Commit Graph

558 Commits

Author SHA1 Message Date
Armin Kuster 7fbb276718 recipes: Update SRC_URI branch and protocols
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-11-13 07:45:48 -08:00
Sekine Shigeki d614d160a1 add CVE-2011-2411 to allowlist
This affects only on HP NonStop Server, so add it to allowlist.

Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb4a4f0ff8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-06-27 06:54:21 -07:00
Silcet c7150fc61d ufw: fix python shebang
[meta-openembedded ticket #327] --
https://github.com/openembedded/meta-openembedded/issues/327

The python version in the shebang at the begining of the ufw script
should be the same one as the version the setup.py script was called
with.

The fix in patch "setup-only-make-one-reference-to-env.patch"
depends on sys.executable returning "/usr/bin/env pythonX". However,
it returns "/usr/bin/pythonX". Using sys.version_info we can get the
major version of the python used to called the script and append
that to the shebang line so it works as intended.

Signed-off-by: Silcet <camorga1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5194af1afd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-05-17 07:18:40 -07:00
zangrc 67eaaf8548 networkmanager: upgrade 1.30.2 -> 1.30.4
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 56782012e3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-25 14:58:21 -07:00
Kai Kang 601c080499 freeradius: check existence of openssl's commands in bootstrap
It calls openssl's commands 'dhparam' and 'pkcs12' in script bootstrap.
These commands are configurable based on configure options 'no-dh' and
'no-des', and may not be provided by openssl. So check existence of
these commands. If not, abort running of script bootstrap.

1. https://github.com/openssl/openssl/blob/master/apps/build.info#L37
2. https://github.com/openssl/openssl/blob/master/apps/build.info#L22

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c8ceefc5c3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-25 14:55:17 -07:00
zangrc 5300d9fbfe wolfssl: upgrade 4.7.0 -> 4.7.1
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5c2112a571)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-18 13:49:13 -07:00
zangrc 525c7ec0bf mosquitto: upgrade 2.0.9 -> 2.0.10
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb60da5cfc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-08 13:13:29 -07:00
Vinicius Aquino efadc8a79e networkmanager: upgrade 1.28.0 -> 1.30.2
Upgrade to release 1.30.2:

- 0004-fix_reallocarray_check.patch removed because the current
  version of nm already includes boths malloc.h and stdlib.h
- musl/0002-Fix-build-with-musl.patch removed because the commit
  c50da167bc of nm solves the build issue with musl
- musl/0001-Fix-build-with-musl-systemd-specific.patch modified
  to avoid conflicts when applied to current version of nm
- musl/0003-Fix-build-with-musl-systemd-specific.patch renamed
  to musl/0002-Fix-build-with-musl-systemd-specific.patch and
  modified to avoid conflicts when applied to current version of nm

Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 12a241278a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-08 13:13:29 -07:00
Andreas Müller da54fa14f5 networkmanager-openvpn: Fix packageing
Recent upgrade introduced:
| ERROR: networkmanager-openvpn-1.8.14-r0 do_package: QA Issue: networkmanager-openvpn: Files/directories were installed but not shipped in any package:
|  /usr/share/metainfo
|  /usr/share/metainfo/network-manager-openvpn.metainfo.xml

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a23fa069d0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-08 13:13:29 -07:00
Mingli Yu f282f0829a freeradius: Upgrade to 3.0.21
Drop one patch at the issue is already fixed in new version
(307678b268 Fix rlm_python3 build)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ece4e7d4f0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-07 09:37:36 -07:00
zhengruoqin bc7c6022c7 snort: upgrade 2.9.17 -> 2.9.17.1
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66dcc24cd7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-03 07:46:03 -07:00
zhengruoqin 16aed184fa networkmanager-openvpn: upgrade 1.8.12 -> 1.8.14
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 30a80664e3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-04-03 07:46:03 -07:00
zangrc 9146480282 mosquitto: upgrade 2.0.8 -> 2.0.9
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-18 12:40:20 -07:00
Khem Raj 4629af5f52 mbedtls: Fix gcc11 stringop-overflow warning
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-02 10:13:38 -08:00
Gianfranco 8850ff297c mosquitto: Upgrade 2.0.7 -> 2.0.8
2.0.8 - 2021-02-25
==================

