aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking')
-rw-r--r--meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb2
-rw-r--r--meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/files/run-ptest21
-rw-r--r--meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_0.9.4.bb92
-rw-r--r--meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb310
-rw-r--r--meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb2
-rw-r--r--meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch41
-rw-r--r--meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb40
-rw-r--r--meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb4
-rw-r--r--meta-networking/recipes-connectivity/openconnect/openconnect_9.01.bb (renamed from meta-networking/recipes-connectivity/openconnect/openconnect_8.20.bb)2
-rw-r--r--meta-networking/recipes-connectivity/snort/snort_2.9.20.bb (renamed from meta-networking/recipes-connectivity/snort/snort_2.9.19.bb)2
-rw-r--r--meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb11
-rw-r--r--meta-networking/recipes-connectivity/wolfssl/wolfssl_5.4.0.bb (renamed from meta-networking/recipes-connectivity/wolfssl/wolfssl_5.3.0.bb)2
-rw-r--r--meta-networking/recipes-daemons/autofs/autofs/mount_conflict.patch30
-rw-r--r--meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb1
-rw-r--r--meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb (renamed from meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb)3
-rw-r--r--meta-networking/recipes-daemons/pure-ftpd/pure-ftpd/0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch15
-rw-r--r--meta-networking/recipes-daemons/pure-ftpd/pure-ftpd_1.0.51.bb (renamed from meta-networking/recipes-daemons/pure-ftpd/pure-ftpd_1.0.50.bb)4
-rw-r--r--meta-networking/recipes-extended/kronosnet/kronosnet/0001-libknet-tests-Correct-include-path-for-poll.h.patch29
-rw-r--r--meta-networking/recipes-extended/kronosnet/kronosnet/0001-links.c-Fix-build-with-gcc-12.patch40
-rw-r--r--meta-networking/recipes-extended/kronosnet/kronosnet_1.24.bb (renamed from meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb)4
-rw-r--r--meta-networking/recipes-filter/libnftnl/libnftnl_1.2.2.bb (renamed from meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb)2
-rw-r--r--meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch39
-rw-r--r--meta-networking/recipes-filter/nftables/nftables/0001-nftables-python-Split-root-from-prefix.patch44
-rw-r--r--meta-networking/recipes-filter/nftables/nftables_1.0.4.bb (renamed from meta-networking/recipes-filter/nftables/nftables_1.0.2.bb)20
-rw-r--r--meta-networking/recipes-protocols/frr/frr_8.2.2.bb5
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch11
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch4
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch6
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch55
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch4
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch28
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch6
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch6
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch26
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch4
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch4
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch2
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch4
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb (renamed from meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb)5
-rw-r--r--meta-networking/recipes-protocols/openflow/openflow.inc9
-rw-r--r--meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb4
-rw-r--r--meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb2
-rw-r--r--meta-networking/recipes-support/chrony/chrony_4.2.bb4
-rw-r--r--meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch191
-rw-r--r--meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb1
-rw-r--r--meta-networking/recipes-support/htpdate/htpdate_1.3.5.bb (renamed from meta-networking/recipes-support/htpdate/htpdate_1.3.4.bb)2
-rw-r--r--meta-networking/recipes-support/nbdkit/nbdkit_1.31.15.bb (renamed from meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb)3
-rw-r--r--meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb (renamed from meta-networking/recipes-support/ndisc6/ndisc6_git.bb)3
-rw-r--r--meta-networking/recipes-support/netperf/files/netserver_permissions.patch29
-rw-r--r--meta-networking/recipes-support/netperf/netperf_git.bb1
-rw-r--r--meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb26
-rw-r--r--meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb2
-rw-r--r--meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb6
-rw-r--r--meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch48
-rw-r--r--[-rwxr-xr-x]meta-networking/recipes-support/openvpn/openvpn/openvpn0
-rw-r--r--meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf1
-rw-r--r--meta-networking/recipes-support/openvpn/openvpn/openvpn@.service12
-rw-r--r--meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb56
-rw-r--r--meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb (renamed from meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb)2
-rw-r--r--meta-networking/recipes-support/spice/spice_git.bb6
-rw-r--r--meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch92
-rw-r--r--meta-networking/recipes-support/strongswan/strongswan_5.9.7.bb (renamed from meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb)7
-rw-r--r--meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch24
-rw-r--r--meta-networking/recipes-support/stunnel/stunnel_5.65.bb (renamed from meta-networking/recipes-support/stunnel/stunnel_5.64.bb)2
-rw-r--r--meta-networking/recipes-support/unbound/unbound_1.16.1.bb (renamed from meta-networking/recipes-support/unbound/unbound_1.16.0.bb)2
-rw-r--r--meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb (renamed from meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb)2
66 files changed, 988 insertions, 479 deletions
diff --git a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb
index 9abfd61cf..a616557e7 100644
--- a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb
+++ b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb
@@ -36,4 +36,4 @@ do_install() {
oe_runmake SBINDIR=${sbindir}/ install
}
-RDEPENDS:${PN} = "udev wireless-regdb-static"
+RDEPENDS:${PN} = "udev wireless-regdb"
diff --git a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/files/run-ptest b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/files/run-ptest
new file mode 100644
index 000000000..9d3ec7904
--- /dev/null
+++ b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/files/run-ptest
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+ret_val=0
+
+# Check if all the kernel modules are available
+FIREWALLD_KERNEL_MODULES="@@FIREWALLD_KERNEL_MODULES@@"
+for m in $FIREWALLD_KERNEL_MODULES; do
+ if modprobe $m; then
+ echo "PASS: loading $m"
+ else
+ echo "FAIL: loading $m"
+ ret_val=1
+ fi
+done
+
+# Run the test suite from firewalld
+# Failing testsuites: 203 226 241 250 270 280 281 282 285 286
+# Problem icmpv6 compared against ipv6-icmptype?
+/usr/share/firewalld/testsuite/testsuite -C /tmp -A || ret_val=1
+
+exit $ret_val
diff --git a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_0.9.4.bb b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_0.9.4.bb
deleted file mode 100644
index 1dea33953..000000000
--- a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_0.9.4.bb
+++ /dev/null
@@ -1,92 +0,0 @@
-SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
-HOMEPAGE = "https://firewalld.org/"
-BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
-UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
-LICENSE = "GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-
-SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
- file://firewalld.init \
-"
-SRC_URI[sha256sum] = "52c5e3d5b1e2efc0e86c22b2bc1f7fd80908cc2d8130157dc2a3517a59b0a760"
-
-# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
-DEPENDS = "intltool-native glib-2.0-native nftables"
-
-inherit gettext autotools bash-completion pkgconfig python3native gsettings systemd update-rc.d
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
-PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
-PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
-
-PACKAGES += "${PN}-zsh-completion"
-
-# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
-# when the nftables backend is available, because nftables supersedes all of them.
-# However we still need iptables and ip6tables to be available otherwise any
-# application relying on "direct passthrough" rules (such as docker) will break.
-# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
-# the Red Hat-specific init script which we aren't using, so we disable that.
-EXTRA_OECONF = "\
- --without-ipset \
- --with-iptables=${sbindir}/iptables \
- --with-iptables-restore=${sbindir}/iptables-restore \
- --with-ip6tables=${sbindir}/ip6tables \
- --with-ip6tables-restore=${sbindir}/ip6tables-restore \
- --without-ebtables \
- --without-ebtables-restore \
- --disable-sysconfig \
-"
-
-INITSCRIPT_NAME = "firewalld"
-SYSTEMD_SERVICE:${PN} = "firewalld.service"
-
-do_install:append() {
- if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- :
- else
- # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
- rm -rf ${D}${sysconfdir}/rc.d/
- install -d ${D}${sysconfdir}/init.d
- install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
- fi
-
- # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
- # so now we need to fix up any references to point at the proper path in the image.
- # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
- if [ ${PN} != "${BPN}-native" ]; then
- sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
- ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
- fi
- sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
- ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
-
- # This file contains Red Hat-isms. Modules get loaded without it.
- rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
-}
-
-FILES:${PN} += "\
- ${PYTHON_SITEPACKAGES_DIR}/firewall \
- ${nonarch_libdir}/firewalld \
- ${datadir}/dbus-1 \
- ${datadir}/polkit-1 \
- ${datadir}/metainfo \
-"
-FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
-
-RDEPENDS:${PN} = "\
- nftables-python \
- iptables \
- python3-core \
- python3-io \
- python3-fcntl \
- python3-shell \
- python3-syslog \
- python3-xml \
- python3-dbus \
- python3-slip-dbus \
- python3-decorator \
- python3-pygobject \
- python3-json \
- python3-ctypes \
-"
diff --git a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb
new file mode 100644
index 000000000..987cc640e
--- /dev/null
+++ b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb
@@ -0,0 +1,310 @@
+SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
+HOMEPAGE = "https://firewalld.org/"
+BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
+UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "\
+ https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
+ file://firewalld.init \
+ file://run-ptest \
+"
+SRC_URI[sha256sum] = "28fd90e88bda0dfd460f370f353474811b2e295d7eb27f0d7d18ffa3d786eeb7"
+
+# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
+DEPENDS = "intltool-native glib-2.0-native nftables"
+
+inherit gettext autotools-brokensep bash-completion pkgconfig python3native python3-dir gsettings systemd update-rc.d ptest
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
+PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
+PACKAGECONFIG[ipset] = "--with-ipset=${sbindir}/ipset,--without-ipset,,ipset"
+PACKAGECONFIG[ebtables] = "--with-ebtables=${base_sbindir}/ebtables --with-ebtables-restore=${sbindir}/ebtables-legacy-restore,--without-ebtables --without-ebtables-restore,,ebtables"
+
+# Default logging configuration: mixed syslog file console
+FIREWALLD_DEFAULT_LOG_TARGET ??= "syslog"
+
+# The UIs are not yet tested and the dependencies are probably not quite correct yet.
+# Splitting into separate packages is beneficial so that no dead code is transferred
+# to the target device.
+# Without enabling qt5, the firewalld-config package is not usable.
+# Without enabling qt5 and gtk, the firewalld-applet package is not usable.
+PACKAGECONFIG[qt5] = ""
+PACKAGECONFIG[gtk] = ""
+
+PACKAGES =+ "python3-firewall ${PN}-applet ${PN}-config ${PN}-offline-cmd ${PN}-zsh-completion ${PN}-log-rotate"
+
+# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
+# when the nftables backend is available, because nftables supersedes all of them.
+# However we still need iptables and ip6tables to be available otherwise any
+# application relying on "direct passthrough" rules (such as docker) will break.
+# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
+# the Red Hat-specific init script which we aren't using, so we disable that.
