aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-connectivity
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: export source files/headers needed by ATFBeniamin Sandu6 hours1-0/+6
| | | | | | | | | | | | | | | | | | | Arm Trusted Firmware uses a list of mbedtls source files/headers to build a static library used for crypto functionality: https://github.com/ARM-software/arm-trusted-firmware/blob/master/drivers/auth/mbedtls/mbedtls_common.mk#L10 At the moment, any ATF version that wants to build with yocto and enable for example secure boot, needs to download and patch a version of mbedtls separately, e.g. : https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb#n10 This commit enables a simple way for ATF recipes to use the existing oe version of mbedtls by adding it as a dependency, and simply extending the build flags with: EXTRA_OEMAKE += 'MBEDTLS_DIR="${STAGING_DATADIR}/mbedtls-source"' Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393Stefan Ghinea34 hours1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. References: https://nvd.nist.gov/vuln/detail/CVE-2022-46392 https://nvd.nist.gov/vuln/detail/CVE-2022-46393 Upstream patches: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: add option to use PSA for X.509/TLS operationsRoss Burton11 days1-0/+6
| | | | | | | | Add an option to use Platform Security Architecture for the X.509 and TLS operations. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: upgrade 1.40.0 -> 1.40.10Wang Mingyu11 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== * Fix the evaluation of the autoconnect retries. * nm-cloud-setup now preserves addresses added externally. * Ensure that dnsmasq is stopped after changing the dns backend and restarting the service. * Fix honoring an explicit DHCPv6 DUID with dhclient. * Other various fixes. * Fixed a bug that caused devices (MACsec in particular) to be stuck in UNAVAILABLE state and not transition to DISCONNECTED if the carrier was ready too early. * Improved interoperability of MACsec with some Aruba switches by allowing CKN shorter than 64 characters. * Fixed an assertion failure when restarting NetworkManager with MACsec links configured. * Fixed a possible DHCP helper crash when handling failure to connect to D-Bus. * Corrected calculation of expiration time for items configured from IPv6 neighbor discovery messages. * Various fixes for platforms that don't allow unaligned memory access. * team: also set empty port configuration so teamd knows about the port. * team: restore port configuration after teamd respawn. * dhcp: revert restarting DHCP when MAC address changes, for example during a bond fail over. * various documentation fixes. * fix non-exported ABI in libnm which was wrongly present in the header files but unusable so far. * ifcfg-rh: fix writing ethtool pause settings to file. * core: set "proto static" for manual routing rules configured by NetworkManager. * Various minor bugfixes. * Ensure that resolv.conf gets updated when the configuration changes. * Fix setting as bond primary an interface that doesn't exist yet when the bond is activated. * The number of autoconnect retries is now accounted independently for each device when there are profiles with multi-connect=multiple. * Don't print duplicate entries in the output of "NetworkManager --print-config" * Fix the ifcfg-rh plugin to properly read infiniband P-Key connection profiles without an explicit interface name. * Allow the removal of a bond port connection profile from the bond via nmcli. * Fix race condition during the activation of veth profiles when the peer already exists. * Decline the DHCPv6 lease if all addresses fail IPv6 duplicate address detection (DAD). * Wait that devices get carrier before trying to resolve the system hostname on them via DNS. * Fix race condition during the initial activation of OVS interfaces. * Profiles generated by nm-initrd-generator now have lower than default priority. * Fix error when adding many SR-IOV virtual functions (VFs). Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dibbler: Fix build with c++17 and newer stdKhem Raj12 days3-1/+178
| | | | | | | Clang also warns about offsetof use to emulate _Alignof register keyword is no longer available so pre-empt it Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: upgrade 3.0.21 -> 3.0.26Yi Zhao2023-01-0918-154/+632
| | | | | | | | | | | | Release Notes: https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_26 * Refresh patches * Add autogen.sh as we still need it in do_configure * Backport a patch to fix configure error for rlm_python3 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* sshpass: Use SPDX identified string for GPLv2Khem Raj2023-01-061-1/+1
| | | | | | | Fixes QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* samba: Remove samba related PYTHONHASHSEED patches and use export functionpersianpros2023-01-012-31/+2
