Age | Commit message (Collapse) | Author |
|
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Revert patch to setup-only-make-one-reference-to-env.patch and make
patch for python3 interpreter fix apply to runs of setup.py during
self test as well as installs.
Reported-by: Kenta Nakamura <Nakamura.Kenta@bp.MitsubishiElectric.co.jp>
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
|
|
Backport patches:
using conntrack instead of state eliminating warning
support setup.py build (python 3)
adjust runtime tests to use daytime port (netbase changes)
empty out IPT_MODULES (nf conntrack warning)
check-requirements patch for python 3.8
Update, add patches for python 3 interpreter
Add ufw-test package. Backport fixes for check-requirements script
Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell
For dunfell
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb4a4f0ff8d9926137cb152fd3f2808bd9f961ce)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit d614d160a10b3c5ac36702fbd433f98925a9aa8e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit baee1ebeafce5d6a99dafc30b91e6fb760197686)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 81d14a86353829eba1d55a93d478faf4c5527a89)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1d44b4c03d51e91ce01cf5fd0b33155ce36f1862)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 38beb6fe98894ffaf82a05ccfd6694f735daba26)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is security release in order to address CVE-2020-1472
(Unauthenticated domain takeover via netlogon ("ZeroLogon")).
See: https://www.samba.org/samba/history/samba-4.10.18.html
Also remove 3 backported patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bebdea8530652ff698885a3f55b0a650de319379)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The wireless-regdb has been moved to oe-core. According the commit
message:
wireless-regdb-static should be used with kernel >= 4.15.
wireless-regdb can be used with older kernels and is mostly
irrelevant here, but keeping it in meta-networking would
create needless recipe duplication.
it should replace runtime dependency wireless-regdb with
wireless-regdb-static.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ac313b638068aabc88f0fa9d1888380e94100f31)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes:
# cd /etc/raddb/certs
# ./bootstrap
[snip]
chmod g+r ca.key
openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever'
chmod g+r server.pem
C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org
error 7 at 0 depth lookup: certificate signature failure
140066667427072:error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:../openssl-1.1.1g/crypto/rsa/rsa_ossl.c:553:
140066667427072:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1g/crypto/asn1/a_verify.c:170:
error server.pem: verification failed
make: *** [Makefile:107: server.vrfy] Error 2
It seems the ca.pem mismatchs server.pem which results in failing to
execute "openssl verify -CAfile ca.pem server.pem", so add the logic
to check the file to avoid inconsistency.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 52f5141109fae5f49c5a7334e9ded2b028e16cf6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It fails to compile rdist occasionally when system load of build server
is high:
| In file included from common.c:57:
| ../include/defs.h:49:10: fatal error: y.tab.h: No such file or directory
| 49 | #include "y.tab.h"
| | ^~~~~~~~~
| compilation terminated.
Make $(COMMONOBJS) which include common.o to depends on related header files
and y.tab.h to fix the parallel build failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1bb990c6ca1b149c19404fbe006fb6b372af8c4c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is a security release in order to address the following defects:
CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results.
CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Also backport 3 patches to fix build error with musl.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1609df11530ebb73de863d0c705e16107015dbe3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is seen with glibc 2.32 where these names are also defined
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5cf2665446f3fdc16b484c64afffaa0ac8373a35)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes the occasional error:
# cd /etc/raddb/certs
# ./bootstrap
[snip]
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
Using configuration from ./client.cnf
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
The matching entry has the following details
Type :Valid
Expires on :200908024833Z
Serial Number :02
File name :unknown
Subject Name :/C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
make: *** [Makefile:128: client.crt] Error 1
Add the check to fix the above error and it does the same for server.crt.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0d7522b7df80e45c379ad76addfddd51d0e56e9d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
2.1.3
Changes
* Force cython to use python language version 3
Bugs fixed
* Fix tooltip not updating when bluetooth is disabled
* Fix dbus timeout in DhcClient
* Call the right method when pulseaudio crashes
* Handle os.remove failing
2.1.2
Bugs fixed
* Signal bar updates with multiple adapters
* Pairing with pincode
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d05070c7d8d1f384914b1243298b4759fd9accae)
[AK: Dunfell does not support py2 so upgrade seems resonable]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
-0001-chdeck-for-gettid-API-during-configure.patch
Removed since this is included in 2.9.16
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e44e7be3e9d140410d3c7d799a32cf867e494f9c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa615a8e6093759fd580217be79dc037d9c0d79c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a5d7311490e12a296241bcd8adb0090c226842ec)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
it needs to link with libsystemd when using systemd as init system
Fixes
Package libsystemd was not found in the pkg-config search path.