+EXTRA_OECONF = "\
+ --with-iptables=${sbindir}/iptables \
+ --with-iptables-restore=${sbindir}/iptables-restore \
+ --with-ip6tables=${sbindir}/ip6tables \
+ --with-ip6tables-restore=${sbindir}/ip6tables-restore \
+ --disable-sysconfig \
+"
+
+INITSCRIPT_NAME = "firewalld"
+SYSTEMD_SERVICE:${PN} = "firewalld.service"
+
+# kernel modules loaded after ptest execution (linux-yocto 5.15)
+FIREWALLD_KERNEL_MODULES ?= "\
+ xt_tcpudp \
+ xt_TCPMSS \
+ xt_set \
+ xt_sctp \
+ xt_REDIRECT \
+ xt_pkttype \
+ xt_NFLOG \
+ xt_nat \
+ xt_MASQUERADE \
+ xt_mark \
+ xt_mac \
+ xt_LOG \
+ xt_limit \
+ xt_dccp \
+ xt_CT \
+ xt_conntrack \
+ xt_CHECKSUM \
+ nft_redir \
+ nft_objref \
+ nft_nat \
+ nft_masq \
+ nft_log \
+ nfnetlink_log \
+ nf_nat_tftp \
+ nf_nat_sip \
+ nf_nat_ftp \
+ nf_log_syslog \
+ nf_conntrack_tftp \
+ nf_conntrack_sip \
+ nf_conntrack_netbios_ns \
+ nf_conntrack_ftp \
+ nf_conntrack_broadcast \
+ ipt_REJECT \
+ ip6t_rpfilter \
+ ip6t_REJECT \
+ ip_set_hash_netport \
+ ip_set_hash_netnet \
+ ip_set_hash_netiface \
+ ip_set_hash_net \
+ ip_set_hash_mac \
+ ip_set_hash_ipportnet \
+ ip_set_hash_ipport \
+ ip_set_hash_ipmark \
+ ip_set_hash_ip \
+ ebt_ip6 \
+ nft_fib_inet \
+ nft_fib_ipv4 \
+ nft_fib_ipv6 \
+ nft_fib \
+ nft_reject_inet \
+ nf_reject_ipv4 \
+ nf_reject_ipv6 \
+ nft_reject \
+ nft_ct \
+ nft_chain_nat \
+ ebtable_nat \
+ ebtable_broute \
+ ip6table_nat \
+ ip6table_mangle \
+ ip6table_raw \
+ ip6table_security \
+ iptable_nat \
+ nf_nat \
+ nf_conntrack \
+ nf_defrag_ipv6 \
+ nf_defrag_ipv4 \
+ iptable_mangle \
+ iptable_raw \
+ iptable_security \
+ ip_set \
+ ebtable_filter \
+ ebtables \
+ ip6table_filter \
+ ip6_tables \
+ iptable_filter \
+ ip_tables \
+ x_tables \
+ sch_fq_codel \
+"
+
+do_configure:prepend() {
+ export DEFAULT_LOG_TARGET=${FIREWALLD_DEFAULT_LOG_TARGET}
+}
+
+do_install:append() {
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then
+ # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
+ rm -rf ${D}${sysconfdir}/rc.d/
+ install -d ${D}${sysconfdir}/init.d
+ install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'polkit', 'false', 'true', d)}; then
+ # Delete polkit profiles if polkit is not available
+ rm -rf ${D}${datadir}/polkit-1
+ fi
+
+ # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
+ # so now we need to fix up any references to point at the proper path in the image.
+ # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
+ if [ ${PN} != "${BPN}-native" ]; then
+ sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
+ ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+ fi
+ sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
+ ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+
+ # This file contains Red Hat-isms. Modules get loaded without it.
+ rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
+}
+
+do_install_ptest:append() {
+ # Add kernel modules to the ptest script
+ if [ ${PTEST_ENABLED} = "1" ]; then
+ sed -i -e 's:@@FIREWALLD_KERNEL_MODULES@@:${FIREWALLD_KERNEL_MODULES}:g' \
+ ${D}${PTEST_PATH}/run-ptest
+ fi
+}
+
+SUMMARY:python3-firewall = "${SUMMARY} (Python3 bindings)"
+FILES:python3-firewall = "\
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/__pycache__/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/config/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/config/__pycache__/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/core/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/core/__pycache__/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/__pycache__/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/server/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/server/__pycache__/*.py* \
+"
+RDEPENDS:python3-firewall = "\
+ python3-dbus \
+ nftables-python \
+ python3-pygobject \
+"
+
+# Do not depend on QT5 layer and GTK deps if not explicitely required.
+FIREWALLD_QT5_RDEPENDS = "\
+ ${PN}-config \
+ hicolor-icon-theme \
+ python3-pyqt5 \
+ python3-pygobject \
+ libnotify \
+ networkmanager \
+"
+FIREWALLD_GTK_RDEPENDS = "\
+ gtk3 \
+"
+
+# A QT5 based UI
+SUMMARY:${PN}-config = "${SUMMARY} (configuration application)"
+FILES:${PN}-config = "\
+ ${bindir}/firewall-config \
+ ${datadir}/firewalld/firewall-config.glade \
+ ${datadir}/firewalld/gtk3_chooserbutton.py* \
+ ${datadir}/firewalld/gtk3_niceexpander.py* \
+ ${datadir}/applications/firewall-config.desktop \
+ ${datadir}/metainfo/firewall-config.appdata.xml \
+ ${datadir}/icons/hicolor/*/apps/firewall-config*.* \
+"
+RDEPENDS:${PN}-config += "\
+ python3-core \
+ python3-ctypes \
+ ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
+"
+
+# A GTK3 applet depending on the QT5 firewall-config UI
+SUMMARY:${PN}-applet = "${SUMMARY} (panel applet)"
+FILES:${PN}-applet += "\
+ ${bindir}/firewall-applet \
+ ${sysconfdir}/xdg/autostart/firewall-applet.desktop \
+ ${sysconfdir}/firewall/applet.conf \
+ ${datadir}/icons/hicolor/*/apps/firewall-applet*.* \
+"
+RDEPENDS:${PN}-applet += "\
+ python3-core \
+ python3-ctypes \
+ ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'gtk', '${FIREWALLD_GTK_RDEPENDS}', '', d)} \
+"
+
+SUMMARY:${PN}-offline-cmd = "${SUMMARY} (offline configuration utility)"
+FILES:${PN}-offline-cmd += " \
+ ${bindir}/firewall-offline-cmd \
+"
+RDEPENDS:${PN}-offline-cmd += "python3-core"
+
+SUMMARY:${PN}-log-rotate = "${SUMMARY} (log-rotate configuration)"
+FILES:${PN}-log-rotate += "${sysconfdir}/logrotate.d"
+
+# To get allmost all tests passing
+# - Enable PACKAGECONFIG ipset, ebtable
+# - Enough RAM QB_MEM = "-m 8192" (used für fancy ipset tests)
+FILES:${PN}-ptest += "\
+ ${datadir}/firewalld/testsuite \
+"
+RDEPENDS:${PN}-ptest += "\
+ python3-unittest \
+ ${PN}-offline-cmd \
+ procps-ps \
+ iproute2 \
+"
+RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us"
+
+FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
+
+FILES:${PN} += "\
+ ${PYTHON_SITEPACKAGES_DIR}/firewall \
+ ${nonarch_libdir}/firewalld \
+ ${datadir}/dbus-1 \
+ ${datadir}/polkit-1 \
+ ${datadir}/metainfo \
+ ${datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml \
+"
+RDEPENDS:${PN} += "\
+ python3-firewall \
+ iptables \
+ python3-core \
+ python3-io \
+ python3-fcntl \
+ python3-syslog \
+ python3-xml \
+ python3-json \
+ python3-ctypes \
+ python3-pprint \
+"
+# If firewalld writes a log file rotation is needed
+RRECOMMENDS:${PN} += "${@bb.utils.contains_any('FIREWALLD_DEFAULT_LOG_TARGET', [ 'mixed', 'file' ], '${PN}-log-rotate', '', d)}"
+
+# Add required kernel modules. With Yocto kernel 5.15 this currently means:
+# - features/nf_tables/nf_tables.scc
+# - features/netfilter/netfilter.scc
+# - cgl/features/audit/audit.scc
+# - cfg/net/ip6_nf.scc
+# - Plus:
+# - ebtables
+# - ipset
+# - CONFIG_IP6_NF_SECURITY=m
+# - CONFIG_IP6_NF_MATCH_RPFILTER=m
+# - CONFIG_IP6_NF_TARGET_REJECT=m
+# - CONFIG_NFT_OBJREF=m
+# - CONFIG_NFT_FIB=m
+# - CONFIG_NFT_FIB_INET=m
+# - CONFIG_NFT_FIB_IPV4=m
+# - CONFIG_NFT_FIB_IPV6=m
+# - CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
+# - CONFIG_NETFILTER_XT_SET=m
+def get_kernel_deps(d):
+ kmodules = (d.getVar('FIREWALLD_KERNEL_MODULES') or "").split()
+ return ' '.join([ 'kernel-module-' + mod.replace('_', '-').lower() for mod in kmodules ])
+RRECOMMENDS:${PN} += "${@get_kernel_deps(d)}"
diff --git a/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb b/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
index d5aeceeb4..119752086 100644
--- a/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
+++ b/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
@@ -19,7 +19,7 @@ EXTRA_OEMESON = "-Druntime_deps_check=false -Dappindicator=false -Dpythoninstall
SYSTEMD_SERVICE:${PN} = "${BPN}-mechanism.service"
SYSTEMD_AUTO_ENABLE:${PN} = "disable"
-RRECOMENDS_${PN} += "adwaita-icon-theme"
+RRECOMMENDS:${PN} += "adwaita-icon-theme"
RDEPENDS:${PN} += " \
python3-core \
python3-dbus \
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch
new file mode 100644
index 000000000..697205efe
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch
@@ -0,0 +1,41 @@
+From cbc64dcf6aa2a1be63f45ea6dd7d2c49b70a0bee Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Wed, 3 Aug 2022 16:44:29 +0800
+Subject: [PATCH] version.c: don't print build flags
+
+Don't print the build flags to avoid collecting the build environment info.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/main/version.c | 13 -------------
+ 1 file changed, 13 deletions(-)
+
+diff --git a/src/main/version.c b/src/main/version.c
+index 62972d9f53..cf81de72c9 100644
+--- a/src/main/version.c
++++ b/src/main/version.c
+@@ -589,19 +589,6 @@ void version_print(void)
+ DEBUG2(" unknown");
+ #endif
+
+- DEBUG2("Compilation flags:");
+-#ifdef BUILT_WITH_CPPFLAGS
+- DEBUG2(" cppflags : " BUILT_WITH_CPPFLAGS);
+-#endif
+-#ifdef BUILT_WITH_CFLAGS
+- DEBUG2(" cflags : " BUILT_WITH_CFLAGS);
+-#endif
+-#ifdef BUILT_WITH_LDFLAGS
+- DEBUG2(" ldflags : " BUILT_WITH_LDFLAGS);
+-#endif
+-#ifdef BUILT_WITH_LIBS
+- DEBUG2(" libs : " BUILT_WITH_LIBS);
+-#endif
+ DEBUG2(" ");
+ }
+ INFO("FreeRADIUS Version " RADIUSD_VERSION_STRING);
+--
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index da7e60419..1407b798b 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -32,10 +32,18 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0
file://radiusd.service \
file://radiusd-volatiles.conf \
file://check-openssl-cmds-in-script-bootstrap.patch \
+ file://0001-version.c-don-t-print-build-flags.patch \
"
+raddbdir="${sysconfdir}/${MLPREFIX}raddb"
+
SRCREV = "af428abda249b2279ba0582180985a9f6f4a144a"
+CVE_CHECK_IGNORE = "\
+ CVE-2002-0318 \
+ CVE-2011-4966 \
+"
+
PARALLEL_MAKE = ""
S = "${WORKDIR}/git"
@@ -48,6 +56,7 @@ EXTRA_OECONF = " --enable-strict-dependencies \
--with-docdir=${docdir}/freeradius-${PV} \
--with-openssl-includes=${STAGING_INCDIR} \
--with-openssl-libraries=${STAGING_LIBDIR} \
+ --with-raddbdir=${raddbdir} \
--without-rlm_ippool \
--without-rlm_cache_memcached \
--without-rlm_counter \
@@ -98,7 +107,9 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl"
PACKAGECONFIG[rlm-eap-fast] = "--with-rlm_eap_fast, --without-rlm_eap_fast"
PACKAGECONFIG[rlm-eap-pwd] = "--with-rlm_eap_pwd, --without-rlm_eap_pwd"
-inherit useradd autotools-brokensep update-rc.d systemd
+inherit useradd autotools-brokensep update-rc.d systemd multilib_script multilib_header
+
+MULTILIB_SCRIPTS = "${PN}:${sbindir}/checkrad"
# This is not a cpan or python based package, but it needs some definitions
# from cpan-base and python3-dir bbclasses for building rlm_perl and rlm_python
@@ -141,7 +152,7 @@ do_install() {
oe_runmake install R=${D} INSTALLSTRIP=""
# remove unsupported config files
- rm -f ${D}/${sysconfdir}/raddb/experimental.conf
+ rm -f ${D}/${raddbdir}/experimental.conf
# remove scripts that required Perl(DBI)
rm -rf ${D}/${bindir}/radsqlrelay
@@ -153,7 +164,7 @@ do_install() {
rm -rf ${D}/${localstatedir}/log/
install -m 0644 ${WORKDIR}/volatiles.58_radiusd ${D}${sysconfdir}/default/volatiles/58_radiusd
- chown -R radiusd:radiusd ${D}/${sysconfdir}/raddb/
+ chown -R radiusd:radiusd ${D}/${raddbdir}
chown -R radiusd:radiusd ${D}/${localstatedir}/lib/radiusd
# For systemd
@@ -169,6 +180,9 @@ do_install() {
install -d ${D}${sysconfdir}/tmpfiles.d/
install -m 0644 ${WORKDIR}/radiusd-volatiles.conf ${D}${sysconfdir}/tmpfiles.d/radiusd.conf
