summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
* tcpdump: update 4.9.3 -> 4.99.0Yi Fan Yu2021-02-216-158/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removed patches: * avoid-absolute-path-when-searching-for-libdlpi.patch reason: this is a solaris specific patch, It no longer generates QA error. * unnecessary-to-check-libpcap.patch reason: upstream changed the logic, a new patch was needed. New patch: * 0001-aclocal.m4-Skip-checking-for-pcap-config.patch reason: configure shouldn't look for pcap-config. upstream reference: cfc4c750a Modified patch: * add-ptest.patch reason: Makefile had slight change. new unrelated perl script was introduced, removed to make package QA happy. License: upstream removed some whitespace Ptest: binaries are now present in /usr/bin not /usr/sbin upstream commit: 95096be4f add perl libraries dependencies tests passed: 571 (qemux86-64) tests failed: 0 Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update common-licenses references to match new namesKhem Raj2021-02-213-4/+4
| | | | | | | | | The licenses were renamed to match their SPDX names, fix the references in LIC_FILES_CHKSUM Correct the checksums where they were wrong Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: updae to 4.7.0Oleksandr Kravchuk2021-02-191-1/+1
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireshark-src: improve reproducibilityOleksiy Obitotskyy2021-02-175-0/+233
| | | | | | | | | | | | What was done: - add --noline option to flex, --no-line to bison and -l to lemon generators to prevent adding #line directives with absolute path. - eliminate absolute source path in python code generator and use baseline instead. Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireshark: update to 3.4.3Oleksandr Kravchuk2021-02-111-2/+2
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fetchmail: udpate to 6.4.16Oleksandr Kravchuk2021-02-111-4/+6
| | | | | | | License-Update: copyright years. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ndpi: fix autoconf-2.71 compatibilityHongxu Jia2021-02-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While DEBUG_BUILD != 1, Yocto adds option _FORTIFY_SOURCE to CPP and CC [1], since _FORTIFY_SOURCE requires -O1 or higher, if no -O1 or higher then results in a compiler warning. The configure.ac of ndpi uses macro AC_PROG_CC to test toolchain, since CPPFLAGS does not have the option -O<level> [1], while building with autoconf 2.71+, the toolchain test will report a warning. The configure.ac of ndpi uses macro AC_LANG_WERROR to treat the warning as error. Then it broke the build ... |configure: error: C preprocessor "i686-wrs-linux-gcc -E --sysroot=tmp-glibc/ work/core2-32-wrs-linux/ndpi/3.4-r0/recipe-sysroot -m32 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security" fails sanity check ... The SELECTED_OPTIMIZATION contains option -O<level>, add SELECTED_OPTIMIZATION to CPPFLAGS to could fix the issue [1] The definition of CPP and CC and XXXFLAGS in bitbake.conf [snip] export CPP = "${HOST_PREFIX}gcc -E${TOOLCHAIN_OPTIONS} ${HOST_CC_ARCH}" export CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}" ... export CFLAGS = "${TARGET_CFLAGS}" TARGET_CFLAGS = "${TARGET_CPPFLAGS} ${SELECTED_OPTIMIZATION}" ... export CPPFLAGS = "${TARGET_CPPFLAGS}" TARGET_CPPFLAGS = "" [snip] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mosquitto: Upgrade 1.6.12 -> 2.0.7Gianfranco2021-02-083-23/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - drop patch install-protocol.patch: upstream - add new cjson and dlt-daemon dependencies - update copyright and license - add build of manpages optionally via PACKAGECONFIG - also install the new mosquitto_ctrl and mosquitto_dynamic_security.so tools 2.0.7 - 2021-02-04 ================== Broker: - Fix exporting of executable symbols on BSD when building via makefile. - Fix some minor memory leaks on exit only. - Fix possible memory leak on connect. Closes #2057. - Fix openssl engine not being able to load private key. Closes #2066. Clients: - Fix config files truncating options after the first space. Closes #2059. Build: - Fix man page building to not absolutely require xsltproc when using CMake. This now handles the case where we are building from the released tar, or building from git if xsltproc is available, or building from git if xsltproc is not available. 