Broker:
- Fix incorrect datatypes in `struct mosquitto_evt_tick`. This changes the
  size and offset of two of the members of this struct, and changes the size
  of the struct. This is an ABI break, but is considered to be acceptable
  because plugins should never be allocating their own instance of this
  struct, and currently none of the struct members are used for anything, so a
  plugin should not be accessing them. It would also be safe to read/write
  from the existing struct parameters.
- Give compile time warning if libwebsockets compiled without external poll
  support. Closes #2060.
- Fix memory tracking not being available on FreeBSD or macOS. Closes #2096.

Client library:
- Fix mosquitto_{pub|sub}_topic_check() functions not returning MOSQ_ERR_INVAL
  on topic == NULL.

Clients:
- Fix possible loss of data in `mosquitto_pub -l` when sending multiple long
  lines. Closes #2078.

Build:
- Provide a mechanism for Docker users to run a broker that doesn't use
  authentication, without having to provide their own configuration file.
  Closes #2040.

Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-02-28 23:51:14 -08:00
Khem Raj ed54f12e19 recipes: Update common-licenses references to match new names
The licenses were renamed to match their SPDX names, fix the
references in LIC_FILES_CHKSUM

Correct the checksums where they were wrong

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-02-21 23:37:54 -08:00
Oleksandr Kravchuk ea21ccbbcb wolfssl: updae to 4.7.0
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-02-19 10:02:43 -08:00
Gianfranco 9428a09002 mosquitto: Upgrade 1.6.12 -> 2.0.7
- drop patch install-protocol.patch: upstream
- add new cjson and dlt-daemon dependencies
- update copyright and license
- add build of manpages optionally via PACKAGECONFIG
- also install the new mosquitto_ctrl and mosquitto_dynamic_security.so tools

2.0.7 - 2021-02-04
==================

Broker:
- Fix exporting of executable symbols on BSD when building via makefile.
- Fix some minor memory leaks on exit only.
- Fix possible memory leak on connect. Closes #2057.
- Fix openssl engine not being able to load private key. Closes #2066.

Clients:
- Fix config files truncating options after the first space. Closes #2059.

Build:
- Fix man page building to not absolutely require xsltproc when using CMake.
  This now handles the case where we are building from the released tar, or
  building from git if xsltproc is available, or building from git if xsltproc
  is not available.

1.6.13 - 2021-02-04
===================

Broker:
- Fix crash on Windows if loading a plugin fails. Closes #1866.
- Fix DH group not being set for TLS connections, which meant ciphers using
  DHE couldn't be used. Closes #1925. Closes #1476.
- Fix local bridges being disconnected on SIGHUP. Closes #1942.
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
  messages. Closes #1968.
- Fix listener not being reassociated with client when reloading a persistence
  file and `per_listener_settings true` is set and the client did not set a
  username. Closes #1891.
- Fix file logging on Windows. Closes #1880.
- Fix bridge sock not being removed from sock hash on error. Closes #1897.

Client library:
- Fix build on Mac Big Sur. Closes #1905.
- Fix DH group not being set for TLS connections, which meant ciphers using
  DHE couldn't be used. Closes #1925. Closes #1476.

Clients:
- mosquitto_sub will now quit with an error if the %U option is used on
  Windows, rather than just quitting. Closes #1908.
- Fix config files truncating options after the first space. Closes #2059.

Apps:
- Perform stricter parsing of input username in mosquitto_passwd. Closes
  #570126 (Eclipse bugzilla).

Build:
- Enable epoll support in CMake builds.