fi
+ oe_multilib_header freeradius/autoconf.h
+ oe_multilib_header freeradius/missing.h
+ oe_multilib_header freeradius/radpaths.h
}
# This is only needed when we install/update on a running target.
@@ -183,7 +197,7 @@ pkg_postinst:${PN} () {
fi
# Fix ownership for /etc/raddb/*, /var/lib/radiusd
- chown -R radiusd:radiusd ${sysconfdir}/raddb
+ chown -R radiusd:radiusd ${raddbdir}
chown -R radiusd:radiusd ${localstatedir}/lib/radiusd
fi
}
@@ -204,30 +218,30 @@ PACKAGES =+ "${PN}-utils ${PN}-ldap ${PN}-krb5 ${PN}-perl \
FILES:${PN}-utils = "${bindir}/*"
FILES:${PN}-ldap = "${libdir}/rlm_ldap.so* \
- ${sysconfdir}/raddb/mods-available/ldap \
+ ${raddbdir}/mods-available/ldap \
"
FILES:${PN}-krb5 = "${libdir}/rlm_krb5.so* \
- ${sysconfdir}/raddb/mods-available/krb5 \
+ ${raddbdir}/mods-available/krb5 \
"
FILES:${PN}-perl = "${libdir}/rlm_perl.so* \
- ${sysconfdir}/raddb/mods-config/perl \
- ${sysconfdir}/raddb/mods-available/perl \
+ ${raddbdir}/mods-config/perl \
+ ${raddbdir}/mods-available/perl \
"
FILES:${PN}-python = "${libdir}/rlm_python3.so* \
- ${sysconfdir}/raddb/mods-config/python3 \
- ${sysconfdir}/raddb/mods-available/python3 \
+ ${raddbdir}/mods-config/python3 \
+ ${raddbdir}/mods-available/python3 \
"
FILES:${PN}-mysql = "${libdir}/rlm_sql_mysql.so* \
- ${sysconfdir}/raddb/mods-config/sql/*/mysql \
- ${sysconfdir}/raddb/mods-available/sql \
+ ${raddbdir}/mods-config/sql/*/mysql \
+ ${raddbdir}/mods-available/sql \
"
FILES:${PN}-postgresql = "${libdir}/rlm_sql_postgresql.so* \
- ${sysconfdir}/raddb/mods-config/sql/*/postgresql \
+ ${raddbdir}/mods-config/sql/*/postgresql \
"
FILES:${PN}-unixodbc = "${libdir}/rlm_sql_unixodbc.so*"
diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
index d52ad6e6c..ebd25a8f8 100644
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
@@ -55,6 +55,8 @@ EXTRA_OEMESON = "\
-Dconfig_dns_rc_manager_default=${NETWORKMANAGER_DNS_RC_MANAGER_DEFAULT} \
-Dconfig_dhcp_default=${NETWORKMANAGER_DHCP_DEFAULT} \
-Ddhcpcanon=false \
+ -Diptables=${sbindir}/iptables \
+ -Dnft=${sbindir}/nft \
"
# stolen from https://github.com/void-linux/void-packages/blob/master/srcpkgs/NetworkManager/template
@@ -86,7 +88,7 @@ PACKAGECONFIG[bluez5] = "-Dbluez5_dun=true,-Dbluez5_dun=false,bluez5"
# consolekit is not picked by shlibs, so add it to RDEPENDS too
PACKAGECONFIG[consolekit] = "-Dsession_tracking_consolekit=true,-Dsession_tracking_consolekit=false,consolekit,consolekit"
PACKAGECONFIG[modemmanager] = "-Dmodem_manager=true,-Dmodem_manager=false,modemmanager mobile-broadband-provider-info"
-PACKAGECONFIG[ppp] = "-Dppp=true,-Dppp=false,ppp"
+PACKAGECONFIG[ppp] = "-Dppp=true -Dpppd=${sbindir}/pppd,-Dppp=false,ppp,ppp"
PACKAGECONFIG[dnsmasq] = "-Ddnsmasq=${bindir}/dnsmasq"
PACKAGECONFIG[nss] = "-Dcrypto=nss,,nss"
PACKAGECONFIG[resolvconf] = "-Dresolvconf=${base_sbindir}/resolvconf,-Dresolvconf=no,,resolvconf"
diff --git a/meta-networking/recipes-connectivity/openconnect/openconnect_8.20.bb b/meta-networking/recipes-connectivity/openconnect/openconnect_9.01.bb
index 022ba85a2..afdbdca4e 100644
--- a/meta-networking/recipes-connectivity/openconnect/openconnect_8.20.bb
+++ b/meta-networking/recipes-connectivity/openconnect/openconnect_9.01.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LGPL;md5=8c2e1ec1540fb3e0beb68361344cba7e"
SRC_URI = " \
git://git.infradead.org/users/dwmw2/openconnect.git;branch=master \
"
-SRCREV = "03a3b9c76a9b6d0a65073b6bebbc1192e3445507"
+SRCREV = "5695cd6b0c7d42ca293ce0f00abcbe3d1ec4e609"
DEPENDS = "vpnc libxml2 krb5 gettext-native"
RDEPENDS:${PN} = "bash python3-core vpnc-script"
diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.19.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.20.bb
index 26b335dbd..c15c20443 100644
--- a/meta-networking/recipes-connectivity/snort/snort_2.9.19.bb
+++ b/meta-networking/recipes-connectivity/snort/snort_2.9.20.bb
@@ -14,7 +14,7 @@ SRC_URI = "https://www.snort.org/downloads/archive/snort/${BP}.tar.gz \
file://disable-run-test-program-while-cross-compiling.patch \
file://configure.in-disable-tirpc-checking-for-fedora.patch \
"
-SRC_URI[sha256sum] = "b12fc6db72afb58987a2bf1954b8f45bde02047c235513c7663857b9506369c7"
+SRC_URI[sha256sum] = "29400e13f53b1831e0b8b10ec1224a1cbaa6dc1533a5322a20dd80bb84b4981c"
UPSTREAM_CHECK_URI = "https://www.snort.org/downloads"
UPSTREAM_CHECK_REGEX = "snort-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb b/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb
new file mode 100644
index 000000000..5c52437af
--- /dev/null
+++ b/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb
@@ -0,0 +1,11 @@
+DESCRIPTION = "Non-interactive ssh password auth"
+HOMEPAGE = "http://sshpass.sourceforge.net/"
+SECTION = "console/network"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.gz"
+
+SRC_URI[sha256sum] = "71746e5e057ffe9b00b44ac40453bf47091930cba96bbea8dc48717dedc49fb7"
+
+inherit autotools
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.3.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.4.0.bb
index 40a48f6d6..6918ece0b 100644
--- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.3.0.bb
+++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.4.0.bb
@@ -13,7 +13,7 @@ PROVIDES += "cyassl"
RPROVIDES:${PN} = "cyassl"
SRC_URI = "git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master"
-SRCREV = "e722c15be860794179082a05d09e6a90dc77ccf0"
+SRCREV = "57aac1c50b45275c7a99eca32ad985998b292dc8"
S = "${WORKDIR}/git"
diff --git a/meta-networking/recipes-daemons/autofs/autofs/mount_conflict.patch b/meta-networking/recipes-daemons/autofs/autofs/mount_conflict.patch
new file mode 100644
index 000000000..e2a94bf82
--- /dev/null
+++ b/meta-networking/recipes-daemons/autofs/autofs/mount_conflict.patch
@@ -0,0 +1,30 @@
+Avoid conflicts between sys/mount.h and linux/mount.h
+
+linux/fs.h includes linux/mount.h and this include file is unused so
+do not include it and avoid conflict too with glibc 2.36+ see [1]
+
+[1] https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/modules/parse_amd.c
++++ b/modules/parse_amd.c
+@@ -27,7 +27,6 @@
+ #include <sys/utsname.h>
+ #include <netinet/in.h>
+ #include <sys/mount.h>
+-#include <linux/fs.h>
+
+ #define MODULE_PARSE
+ #include "automount.h"
+--- a/modules/parse_sun.c
++++ b/modules/parse_sun.c
+@@ -30,7 +30,6 @@
+ #include <sys/utsname.h>
+ #include <netinet/in.h>
+ #include <sys/mount.h>
+-#include <linux/fs.h>
+
+ #define MODULE_PARSE
+ #include "automount.h"
diff --git a/meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb b/meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb
index 1f87bddbe..cb8084458 100644
--- a/meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb
+++ b/meta-networking/recipes-daemons/autofs/autofs_5.1.8.bb
@@ -26,6 +26,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/daemons/autofs/v5/autofs-${PV}.tar.gz \
file://0001-Do-not-hardcode-path-for-pkg.m4.patch \
file://0001-Bug-fix-for-pid_t-not-found-on-musl.patch \
file://0001-Define-__SWORD_TYPE-if-undefined.patch \
+ file://mount_conflict.patch \
"
SRC_URI[sha256sum] = "0bd401c56f0eb1ca6251344c3a3d70bface3eccf9c67117cd184422c4cace30c"
diff --git a/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb b/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb
index cf2b156fe..eda0129fe 100644
--- a/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
+++ b/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb
@@ -11,8 +11,7 @@ SRC_URI = "\
file://lldpd.default \
"
-SRC_URI[md5sum] = "000042dbf5b445f750b5ba01ab25c8ba"
-SRC_URI[sha256sum] = "98d200e76e30f6262c4a4493148c1840827898329146a57a34f8f0f928ca3def"
+SRC_URI[sha256sum] = "a74819214f116a5dbc407a3d490caa01ba401a249517ac826a374059c12d12e8"
inherit autotools update-rc.d useradd systemd pkgconfig bash-completion
diff --git a/meta-networking/recipes-daemons/pure-ftpd/pure-ftpd/0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch b/meta-networking/recipes-daemons/pure-ftpd/pure-ftpd/0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch
index 2606a3667..c213943d5 100644
--- a/meta-networking/recipes-daemons/pure-ftpd/pure-ftpd/0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch
+++ b/meta-networking/recipes-daemons/pure-ftpd/pure-ftpd/0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch
@@ -11,15 +11,17 @@ Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Update for 1.0.49.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
+Update for 1.0.51.
+Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
- configure.ac | 15 ---------------
- 1 file changed, 15 deletions(-)
+ configure.ac | 16 ----------------
+ 1 file changed, 16 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 079e6f0..9a1ec06 100644
+index 62768c8..efaeee5 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -96,21 +96,6 @@ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"])
+@@ -97,22 +97,6 @@ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"])
AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"])
AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"])
@@ -27,7 +29,8 @@ index 079e6f0..9a1ec06 100644
- for path in \
- /usr/kerberos \
- /usr/local /opt /usr/local/opt \
-- /usr/openssl@1.1 /opt/openssl@1.1 /usr/local/opt/openssl@1.1 \
+- /opt/homebrew/opt/openssl@3 /usr/local/opt/openssl@3 \
+- /opt/homebrew/opt/openssl@1.1 /usr/local/opt/openssl@1.1 \
- /usr/openssl /opt/openssl /usr/local/opt/openssl; do
- if test -d $path/include; then
- CPPFLAGS="$CPPFLAGS -I${path}/include"
@@ -42,5 +45,5 @@ index 079e6f0..9a1ec06 100644
dnl Checks for header files
--
-2.7.4
+2.25.1
diff --git a/meta-networking/recipes-daemons/pure-ftpd/pure-ftpd_1.0.50.bb b/meta-networking/recipes-daemons/pure-ftpd/pure-ftpd_1.0.51.bb
index edc2af3a3..6f03f73db 100644
--- a/meta-networking/recipes-daemons/pure-ftpd/pure-ftpd_1.0.50.bb
+++ b/meta-networking/recipes-daemons/pure-ftpd/pure-ftpd_1.0.51.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "Pure-FTPd is a free (BSD license), secure, production-quality and
HOMEPAGE = "http://www.pureftpd.org/project/pure-ftpd"
SECTION = "net"
LICENSE = "0BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a4496a14dea009df36c612707d455d02"
+LIC_FILES_CHKSUM = "file://COPYING;md5=194bc994ad6bbd4ff5a021082fe52156"
DEPENDS = "libcap virtual/crypt"
@@ -11,7 +11,7 @@ SRC_URI = "http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-${PV}.t
file://0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch \
file://nostrip.patch \
"
-SRC_URI[sha256sum] = "abe2f94eb40b330d4dc22b159991f44e5e515212f8e887049dccdef266d0ea23"
+SRC_URI[sha256sum] = "4160f66b76615eea2397eac4ea3f0a146b7928207b79bc4cc2f99ad7b7bd9513"
inherit autotools
diff --git a/meta-networking/recipes-extended/kronosnet/kronosnet/0001-libknet-tests-Correct-include-path-for-poll.h.patch b/meta-networking/recipes-extended/kronosnet/kronosnet/0001-libknet-tests-Correct-include-path-for-poll.h.patch
deleted file mode 100644
index 0d261fd4e..000000000
--- a/meta-networking/recipes-extended/kronosnet/kronosnet/0001-libknet-tests-Correct-include-path-for-poll.h.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From cae68083fda5d4ca832ff3cc8a533454df2efe23 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 12 Oct 2021 20:35:53 -0700
-Subject: [PATCH] libknet/tests: Correct include path for poll.h
-
-Fixes
-/usr/include/sys/poll.h:1:2: error: redirec
-ting incorrect #include <sys/poll.h> to <poll.h> [-Werror,-W#warnings]
-| #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
-
-Upstream-Status: Submitted [https://github.com/kronosnet/kronosnet/pull/363]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libknet/tests/test-common.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libknet/tests/test-common.c b/libknet/tests/test-common.c
-index 86b76b0..8f8b6ca 100644
---- a/libknet/tests/test-common.c
-+++ b/libknet/tests/test-common.c
-@@ -20,7 +20,7 @@
- #include <pthread.h>
- #include <dirent.h>
- #include <sys/select.h>
--#include <sys/poll.h>
-+#include <poll.h>
-
- #include "libknet.h"
- #include "test-common.h"
diff --git a/meta-networking/recipes-extended/kronosnet/kronosnet/0001-links.c-Fix-build-with-gcc-12.patch b/meta-networking/recipes-extended/kronosnet/kronosnet/0001-links.c-Fix-build-with-gcc-12.patch
new file mode 100644
index 000000000..e59501cc4
--- /dev/null
+++ b/meta-networking/recipes-extended/kronosnet/kronosnet/0001-links.c-Fix-build-with-gcc-12.patch
@@ -0,0 +1,40 @@
+From a8aac8f3fd8b07fde8f5dc0aa9ece54a46d24425 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Thu, 9 Jun 2022 16:03:06 +0800
+Subject: [PATCH] links.c: Fix build with gcc-12
+
+Fixes:
+ | /build/tmp-glibc/work/corei7-64-wrs-linux/kronosnet/1.22-r0/recipe-sysroot/usr/include/bits/string_fortified.h:59:10: error: 'link' may be used uninitialized [-Werror=maybe-uninitialized]
+ | 59 | return __builtin___memset_chk (__dest, __ch, __len,
+ | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ | 60 | __glibc_objsize0 (__dest));
+ | | ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ | ../../git/libknet/links.c: In function 'knet_link_set_config':
+ | ../../git/libknet/links.c:108:27: note: 'link' was declared here
+ | 108 | struct knet_link *link;
+ | | ^~~~
+ | cc1: all warnings being treated as errors
+
+Upstream-Status: Submitted[https://github.com/kronosnet/kronosnet/pull/382]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ libknet/links.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libknet/links.c b/libknet/links.c
+index 8cb1621b..0ef42b79 100644
+--- a/libknet/links.c
++++ b/libknet/links.c
+@@ -105,7 +105,7 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
+ {
+ int savederrno = 0, err = 0, i, wipelink = 0, link_idx;
+ struct knet_host *host, *tmp_host;
+- struct knet_link *link;
++ struct knet_link *link = NULL;
+
+ if (!_is_valid_handle(knet_h)) {
+ return -1;
+--
+2.25.1
+
diff --git a/meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb b/meta-networking/recipes-extended/kronosnet/kronosnet_1.24.bb
index ad0a00e78..cbd5e7a0f 100644
--- a/meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb
+++ b/meta-networking/recipes-extended/kronosnet/kronosnet_1.24.bb
@@ -11,9 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING.applications;md5=751419260aa954499f7abaabaa88
SECTION = "libs"
DEPENDS = "doxygen-native libqb-native libxml2-native bzip2 libqb libxml2 libnl lksctp-tools lz4 lzo openssl nss xz zlib zstd"
-SRCREV = "0123ecebce0ad6aba3cdb320027192e15fd71e23"
+SRCREV = "f8f80fd7f9b85f2626d2c6452612962ad8efca9e"
SRC_URI = "git://github.com/kronosnet/kronosnet;protocol=https;branch=stable1 \
- file://0001-libknet-tests-Correct-include-path-for-poll.h.patch \
+ file://0001-links.c-Fix-build-with-gcc-12.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/kronosnet/kronosnet/releases"
diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb b/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.2.bb
index 44479638f..3eca92dce 100644
--- a/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb
+++ b/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.2.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=79808397c3355f163c012616125c9e26"
SECTION = "libs"
DEPENDS = "libmnl"
-SRCREV = "09456c720e9c00eecc08e41ac6b7c291b3821ee5"
+SRCREV = "f6575131e60ab10f131ea3ff36f69af2b6c3f614"
SRC_URI = "git://git.netfilter.org/libnftnl;branch=master \
file://0001-avoid-naming-local-function-as-one-of-printf-family.patch \
file://0001-configure.ac-Add-serial-tests.patch \
diff --git a/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch b/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch
deleted file mode 100644
index 65ab2dfd8..000000000
--- a/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Tue, 22 Feb 2022 00:56:36 +0100
-Subject: [PATCH] examples: compile with `make check' and add AM_CPPFLAGS
-
-Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to
-specify local headers via -I.
-
-Unfortunately, `make distcheck' did not catch this compile time error in
-my system, since it was using the nftables/libnftables.h file of the
-previous nftables release.