1.6.13 - 2021-02-04 =================== Broker: - Fix crash on Windows if loading a plugin fails. Closes #1866. - Fix DH group not being set for TLS connections, which meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476. - Fix local bridges being disconnected on SIGHUP. Closes #1942. - Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2 messages. Closes #1968. - Fix listener not being reassociated with client when reloading a persistence file and `per_listener_settings true` is set and the client did not set a username. Closes #1891. - Fix file logging on Windows. Closes #1880. - Fix bridge sock not being removed from sock hash on error. Closes #1897. Client library: - Fix build on Mac Big Sur. Closes #1905. - Fix DH group not being set for TLS connections, which meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476. Clients: - mosquitto_sub will now quit with an error if the %U option is used on Windows, rather than just quitting. Closes #1908. - Fix config files truncating options after the first space. Closes #2059. Apps: - Perform stricter parsing of input username in mosquitto_passwd. Closes #570126 (Eclipse bugzilla). Build: - Enable epoll support in CMake builds. 2.0.6 - 2021-01-28 ================== Broker: - Fix calculation of remaining length parameter for websockets clients that send fragmented packets. Closes #1974. Broker: - Fix potential duplicate Will messages being sent when a will delay interval has been set. - Fix message expiry interval property not being honoured in `mosquitto_broker_publish` and `mosquitto_broker_publish_copy`. - Fix websockets listeners with TLS not responding. Closes #2020. - Add notes that libsystemd-dev or similar is needed if building with systemd support. Closes #2019. - Improve logging in obscure cases when a client disconnects. Closes #2017. - Fix reloading of listeners where multiple listeners have been defined with the same port but different bind addresses. Closes #2029. - Fix `message_size_limit` not applying to the Will payload. Closes #2022. - The error topic-alias-invalid was being sent if an MQTT v5 client published a message with empty topic and topic alias set, but the topic alias hadn't already been configured on the broker. This has been fixed to send a protocol error, as per section 3.3.4 of the specification. - Note in the man pages that SIGHUP reloads TLS certificates. Closes #2037. - Fix bridges not always connecting on Windows. Closes #2043. Apps: - Allow command line arguments to override config file options in mosquitto_ctrl. Closes #2010. - mosquitto_ctrl: produce an error when requesting a new password if both attempts do not match. Closes #2011. Build: - Fix cmake builds using `WITH_CJSON=no` not working if cJSON not found. Closes #2026. Other: - The SPDX identifiers for EDL-1.0 have been changed to BSD-3-Clause as per The Eclipse legal documentation generator. The licenses are identical. 2.0.5 - 2021-01-11 ================== Broker: - Fix `auth_method` not being provided to the extended auth plugin event. Closes #1975. - Fix large packets not being completely published to slow clients. Closes #1977. - Fix bridge connection not relinquishing POLLOUT after messages are sent. Closes #1979. - Fix apparmor incorrectly denying access to /var/lib/mosquitto/mosquitto.db.new. Closes #1978. - Fix potential intermittent initial bridge connections when using poll(). - Fix `bind_interface` option. Closes #1999. - Fix invalid behaviour in dynsec plugin if a group or client is deleted before a role that was attached to the group or client is deleted. Closes #1998. - Improve logging in dynsec addGroupRole command. Closes #2005. - Improve logging in dynsec addGroupClient command. Closes #2008. Client library: - Improve documentation around the `_v5()` and non-v5 functions, e.g. `mosquitto_publish()` and `mosquitto_publish_v5(). Build: - `install` Makefile target should depend on `all`, not `mosquitto`, to ensure that man pages are always built. Closes #1989. - Fixes for lots of minor build warnings highlighted by Visual Studio. Apps: - Disallow control characters in mosquitto_passwd usernames. - Fix incorrect description in mosquitto_ctrl man page. Closes #1995. - Fix `mosquitto_ctrl dynsec getGroup` not showing roles. Closes #1997. 