2.0.6 - 2021-01-28
==================

Broker:
- Fix calculation of remaining length parameter for websockets clients that
  send fragmented packets. Closes #1974.
Broker:
- Fix potential duplicate Will messages being sent when a will delay interval
  has been set.
- Fix message expiry interval property not being honoured in
  `mosquitto_broker_publish` and `mosquitto_broker_publish_copy`.
- Fix websockets listeners with TLS not responding. Closes #2020.
- Add notes that libsystemd-dev or similar is needed if building with systemd
  support. Closes #2019.
- Improve logging in obscure cases when a client disconnects. Closes #2017.
- Fix reloading of listeners where multiple listeners have been defined with
  the same port but different bind addresses. Closes #2029.
- Fix `message_size_limit` not applying to the Will payload. Closes #2022.
- The error topic-alias-invalid was being sent if an MQTT v5 client published
  a message with empty topic and topic alias set, but the topic alias hadn't
  already been configured on the broker. This has been fixed to send a
  protocol error, as per section 3.3.4 of the specification.
- Note in the man pages that SIGHUP reloads TLS certificates. Closes #2037.
- Fix bridges not always connecting on Windows. Closes #2043.

Apps:
- Allow command line arguments to override config file options in
  mosquitto_ctrl. Closes #2010.
- mosquitto_ctrl: produce an error when requesting a new password if both
  attempts do not match. Closes #2011.

Build:
- Fix cmake builds using `WITH_CJSON=no` not working if cJSON not found.
  Closes #2026.

Other:
- The SPDX identifiers for EDL-1.0 have been changed to BSD-3-Clause as per
  The Eclipse legal documentation generator. The licenses are identical.

2.0.5 - 2021-01-11
==================

Broker:
- Fix `auth_method` not being provided to the extended auth plugin event.
  Closes #1975.
- Fix large packets not being completely published to slow clients.
  Closes #1977.
- Fix bridge connection not relinquishing POLLOUT after messages are sent.
  Closes #1979.
- Fix apparmor incorrectly denying access to
  /var/lib/mosquitto/mosquitto.db.new. Closes #1978.
- Fix potential intermittent initial bridge connections when using poll().
- Fix `bind_interface` option. Closes #1999.
- Fix invalid behaviour in dynsec plugin if a group or client is deleted
  before a role that was attached to the group or client is deleted.
  Closes #1998.
- Improve logging in dynsec addGroupRole command. Closes #2005.
- Improve logging in dynsec addGroupClient command. Closes #2008.

Client library:
- Improve documentation around the `_v5()` and non-v5 functions, e.g.
  `mosquitto_publish()` and `mosquitto_publish_v5().

Build:
- `install` Makefile target should depend on `all`, not `mosquitto`, to ensure
  that man pages are always built. Closes #1989.
- Fixes for lots of minor build warnings highlighted by Visual Studio.

Apps:
- Disallow control characters in mosquitto_passwd usernames.
- Fix incorrect description in mosquitto_ctrl man page. Closes #1995.
- Fix `mosquitto_ctrl dynsec getGroup` not showing roles. Closes #1997.

2.0.4 - 2020-12-22
==================

Broker:
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
  messages. Closes #1968.
- mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() should not
  reset the bind address option if called with bind_address == NULL.
- Fix dynamic security configuration possibly not being reloaded on Windows
  only. Closes #1962.
- Add more log messages for dynsec load/save error conditions.
- Fix websockets connections blocking non-websockets connections on Windows.
  Closes #1934.

Build:
- Fix man pages not being built when using CMake. Closes #1969.

2.0.3 - 2020-12-17
==================

Security:
- Running mosquitto_passwd with the following arguments only
  `mosquitto_passwd -b password_file username password` would cause the
  username to be used as the password.

Broker:
- Fix excessive CPU use on non-Linux systems when the open file limit is set
  high. Closes #1947.
- Fix LWT not being sent on client takeover when the existing session wasn't
  being continued. Closes #1946.
- Fix bridges possibly not completing connections when WITH_ADNS is in use.
  Closes #1960.
- Fix QoS 0 messages not being delivered if max_queued_messages was set to 0.
  Closes #1956.
- Fix local bridges being disconnected on SIGHUP. Closes #1942.
- Fix slow initial bridge connections for WITH_ADNS=no.
- Fix persistence_location not appending a '/'.

Clients:
- Fix mosquitto_sub being unable to terminate with Ctrl-C if a successful
  connection is not made. Closes #1957.

Apps:
- Fix `mosquitto_passwd -b` using username as password (not if `-c` is also
  used). Closes #1949.

Build:
- Fix `install` target when using WITH_CJSON=no. Closes #1938.
- Fix `generic` docker build. Closes #1945.