-
-Fixes: 5b364657a35f ("build: missing SUBIRS update")
-Fixes: caf2a6ad2d22 ("examples: add libnftables example program")
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
-Upstream-Status: Backport
-[http://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- examples/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/examples/Makefile.am b/examples/Makefile.am
-index c972170d..3b8b0b67 100644
---- a/examples/Makefile.am
-+++ b/examples/Makefile.am
-@@ -1,4 +1,6 @@
--noinst_PROGRAMS = nft-buffer \
-+check_PROGRAMS = nft-buffer \
- nft-json-file
-
-+AM_CPPFLAGS = -I$(top_srcdir)/include
-+
- LDADD = $(top_builddir)/src/libnftables.la
---
-2.25.1
-
diff --git a/meta-networking/recipes-filter/nftables/nftables/0001-nftables-python-Split-root-from-prefix.patch b/meta-networking/recipes-filter/nftables/nftables/0001-nftables-python-Split-root-from-prefix.patch
new file mode 100644
index 000000000..377b29fff
--- /dev/null
+++ b/meta-networking/recipes-filter/nftables/nftables/0001-nftables-python-Split-root-from-prefix.patch
@@ -0,0 +1,44 @@
+From c7513195a72b2e5be5c9c439cc606eb5dcc3fb7a Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Tue, 12 Jul 2022 17:44:34 +0100
+Subject: [PATCH] nftables: python: Split root from prefix
+
+The buildpaths QA check fails when python is enabled:
+
+ WARNING: nftables-1.0.4-r0 do_package_qa: QA Issue: File /usr/lib/python3.10/site-packages/nftables/__pycache__/nftables.cpython-310.pyc in package nftables-python contains reference to TMPDIR
+ File /usr/lib/python3.10/site-packages/nftables/__pycache__/__init__.cpython-310.pyc in package nftables-python contains reference to TMPDIR [buildpaths]
+
+Upstream-Status: Pending
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ py/Makefile.am | 2 +-
+ py/setup.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/py/Makefile.am b/py/Makefile.am
+index 215ecd9e4751..a827cca10135 100644
+--- a/py/Makefile.am
++++ b/py/Makefile.am
+@@ -7,7 +7,7 @@ all-local:
+ install-exec-local:
+ cd $(srcdir) && \
+ $(PYTHON_BIN) setup.py build --build-base $(abs_builddir) \
+- install --prefix $(DESTDIR)$(prefix)
++ install --root $(DESTDIR) --prefix $(prefix)
+
+ uninstall-local:
+ rm -rf $(DESTDIR)$(prefix)/lib*/python*/site-packages/nftables
+diff --git a/py/setup.py b/py/setup.py
+index 72fc8fd98b26..976aec583b71 100755
+--- a/py/setup.py
++++ b/py/setup.py
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env python
+-from distutils.core import setup
++from setuptools._distutils.core import setup
+ from nftables import NFTABLES_VERSION
+
+ setup(name='nftables',
+--
+2.35.1
+
diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.4.bb
index e078be79a..3466e16a6 100644
--- a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
+++ b/meta-networking/recipes-filter/nftables/nftables_1.0.4.bb
@@ -6,26 +6,27 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d1a78fdd879a263a5e0b42d1fc565e79"
DEPENDS = "libmnl libnftnl bison-native \
${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}"
-# Ensure we reject the 0.099 version by matching at least two dots
-UPSTREAM_CHECK_REGEX = "nftables-(?P<pver>\d+(\.\d+){2,}).tar.bz2"
-
SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.bz2 \
- file://0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch \
+ file://0001-nftables-python-Split-root-from-prefix.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = "0b28a36ffcf4567b841de7bd3f37918b1fed27859eb48bdec51e1f7a83954c02"
+SRC_URI[sha256sum] = "927fb1fea1f685a328c10cf791eb655d7e1ed49d310eea5cb3101dfd8d6cba35"
inherit autotools manpages pkgconfig ptest
-PACKAGECONFIG ??= "python readline json"
+PACKAGECONFIG ?= "python readline json"
+PACKAGECONFIG[editline] = "--with-cli=editline, , libedit, , , linenoise readline"
PACKAGECONFIG[json] = "--with-json, --without-json, jansson"
+PACKAGECONFIG[linenoise] = "--with-cli=linenoise, , linenoise, , , editline readline"
PACKAGECONFIG[manpages] = "--enable-man-doc, --disable-man-doc, asciidoc-native"
PACKAGECONFIG[mini-gmp] = "--with-mini-gmp, --without-mini-gmp"
-PACKAGECONFIG[python] = "--enable-python --with-python-bin=${PYTHON}, --with-python-bin="", python3"
-PACKAGECONFIG[readline] = "--with-cli=readline, --without-cli, readline"
+PACKAGECONFIG[python] = "--enable-python --with-python-bin=${PYTHON}, --disable-python, python3-setuptools-native"
+PACKAGECONFIG[readline] = "--with-cli=readline, , readline, , , editline linenoise"
PACKAGECONFIG[xtables] = "--with-xtables, --without-xtables, iptables"
+EXTRA_OECONF = "${@bb.utils.contains_any('PACKAGECONFIG', 'editline linenoise readline', '', '--without-cli', d)}"
+
inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)}
RRECOMMENDS:${PN} += "kernel-module-nf-tables"
@@ -34,7 +35,7 @@ PACKAGES =+ "${PN}-python"
FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}"
RDEPENDS:${PN}-python = "python3-core python3-json ${PN}"
-RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json python3-misc util-linux"
+RDEPENDS:${PN}-ptest += " ${PN}-python make bash python3-core python3-ctypes python3-json python3-misc util-linux"
TESTDIR = "tests"
@@ -46,7 +47,6 @@ do_install_ptest() {
mkdir -p ${D}${PTEST_PATH}/src/.libs
cp -rf ${B}/src/.libs/* ${D}${PTEST_PATH}/src/.libs
cp -rf ${B}/src/.libs/nft ${D}${PTEST_PATH}/src/
- cp -rf ${S}/py ${D}${PTEST_PATH}
cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH}/${TESTDIR}
sed -i 's#/usr/bin/python#/usr/bin/python3#' ${D}${PTEST_PATH}/${TESTDIR}/json_echo/run-test.py
sed -i 's#/usr/bin/env python#/usr/bin/env python3#' ${D}${PTEST_PATH}/${TESTDIR}/py/nft-test.py
diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
index 05195a3f6..f0d0dbf7c 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
@@ -73,6 +73,11 @@ SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE:${PN} = "frr.service"
SYSTEMD_AUTO_ENABLE = "disable"
+do_compile:prepend () {
+ sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' \
+ -e 's#${RECIPE_SYSROOT}##g' ${S}/lib/version.h
+}
+
do_compile:class-native () {
oe_runmake clippy-only
}
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch
index 4cd729044..0eeddf752 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch
@@ -1,7 +1,8 @@
-From 6f8ea2e841ad45eed193310b599d3f3b410ae91d Mon Sep 17 00:00:00 2001
+From 98c62e24fdd05d7e8bd8149840bad8eb0feb3fb1 Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Fri, 29 Jan 2021 08:49:15 +0000
-Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and 64bit
+Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and
+ 64bit
With configure option "--with-openssl=${STAGING_EXECPREFIXDIR}", it behaves
differently between 32bit and 64bit system as the openssl lib resides under
@@ -15,12 +16,13 @@ So add the patch to fix the gap between 32bit and 64bit system.
Upstream-Status: Inappropriate [configuration specific]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+
---
m4/ac_add_search_path.m4 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/m4/ac_add_search_path.m4 b/m4/ac_add_search_path.m4
-index 8e0a819..961f587 100644
+index 8e0a819..e9585bc 100644
--- a/m4/ac_add_search_path.m4
+++ b/m4/ac_add_search_path.m4
@@ -3,8 +3,8 @@ dnl Add a search path to the LIBS and CPPFLAGS variables
@@ -34,6 +36,3 @@ index 8e0a819..961f587 100644
fi
if test -d $1/include; then
CPPFLAGS="-I$1/include $CPPFLAGS"
---
-2.29.2
-
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch
index 05a47f61c..f8a52a63f 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch
@@ -1,4 +1,4 @@
-From 69d4c517c07f55c505090e48d96ace8cd599fb26 Mon Sep 17 00:00:00 2001
+From e86d5fd52f19b85da0b7cce660c6e65ec4c0f9bb Mon Sep 17 00:00:00 2001
From: Li xin <lixin.fnst@cn.fujitsu.com>
Date: Fri, 21 Aug 2015 18:23:13 +0900
Subject: [PATCH] config_os_headers: Error Fix
@@ -19,7 +19,7 @@ Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers
-index f07d512..2363b42 100644
+index 01c3376..6edd85f 100644
--- a/configure.d/config_os_headers
+++ b/configure.d/config_os_headers
@@ -395,8 +395,8 @@ then
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch
index 22e591556..a7881a871 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch
@@ -1,4 +1,4 @@
-From 2bf1bbe1d428ed06d57aa76b03e394b72ff2216d Mon Sep 17 00:00:00 2001
+From 8097734b27fd146f358a4edd0d1a0d28309bd9a4 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 22 Jul 2016 18:34:39 +0000
Subject: [PATCH] get_pid_from_inode: Include limit.h
@@ -14,7 +14,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
1 file changed, 1 insertion(+)
diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c
-index aee907d..7abaec2 100644
+index 5788e1d..ea380a6 100644
--- a/agent/mibgroup/util_funcs/get_pid_from_inode.c
+++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c
@@ -6,6 +6,7 @@
@@ -23,5 +23,5 @@ index aee907d..7abaec2 100644
#include <ctype.h>
+#include <limits.h>
#include <stdio.h>
- #if HAVE_STDLIB_H
+ #ifdef HAVE_STDLIB_H
#include <stdlib.h>
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch
deleted file mode 100644
index 4fc9e54b4..000000000
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 94ca941e06bef157bf0e13251f8ca1471daa9393 Mon Sep 17 00:00:00 2001
-From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
-Date: Fri, 27 Aug 2021 14:21:45 +0300
-Subject: [PATCH] snmpd: always exit after displaying usage
-
-Currently, viewing the help text with -h results in snmpd being started
-in the background, whereas this does not happen with --help. Similarly,
-when an error is detected in command line syntax, the help text is
-displayed but sometimes snmpd gets started anyway, depending on the
-execution path.
-
-This patch makes snmpd consistently terminate whenever the usage
-function gets called. It also removes the goto statements no longer
-needed.
-
-Upstream-Status: Backport
-[https://github.com/net-snmp/net-snmp/commit/94ca941e06bef157bf0e13251f8ca1471daa9393]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- agent/snmpd.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/agent/snmpd.c b/agent/snmpd.c
-index f5aab0af8..90de12d99 100644
---- a/agent/snmpd.c
-+++ b/agent/snmpd.c
-@@ -289,6 +289,8 @@ usage(char *prog)
- " -S d|i|0-7\t\tuse -Ls <facility> instead\n"
- "\n"
- );
-+ SOCK_CLEANUP;
-+ exit(1);
- }
-
- static void
-@@ -494,7 +496,6 @@ main(int argc, char *argv[])
- case '-':
- if (strcasecmp(optarg, "help") == 0) {
- usage(argv[0]);
-- goto out;
- }
- if (strcasecmp(optarg, "version") == 0) {
- version();
-@@ -783,7 +784,6 @@ main(int argc, char *argv[])
- fprintf(stderr, "%s: Illegal argument -X:"
- "AgentX support not compiled in.\n", argv[0]);
- usage(argv[0]);
-- goto out;
- #endif
- break;
-
---
-2.25.1
-
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch
index 42352a6b0..af6334f72 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch
@@ -1,4 +1,4 @@
-From f3ff99736b8cccbba77349b0d10a3cee366a4c87 Mon Sep 17 00:00:00 2001
+From f4e1acd4f509dd26cf88da872bd5adcf884f4a5f Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 18 Sep 2015 00:28:45 -0400
Subject: [PATCH] snmplib/keytools.c: Don't check for return from
@@ -17,7 +17,7 @@ Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
-index 129a7c0..2fc1efc 100644
+index 14a452a..fb1694b 100644
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -183,10 +183,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch
deleted file mode 100644
index c973bde72..000000000
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 0a02ac779c51a2b4af3b58cb96967bf3eff80367 Mon Sep 17 00:00:00 2001
-From: Wenlin Kang <wenlin.kang@windriver.com>
-Date: Wed, 24 May 2017 16:45:34 +0800
-Subject: [PATCH] configure: fix a cc check issue.
-
-When has "." in cc value, the expression
-$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'
-can't get corretly the cc's value.