2.0.4 - 2020-12-22 ================== Broker: - Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2 messages. Closes #1968. - mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() should not reset the bind address option if called with bind_address == NULL. - Fix dynamic security configuration possibly not being reloaded on Windows only. Closes #1962. - Add more log messages for dynsec load/save error conditions. - Fix websockets connections blocking non-websockets connections on Windows. Closes #1934. Build: - Fix man pages not being built when using CMake. Closes #1969. 2.0.3 - 2020-12-17 ================== Security: - Running mosquitto_passwd with the following arguments only `mosquitto_passwd -b password_file username password` would cause the username to be used as the password. Broker: - Fix excessive CPU use on non-Linux systems when the open file limit is set high. Closes #1947. - Fix LWT not being sent on client takeover when the existing session wasn't being continued. Closes #1946. - Fix bridges possibly not completing connections when WITH_ADNS is in use. Closes #1960. - Fix QoS 0 messages not being delivered if max_queued_messages was set to 0. Closes #1956. - Fix local bridges being disconnected on SIGHUP. Closes #1942. - Fix slow initial bridge connections for WITH_ADNS=no. - Fix persistence_location not appending a '/'. Clients: - Fix mosquitto_sub being unable to terminate with Ctrl-C if a successful connection is not made. Closes #1957. Apps: - Fix `mosquitto_passwd -b` using username as password (not if `-c` is also used). Closes #1949. Build: - Fix `install` target when using WITH_CJSON=no. Closes #1938. - Fix `generic` docker build. Closes #1945. 2.0.2 - 2020-12-10 ================== Broker: - Fix build regression for WITH_WEBSOCKETS=yes on non-Linux systems. 2.0.1 - 2020-12-10 ================== Broker: - Fix websockets connections on Windows blocking subsequent connections. Closes #1934. - Fix DH group not being set for TLS connections, which meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476. - Fix websockets listeners not causing the main loop not to wake up. Closes #1936. Client library: - Fix DH group not being set for TLS connections, which meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476. Apps: - Fix `mosquitto_passwd -U` Build: - Fix cjson include paths. - Fix build using WITH_TLS=no when the openssl headers aren't available. - Distribute cmake/ and snap/ directories in tar. 2.0.0 - 2020-12-03 ================== Breaking changes: - When the Mosquitto broker is run without configuring any listeners it will now bind to the loopback interfaces 127.0.0.1 and/or ::1. This means that only connections from the local host will be possible. Running the broker as `mosquitto` or `mosquitto -p 1883` will bind to the loopback interface. Running the broker with a configuration file with no listeners configured will bind to the loopback interface with port 1883. Running the broker with a listener defined will bind by default to `0.0.0.0` / `::` and so will be accessible from any interface. It is still possible to bind to a specific address/interface. If the broker is run as `mosquitto -c mosquitto.conf -p 1884`, and a listener is defined in the configuration file, then the port defined on the command line will be IGNORED, and no listener configured for it. - All listeners now default to `allow_anonymous false` unless explicitly set to true in the configuration file. This means that when configuring a listener the user must either configure an authentication and access control method, or set `allow_anonymous true`. When the broker is run without a configured listener, and so binds to the loopback interface, anonymous connections are allowed. - If Mosquitto is run on as root on a unix like system, it will attempt to drop privileges as soon as the configuration file has been read. This is in contrast to the previous behaviour where elevated privileges were only dropped after listeners had been started (and hence TLS certificates loaded) and logging had been started. The change means that clients will never be able to connect to the broker when it is running as root, unless the user explicitly sets it to run as root, which is not advised. It also means that all locations that the broker