2.0.2 - 2020-12-10
==================

Broker:
- Fix build regression for WITH_WEBSOCKETS=yes on non-Linux systems.

2.0.1 - 2020-12-10
==================

Broker:
- Fix websockets connections on Windows blocking subsequent connections.
  Closes #1934.
- Fix DH group not being set for TLS connections, which meant ciphers using
  DHE couldn't be used. Closes #1925. Closes #1476.
- Fix websockets listeners not causing the main loop not to wake up.
  Closes #1936.

Client library:
- Fix DH group not being set for TLS connections, which meant ciphers using
  DHE couldn't be used. Closes #1925. Closes #1476.

Apps:
- Fix `mosquitto_passwd -U`

Build:
- Fix cjson include paths.
- Fix build using WITH_TLS=no when the openssl headers aren't available.
- Distribute cmake/ and snap/ directories in tar.

2.0.0 - 2020-12-03
==================

Breaking changes:
- When the Mosquitto broker is run without configuring any listeners it will
  now bind to the loopback interfaces 127.0.0.1 and/or ::1. This means that
  only connections from the local host will be possible.

  Running the broker as `mosquitto` or `mosquitto -p 1883` will bind to the
  loopback interface.

  Running the broker with a configuration file with no listeners configured
  will bind to the loopback interface with port 1883.

  Running the broker with a listener defined will bind by default to `0.0.0.0`
  / `::` and so will be accessible from any interface. It is still possible to
  bind to a specific address/interface.

  If the broker is run as `mosquitto -c mosquitto.conf -p 1884`, and a
  listener is defined in the configuration file, then the port defined on the
  command line will be IGNORED, and no listener configured for it.
- All listeners now default to `allow_anonymous false` unless explicitly set
  to true in the configuration file. This means that when configuring a
  listener the user must either configure an authentication and access control
  method, or set `allow_anonymous true`. When the broker is run without a
  configured listener, and so binds to the loopback interface, anonymous
  connections are allowed.
- If Mosquitto is run on as root on a unix like system, it will attempt to
  drop privileges as soon as the configuration file has been read. This is in
  contrast to the previous behaviour where elevated privileges were only
  dropped after listeners had been started (and hence TLS certificates loaded)
  and logging had been started. The change means that clients will never be
  able to connect to the broker when it is running as root, unless the user
  explicitly sets it to run as root, which is not advised. It also means that
  all locations that the broker needs to access must be available to the
  unprivileged user. In particular those people using TLS certificates from
  Lets Encrypt will need to do something to allow Mosquitto to access
  those certificates. An example deploy renewal hook script to help with this
  is at `misc/letsencrypt/mosquitto-copy.sh`.
  The user that Mosquitto will change to are the one provided in the
  configuration, `mosquitto`, or `nobody`, in order of availability.
- The `pid_file` option will now always attempt to write a pid file,
  regardless of whether the `-d` argument is used when running the broker.
- The `tls_version` option now defines the *minimum* TLS protocol version to
  be used, rather than the exact version. Closes #1258.
- The `max_queued_messages` option has been increased from 100 to 1000 by
  default, and now also applies to QoS 0 messages, when a client is connected.
- The mosquitto_sub, mosquitto_pub, and mosquitto_rr clients will now load
  OS provided CA certificates by default if `-L mqtts://...` is used, or if
  the port is set to 8883 and no other CA certificates are loaded.
- Minimum support libwebsockets version is now 2.4.0
- The license has changed from "EPL-1.0 OR EDL-1.0" to "EPL-2.0 OR EDL-1.0".