-
-Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
-
----
- configure.d/config_project_perl_python | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.d/config_project_perl_python b/configure.d/config_project_perl_python
-index 475c843..22d2ad3 100644
---- a/configure.d/config_project_perl_python
-+++ b/configure.d/config_project_perl_python
-@@ -87,7 +87,7 @@ if test "x$install_perl" != "xno" ; then
- if test "x$enable_perl_cc_checks" != "xno" ; then
- AC_MSG_CHECKING([for Perl cc])
- changequote(, )
-- PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'`
-+ PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\.\w\s\/]+).;\s*/$1/);'`
- changequote([, ])
- if test "x$PERLCC" != "x" ; then
- AC_MSG_RESULT([$PERLCC])
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch
index bfddc63dd..6e224188a 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch
@@ -1,4 +1,4 @@
-From 011bdcd07f2a289d0cfc1b411c03c0cc7c42dad1 Mon Sep 17 00:00:00 2001
+From 6d655ba677563ac9d62d4d8eee59fdb39d486c02 Mon Sep 17 00:00:00 2001
From: Wenlin Kang <wenlin.kang@windriver.com>
Date: Wed, 24 May 2017 17:10:20 +0800
Subject: [PATCH] configure: fix incorrect variable
@@ -14,10 +14,10 @@ Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.in b/Makefile.in
-index 912f6b2..a53d1b2 100644
+index f1cbbf5..1545be3 100644
--- a/Makefile.in
+++ b/Makefile.in
-@@ -174,7 +174,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt
+@@ -173,7 +173,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt
#
# override LD_RUN_PATH to avoid dependencies on the build directory
perlmodules: perlmakefiles subdirs
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch
index 26dd014ce..409c1e03c 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch
@@ -1,4 +1,4 @@
-From 27444fbf8323679ea0551a3bd5f04c365143d8c0 Mon Sep 17 00:00:00 2001
+From ab1d77c52e84746e75506a2870783806bc77f396 Mon Sep 17 00:00:00 2001
From: "Roy.Li" <rongqing.li@windriver.com>
Date: Fri, 16 Jan 2015 14:14:01 +0800
Subject: [PATCH] net-snmp: fix "libtool --finish"
@@ -20,11 +20,11 @@ Signed-off-by: Roy.Li <rongqing.li@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.top b/Makefile.top
-index 6315401..fc0ee06 100644
+index a962c54..1ba5607 100644
--- a/Makefile.top
+++ b/Makefile.top
@@ -89,7 +89,7 @@ LIBREVISION = 0
- LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) -o
+ LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) @LD_NO_UNDEFINED@ -o
LIB_EXTENSION = la
LIB_VERSION =
-LIB_LDCONFIG_CMD = $(LIBTOOL) --mode=finish $(INSTALL_PREFIX)$(libdir)
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
index 022eb958f..35e93d636 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
@@ -1,4 +1,4 @@
-From 1e3178835217ba89aa355e2b6b88e490f17be16d Mon Sep 17 00:00:00 2001
+From 5ad4eab43c1ea63ff343bba64d576440e8783e75 Mon Sep 17 00:00:00 2001
From: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Date: Wed, 9 Jun 2021 15:47:30 +0900
Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP
@@ -7,6 +7,7 @@ Upstream-Status: Pending
Signed-off-by: Marian Florea <marian.florea@windriver.com>
Signed-off-by: Li Zhou <li.zhou@windriver.com>
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
---
agent/snmpd.c | 1 +
@@ -14,19 +15,19 @@ Signed-off-by: Li Zhou <li.zhou@windriver.com>
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/agent/snmpd.c b/agent/snmpd.c
-index 1af439f..355b510 100644
+index 90de12d..1ccc4db 100644
--- a/agent/snmpd.c
+++ b/agent/snmpd.c
-@@ -1208,6 +1208,7 @@ receive(void)
- snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n",
- netsnmp_get_version());
- update_config();
-+ snmp_store(app_name);
- send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3);
- #if HAVE_SIGPROCMASK
- ret = sigprocmask(SIG_UNBLOCK, &set, NULL);
+@@ -1169,6 +1169,7 @@ snmpd_reconfig(void)
+ snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n",
+ netsnmp_get_version());
+ update_config();
++ snmp_store(app_name);
+ send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3);
+ #ifdef HAVE_SIGPROCMASK
+ ret = sigprocmask(SIG_UNBLOCK, &set, NULL);
diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c
-index 29c2a0f..ada961c 100644
+index 7b1746b..4a17e0d 100644
--- a/snmplib/snmpv3.c
+++ b/snmplib/snmpv3.c
@@ -1059,9 +1059,9 @@ init_snmpv3_post_config(int majorid, int minorid, void *serverarg,
@@ -41,6 +42,3 @@ index 29c2a0f..ada961c 100644
engineBoots = 1;
}
---
-2.25.1
-
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch
index f1ebe2bb6..c5a453abe 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch
@@ -1,4 +1,4 @@
-From e507dcf8b29c55011f85d88bf05400d4717e4074 Mon Sep 17 00:00:00 2001
+From ad65b106d3cb3c6e595381be1c45a73c1ef6eb5e Mon Sep 17 00:00:00 2001
From: Chong Lu <Chong.Lu@windriver.com>
Date: Thu, 28 May 2020 09:46:34 -0500
Subject: [PATCH] net-snmp: add knob whether nlist.h are checked
@@ -15,7 +15,7 @@ Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
1 file changed, 2 insertions(+)
diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers
-index 76ef58a..f07d512 100644
+index b9c8c31..01c3376 100644
--- a/configure.d/config_os_headers
+++ b/configure.d/config_os_headers
@@ -37,6 +37,7 @@ AC_CHECK_HEADERS([getopt.h pthread.h regex.h ] dnl
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch
index 2941a3609..c382c02d8 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch
@@ -1,4 +1,4 @@
-From 3ca4335ec1d6b7b384c134fc85d7a9e513c68376 Mon Sep 17 00:00:00 2001
+From b1b9980853b1083f0c8b9f628f8b4c3a484d4f91 Mon Sep 17 00:00:00 2001
From: Jackie Huang <jackie.huang@windriver.com>
Date: Thu, 22 Jun 2017 10:25:08 +0800
Subject: [PATCH] net-snmp: fix for --disable-des
@@ -15,7 +15,7 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
1 file changed, 2 insertions(+)
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
-index 00c9174..c6875e1 100644
+index 54fdd5c..0f7e931 100644
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -85,7 +85,9 @@ netsnmp_feature_child_of(usm_scapi, usm_support);
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch
index 807983f61..09ca532a7 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch
@@ -1,4 +1,4 @@
-From 972df16e9599dffddf5d714a4cbf43008c771122 Mon Sep 17 00:00:00 2001
+From 36a5656db7ea75dd15f35a6c1728937c6e2b901c Mon Sep 17 00:00:00 2001
From: Jackie Huang <jackie.huang@windriver.com>
Date: Wed, 14 Jan 2015 15:10:06 +0800
Subject: [PATCH] testing: add the output format for ptest
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch
index bf1e7bedf..c0b51c51e 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch
@@ -1,4 +1,4 @@
-From 84e362fe97f50fbad69f083bc2d8fe18f83eb2f7 Mon Sep 17 00:00:00 2001
+From b923cd38e2503b86aedf66b767fd7f51c9f25645 Mon Sep 17 00:00:00 2001
From: "douglas.royds" <douglas.royds@taitradio.com>
Date: Wed, 21 Nov 2018 13:52:18 +1300
Subject: [PATCH] net-snmp: Reproducibility: Don't check build host for
@@ -13,7 +13,7 @@ set in the environment to "yes" or "no" as appropriate for the target platform.
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.d/config_os_misc4 b/configure.d/config_os_misc4
-index 6f23c8e..8cea75a 100644
+index b6864d9..07ca922 100644
--- a/configure.d/config_os_misc4
+++ b/configure.d/config_os_misc4
@@ -99,9 +99,9 @@ if test x$LPSTAT_PATH != x; then
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
index 5f887b886..7af514756 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
@@ -21,15 +21,13 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
file://0001-config_os_headers-Error-Fix.patch \
file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \
file://0001-get_pid_from_inode-Include-limit.h.patch \
- file://0002-configure-fix-a-cc-check-issue.patch \
file://0004-configure-fix-incorrect-variable.patch \
file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \
file://net-snmp-fix-for-disable-des.patch \
file://reproducibility-have-printcap.patch \
file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \
- file://0001-snmpd-always-exit-after-displaying-usage.patch \
"
-SRC_URI[sha256sum] = "eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f"
+SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a"
UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/"
UPSTREAM_CHECK_REGEX = "/net-snmp/(?P<pver>\d+(\.\d+)+)/"
@@ -72,6 +70,7 @@ CACHED_CONFIGUREVARS = " \
ac_cv_ETC_MNTTAB=/etc/mtab \
lt_cv_shlibpath_overrides_runpath=yes \
ac_cv_path_UNAMEPROG=${base_bindir}/uname \
+ ac_cv_path_PSPROG=${base_bindir}/ps \
ac_cv_file__etc_printcap=no \
NETSNMP_CONFIGURE_OPTIONS= \
"
diff --git a/meta-networking/recipes-protocols/openflow/openflow.inc b/meta-networking/recipes-protocols/openflow/openflow.inc
index 15eb65ad3..aaad0e00e 100644
--- a/meta-networking/recipes-protocols/openflow/openflow.inc
+++ b/meta-networking/recipes-protocols/openflow/openflow.inc
@@ -13,6 +13,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e870c934e2c3d6ccf085fd7cf0a1e2e2"
SRC_URI = "git://gitosis.stanford.edu/openflow.git;protocol=git;branch=master"
+CVE_CHECK_IGNORE = "\
+ CVE-2015-1611 \
+ CVE-2015-1612 \
+"
+
DEPENDS = "virtual/libc"
PACKAGECONFIG ??= ""
@@ -53,3 +58,7 @@ do_install:append() {
}
FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
+
+# This CVE is not for this product but cve-check assumes it is
+# because two CPE collides when checking the NVD database
+CVE_CHECK_IGNORE = "CVE-2018-1078"
diff --git a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
index a7697a1ae..984264a30 100644
--- a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
+++ b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
@@ -2,3 +2,7 @@ require quagga.inc
SRC_URI[md5sum] = "eced21b054d71c9e1b7c6ac43286a166"
SRC_URI[sha256sum] = "e364c082c3309910e1eb7b068bf39ee298e2f2f3f31a6431a5c115193bd653d3"
+
+CVE_CHECK_IGNORE += "\
+ CVE-2016-4049 \
+"
diff --git a/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb b/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
index 4f8e4d428..dcfa7406d 100644
--- a/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
+++ b/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
@@ -23,3 +23,5 @@ PACKAGECONFIG[inet] = "--enable-inet,--disable-inet,"
PACKAGECONFIG[inet6] = "--enable-inet6,--disable-inet6,"
EXTRA_OECONF += "--disable-debug"
+
+CVE_VERSION = "0.9.3.0"
diff --git a/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-networking/recipes-support/chrony/chrony_4.2.bb
index 57dd635dc..8ce9e1db5 100644
--- a/meta-networking/recipes-support/chrony/chrony_4.2.bb
+++ b/meta-networking/recipes-support/chrony/chrony_4.2.bb
@@ -126,6 +126,10 @@ do_install() {
${D}${systemd_unitdir}/system/chronyd.service
sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/chronyd
sed -i 's!^EnvironmentFile=.*!EnvironmentFile=-${sysconfdir}/default/chronyd!' ${D}${systemd_unitdir}/system/chronyd.service
+
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ echo "d /var/lib/chrony 0755 root root -" > ${D}${sysconfdir}/tmpfiles.d/chronyd.conf
+
}
FILES:${PN} = "${sbindir}/chronyd ${sysconfdir} ${localstatedir}/lib/chrony ${localstatedir}"
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
new file mode 100644
index 000000000..6bd734d75
--- /dev/null
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
@@ -0,0 +1,191 @@
+From 3cdecc159e0f417a2f8d43d99632af26beea630f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 31 Mar 2022 21:35:20 +0100
+Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934
+ refers.
+
+CVE: CVE-2022-0934
+
+Upstream-Status: Backport
+[https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=03345ecefe]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ CHANGELOG | 3 +++
+ src/rfc3315.c | 48 +++++++++++++++++++++++++++---------------------
+ 2 files changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 5e54df9..a28da2a 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,4 +1,7 @@
+ version 2.86
++ Fix write-after-free error in DHCPv6 server code.
++ CVE-2022-0934 refers.
++
+ Handle DHCPREBIND requests in the DHCPv6 server code.
+ Thanks to Aichun Li for spotting this omission, and the initial
+ patch.