| | | | | | | | With export PYTHONHASHSEED="1" there will be no need for patching samba and its related libs So easier maintenance and a cleaner OE Signed-off-by: Khem Raj <raj.khem@gmail.com>
* samba upgrade 4.14.14 -> 4.17.4Yi Zhao2023-01-0116-208/+161
| | | | | | | | | | | | | | | | | | | | | | The 4.14.x is EOL: https://wiki.samba.org/index.php/Samba_Release_Planning Upgrade to latest 4.17.x. Release Notes: https://www.samba.org/samba/history/samba-4.17.0.html https://www.samba.org/samba/history/samba-4.17.4.html * Refresh patches * Update PACKAGECONFIG * Split a new package ctdb * Add a patch to skip checking PYTHONHASHSEED * Drop the following patches as these issues have been fixed upstream: 0005-samba-build-dnsserver_common-code.patch netdb_defines.patch samba-fix-musl-lib-without-innetgr.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: upgrade 5.5.3 -> 5.5.4Wang Mingyu2022-12-271-1/+1
| | | | | | | | Changelog: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: fix /etc/resolv.conf handlingChen Qi2022-12-231-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current handling of /etc/resolv.conf by NM has some problems. When networkd is not configuring network, and there's 'ip=dhcp' in kernel command line, the /run/NetworkManager/resolv.conf file is not created, resulting in /etc/resolv.conf being a dead symlink. This is because NM is treating the network interface as externally configured and will not try to reconfigure it again. This means if we want NM to work properly with /etc/resolv.conf, we've got to either ensure there's no 'ip=dhcp' in kernel command line, or we've got to ensure networkd is configuring network. This is weird because normally we should not enable two network managers at the same time. Note that NM syncs part of its codes with networkd, which is the reason I think it happens to work when these two network configuration tools are configuring the same interface at the same time. In fact, NM now works well with resolved. It sends the DNS info it gets to resolved unconditionally by default (the behavior could be disabled in configuration file). Looking at the original commit that sets up the update-alternatives mechanism, it says: """ This brings the networkmanager in sync with how systemd-resolved and connman work. Additionally this allows it to function with a read-only rootFS. """ I guess the author was using systemd but disabling resolved, and the author wanted to use read-only rootFS. In order to keep such combination still works, change to use PACKAGECONFIG to handle things, and when 'man-resolv-conf' is enabled, the above combination could still work. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: install config files into correct placeChen Qi2022-12-091-2/+2
| | | | | | | | | | | | | | | The current location has no effect, because NetworkManager is not looking for config files there. In meson.build, we have: nm_pkglibdir = join_paths(nm_prefix, 'lib', nm_name) config_extra_h.set_quoted('NMLIBDIR', nm_pkglibdir) It's clear that the configuration directory should be nonarch_libdir instead of libdir. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: fix dhcpcd PACKAGECONFIGChen Qi2022-12-091-1/+1
| | | | | | | | | | | | | | Without this patch, even if dhcpcd is enabled, the NetworkManager cannot find it. Below are the messages from NetworkMananger: dhcp: init: DHCP client 'dhcpcd' not available dhcp: init: Using DHCP client 'internal' The problem is that dhcpcd needs to be specified as a path, otherwise NetworkManager tries to find it in /usr/sbin/dhcpcd. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* blueman: upgrade 2.34 -> 2.35Markus Volk2022-11-251-1/+1
| | | | | | | | This fixes a nasty bug where the shown device list doesnt match the underlying MAC list, resulting in connecting to a different device than selected. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager-openvpn: upgrade 1.10.0 -> 1.10.2Wang Mingyu2022-11-191-1/+1
| | | | | | | | | | | | | | Changelog: ========= * IP condfiguration is no longer required in TAP mode. * Fix initialization of secret flags. * Add support for DOMAIN-SEARCH option. * Set data-ciphers option with chosen cipher. * Update Brazilian Portuguese, Croatian, Danish, Georgian, Polish, Serbian, Slovenian, Swedish, Turkish and Ukrainian translations. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix multilib systemd service start failureKai Kang2022-11-182-1/+32
| | | | | | | | | | It fails to start radiusd.service from lib32-freeradius that the configure directory is /etc/lib32-raddb rather than /etc/raddb. So add an environment file to export a variable MLPREFIX for the service file to make it start successfully. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* blueman: add RDEPEND on python3-fcntlMarkus Volk2022-11-111-0/+1
