06-241-1/+2
| | | | | Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* *.patch: add Upstream-Status to all patchesMartin Jansa2023-06-2140-0/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 5 (26%) meta-xfce 6 (50%) meta-perl 15 (42%) meta-webserver 21 (36%) meta-gnome 25 (57%) meta-filesystems 26 (43%) meta-initramfs 45 (45%) meta-python 47 (55%) meta-multimedia 312 (63%) meta-networking 756 (61%) meta-oe Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.10 -> 5.9.11Wang Mingyu2023-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - A deadlock in the vici plugin has been fixed that could get triggered when multiple connections were initiated/terminated concurrently and control-log events were raised by the watcher_t component. - CRLs have to be signed by a certificate that has the cRLSign keyUsage bit encoded (even if it's a CA), or a CA certificate without keyUsage extension. - Optional CA labels in EST server URIs are supported by `pki --est/estca`. - CMS-style signatures in PKCS#7 containers are supported by the pkcs7 and openssl plugins, which allows verifying RSA-PSS and ECDSA signatures. - Fixed a regression in the server implementation of EAP-TLS with TLS 1.2 or earlier that was introduced with 5.9.10. - Ensure the TLS handshake is complete in the EAP-TLS client with TLS <= 1.2. - kernel-libipsec can process raw ESP packets on Linux (disabled by default) and gained support for trap policies. - The dhcp plugin uses an alternate method to determine the source address for unicast DHCP requests that's not affected by interface filtering. - Certificate and trust chain selection as initiator has been improved in case the local trust chain is incomplete and an unrelated certreq is received. - ECDSA and EdDSA keys in IPSECKEY RRs are supported by the ipseckey plugin. - To bypass tunnel mode SAs/policies, the kernel-wfp plugin installs bypass policies also on the FWPM_SUBLAYER_IPSEC_TUNNEL sublayer. - Stale OCSP responses are now replace in-place in the certificate cache. - Fixed parsing of SCEP server capabilities by `pki --scep/scepca`. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ntpd: switch service type from forking to simpleJohannes Kauffmann2023-06-151-3/+2
| | | | | | | | | | | | | | | | | | Type=forking means systemd waits untill the main process, /usr/sbin/ntpd in this case, has exited. However, the ntpd daemon does not seem to call fork() or vfork() and runs endlessly untill killed. Eventually, this causes systemd to trigger a timeout, and the ntpd service is killed. All the while, "systemctl status ntpd" shows "activating (start)" instead of "active (running)". This is fixed by switching Type=forking to Type=simple. Reading ntpd(8) shows that the "-n" option requests ntpd not to fork, so also use that to be safe. Finally, there is no need anymore to keep a pidfile around. Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ntp: upgrade 4.2.8p16 -> 4.2.8p17Wang Mingyu2023-06-141-1/+1
| | | | | | | | | | | | | | | Changelog: =========== * [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at event_sync. * [Bug 3822] ntpd significantly delays first poll of servers specified by name. * [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with 4.2.8p15 or earlier. * Add tests/libntp/digests.c to catch regressions reading keys file or with symmetric authentication digest output. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ipcalc: upgrade 1.0.2 -> 1.0.3Wang Mingyu2023-06-141-1/+1
| | | | | | | | | | | Changelog: =========== - When --no-decorate is given the default output will include no colors (#28) - Correctly split networks with /31 (#25) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice-gtk: Fix build with lld linkerKhem Raj2023-06-141-0/+2
| | | | | | | | | | | | | | | | lld flags errors when checking for --version-script linker option since the export file specifies symbols which do not exist during link, so in a way it is right, however bfd linker works fine and ignores this error. perhaps the meson check should be improved but until them lets add --undefined-version option to linker when using lld Fixes aarch64-yoe-linux-ld.lld: error: TOPDIR/build/tmp/work/cortexa72-cortexa53-crypto-mx8-yoe-linux/spice-gtk/0.42-r0/git/src/spice-glib-sym-file:1: unknown directive: spice_audio_get >>> spice_audio_get >>> ^ Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireshark: Update to a supported version 4.0.xArmin Kuster2023-06-065-239/+94