Broker features:
- New plugin interface which is more flexible, easier to develop for and
  easier to extend.
- New dynamic security plugin, which allows clients, groups, and roles to be
  defined and updated as the broker is running.
- Performance improvements, particularly for higher numbers of clients.
- When running as root, if dropping privileges to the "mosquitto" user fails,
  then try "nobody" instead. This reduces the burden on users installing
  Mosquitto themselves.
- Add support for Unix domain socket listeners.
- Add `bridge_outgoing_retain` option, to allow outgoing messages from a
  bridge to have the retain bit completely disabled, which is useful when
  bridging to e.g. Amazon or Google.
- Add support for MQTT v5 bridges to handle the "retain-available" property
  being false.
- Allow MQTT v5.0 outgoing bridges to fall back to MQTT v3.1.1 if connecting
  to a v3.x only broker.
- DLT logging is now configurable at runtime with `log_dest dlt`.
  Closes #1735.
- Add `mosquitto_broker_publish()` and `mosquitto_broker_publish_copy()`
  functions, which can be used by plugins to publish messages.
- Add `mosquitto_client_protocol_version()` function which can be used by
  plugins to determine which version of MQTT a client has connected with.
- Add `mosquitto_kick_client_by_clientid()` and `mosquitto_kick_client_by_username()`
  functions, which can be used by plugins to disconnect clients.
- Add support for handling $CONTROL/ topics in plugins.
- Add support for PBKDF2-SHA512 password hashing.
- Enabling certificate based TLS encryption is now through certfile and
  keyfile, not capath or cafile.
- Added support for controlling UNSUBSCRIBE calls in v5 plugin ACL checks.
- Add "deny" acl type. Closes #1611.
- The broker now sends the receive-maximum property for MQTT v5 CONNACKs.
- Add the `bridge_max_packet_size` option. Closes #265.
- Add the `bridge_bind_address` option. Closes #1311.
- TLS certificates for the server are now reloaded on SIGHUP.
- Default for max_queued_messages has been changed to 1000.
- Add `ciphers_tls1.3` option, to allow setting TLS v1.3 ciphersuites.
  Closes #1825.
- Bridges now obey MQTT v5 server-keepalive.
- Add bridge support for the MQTT v5 maximum-qos property.
- Log client port on new connections. Closes #1911.

Broker fixes:
- Send DISCONNECT with `malformed-packet` reason code on invalid PUBLISH,
  SUBSCRIBE, and UNSUBSCRIBE packets.
- Document that X509_free() must be called after using
  mosquitto_client_certificate(). Closes #1842.
- Fix listener not being reassociated with client when reloading a persistence
  file and `per_listener_settings true` is set and the client did not set a
  username. Closes #1891.
- Fix bridge sock not being removed from sock hash on error. Closes #1897.
- mosquitto_password now forbids the : character. Closes #1833.
- Fix `log_timestamp_format` not applying to `log_dest topic`. Closes #1862.
- Fix crash on Windows if loading a plugin fails. Closes #1866.
- Fix file logging on Windows. Closes #1880.
- Report an error if the config file is set to a directory. Closes #1814.
- Fix bridges incorrectly setting Wills to manage remote notifications when
  `notifications_local_only` was set true. Closes #1902.

Client library features:
- Client no longer generates random client ids for v3.1.1 clients, these are
  now expected to be generated on the broker. This matches the behaviour for
  v5 clients. Closes #291.
- Add support for connecting to brokers through Unix domain sockets.
- Add `mosquitto_property_identifier()`, for retrieving the identifier integer
  for a property.
- Add `mosquitto_property_identifier_to_string()` for converting a property
  identifier integer to the corresponding property name string.
- Add `mosquitto_property_next()` to retrieve the next property in a list, for
  iterating over property lists.
- mosquitto_pub now handles the MQTT v5 retain-available property by never
  setting the retain bit.
- Added MOSQ_OPT_TCP_NODELAY, to allow disabling Nagle's algorithm on client
  sockets. Closes #1526.
- Add `mosquitto_ssl_get()` to allow clients to access their SSL structure and
  perform additional verification.
- Add MOSQ_OPT_BIND_ADDRESS to allow setting of a bind address independently
  of the `mosquitto_connect*()` call.
- Add `MOSQ_OPT_TLS_USE_OS_CERTS` option, to instruct the client to load and
  trust OS provided CA certificates for use with TLS connections.

Client library fixes:
- Fix send quota being incorrecly reset on reconnect. Closes #1822.
- Don't use logging until log mutex is initialised. Closes #1819.
- Fix missing mach/mach_time.h header on OS X. Closes #1831.
- Fix connect properties not being sent when the client automatically
  reconnects. Closes #1846.