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 5c2ff97..6ecfeeb 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -33,9 +33,9 @@ struct state {
+ unsigned int mac_len, mac_type;
+ };
+
+-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
+ struct in6_addr *client_addr, int is_unicast, time_t now);
+-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now);
++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);
+ static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
+ static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);
+ static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);
+@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if
+ }
+
+ /* This cost me blood to write, it will probably cost you blood to understand - srk. */
+-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
+ struct in6_addr *client_addr, int is_unicast, time_t now)
+ {
+ void *end = inbuff + sz;
+ void *opts = inbuff + 34;
+- int msg_type = *((unsigned char *)inbuff);
++ int msg_type = *inbuff;
+ unsigned char *outmsgtypep;
+ void *opt;
+ struct dhcp_vendor *vendor;
+@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+ return 1;
+ }
+
+-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now)
++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)
+ {
+ void *opt;
+- int i, o, o1, start_opts;
++ int i, o, o1, start_opts, start_msg;
+ struct dhcp_opt *opt_cfg;
+ struct dhcp_netid *tagif;
+ struct dhcp_config *config = NULL;
+ struct dhcp_netid known_id, iface_id, v6_id;
+- unsigned char *outmsgtypep;
++ unsigned char outmsgtype;
+ struct dhcp_vendor *vendor;
+ struct dhcp_context *context_tmp;
+ struct dhcp_mac *mac_opt;
+@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ v6_id.next = state->tags;
+ state->tags = &v6_id;
+
+- /* copy over transaction-id, and save pointer to message type */
+- if (!(outmsgtypep = put_opt6(inbuff, 4)))
++ start_msg = save_counter(-1);
++ /* copy over transaction-id */
++ if (!put_opt6(inbuff, 4))
+ return 0;
+ start_opts = save_counter(-1);
+- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
+-
++ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;
++
+ /* We're going to be linking tags from all context we use.
+ mark them as unused so we don't link one twice and break the list */
+ for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)
+@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
+
+ {
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ o1 = new_opt6(OPTION6_STATUS_CODE);
+ put_opt6_short(DHCP6USEMULTI);
+ put_opt6_string("Use multicast");
+@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ struct dhcp_netid *solicit_tags;
+ struct dhcp_context *c;
+
+- *outmsgtypep = DHCP6ADVERTISE;
++ outmsgtype = DHCP6ADVERTISE;
+
+ if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
+ {
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ state->lease_allocate = 1;
+ o = new_opt6(OPTION6_RAPID_COMMIT);
+ end_opt6(o);
+@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int start = save_counter(-1);
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ state->lease_allocate = 1;
+
+ log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
+@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int address_assigned = 0;
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
+
+@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int good_addr = 0;
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
+
+@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
+ if (ignore)
+ return 0;
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ tagif = add_options(state, 1);
+ break;
+ }
+@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ case DHCP6RELEASE:
+ {
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPRELEASE", NULL, NULL);
+
+@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ case DHCP6DECLINE:
+ {
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPDECLINE", NULL, NULL);
+
+@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ }
+
+ }
+-
++
++ /* Fill in the message type. Note that we store the offset,
++ not a direct pointer, since the packet memory may have been
++ reallocated. */
++ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype;
++
+ log_tags(tagif, state->xid);
+ log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));
+
+--
+2.25.1
+
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
index 31ca51ec6..0f7880ce8 100644
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
@@ -3,5 +3,6 @@ require dnsmasq.inc
SRC_URI[dnsmasq-2.86.sha256sum] = "ef15f608a83ee2b1d1d2c1f11d089a7e0ac401ffb0991de73fc01ce5f290e512"
SRC_URI += "\
file://lua.patch \
+ file://CVE-2022-0934.patch \
"
diff --git a/meta-networking/recipes-support/htpdate/htpdate_1.3.4.bb b/meta-networking/recipes-support/htpdate/htpdate_1.3.5.bb
index d25600645..08255ae84 100644
--- a/meta-networking/recipes-support/htpdate/htpdate_1.3.4.bb
+++ b/meta-networking/recipes-support/htpdate/htpdate_1.3.5.bb
@@ -14,7 +14,7 @@ LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://htpdate.c;beginline=26;endline=30;md5=2b6cdb94bd5349646d7e33f9f501eef7"
SRC_URI = "http://www.vervest.org/htp/archive/c/htpdate-${PV}.tar.gz"
-SRC_URI[sha256sum] = "744f9200cfd3b008a5516c5eb6da727af532255a329126a7b8f49a5623985642"
+SRC_URI[sha256sum] = "a8734d4f1d84d0608d045508608f2d29d8b968da269f83120aaac67709b1bd03"
TARGET_CC_ARCH += "${LDFLAGS}"
diff --git a/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb b/meta-networking/recipes-support/nbdkit/nbdkit_1.31.15.bb
index 2de32cc1e..373cdb054 100644
--- a/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb
+++ b/meta-networking/recipes-support/nbdkit/nbdkit_1.31.15.bb
@@ -11,8 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9dcc2d8acdde215fa4bd6ac12bb14f0"
SRC_URI = "git://github.com/libguestfs/nbdkit.git;protocol=https;branch=master \
"
-
-SRCREV = "7c0e2d19d30eb0bd2e079febb5a2c31f65e5023d"
+SRCREV = "a02ea15ec4e2c5ac533cee51824d5b9dd2933cc3"
S = "${WORKDIR}/git"
diff --git a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb b/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb
index f5467794e..6861314a0 100644
--- a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb
+++ b/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb
@@ -5,8 +5,7 @@ HOMEPAGE = "http://www.remlab.net/ndisc6/"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
-PV = "1.0.5"
-SRCREV = "b706f5f01aa82aa0db678fffd15a1527f330c507"
+SRCREV = "7e314b23329f9c24c4c097b8513673fed7e7158a"
SRC_URI = "git://git.remlab.net/git/ndisc6.git;protocol=http;branch=master \
file://0001-autogen-Do-not-symlink-gettext.h-from-build-host.patch \
"
diff --git a/meta-networking/recipes-support/netperf/files/netserver_permissions.patch b/meta-networking/recipes-support/netperf/files/netserver_permissions.patch
new file mode 100644
index 000000000..55316363e
--- /dev/null
+++ b/meta-networking/recipes-support/netperf/files/netserver_permissions.patch
@@ -0,0 +1,29 @@
+From 78c9ae7d9a6735575bc72dd28a19b2bc3a251981 Mon Sep 17 00:00:00 2001
+From: Andrew Elble <aweits@rit.edu>
+Date: Mon, 8 Oct 2018 14:31:20 -0400
+Subject: [PATCH] netserver: don't change permissions on /dev/null
+
+the (now default) suppress_debug=1 changes permissions on /dev/null
+to 0644. Don't do this.
+
+Upstream-Status: Pending [https://github.com/HewlettPackard/netperf/pull/27/commits/78c9ae7d9a6735575bc72dd28a19b2bc3a251981]
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+---
+ src/netserver.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/netserver.c b/src/netserver.c
+index 00c8d23..86a1c45 100644
+--- a/src/netserver.c
++++ b/src/netserver.c
+@@ -278,7 +278,8 @@ open_debug_file()
+
+ #if !defined(WIN32)
+
+- chmod(FileName,0644);
++ if (!suppress_debug)
++ chmod(FileName,0644);
+
+ /* redirect stdin to "/dev/null" */
+ rd_null_fp = fopen(NETPERF_NULL,"r");
diff --git a/meta-networking/recipes-support/netperf/netperf_git.bb b/meta-networking/recipes-support/netperf/netperf_git.bb
index 62ba966d0..06b2eddbb 100644
--- a/meta-networking/recipes-support/netperf/netperf_git.bb
+++ b/meta-networking/recipes-support/netperf/netperf_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/HewlettPackard/netperf.git;branch=master;protocol=ht
file://netserver.service \
file://0001-netlib.c-Move-including-sched.h-out-og-function.patch \
file://0001-nettest_omni-Remove-duplicate-variable-definitions.patch \
+ file://netserver_permissions.patch \
"
SRCREV = "3bc455b23f901dae377ca0a558e1e32aa56b31c4"
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index fe2bd0773..a30f720bb 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -29,7 +29,31 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
# CVE-2016-9312 is only for windows.
-CVE_CHECK_IGNORE += "CVE-2016-9312"
+# The other CVEs are not correctly identified because cve-check
+# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
+CVE_CHECK_IGNORE += "\
+ CVE-2016-9312 \
+ CVE-2015-5146 \
+ CVE-2015-5300 \
+ CVE-2015-7975 \
+ CVE-2015-7976 \
+ CVE-2015-7977 \
+ CVE-2015-7978 \
+ CVE-2015-7979 \
+ CVE-2015-8138 \
+ CVE-2015-8139 \
+ CVE-2015-8140 \
+ CVE-2015-8158 \
+ CVE-2016-1547 \
+ CVE-2016-2516 \
+ CVE-2016-2517 \
+ CVE-2016-2519 \
+ CVE-2016-7429 \
+ CVE-2016-7433 \
+ CVE-2016-9310 \
+ CVE-2016-9311 \
+"
+
inherit autotools update-rc.d useradd systemd pkgconfig
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
index 3efac7d98..cd8b396f1 100644
--- a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
+++ b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
@@ -20,6 +20,8 @@ SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \
SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a"
+UPSTREAM_CHECK_URI = "ftp://ftp.ntpsec.org/pub/releases/"
+
inherit pkgconfig python3-dir python3targetconfig systemd update-alternatives update-rc.d useradd waf features_check
# RDEPENDS on gnuplot with this restriction
diff --git a/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
index c61303b81..eca5865f6 100644
--- a/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
+++ b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
@@ -41,6 +41,8 @@ SRC_URI[sha256sum] = "f6d0fd4c0a74b05f80907229d0b270f54ca23294bcc11979f8b8d12766
inherit autotools-brokensep pkgconfig python3native perlnative update-rc.d systemd cpan-base python3targetconfig
+CFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'largefile', '-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64', '', d)}"
+
EXTRA_OECONF = "--disable-static \
--with-perl='${STAGING_BINDIR_NATIVE}/perl-native/perl' \
--with-python='${STAGING_BINDIR_NATIVE}/python3-native/python3' \
@@ -85,6 +87,10 @@ do_configure () {
done
}
+do_compile:append () {
+ sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${S}/swig/perl/OpenIPMI_wrap.c
+}
+
do_install:append () {
echo "SAL: D = $D"
echo "SAL: libdir = $libdir"
diff --git a/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch b/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
new file mode 100644
index 000000000..03b454d62
--- /dev/null
+++ b/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
@@ -0,0 +1,48 @@
+From ea179d83b0aa62719d90748cd1fb260f40055f15 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 13 Jun 2022 22:44:28 +0800
+Subject: [PATCH] configure.ac: eliminate build path from openvpn --version
+ option
+
+Before the patch:
+$ openvpn --version
+OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
+[snip]
+Compile time defines: enable_async_push=no enable_comp_stub=no
+[snip]
+with_crypto_library=openssl with_gnu_ld=yes
+with_libtool_sysroot=/buildarea/build/tmp/work/core2-64-poky-linux/openvpn/2.5.7-r0/recipe-sysroot
+with_mem_check=no with_openssl_engine=auto
+
+After the patch:
+$ openvpn --version
+OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
+[snip]
+Compile time defines: enable_async_push=no enable_comp_stub=no
+[snip]
+with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no
+with_openssl_engine=auto
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2f5f6bc..eddcbc5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1377,7 +1377,7 @@ if test "${enable_async_push}" = "yes"; then
+ esac
+ fi
+
+-CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
++CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*=' | grep -v 'libtool_sysroot'`"
+ AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
+
+ TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
+--
+2.25.1
+
diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn b/meta-networking/recipes-support/openvpn/openvpn/openvpn
index e5af4b230..e5af4b230 100755..100644
--- a/meta-networking/recipes-support/openvpn/openvpn/openvpn
+++ b/meta-networking/recipes-support/openvpn/openvpn/openvpn
diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf b/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf
deleted file mode 100644
index 1205806d5..000000000
--- a/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
-d @LOCALSTATEDIR@/run/openvpn 0755 root root -
diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service b/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
deleted file mode 100644
index 01dd2e8c2..000000000
--- a/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
-After=syslog.target network.target
-
-[Service]
-PrivateTmp=true
-Type=forking
-PIDFile=/var/run/openvpn/%i.pid
-ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
index 3ed90a7c8..a28c73ab5 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
@@ -5,12 +5,12 @@ LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b76abd82c14ee01cc34c4ff5e3627b89"
DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-inherit autotools systemd update-rc.d
+inherit autotools systemd update-rc.d pkgconfig
SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
+ file://0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch \
file://openvpn \
- file://openvpn@.service \
- file://openvpn-volatile.conf"
+ "
UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
@@ -19,9 +19,6 @@ SRC_URI[sha256sum] = "08340a389905c84196b6cd750add1bc0fa2d46a1afebfd589c24120946
# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569"
-SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
-SYSTEMD_AUTO_ENABLE = "disable"
-
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME:${PN} = "openvpn"
INITSCRIPT_PARAMS:${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ."