needs to access must be available to the unprivileged user. In particular those people using TLS certificates from Lets Encrypt will need to do something to allow Mosquitto to access those certificates. An example deploy renewal hook script to help with this is at `misc/letsencrypt/mosquitto-copy.sh`. The user that Mosquitto will change to are the one provided in the configuration, `mosquitto`, or `nobody`, in order of availability. - The `pid_file` option will now always attempt to write a pid file, regardless of whether the `-d` argument is used when running the broker. - The `tls_version` option now defines the *minimum* TLS protocol version to be used, rather than the exact version. Closes #1258. - The `max_queued_messages` option has been increased from 100 to 1000 by default, and now also applies to QoS 0 messages, when a client is connected. - The mosquitto_sub, mosquitto_pub, and mosquitto_rr clients will now load OS provided CA certificates by default if `-L mqtts://...` is used, or if the port is set to 8883 and no other CA certificates are loaded. - Minimum support libwebsockets version is now 2.4.0 - The license has changed from "EPL-1.0 OR EDL-1.0" to "EPL-2.0 OR EDL-1.0". Broker features: - New plugin interface which is more flexible, easier to develop for and easier to extend. - New dynamic security plugin, which allows clients, groups, and roles to be defined and updated as the broker is running. - Performance improvements, particularly for higher numbers of clients. - When running as root, if dropping privileges to the "mosquitto" user fails, then try "nobody" instead. This reduces the burden on users installing Mosquitto themselves. - Add support for Unix domain socket listeners. - Add `bridge_outgoing_retain` option, to allow outgoing messages from a bridge to have the retain bit completely disabled, which is useful when bridging to e.g. Amazon or Google. - Add support for MQTT v5 bridges to handle the "retain-available" property being false. - Allow MQTT v5.0 outgoing bridges to fall back to MQTT v3.1.1 if connecting to a v3.x only broker. - DLT logging is now configurable at runtime with `log_dest dlt`. Closes #1735. - Add `mosquitto_broker_publish()` and `mosquitto_broker_publish_copy()` functions, which can be used by plugins to publish messages. - Add `mosquitto_client_protocol_version()` function which can be used by plugins to determine which version of MQTT a client has connected with. - Add `mosquitto_kick_client_by_clientid()` and `mosquitto_kick_client_by_username()` functions, which can be used by plugins to disconnect clients. - Add support for handling $CONTROL/ topics in plugins. - Add support for PBKDF2-SHA512 password hashing. - Enabling certificate based TLS encryption is now through certfile and keyfile, not capath or cafile. - Added support for controlling UNSUBSCRIBE calls in v5 plugin ACL checks. - Add "deny" acl type. Closes #1611. - The broker now sends the receive-maximum property for MQTT v5 CONNACKs. - Add the `bridge_max_packet_size` option. Closes #265. - Add the `bridge_bind_address` option. Closes #1311. - TLS certificates for the server are now reloaded on SIGHUP. - Default for max_queued_messages has been changed to 1000. - Add `ciphers_tls1.3` option, to allow setting TLS v1.3 ciphersuites. Closes #1825. - Bridges now obey MQTT v5 server-keepalive. - Add bridge support for the MQTT v5 maximum-qos property. - Log client port on new connections. Closes #1911. Broker fixes: - Send DISCONNECT with `malformed-packet` reason code on invalid PUBLISH, SUBSCRIBE, and UNSUBSCRIBE packets. - Document that X509_free() must be called after using mosquitto_client_certificate(). Closes #1842. - Fix listener not being reassociated with client when reloading a persistence file and `per_listener_settings true` is set and the client did not set a username. Closes #1891. - Fix bridge sock not being removed from sock hash on error. Closes #1897. - mosquitto_password now forbids the : character. Closes #1833. - Fix `log_timestamp_format` not applying to `log_dest topic`. Closes #1862. - Fix crash on Windows if loading a plugin fails. Closes #1866. - Fix file logging on Windows. Closes #1880. - Report an error if the config file is set to a directory. Closes #1814. - Fix bridges incorrectly setting Wills