Perhaps you should add the directory containing `libsystemd.pc'
to the PKG_CONFIG_PATH environment variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 60e603f11ae1cca38553d18cf411f1a77207a97c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is a security release in order to address the following defects:
CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a41c021cfb11418f1a32e49be0716b00b5234210)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It is unnecessary, and libbsd uses the "BSD-4-Clause" license, which can
be problematic.
To make it deterministic, a patch is introduced to allow libbsd support
to be disabled. It resembles similar patches in, e.g., libldb,
libtalloc, libtdb and libtevent.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Release 4.4.0 of wolfSSL embedded TLS has bug fixes, new features
and fixes for security vulnerabilities.
See full changelog https://github.com/wolfSSL/wolfssl/releases/tag/v4.4.0-stablefixes
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
There are some shell scripts such as kea-admin,
upgrade_4.0_to_5.0.sh, wipe_data.sh and etc contain
build path.
Actually the build path is meanlingless on the target,
so replace abs_top_builddir to abs_top_builddir_placeholder
to avoid expanding abs_top_builddir which introduces
build path.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Mbed TLS 2.16.6 is a maintenance release of the Mbed TLS 2.16 branch, and
provides security fixes and bug fixes, see:
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes:
$: devtool check-upgrade-status relayd
<...>
INFO: relayd 0.0.1 UNKNOWN_BROKEN None
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Currently miniupnpd.service fails to start
without miniupnpd_functions.sh in rootfs
Signed-off-by: Vinothkumar <vinothkumar_baskaran@comcast.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
fix error:
Fetcher failure: Repository
git://github.com/FreeRADIUS/freeradius-server.git has LFS content,
install git-lfs on host to download (or set lfs=0 to ignore it)
upstream has file .lfsconfig to make it not download lfs files by
default, so we also don't download it by default
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes:
$: devtool check-upgrade-status ufw
<...>
INFO: ufw 0.33 UNKNOWN_BROKEN None
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
-License-Update: Copyright year updated to 2020.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
>From [1]:
=======================================================
NetworkManager-openvpn-1.8.12
Overview of changes since NetworkManager-openvpn-1.8.10
=======================================================
* The auth helper in external UI mode can now be run without a display
server. Future nmcli version will utilize this for handling the
secrets without a graphical desktop.
* libnm-glib compatibility (NetworkManager < 1.0) is disabled by default.
It can be enabled by passing --with-libnm-glib to configure script.
Nobody should need it by now. Users that still use this are encouraged
to let us know before the libnm-glib support is removed for good.
* Add support for the following OpenVPN options: tls-version-min,
tls-version-max, compress.
* Support inline CRL blobs during import.
* Allow option mssfix to be set to zero.
* Update Catalan, Czech, Danish, Dutch, Friulian, Hungarian,
Indonesian, Italian, Polish, Serbian, Spanish, Swedish and Ukrainian
translations.
[1] http://ftp.gnome.org/pub/gnome/sources/NetworkManager-openvpn/1.8/NetworkManager-openvpn-1.8.12.news
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Upgrade on the 1.22 stable branch.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Rationale can be found in the Debian packaging (debian/changelog):
Revert change enabling SRV functionality, it is disabled by default
upstream and of little benefit to any end user, but adds reasonable
complexity to the code.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Also add patch from debian to mqtt_protocol.h header file
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
- rebased patches
- added two more small patches
- Option --enable-polkit-agent is not available with current NM, removed
- Option --with-libnm-glib is not available with current NM, removed
- New package NM-cloud-setup for new experimental cloud setup feature
- NM tries to re-license from GPL to LGPL, added LGPL to LICENSES
- Removed empty packages libnmutil libnmglib libnmglib-vpn
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Script encodes library paths.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Bugfix release. For details, see:
https://mosquitto.org/blog/2020/02/version-1-6-9-released/
Also remove patches applied upstream.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
|
|
-License-Update: Copyright year updated to 2020.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Mbed TLS 2.16.5 is a maintenance release of the Mbed TLS 2.16 branch, and
provides security fixes and bug fixes, see:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes:
ERROR: Nothing PROVIDES 'mbedtls-native'
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
openconnect puts the default absolute path to the vpnc-script into
its binary from the --with-vpnc-script configure options.
So do not prepend the value with the path to the OE sysroot.
RDEPEND on vpnc-script to have the script from vpnc installed on target.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The vpnc-script can be used unchanged with the openconnect package. Provide
it in its own package and make vpnc RDEPEND on it.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
https://www.samba.org/samba/history/samba-4.10.13.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Config file specification is missing in start) case. It is present already in restart) case.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* Drop backported patch:
0001-su-to-radiusd-user-group-when-rotating-logs.patch
* Disable python2 module build and add PACKAGECONFIG for python3 module
build
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|