@@ -35,31 +32,36 @@ EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-p
# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip"
+EXTRA_OECONF += "SYSTEMD_UNIT_DIR=${systemd_system_unitdir} \
+ TMPFILES_DIR=${nonarch_libdir}/tmpfiles.d \
+ "
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
+ "
+
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
+
do_install:append() {
install -d ${D}/${sysconfdir}/init.d
install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
install -d ${D}/${sysconfdir}/openvpn
+ install -d ${D}/${sysconfdir}/openvpn/server
+ install -d ${D}/${sysconfdir}/openvpn/client
+
install -d ${D}/${sysconfdir}/openvpn/sample
- install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
- install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+ install -m 644 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
+ install -m 644 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+ install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-config-files
install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
+ install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-scripts
+ install -m 644 ${S}/sample/sample-config-files/* ${D}${sysconfdir}/openvpn/sample/sample-config-files
install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
+ install -m 644 ${S}/sample/sample-scripts/* ${D}${sysconfdir}/openvpn/sample/sample-scripts
- if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d ${D}/${systemd_unitdir}/system
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
-
- install -d ${D}/${localstatedir}
- install -d ${D}/${localstatedir}/lib
- install -d -m 710 ${D}/${localstatedir}/lib/openvpn
-
- install -d ${D}${sysconfdir}/tmpfiles.d
- install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
- sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
- fi
+ install -d -m 710 ${D}/${localstatedir}/lib/openvpn
}
PACKAGES =+ " ${PN}-sample "
@@ -67,9 +69,9 @@ PACKAGES =+ " ${PN}-sample "
RRECOMMENDS:${PN} = "kernel-module-tun"
FILES:${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
-FILES:${PN} += "${systemd_unitdir}/system/openvpn@.service \
- ${sysconfdir}/tmpfiles.d \
+FILES:${PN} += "${systemd_system_unitdir}/openvpn-server@.service \
+ ${systemd_system_unitdir}/openvpn-client@.service \
+ ${nonarch_libdir}/tmpfiles.d \
"
-FILES:${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
- ${systemd_unitdir}/system/openvpn@loopback-client.service \
- ${sysconfdir}/openvpn/sample/"
+FILES:${PN}-sample = "${sysconfdir}/openvpn/sample/ \
+ "
diff --git a/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb b/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
index c567e3314..e5ecc5cd6 100644
--- a/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb
+++ b/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
@@ -6,7 +6,7 @@ DEPENDS = "libnl"
RDEPENDS:${PN} = "bash perl"
SRC_URI = "git://github.com/linux-rdma/rdma-core.git;branch=master;protocol=https"
-SRCREV = "a3e69268892bbd5ab30123748e89a26509a25ac5"
+SRCREV = "467363efbc0fea706752c1ba7a21c313823017e7"
S = "${WORKDIR}/git"
#Default Dual License https://github.com/linux-rdma/rdma-core/blob/master/COPYING.md
diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb
index d9083bcbe..1887a5582 100644
--- a/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-networking/recipes-support/spice/spice_git.bb
@@ -30,6 +30,12 @@ SRC_URI = " \
S = "${WORKDIR}/git"
+CVE_CHECK_IGNORE += "\
+ CVE-2016-0749 \
+ CVE-2016-2150 \
+ CVE-2018-10893 \
+"
+
inherit autotools gettext python3native python3-dir pkgconfig
DEPENDS += "spice-protocol jpeg pixman alsa-lib glib-2.0 python3-pyparsing-native python3-six-native glib-2.0-native"
diff --git a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
deleted file mode 100644
index 7da48cd2c..000000000
--- a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Wed, 23 Feb 2022 17:29:02 +0100
-Subject: [PATCH] openssl: Don't unload providers
-
-There is a conflict between atexit() handlers registered by OpenSSL and
-some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
-Because plugins are usually loaded after atexit() has been called, the
-handler registered by OpenSSL will run before our handler. So when the
-latter destroys the plugins it's a bad idea to try to access any OpenSSL
-objects as they might already be invalid.
-
-Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
-Closes strongswan/strongswan#921
-
-Upstream-Status: Backport
-[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- .../plugins/openssl/openssl_plugin.c | 27 +++----------------
- 1 file changed, 3 insertions(+), 24 deletions(-)
-
-diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-index 6b4923649..1491d5cf8 100644
---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-@@ -16,7 +16,6 @@
-
- #include <library.h>
- #include <utils/debug.h>
--#include <collections/array.h>
- #include <threading/thread.h>
- #include <threading/mutex.h>
- #include <threading/thread_value.h>
-@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
- * public functions
- */
- openssl_plugin_t public;
--
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- /**
-- * Loaded providers
-- */
-- array_t *providers;
--#endif
- };
-
- /**
-@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
- METHOD(plugin_t, destroy, void,
- private_openssl_plugin_t *this)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- OSSL_PROVIDER *provider;
-- while (array_remove(this->providers, ARRAY_TAIL, &provider))
-- {
-- OSSL_PROVIDER_unload(provider);
-- }
-- array_destroy(this->providers);
--#endif /* OPENSSL_VERSION_NUMBER */
--
- /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
- * can't call it as we couldn't re-initialize the library (as required by the
- * unit tests and the Android app) */
-@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
- DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
- return NULL;
- }
-- array_insert_create(&this->providers, ARRAY_TAIL, fips);
- /* explicitly load the base provider containing encoding functions */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "base"));
-+ OSSL_PROVIDER_load(NULL, "base");
- }
- else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
- TRUE, lib->ns))
- {
- /* load the legacy provider for algorithms like MD4, DES, BF etc. */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "legacy"));
-+ OSSL_PROVIDER_load(NULL, "legacy");
- /* explicitly load the default provider, as mentioned by crypto(7) */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "default"));
-+ OSSL_PROVIDER_load(NULL, "default");
- }
- ossl_provider_names_t data = {};
- OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
---
-2.25.1
-
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.7.bb
index cfb7b41fa..71ffb7ba4 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.7.bb
@@ -9,10 +9,9 @@ DEPENDS = "flex-native flex bison-native"
DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}"
SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
- file://0001-openssl-Don-t-unload-providers.patch \
"
-SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd"
+SRC_URI[sha256sum] = "9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf"
UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
@@ -147,9 +146,13 @@ RDEPENDS:${PN} += "\
${PN}-plugin-constraints \
${PN}-plugin-des \
${PN}-plugin-dnskey \
+ ${PN}-plugin-drbg \
+ ${PN}-plugin-fips-prf \
${PN}-plugin-hmac \
+ ${PN}-plugin-kdf \
${PN}-plugin-kernel-netlink \
${PN}-plugin-md5 \
+ ${PN}-plugin-mgf1 \
${PN}-plugin-nonce \
${PN}-plugin-pem \
${PN}-plugin-pgp \
diff --git a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
index aeb0bece9..0840cbbd8 100644
--- a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
+++ b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
@@ -1,3 +1,8 @@
+From 7ff4eba20b5c4fc7365e5ee0dfb775ed29bdd5ce Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Wed, 1 Nov 2017 09:23:41 -0400
+Subject: [PATCH] stunnel: fix compile error when openssl disable des support
+
Upstream-Status: Pending
When openssl disable des support with configure option 'no-des', it doesn't
@@ -6,12 +11,17 @@ failed. Fix it by checking macro OPENSSL_NO_DES to use openssl des related
library conditionaly.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
---
+ src/common.h | 2 ++
+ src/protocol.c | 6 +++---
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
diff --git a/src/common.h b/src/common.h
-index f7d38b0..bf485af 100644
+index bc37eb5..03ee3e5 100644
--- a/src/common.h
+++ b/src/common.h
-@@ -478,7 +478,9 @@ extern char *sys_errlist[];
+@@ -486,7 +486,9 @@ extern char *sys_errlist[];
#ifndef OPENSSL_NO_MD4
#include <openssl/md4.h>
#endif /* !defined(OPENSSL_NO_MD4) */
@@ -22,19 +32,19 @@ index f7d38b0..bf485af 100644
#include <openssl/dh.h>
#if OPENSSL_VERSION_NUMBER<0x10100000L
diff --git a/src/protocol.c b/src/protocol.c
-index 587df09..8198eb6 100644
+index 804f115..d9b2b50 100644
--- a/src/protocol.c
+++ b/src/protocol.c
-@@ -67,7 +67,7 @@ NOEXPORT char *imap_server(CLI *, SERVICE_OPTIONS *, const PHASE);
+@@ -66,7 +66,7 @@ NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE);
-#ifndef OPENSSL_NO_MD4
+#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES)
NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *);
- NOEXPORT char *ntlm1();
+ NOEXPORT char *ntlm1(void);
NOEXPORT char *ntlm3(char *, char *, char *, char *);
-@@ -1332,7 +1332,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1351,7 +1351,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host);
if(opt->protocol_username && opt->protocol_password) {
if(!strcasecmp(opt->protocol_authentication, "ntlm")) {
@@ -43,7 +53,7 @@ index 587df09..8198eb6 100644
ntlm(c, opt);
#else
s_log(LOG_ERR, "NTLM authentication is not available");
-@@ -1376,7 +1376,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1395,7 +1395,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
return NULL;
}
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.64.bb b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
index 13ecd5c5b..ab7ff4322 100644
--- a/meta-networking/recipes-support/stunnel/stunnel_5.64.bb
+++ b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
file://fix-openssl-no-des.patch \
"
-SRC_URI[sha256sum] = "eebe53ed116ba43b2e786762b0c2b91511e7b74857ad4765824e7199e6faf883"
+SRC_URI[sha256sum] = "60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc"
inherit autotools bash-completion pkgconfig
diff --git a/meta-networking/recipes-support/unbound/unbound_1.16.0.bb b/meta-networking/recipes-support/unbound/unbound_1.16.1.bb
index cf59d2918..5eb9ec1bf 100644
--- a/meta-networking/recipes-support/unbound/unbound_1.16.0.bb
+++ b/meta-networking/recipes-support/unbound/unbound_1.16.1.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5308494bc0590c0cb036afd781d78f06"
SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=http;branch=master;protocol=https \
file://0001-contrib-add-yocto-compatible-init-script.patch \
"
-SRCREV = "edc1d07718fb0ecabf9ddd3cf65503de1810834c"
+SRCREV = "903538c76e1d8eb30d0814bb55c3ef1ea28164e8"
inherit autotools pkgconfig systemd update-rc.d
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index f1dba227a..38fdbce89 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -19,7 +19,7 @@ SRC_URI += " \
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
-SRC_URI[sha256sum] = "a0e227bce2cc3a51ef3301891a0243231990b52a39b68a84a6e32f69c4e75279"
+SRC_URI[sha256sum] = "881a13303e263b7dc7fe337534c8a541d4914552287879bed30bbe76c5bf68ca"
PE = "1"