to manage remote notifications when `notifications_local_only` was set true. Closes #1902. Client library features: - Client no longer generates random client ids for v3.1.1 clients, these are now expected to be generated on the broker. This matches the behaviour for v5 clients. Closes #291. - Add support for connecting to brokers through Unix domain sockets. - Add `mosquitto_property_identifier()`, for retrieving the identifier integer for a property. - Add `mosquitto_property_identifier_to_string()` for converting a property identifier integer to the corresponding property name string. - Add `mosquitto_property_next()` to retrieve the next property in a list, for iterating over property lists. - mosquitto_pub now handles the MQTT v5 retain-available property by never setting the retain bit. - Added MOSQ_OPT_TCP_NODELAY, to allow disabling Nagle's algorithm on client sockets. Closes #1526. - Add `mosquitto_ssl_get()` to allow clients to access their SSL structure and perform additional verification. - Add MOSQ_OPT_BIND_ADDRESS to allow setting of a bind address independently of the `mosquitto_connect*()` call. - Add `MOSQ_OPT_TLS_USE_OS_CERTS` option, to instruct the client to load and trust OS provided CA certificates for use with TLS connections. Client library fixes: - Fix send quota being incorrecly reset on reconnect. Closes #1822. - Don't use logging until log mutex is initialised. Closes #1819. - Fix missing mach/mach_time.h header on OS X. Closes #1831. - Fix connect properties not being sent when the client automatically reconnects. Closes #1846. Client features: - Add timeout return code (27) for `mosquitto_sub -W <secs>` and `mosquitto_rr -W <secs>`. Closes #275. - Add support for connecting to brokers through Unix domain sockets with the `--unix` argument. - Use cJSON library for producing JSON output, where available. Closes #1222. - Add support for outputting MQTT v5 property information to mosquitto_sub/rr JSON output. Closes #1416. - Add `--pretty` option to mosquitto_sub/rr for formatted/unformatted JSON output. - Add support for v5 property printing to mosquitto_sub/rr in non-JSON mode. Closes #1416. - Add `--nodelay` to all clients to allow them to use the MOSQ_OPT_TCP_NODELAY option. - Add `-x` to all clients to all the session-expiry-interval property to be easily set for MQTT v5 clients. - Add `--random-filter` to mosquitto_sub, to allow only a certain proportion of received messages to be printed. - mosquitto_sub %j and %J timestamps are now in a ISO 8601 compatible format. - mosquitto_sub now supports extra format specifiers for field width and precision for some parameters. - Add `--version` for all clients. - All clients now load OS provided CA certificates if used with `-L mqtts://...`, or if port is set to 8883 and no other CA certificates are used. Closes #1824. - Add the `--tls-use-os-certs` option to all clients. Client fixes: - mosquitto_sub will now exit if all subscriptions were denied. - mosquitto_pub now sends 0 length files without an error when using `-f`. - Fix description of `-e` and `-t` arguments in mosquitto_rr. Closes #1881. - mosquitto_sub will now quit with an error if the %U option is used on Windows, rather than just quitting. Closes #1908. Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* atftp: update to 0.7.4Oleksandr Kravchuk2021-02-073-92/+1
| | | | | | | Removed upstreamed patches. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix build failure with autoconf 2.71Hongxu Jia2021-02-072-0/+43
| | | | | | | | | | | | | While using autoconf 2.71, the AM_MISSING_PROG caused unexpected error: ... configure.ac: error: required file 'missing' not found ... Since these tools were explicitly added by autotools bbclass, remove the testing to workaround the error with autoconf 2.7 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nghttp2: update to 1.43.0Oleksandr Kravchuk2021-02-061-2/+1
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libtalloc: upgrade 2.3.1 -> 2.3.2zangrc2021-02-061-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* kronosnet: update 1.20Oleksandr Kravchuk2021-02-061-1/+1
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ipset: update to 7.10Oleksandr Kravchuk2021-02-061-1/+1
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cannelloni: update to 1.0.0Oleksandr Kravchuk2021-02-063-82/+2