| | | | | | | | | After updating current poky master python3-fcntl is not installed into my image anymore. Blueman-applet fails to run with Error: No module named 'fcntl''Module fcntl not found' Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: upgrade 5.5.2 -> 5.5.3Wang Mingyu2022-11-091-1/+1
| | | | | | | | | | | | | | | Fixes --------- Fix for possible buffer zeroization overrun introduced at the end of v5.5.2 release cycle in GitHub pull request 5743 (#5743) and fixed in pull request 5757 (#5757). In the case where a specific memory allocation failed or a hardware fault happened there was the potential for an overrun of 0's when masking the buffer used for (D)TLS 1.2 and lower operations. (D)TLS 1.3 only and crypto only users are not affected by the issue. This is not related in any way to recent issues reported in OpenSSL. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* samba: Fix install conflict with multilib enabled.leimaohui2022-11-072-0/+123
| | | | | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: upgrade 5.5.1 -> 5.5.2Wang Mingyu2022-10-311-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* blueman: upgrade 2.3.2 -> 2.3.4Wang Mingyu2022-10-181-1/+1
| | | | | | | | | Bugs fixed ========== Errors when connected to a device with the DisconnectItems plugin enabled Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* blueman: upgrade 2.2.4 -> 2.3.2Markus Volk2022-10-132-12/+14
| | | | | | | | Switch from using tarball to git because the 2.3.2 tarball lacks the meson_options.txt file. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dhcp-relay: upgrade 4.4.3 -> 4.4.3-P1Yi Zhao2022-10-111-3/+3
| | | | | | | | | | | | | | | | | | | | Changes since 4.4.3 (Bug Fixes) Corrected a reference count leak that occurs when the server builds responses to leasequery packets. Thanks to VictorV of Cyber Kunlun Lab for reporting the issue. [Gitlab #253] CVE: CVE-2022-2928 Corrected a memory leak that occurs when unpacking a packet that has an FQDN option (81) that contains a label with length greater than 63 bytes. Thanks to VictorV of Cyber Kunlun Lab for reporting the issue. [Gitlab #254] CVE: CVE-2022-2929 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: upgrade 5.5.0 -> 5.5.1zhengrq.fnst2022-10-101-1/+1
| | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: Whitelist CVE-2021-43666, CVE-2021-45451Mathieu Dubois-Briand2022-10-041-0/+5
| | | | | Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: Update to 2.28.1 versionMathieu Dubois-Briand2022-10-041-1/+1
| | | | | Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: Fix CVE product nameMathieu Dubois-Briand2022-10-041-0/+2
| | | | | Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix daemon startup warningsYi Zhao2022-09-292-2/+2
| | | | | | | | | Fixes: chown[1483]: /bin/chown: warning: '.' should be ':': 'radiusd.radiusd' /etc/tmpfiles.d/radiusd.conf:2: Line references path below legacy directory /var/run/, updating /var/run/radiusd -> /run/radiusd Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ot-br-posix: Add dep to ipset as used by firewallPhilippe Coval2022-09-211-1/+1
| | | | | | | | | | | | | | | | | | | | ipset is used by firewall module of ot-br-posix: third_party/openthread/repo/src/posix/platform/firewall.cpp:\ return ExecuteCommand("%s add %s %s -exist", kIpsetCommand, aSetName, aAddress); Related observed issue looked like: ``` oniro@oniro-linux-blueprint-gateway-raspberrypi4-64:~$ sudo journalctl -u otbr-agent.service Apr 28 17:42:32 oniro-linux-blueprint-gateway-raspberrypi4-64 systemd[1]: Started OpenThread Border Router Agent. Apr 28 17:42:38 oniro-linux-blueprint-gateway-raspberrypi4-64 otbr-agent[330]: sh: ipset: not found ``` Relate-to: https://gitlab.eclipse.org/eclipse/oniro-blueprints/transparent-gateway/meta-oniro-blueprints-gateway/-/issues/6 Cc: Stefan Schmidt <stefan.schmidt@huawei.com> Forwarded: https://github.com/openembedded/meta-openembedded/pull/611 Signed-off-by: Philippe Coval <philippe.coval.ext@huawei.com>
* ufw: Fix "could not find required binary 'iptables'"Howard Cochran2022-09-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Switch from using DISTUTILS_*_ARGS to SETUPTOOLS_*_ARGS to correspond with the earlier change to use setuptools3_legacy instead of distutils3. Without this change, you will get the following error if your build host does not have iptables installed: Fixes: ERROR: ufw-0.36.1-r0 do_compile: 'python3 setup.py build ' execution failed. Log data follows: | DEBUG: Executing shell function do_compile | ERROR: could not find required binary 'iptables' | ERROR: 'python3 setup.py build ' execution failed. | WARNING: exit code 1 from a shell command. ERROR: Task ([snip]/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb:do_compile) failed with exit code '1' Also, although the build will not fail on a host that has iptables, it could cause a problem if it is installed at a different path than where OpenEmbedded's iptables will be installed on the target. Fixes: 3e2ed1dcc088 ("ufw: port to setuptools, use setuptools_legacy") Signed-off-by: Howard Cochran <howard_cochran@jabil.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: upgrade 5.4.0 -> 5.5.0zhengruoqin2022-09-131-1/+1
| | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager-openvpn: upgrade 1.8.18 -> 1.10.0wangmy2022-09-131-1/+1
| | | | | | | | | | | | | | | | | | | Changelog: ============= * Add support for "allow-compression" parameter. * Fix a regression in preserving the "tls-auth" settings. * Add support for "tls-min" and "tls-cipher" parameters. * Include the new gnome-control-center name in the AppData file. * Drop libnm-glib support, nobody is likely using it anymore. * Fix importing profiles with a PKCS#12 CA. * Make sure the plugin object links with glib. * Dropped dependency on intltool. * Updated Basque, Brazilian Portuguese, Chinese (China), Croatian, Czech, Danish, Dutch, Georgian, Indonesian, Polish, Serbian, Spanish, Swedish, Turkish and Ukrainian translations. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ot-br-posix: Fix unused variable errorKhem Raj2022-09-072-0/+11
| | | | | | | | Fixes r: variable 'i' set but not used [-Wunused-but-set-variable] | for (uint8_t i = 0;; i++) Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ot-daemon,ot-br-posix: Fix mbedtls module buildsKhem Raj2022-08-316-2/+229
| | | | | | Add a backport to fix build of mbedTLS on x86 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ez-ipupdate: Fix build with clangKhem Raj2022-08-302-5/+50
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: update 1.38.0 -> 1.40.0Adrian Freihofer2022-08-292-28/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NetworkManager: * Drop unused, internal systemd DHCPv4 client. This is long replaced by nettools' n-dhcp4 implementation. * The nmcli command now supports --offline argument with "add" and "modify" commands, allowing operation on keyfile-formatted connection profiles without the service running (e.g. during system provisioning). * The device state file /run/NetworkManager/devices/$ifindex now has new sections [dhcp4] and [dhcp6] containing the DHCP options for the current lease. * Add multipath TCP (MPTCP) support. NetworkManager can now configure IP addresses as MPTCP endpoints. This is configurable via the "connection.mptcp-flags" property. The default setting is such that MPTCP handling is automatically enabled if the kernel sysctl "/proc/sys/net/mptcp/enabled" indicates so. NetworkManager does not enable the MPTCP sysctl or adjust the limits (ip mptcp limits). The administrator or the distribution is supposed to configure the desired system settings. Note that strict reverse path filtering (rp_filter) breaks many MPTCP use cases. With MPTCP handling enabled, NetworkManager will relax a strict (1) rp_filter to loose (2). Otherwise rp_filter is untouched by NetworkManager. * NetworkManager expanded log messages for invalid DHCP options. * Fix the requirement of hardware address for DHCPv6, by dropping it. * Increase the PMK lifetime for Wi-Fi connections using WPA-EAP. * "nmcli networking off" now waits for deactivations to complete. * Improve the appearance of nm-settings-nmcli man page by preserving paragraphs. * Support enabling ipv4ll alongside DHCPv4 and static addressing. * Support configuring "ipv6.mtu". * Honor "nm.debug" kernel command line to enable debug logging of NetworkManager. * NetworkManager reads the kernel command line "/proc/cmdline" for several purposes, including "nm.debug" for enabling debugging and the "match.kernel-command-line" setting in the profile. NetworkManager now first looks now for "/run/NetworkManager/proc-cmdline", which allows to overwrite the command line. * Improve the reapply of non-bridge properties. * Honor adding a Bluetooth NAP connection with all available methods. * Improve carrier detection. * During the build, stop relying on intltool for i18n and use gettext only. * Undeprecate nm_remote_connection_get_secrets() in libnm. * NetworkManager now will restart DHCP if the MAC changes on a device. * Several internal improvements. Recipe: * Drop the last patch :-). -Difcfg_rh=false is now honored and the distro detection patch is no longer needed. * Fix: move /etc/resolv-conf.NetworkManager to daemon package * Fix: remove ppp rdepends from daemon. The ppp plugin rdepends on ppp. * ifupdown plugin requires now bash not sh. But the ifupdown is an optional plugin anyway. Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* samba: Fix warnings in configure tests for rpath checksKhem Raj2022-08-282-0/+35