| | | | | | | | | | | | Drop CVE patch as its included. Drop 0003-bison-Remove-line-directives.patch as file is not longer there. refactor 0001-wireshark-src-improve-reproducibility.patch LIC_FILES_CHKSUM changed do to re-structuring. Remove TMPDIR found in some files. Remove c-ares PACKAGECONFIG as its a required pkg Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dovecot: Fix install conflict when enable multilib.Lei Maohui2023-06-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's conflict of config.h between dovecot and lib32-dovecot. The differences of config-64.h and config-32.h are as follows: @@ -774,7 +774,7 @@ #define MODULE_SUFFIX ".so" /* Maximum value of off_t */ -#define OFF_T_MAX LONG_MAX +#define OFF_T_MAX LLONG_MAX /* Name of package */ #define PACKAGE "dovecot" @@ -834,7 +834,7 @@ #define PRIdTIME_T "ld" /* printf() format for uoff_t */ -#define PRIuUOFF_T "lu" +#define PRIuUOFF_T "llu" /* printf() fmt for hex time_t */ #define PRIxTIME_T "lx" @@ -846,19 +846,19 @@ #define SIZEOF_INT 4 /* The size of `long', as computed by sizeof. */ -#define SIZEOF_LONG 8 +#define SIZEOF_LONG 4 /* The size of `long long', as computed by sizeof. */ #define SIZEOF_LONG_LONG 8 /* The size of `void *', as computed by sizeof. */ -#define SIZEOF_VOID_P 8 +#define SIZEOF_VOID_P 4 /* Build SQL drivers as plugins */ /* #undef SQL_DRIVER_PLUGINS */ /* Maximum value of ssize_t */ -#define SSIZE_T_MAX LONG_MAX +#define SSIZE_T_MAX INT_MAX /* C99 static array */ #define STATIC_ARRAY static @@ -887,13 +887,13 @@ /* #undef UOFF_T_INT */ /* Define if off_t is long */ -#define UOFF_T_LONG /**/ +/* #undef UOFF_T_LONG */ /* Define if off_t is long long */ -/* #undef UOFF_T_LONG_LONG */ +#define UOFF_T_LONG_LONG /**/ /* Maximum value of uoff_t */ -#define UOFF_T_MAX ULONG_MAX +#define UOFF_T_MAX ULLONG_MAX /* Build with checkpassword userdb support */ #define USERDB_CHECKPASSWORD /**/ @@ -935,7 +935,7 @@ #endif /* Number of bits in a file offset, on hosts where this is settable. */ -/* #undef _FILE_OFFSET_BITS */ +#define _FILE_OFFSET_BITS 64 /* Define for large files, on AIX-style hosts. */ /* #undef _LARGE_FILES */ Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ntp: upgrade 4.2.8p15 -> 4.2.8p16Wang Mingyu2023-06-054-29/+31
| | | | | | | | | | | | | | | | 0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch 0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch refreshed for new version. Changelog ========= - fixes 4 vulnerabilities (3 LOW and 1 None severity), - fixes 46 bugs - includes 15 general improvements - adds support for OpenSSL-3.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ettercap: Do not generate #line directives with bison/flexKhem Raj2023-05-281-0/+2
| | | | | | | Fixes File /usr/src/debug/ettercap/0.8.3.1-r0/utils/ef_grammar.c in package ettercap-src contains reference to TMPDIR Signed-off-by: Khem Raj <raj.khem@gmail.com>
* rdma-core: Use target path for systemctlKhem Raj2023-05-282-1/+36
| | | | | | | Fixes WARNING: rdma-core-46.0-r0 do_package_qa: QA Issue: File /usr/lib/udev/rules.d/60-srp_daemon.rules in package rdma-core contains reference to TMPDIR Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ruli: Pass cflags to makefileKhem Raj2023-05-281-1/+1
| | | | | | | Fixes WARNING: ruli-0.36-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libruli.so.4 in package ruli-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ipvsadm: Pass build environment cflags to compilerKhem Raj2023-05-263-3/+69
| | | | | | | | | This helps in avoiding absolute build time paths in binaries debug info Fixes WARNING: ipvsadm-1.31-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/ipvsadm in package ipvsadm-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* rdma-core: upgrade 45.0 -> 46.0Wang Mingyu2023-05-251-1/+1
| | | | | | | | | | | | | | | | | | Changelog: ========== Merge pull request #1327 from haoyue-Xu/bugfixes libhns: Disable local invalidate operation Merge pull request #1330 from amzn/change-maintainer MAINTAINERS: Update EFA provider maintainer Merge pull request #1329 from selvintxavier/bnxt_update bnxt_re/lib: Remove deferred arming logic bnxt_re/lib: Fix the UD completion reported Merge pull request #1328 from amzn/tests-fix tests: Skip rc_flush tests if not supported in kernel tests: Fix get_net_name for cases there is no net device Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fetchmail: upgrade 6.4.23 -> 6.4.37Wang Mingyu2023-05-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | License-Update: Update SSL configure instructions and license info. Changelog: =========== - OpenSSL 1.1.1t and 3.0.8 and wolfSSL 5.5.4 (or newer on the respective compatible branches) remain supported. - updated translations and bumped SSL/TLS library version requirements. - fixed a critical softbounce bug - finds both rst2html5 with and without .py suffix when rebuilding the distribution. - updated the configure script for --with-ssl properly identifying the right OpenSSL on a system with multiple OpenSSL versions installed, and updates the manual page and its HTML conversion process, and adds some error checking to the .netrc parser. - added a wolfSSL compatibility workaround - updated the manual page and several other documentation files, adds preliminary wolfSSL 5.0 support on systems that provide a C99 compiler, fixed up a specific fix for a compatibility issue with the end-of-life OpenSSL 1.0.2 around the expiry of the DST Root CA X3 certificate which impairs connectivity to Let's-Encrypt-certified sites. Supported OpenSSL versions 1.1.1 and newer are unaffected. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ndpi: remove unused CVE-2021-36082.patchMartin Jansa2023-05-241-116/+0
| | | | | | | | * it was removed from SRC_URI in: https://git.openembedded.org/meta-openembedded/commit/?id=8359cf87458d185011831a8132b8af17bcbc9605 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* unbound: Remove references to buildpathsKhem Raj2023-05-231-0/+4
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* curlpp: Remove references to buildpaths e.g. TMPDIRKhem Raj2023-05-232-1/+42
| | | | | | | Fixes WARNING: curlpp-0.8.1-r0 do_package_qa: QA Issue: File /usr/bin/curlpp-config in package curlpp-dev contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dovecot: Do not install dovecot-configKhem Raj2023-05-231-0/+1
| | | | | | | | | | | | This contains references to source directories used during build, it will not be useful on target without really editing it properly to reflect target rootfs install. it perhaps never was used thus far, it would have failed otherwise. Fixes WARNING: dovecot-2.3.20-r0 do_package_qa: QA Issue: File /usr/lib/dovecot/dovecot-config in package dovecot contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dovecot: Upgrade to 2.3.20Khem Raj2023-05-231-13/+9
| | | | | | | | - Re-enable LTO again, it works ok. - Turn systemd into a packageconfig and enable it when systemd is in distro features Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: Remove buildpaths from binariesKhem Raj2023-05-233-40/+39
| | | | | | | | | Drop unused patch 0001-server-Fix-build-when-printf-is-a-macro.patch Fixes WARNING: nbdkit-1.33.11-r0 do_package_qa: QA Issue: File /usr/lib/nbdkit/plugins/nbdkit-cc-plugin.so in package nbdkit contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: add PACKAGECONFIG for the NetworkManager modulePetr Gotthard2023-05-111-0/+5
| | | | | | | | Disabled by default. When enabled, a package 'strongswan-nm' gets created. The package naming follows Debian/Ubuntu. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice-gtk: respect gobject-introspection-dataMartin Jansa2023-05-031-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * without gobject-introspection-data in DISTRO_FEATURES the bbclass correctly disables it: $ bitbake-getvar -r spice-gtk EXTRA_OEMESON # # $EXTRA_OEMESON [6 operations] # :append /OE/build/oe-core/openembedded-core/meta/classes-recipe/meson.bbclass:44 # " ${PACKAGECONFIG_CONFARGS}" # :prepend[class-target] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:28 # "${@['', '${GIRMESONTARGET}'][d.getVar('GIR_MESON_OPTION') != '']}" # :prepend[class-native] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:33 # "${@['', '${GIRMESONBUILD}'][d.getVar('GIR_MESON_OPTION') != '']}" # :prepend[class-nativesdk] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:34 # "${@['', '${GIRMESONBUILD}'][d.getVar('GIR_MESON_OPTION') != '']}" # set /OE/build/oe-core/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb:49 # "-Dpie=true -Dvapi=enabled" # :append[libc-musl] /OE/build/oe-core/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb:50 # " -Dcoroutine=libucontext" # pre-expansion value: # "${@['', '${GIRMESONTARGET}'][d.getVar('GIR_MESON_OPTION') != '']}-Dpie=true -Dvapi=enabled ${PACKAGECONFIG_CONFARGS}" EXTRA_OEMESON="-Dintrospection=false -Dpie=true -Dvapi=enabled " and prevents build failure: http://errors.yoctoproject.org/Errors/Details/702789/ Run-time dependency gobject-introspection-1.0 found: NO (tried pkgconfig) ../git/meson.build:346:0: ERROR: Dependency "gobject-introspection-1.0" not found, tried pkgconfig * it just needs GIR_MESON_*_FLAG to be set to avoid: meson.build:4:0: ERROR: Value "false" (of type "string") for combo option "Check for GObject instrospection requirements" is not one of the choices. Possible choices are (as string): "enabled", "disabled", "auto". * and enable vapi only when introspection is enabled, use PACKAGECONFIG for that to avoid: meson.build:358:4: ERROR: Problem encountered: VAPI support requested without introspection Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ntp: whitelist CVE-2019-11331Peter Marko2023-04-191-0/+2