| | | | | | | Removed upstreamed patches. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* adcli: update to 0.9.0Oleksandr Kravchuk2021-02-061-1/+1
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireguard-module: remove PKG assignmentMartin Jansa2021-02-051-7/+0
| | | | | | | | | | | * it's not clear why it was added in first place and it's causing issues since: "package: get_package_mapping: avoid dependency mapping if renamed package provides original name" commit in oe-core as discussed in: https://lists.openembedded.org/g/openembedded-core/message/143672 https://github.com/openembedded/meta-openembedded/issues/285 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice: make conpatible to autoconf-2.70Hongxu Jia2021-02-052-0/+49
| | | | | | | | | | | In order to build with autoconf 2.7, explicitly link to jpeg lib since lib jpeg is already in DEPENDS ... | checking for jpeglib.h... ../git/configure: line 16008: CPP: command not found ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netsnmp: remove --with-openssl=PATH configure optionMingli Yu2021-02-051-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The openssl already added in DEPENDS and the openssl related library will be in recipe-sysroot. So it's meanlingless to add the configure option "--with-openssl=${STAGING_EXECPREFIXDIR}" as the below help message. $ cd /prj/net-snmp-5.9/ $ ./configure --help [snip] --with-openssl=PATH Look for openssl in PATH/lib, or PATH may be "internal" to build with minimal copied OpenSSL code for USM only [snip] And there is also a side effect after add the above openssl configuration as the build path is added for NSC_LDFLAGS in /usr/bin/net-snmp-config. NSC_LDFLAGS="-L/prj/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib64 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now" To improve reproducibility for netsnmp as below. $ sed -i -e 's@${STAGING_DIR_HOST}@@g' -i ${D}${bindir}/net-snmp-config The NSC_LDFLAGS in net-snmp-config will be changed to below: NSC_LDFLAGS="-L/usr/lib64 -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now" But it will result in other packages which depend on net-snmp such as corosync, quagga and etc uses the build host library and introduce below do_configure error. ERROR: QA Issue: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities. Rerun configure task after fixing this. [configure-unsafe] So remove the useless configuration to fix the issue. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* open-isns: upgrade 0.99 -> 0.101zhengruoqin2021-02-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Changes v0.100 to v0.101: Dmitry Bogdanov (1): Fix parsing of GetNextRsp Lee Duncan (10): Ignore common build files Fix compiler issue when not in security mode Do not ignore write() return value. Fix 586 compile issue and remove -Werror Added a TODO: 'make depend' not worrking Update version string to "0.100". Fix broken server authentication initialization. Add man page for isnssetup. Added TODO to test "isnsd --init" Preparing for version 0.101 Leo (1): socket.c: include poll.h instead of sys/poll.h for POSIX compatibility Rosen Penev (2): fix compilation without deprecated OpenSSL APIs libisns: remove sighold and sigrelse * Changes v0.99 to v0.100: Chris Leech (1): Travis-CI and Coverity Scan setup Lee Duncan (7): Fix compiler complaint about possible alignment issue add tags to ignored list of files Change isns_portal_string() to return allocated string. Remove old compiler option, and add "-Werror". openssl: handle newer version with ifdefs General cleanup for the compiler. Fix problem with parsing IPv6 Addresses with brakcets. Preparing for version v0.100 Added debugging, moved .cvsignore to .gitignore fixed issues with old openssl usage Adding python compiled files Change isns_portal_string() to use static mem Running make twice should not rebuild everything Fix mdebug.c so it compiles when enabled. Handle restarting test harness server correctly Ignore SO lib Create and use pythong unittest framework Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* correct "RRCOMMENDS" typo in ipset recipeRobert P. J. Day2021-02-041-2/+2
| | | | | Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* keepalived: Upgrade to 2.2.1Khem Raj2021-02-041-3/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* net-snmp: Remove hardcoded paths to build host in net-snmp-configKhem Raj2021-02-041-10/+8
| | | | | | | | | New autconf detects that NSC_LDFLAGS are hardcoded to use -L/usr/lib therefore edit these variables during build so that they have cross-compile friendly values when net-snmp-config is used during build of dependent packages Signed-off-by: Khem Raj <raj.khem@gmail.com>
* lksctp-tools: make conpatible to autoconf-2.70Hongxu Jia2021-02-042-0/+90
| | | | | | | | | | | ... ./configure: line 16398: syntax error: unexpected end of file ... Backport a commit from upstream to fix it Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* net-snmp: fix build with dashMartin Jansa2021-02-021-1/+1
| | | | | | | | | | * fixes: | make[1]: Leaving directory 'net-snmp/5.9-r0/net-snmp-5.9/mibs' | sed: can't read net-snmp/5.9-r0/image/usr/lib/pkgconfig/{netsnmp-agent.pc,netsnmp.pc}: No such file or directory | WARNING: exit code 2 from a shell command. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dnsmasq: upgrade 2.82 -> 2.84Wang Mingyu2021-01-293-12/+13
| | | | | | | | Refresh the following patch: lua.patch Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* net-snmp: improve reproducibilityMingli Yu2021-01-292-2/+44
| | | | | | | | | Add a patch to fix the gap between 32bit and 64bit system when the configure option "--with-openssl=${STAGING_EXECPREFIXDIR}" passed in. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openipmi: upgrade 2.0.30 -> 2.0.31Yi Zhao2021-01-293-21/+22
| | | | | | | Refresh openipmi-remove-host-path-from-la_LDFLAGS.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: Add PACKAGECONFIG for ovsNicolas Jeker2021-01-281-1/+1
| | | | | | | | | | | | | | | Open vSwitch support is enabled by default in NetworkManager, but only useful in the context of several virtualisation environments, e.g. Xen, KVM, OpenStack and more. Therefore, the ovs PACKAGECONFIG is now disabled by default. The jansson dependency is only required for Open vSwitch and teamsdctl support in NetworkManager. As there is no libteamsdctl recipe around (and no teamsdctl PACKAGECONFIG), make it dependent on the ovs PACKAGECONFIG. Signed-off-by: Nicolas Jeker <n.jeker@gmx.net> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: add missing readline dependsAdrian2021-01-271-2/+6
| | | | | | | | Introduce PACKAGECONFIG[nmcli] to make building the nmcli utility which depends on GPLv3 licensed readline library optional. Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: Add Wireless Extensions to PACKAGECONFIG[wifi]Nicolas Jeker2021-01-271-1/+1
| | | | | | | | | | | Linux Wireless Extensions (Wext) support is enabled per default in NetworkManager. Having Wext enabled without enabling WiFi support, too, doesn't make much sense. Therefore, instead of creating a separate PACKAGECONFIG flag, 'wext' was added to the already existing 'wifi' flag. Signed-off-by: Nicolas Jeker <n.jeker@gmx.net> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dnsmasq: Fix systemd serviceMario Schuknecht2021-01-251-1/+1
| | | | | | | | | | Systemd service file option 'ExecStopPre' is warned and ignored by systemd. By replacing 'ExecStopPre' with 'ExecStop', the intended behavior is realized. The 'ExecStop' commands are executed one after the other. Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* firewalld: upgrade 0.9.2 -> 0.9.3Adrian Freihofer2021-01-251-4/+5
| | | | | | | | | | | Fix new dependencies to nftables-python. Firewalld has been changed to use python bindings instead of calling the nftables cli utility. (Has this firewalld recipe been used with firewalld's default configuration which defaults to nftables backend?) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nftables: upgrade 0.9.7 -> 0.9.8Adrian Freihofer2021-01-251-3/+3
| | | | | | | | | | | | | Added missing RDEPENDS to the libnft library from nftables-python to libnftable.so.1 which is loaded dynamically by LibraryLoader into python. Added json to default PACKAGECONFIG which is probably used as well when compiled with python support. For example firewalld crashes at runtime if nftables is compiled without json support. Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-networkmanager: upgrade 2.1 -> 2.2zangrc2021-01-251-3/+3