| | | | | | | | | Add a patch to avoid implicit-function-declaration warnings, they will soon become errors with clang 15+ set path for privatelibdir Signed-off-by: Khem Raj <raj.khem@gmail.com>
* samba: fix buildpaths issueYi Zhao2022-08-272-0/+39
| | | | | | | | | | | | | | | | | | The test case tfork_cmd_send in smbtorture fails on target as it requries a script located in the source directory: $ smbtorture ncalrpc:localhost local.tfork.tfork_cmd_send test: tfork_cmd_send /buildarea/build/tmp/work/core2-64-poky-linux/samba/4.14.14-r0/samba-4.14.14/testprogs/blackbox/tfork.sh: Failed to exec child - No such file or directory This also triggers the buildpaths warning: QA Issue: File /usr/bin/smbtorture in package samba-testsuite contains reference to TMPDIR [buildpaths] Skip this test case in smbtorture to avoid the warning. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* samba: upgrade 4.14.13 -> 4.14.14Yi Zhao2022-08-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a security release in order to address the following defects: CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html Release Notes: https://www.samba.org/samba/history/samba-4.14.14.html Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dibbler: Fix build with muslKhem Raj2022-08-252-0/+35
| | | | | | | | Use _GNU_SOURCE to compile which helps fixing build with musl add a header reordering patch to again fix another issue with musl builds Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mosquitto: upgrade 2.0.14 -> 2.0.15Wang Mingyu2022-08-231-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: fix iptables and nft pathsJim Broadus2022-08-061-0/+2
| | | | | | | | | | | | | | | | | | | | The NetworkManager meson.build is searching for iptables and nft by passing absolute paths to meson's find_program. The result is that it locates tools on the host machine when they exist at those locations. If they don't, it uses default locations. This often works out, but in some cases, such as when the host uses a merged usr scheme and the build target does not, the paths will be incorrect and the tools won't be found at runtime. These could be PACKAGECONFIG options, but since they have fallback values, completely disabling the use of either iptables or nft would require patching the meson.build or setting a bogus location. Note that this meson.build file follows the same pattern elsewhere, but most cases are already covered by PACKAGECONFIG options. Signed-off-by: Jim Broadus <jim@thruwave.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: Fix buildpaths issueMingli Yu2022-08-062-0/+42
| | | | | | | | | Fixes: WARNING: freeradius-3.0.21-r0 do_package_qa: QA Issue: File /usr/bin/radeapclient in package freeradius-utils contains reference to TMPDIR [buildpaths] WARNING: freeradius-3.0.21-r0 do_package_qa: QA Issue: File /usr/lib/libfreeradius-server.so.0.0.0 in package freeradius contains reference to TMPDIR [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* sshpass: add recipeMike Petersen2022-08-061-0/+11
| | | | | | | | Needed for automating ssh logins, used in auto-tests. Co-authored-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Mike Petersen <mike.petersen@ni.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: upgrade 5.3.0 -> 5.4.0wangmy2022-07-261-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: ignore patched CVEsDavide Gardenal2022-07-151-0/+5
| | | | | | | | | CVE-2002-0318 and CVE-2011-4966 are both patched in our version of freeradius. The CPE in the NVD database doesn't reflect correctly the vulnerable versions that's why they are incorrectly picked up. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openconnect: upgrade 8.20 -> 9.01wangmy2022-07-071-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: mutlilib fixesJeremy Puhlman2022-07-021-13/+21
| | | | | | | Define raddbdir based on multilib Add multilib headers and scripts for conflicting content Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: fix build with enabled pppJavier Viguera2022-07-021-1/+1
| | | | | | | | | | | | | | | | | If 'ppp' packageconfig option is enabled, but the build system does NOT have pppd binary installed, the build fails with: | Has header "pppd/pppd.h" : YES | Program pppd /sbin/pppd /usr/sbin/pppd found: NO | | ../NetworkManager-1.36.2/meson.build:570:4: ERROR: Assert failed: pppd required but not found, please provide a valid pppd path or use -Dppp=false to disable it This is due to meson trying to look for the 'pppd' binary in the build system when it should not. If the build system does not contain pppd, the build fails. Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* blueman: fix typo for RRECOMMENDSYi Zhao2022-06-301-1/+1
| | | | | | | RRECOMENDS_${PN} -> RRECOMMENDS:${PN} Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>