| | | | | | | | | | | | Links from https://nvd.nist.gov/vuln/detail/CVE-2019-11331 lead to conclusion that this is how icurrent ntp protocol is designed. New RFC is propsed for future but it will not be compatible with current one. See https://support.f5.com/csp/article/K09940637 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpdump: upgrade 4.99.3 -> 4.99.4Wang Mingyu2023-04-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== Source code: ---------------- Fix spaces before tabs in indentation. Updated printers: ----------------- LSP ping: Fix "Unused value" warnings from Coverity. CVE-2023-1801: Fix an out-of-bounds write in the SMB printer. DNS: sync resource types with IANA. ICMPv6: Update the output to show a RPL DAO field name. Geneve: Fix the Geneve UDP port test. Building and testing: ---------------------- Require at least autoconf 2.69. Don't check for strftime(), as it's in C90 and beyond. Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21. Documentation: ------------- man: Document TCP flag names better. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: upgrade 2.6.2 -> 2.6.3Wang Mingyu2023-04-171-1/+1
| | | | | | | | | | | | | Changelog: ========== GHA: remove Ubuntu 18.04 builds vcpkg: request "tools" feature of openssl for MSVC build doc: run rst2* with --strict to catch warnings Support of DNS domain for DHCP-less drivers Bug-fix: segfault in dco_get_peer_stats() Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mctp: upgrade 1.0 -> 1.1Wang Mingyu2023-04-171-3/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Remove double protocol= from SRC_URIsPeter Kjellerstedt2023-04-051-1/+1
| | | | | | | | | | With the exception of paho-mqtt-cpp, the double protocol= attributes were added to the SRC_URIs when protocol=https was added to all SRC_URIs fetching from github.com in commit b402a3076f (recipes: Update SRC_URI branch and protocols). Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: upgrade 2.6.1 -> 2.6.2Wang Mingyu2023-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== dco: don't use NetLink to exchange control packets dco: print version to log if available dco-linux: remove M_ERRNO flag when printing netlink error message multi: don't call DCO APIs if DCO is disabled dco-freebsd: use m->instances[] instead of m->hash dco-linux: implement dco_get_peer_stats{, multi} API Set netlink socket to be non-blocking Ensure n = 2 is set in key2 struct in tls_crypt_v2_unwrap_client_key Fix memory leaks in open_tun_dco() Fix memory leaks in HMAC initial packet generation Use key_state instead of multi for tls_send_payload parameter Make sending plain text control message session aware Only update frame calculation if we have a valid link sockets Improve description of compat-mode Simplify --compress parsing in options.c Refuse connection if server pushes an option contradicting allow-compress Add 'allow-compression stub-only' internally for DCO Parse compression options and bail out when compression is disabled tests/unit_tests: Fix 'make distcheck' with subdir-objects enabled preparing release 2.6.2 dns option: allow up to eight addresses per server dco: print FreeBSD version Support --inactive option for DCO Fix '--inactive <time> 0' behavior for DCO Print DCO client stats on SIGUSR2 Don't overwrite socket flags when using DCO on Windows using OpenSSL3 API for EVP PKEY type name reporting Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded form Import some sample certificates into Windows store for testing Add tests for finding certificates in Windows cert store Refactor SSL_CTX_use_CryptoAPI_certificate() Add a test for signing with certificates in Windows store Unit tests: add test for SSL_CTX_use_Cryptoapi_certificate() Improve error message on short read from socks proxy Make error in setting metric for IPv6 interface non-fatal Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ndisc6: upgrade 1.0.6 -> 1.0.7Wang Mingyu2023-04-041-1/+1
| | | | | | | | | | Changelog: ========= # Do not ignore multicast advertisements when discovery was sent as unicast (fix regression from 1.0.5). Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libldb: upgrade 2.7.1 -> 2.7.2Wang Mingyu2023-04-041-2/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fwknop: Fix AS_IF configure syntaxKhem Raj2023-04-022-11/+32
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fwknop: Use pkg-config instead of gpgme-configKhem Raj2023-04-022-1/+29
| | | | | | pkg-config is sysroot aware which is needed for cross-builds Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dnsmasq: fix CVE-2023-28450Peter Marko2023-03-252-0/+49