| | | | | | | | -License-Update: Copyright year updated to 2021. Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libnftnl: upgrade 1.1.8 -> 1.1.9zangrc2021-01-251-1/+1
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: upgrade 1.22.14 -> 1.28.0Andreas Müller2021-01-218-108/+65
| | | | | | | | | | | | | * Build tested on aarch64 glibc/musl * 0003-Fix-build-with-musl-for-n-dhcp4.patch has to go. Grepped nm code for seed48_r / mrand48_r => no findings * Since this is a huge version bump no detaile release notes are provided here * Have tried to move to meson build few months ago but it turned into huge efforts and ended without success. Maybe situation changed but let's postpone for now Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* net-snmp: control smux via PACKAGECONFIGDiego Santa Cruz2021-01-211-3/+5
| | | | | | | | | | | | | | | | Support for smux is always enabled by the recipe, but it can be a security risk since it makes the snmpd daemon listen on TCP port 199. This makes it contrallable via PACKAGECONFIG, so that it can be easily disabled from the distro or local config. The mechanism makes it easy to add control for other MIB modules via PACKAGECONFIG later if need be. For compatibility smux is added to the default PACKAGECONFIG, so there is no change in the default build configuration. Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* blueman: refresh patchKai Kang2021-01-191-13/+4
| | | | | | | | Module 'time' had been imported in Functions.py by upstream, so not import in 0002-fix-fail-to-enable-bluetooth.patch and update accordingly. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* celt051: update SRC_URIchangqing.li@windriver.com2021-01-191-1/+1
| | | | | | | | original SRC_URI is not valid now, offical CELT repository moved to gitlab Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dovecot: upgrade 2.2.36.4 -> 2.3.13Wang Mingyu2021-01-184-90/+85
| | | | | | | | | | | | 0001-doveadm-Fix-parallel-build.patch removed since it is included in 2.3.13 refresh 0001-configure.ac-convert-AC_TRY_RUN-to-AC_TRY_LINK-state.patch add 0001-not-check-pandoc.patch to not check pandoc of configure Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* packagegroup-meta-networking: Add ipsetKhem Raj2021-01-181-0/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ipset: add recipeArmin Kuster2021-01-181-0/+21
| | | | | | | This is needed for login-shield pkg in meta-security Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireshark: Several securtiy fixesArmin Kuster2021-01-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Source: Wireshark.org MR: 106181, 106696, 107655, 107673, 107682 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 57df6ac3b11aabd96e6aec728501ce7988bc176a Description: Bugfix only update including these cves: 3.2.8 CVE-2020-26575 CVE-2020-28030 3.2.9 CVE-2020-26418 CVE-2020-26421 CVE-2020-26420 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mdns: upgrade 1096.40.7 -> 1310.40.42Zheng Ruoqin2021-01-122-3/+3
| | | | | | | | Refresh the following patch: 0001-mdns-include-stddef.h-for-NULL.patch Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* igmpproxy: upgrade 0.2.1 -> 0.3Zheng Ruoqin2021-01-121-2/+2
| | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* firewalld: upgrade 0.9.1 -> 0.9.2Zheng Ruoqin2021-01-121-1/+1
| | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cifs-utils: upgrade 6.11 -> 6.12Zheng Ruoqin2021-01-122-48/+1
| | | | | | | | 0001-Bugfix-Modify-the-dir-of-install-exec-hook-and.patch Removed since this is included in 6.12. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* rdma-core: upgrade 32.0 -> 33.0zangrc2021-01-071-4/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* blueman: upgrade 2.1.3 -> 2.1.4Andreas Müller2021-01-061-1/+1
| | | | | | | | | | | | | | | | | | | | Security release, see GHSA-jpc9-mgw6-2xwx/CVE-2020-15238 [1] Changes Force cython to use python language version 3 Do not use exitcode 1 when we expect to fail Mark more strings translatable (@cwendling) Bugs fixed Unstranslated strings Searching (with Ctrl+F in manager device list) did not work Default PIN lookup Fix device removal handling (@Yannik) Only use LaunchContext when we have proper event time [1] https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>