| | | | | | | | The patch is modified by removing irrelevant and conflicting CHANGELOG entry. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: upgrade 1.33.10 -> 1.33.11Wang Mingyu2023-03-231-2/+2
| | | | | | | | License-Update: "Copyright (C) 2013-2020 Red Hat Inc." changed to "Copyright Red Hat" Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ettercap: Update Upstream-StatusFabio Estevam2023-03-231-1/+1
| | | | | | | | The patch has been applied upstream, so update the Upstream-Status line accordingly. Signed-off-by: Fabio Estevam <festevam@denx.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ettercap: Fix build with libcurl >= 8Khem Raj2023-03-232-1/+40
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpreplay: 4.4.2 -> 4.4.3Yi Zhao2023-03-231-1/+1
| | | | | | | | ChangeLog: https://github.com/appneta/tcpreplay/releases/tag/v4.4.3 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pgpool2: Added a new recipe.Lei Maohui2023-03-225-0/+142
| | | | | | | Pgpool-II is a middleware that works between PostgreSQL servers and a PostgreSQL database client. It is distributed under a license similar to BSD and MIT. It provides the following features. Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ntp: drop the deprecated ntpdateZhixiong Chi2023-03-174-116/+8
| | | | | | | | | | | The combination of ntpd and sntp now implements the functions of ntpdate, which has been deprecated. Now we don't need ntpdate anymore, and we can use the following command 'ntpd -q -g -x' instead. So drop the related section of ntpdate now. Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* rdma-core: upgrade 44.0 -> 45.0Wang Mingyu2023-03-171-1/+1
| | | | | | | | | | | | | | | | | | Changelog: ========== 53ee89b Merge pull request #1299 from zhuyj/dmabuf 95507d0 Merge pull request #1311 from EdwardSro/pr-pyverbs-tests 087deb5 irdma: Add support for ibv_reg_dmabuf_mr 6644617 Merge pull request #1309 from hz-cheng/master fe9e480 Merge pull request #1304 from EdwardSro/pr-tests-fixes 5c9f444 Merge pull request #1303 from EdwardSro/pr-mlx5-dr-steering 8f56a83 Merge pull request #1310 from joshuafried/mlx5_dr_bugfix 638ace8 tests: Add test for devx DBR-less mode data path 25a4bf0 tests: Skip CUDA tests if there is no CUDA device 5dad658 tests: Add set and copy modify action of metadata Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libldb: upgrade 2.6.1 -> 2.7.1Yi Zhao2023-03-142-9/+9
| | | | | | | Refresh 0002-ldb-Add-configure-options-for-packages.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: upgrade 2.6.0 -> 2.6.1Petr Gotthard2023-03-101-1/+1
| | | | | | | | Changelog: https://github.com/OpenVPN/openvpn/blob/v2.6.1/Changes.rst Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: upgrade 1.33.7 -> 1.33.10Wang Mingyu2023-03-091-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* stunnel: upgrade 5.67 -> 5.69Wang Mingyu2023-03-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | License-Update: Copyright year updated to 2023. Changelog: ========== * New features - Improved logging performance with the "output" option. - Improved file read performance on the WIN32 platform. - DH and kDHEPSK ciphersuites removed from FIPS defaults. - Set the LimitNOFILE ulimit in stunnel.service to allow for up to 10,000 concurrent clients. - Added the new 'CAengine' service-level option to load a trusted CA certificate from an engine. - Added requesting client certificates in server mode with 'CApath' besides 'CAfile'. - Improved file read performance. - Improved logging performance. * Bugfixes - Fixed the "CApath" option on the WIN32 platform by applying https://github.com/openssl/openssl/pull/20312. - Fixed stunnel.spec used for building rpm packages. - Fixed tests on some OSes and architectures by merging Debian 07-tests-errmsg.patch (thx to Peter Pentchev). - Fixed EWOULDBLOCK errors in protocol negotiation. - Fixed handling TLS errors in protocol negotiation. - Prevented following fatal TLS alerts with TCP resets. - Improved OpenSSL initialization on WIN32. - Improved testing suite stability. * Security bugfixes - OpenSSL DLLs updated to version 3.0.8. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* traceroute: upgrade 2.1.1 -> 2.1.2Yi Zhao2023-03-061-1/+1
| | | | | | | | | Changes in 2.1.2: * Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1 (Eric Dumazet, SF bug #14) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: 5.9.9 -> 5.9.10Yi Zhao2023-03-061-3/+3
| | | | | | | | Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.10 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-07-07 13:03:23 +0000