Client features:
- Add timeout return code (27) for `mosquitto_sub -W <secs>` and
  `mosquitto_rr -W <secs>`. Closes #275.
- Add support for connecting to brokers through Unix domain sockets with the
  `--unix` argument.
- Use cJSON library for producing JSON output, where available. Closes #1222.
- Add support for outputting MQTT v5 property information to mosquitto_sub/rr
  JSON output. Closes #1416.
- Add `--pretty` option to mosquitto_sub/rr for formatted/unformatted JSON
  output.
- Add support for v5 property printing to mosquitto_sub/rr in non-JSON mode.
  Closes #1416.
- Add `--nodelay` to all clients to allow them to use the MOSQ_OPT_TCP_NODELAY
  option.
- Add `-x` to all clients to all the session-expiry-interval property to be
  easily set for MQTT v5 clients.
- Add `--random-filter` to mosquitto_sub, to allow only a certain proportion
  of received messages to be printed.
- mosquitto_sub %j and %J timestamps are now in a ISO 8601 compatible format.
- mosquitto_sub now supports extra format specifiers for field width and
  precision for some parameters.
- Add `--version` for all clients.
- All clients now load OS provided CA certificates if used with `-L
  mqtts://...`, or if port is set to 8883 and no other CA certificates are
  used. Closes #1824.
- Add the `--tls-use-os-certs` option to all clients.

Client fixes:
- mosquitto_sub will now exit if all subscriptions were denied.
- mosquitto_pub now sends 0 length files without an error when using `-f`.
- Fix description of `-e` and `-t` arguments in mosquitto_rr. Closes #1881.
- mosquitto_sub will now quit with an error if the %U option is used on
  Windows, rather than just quitting. Closes #1908.

Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-02-08 13:41:41 -08:00
Hongxu Jia c0ccc8b901 freeradius: fix build failure with autoconf 2.71
While using autoconf 2.71, the AM_MISSING_PROG caused unexpected error:
...
configure.ac: error: required file 'missing' not found
...

Since these tools were explicitly added by autotools bbclass,
remove the testing to workaround the error with autoconf 2.7

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-02-07 20:38:39 -08:00
Oleksandr Kravchuk 225a957ba5 cannelloni: update to 1.0.0
Removed upstreamed patches.

Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-02-06 13:53:09 -08:00
Oleksandr Kravchuk 8f21c1209b adcli: update to 0.9.0
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-02-06 13:53:09 -08:00
Nicolas Jeker 21656951d8 networkmanager: Add PACKAGECONFIG for ovs
Open vSwitch support is enabled by default in NetworkManager, but only
useful in the context of several virtualisation environments, e.g. Xen,
KVM, OpenStack and more. Therefore, the ovs PACKAGECONFIG is now disabled by
default.

The jansson dependency is only required for Open vSwitch and teamsdctl
support in NetworkManager. As there is no libteamsdctl recipe around
(and no teamsdctl PACKAGECONFIG), make it dependent on the ovs
PACKAGECONFIG.

Signed-off-by: Nicolas Jeker <n.jeker@gmx.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-28 16:53:13 -08:00
Adrian 43077d8321 networkmanager: add missing readline depends
Introduce PACKAGECONFIG[nmcli] to make building the nmcli utility which
depends on GPLv3 licensed readline library optional.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-27 10:21:12 -08:00
Nicolas Jeker 62ab2ad252 networkmanager: Add Wireless Extensions to PACKAGECONFIG[wifi]
Linux Wireless Extensions (Wext) support is enabled per default in
NetworkManager. Having Wext enabled without enabling WiFi support, too,
doesn't make much sense. Therefore, instead of creating a separate
PACKAGECONFIG flag, 'wext' was added to the already existing 'wifi'
flag.

Signed-off-by: Nicolas Jeker <n.jeker@gmx.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-27 10:20:43 -08:00
Adrian Freihofer e6ab1ec84b firewalld: upgrade 0.9.2 -> 0.9.3
Fix new dependencies to nftables-python. Firewalld has been changed to
use python bindings instead of calling the nftables cli utility.

(Has this firewalld recipe been used with firewalld's default
configuration which defaults to nftables backend?)

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-25 14:58:54 -08:00
zangrc fd14cf84cd python3-networkmanager: upgrade 2.1 -> 2.2
-License-Update: Copyright year updated to 2021.

Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-25 14:34:06 -08:00
Andreas Müller d57d6ca4bc networkmanager: upgrade 1.22.14 -> 1.28.0
* Build tested on aarch64 glibc/musl
* 0003-Fix-build-with-musl-for-n-dhcp4.patch has to go. Grepped nm code for
  seed48_r / mrand48_r => no findings
* Since this is a huge version bump no detaile release notes are provided here
* Have tried to move to meson build few months ago but it turned into huge
  efforts and ended without success. Maybe situation changed but let's postpone
  for now

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-21 17:50:42 -08:00
Kai Kang e31d5970cb blueman: refresh patch
Module 'time' had been imported in Functions.py by upstream, so not
import in 0002-fix-fail-to-enable-bluetooth.patch and update accordingly.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-19 20:29:45 -08:00
Zheng Ruoqin 3d89340118 firewalld: upgrade 0.9.1 -> 0.9.2
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-12 00:54:53 -08:00
Andreas Müller 93d149afc2 blueman: upgrade 2.1.3 -> 2.1.4
Security release, see GHSA-jpc9-mgw6-2xwx/CVE-2020-15238 [1]

Changes
    Force cython to use python language version 3
    Do not use exitcode 1 when we expect to fail
    Mark more strings translatable (@cwendling)
Bugs fixed
    Unstranslated strings
    Searching (with Ctrl+F in manager device list) did not work
    Default PIN lookup
    Fix device removal handling (@Yannik)
    Only use LaunchContext when we have proper event time

[1] https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-06 14:20:52 -08:00
zangrc e12d9290e3 wolfssl: upgrade 4.5.0 -> 4.6.0
0001-Make-ByteReverseWords-available-for-big-and-little-e.patch
Removed since this is included in 4.6.0

Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-05 09:16:26 -08:00
zhengruoqin 353aac0c7f netplan: upgrade 0.100 -> 0.101
Refresh the following patch:
0001-dbus-Remove-unused-variabes.patch
0002-Makefile-Exclude-.h-files-from-target-rule.patch

Add 0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch to solve the
compilation errors on musl.

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-28 22:34:02 -08:00
Alexander Vickberg f431022415 mbedtls: upgrade to 2.25.0
Deleted build fix patch. This is already applied in this release.

Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-17 09:12:27 -08:00
Zheng Ruoqin baee1ebeaf samba: CVE-2020-14383 Security Advisory
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-15 00:52:55 -08:00
Zheng Ruoqin 1d44b4c03d samba: CVE-2020-14318 Security Advisory
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-15 00:52:55 -08:00
Khem Raj 62c2f4a48a networkmanager: Fix reallocarray check in meson and configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-12 16:41:59 -08:00
Alexander Vickberg 6f1139a717 mbedtls: upgrade to 2.24.0
Download archives are no longer updated so fetch from Github. Add build
fix from upstream. The file LICENSE now contains the full Apache 2.0
license text.

Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-09 10:14:57 -08:00
zangrc 9ef0c70871 netplan: upgrade 0.99 -> 0.100
0001-src-parse.c-Initialize-key-to-NULL.patch
Removed since this is included in 0.100.

Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-27 14:21:57 -08:00
zangrc 2bbb303b72 snort: upgrade 2.9.16.1 -> 2.9.17
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-27 11:54:04 -08:00
zangrc bb64362db7 nngpp: upgrade 1.2.4 -> 1.3.0
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-27 11:54:04 -08:00
Mark Jonas 2fe4cb5882 mbedtls: Fix typo in PACKAGECONFIG
Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-03 11:03:45 -08:00
Yi Zhao 17bc2a137f networkmanager: remove PACKAGECONFIG[dhclient]
The dhcp-client has been removed from oe-core and the current
networkmanager does not support dhcpcd >= 9.0 (See bug report:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/410)

Remove the PACKAGECONFIG[dhclient] and pass --with-dhclient/dhcpcd=no
explicitly to EXTRA_OECONF. Otherwise it will search the host path when
configure.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-10-14 08:39:34 -07:00
Yi Zhao bebdea8530 samba: upgrade 4.10.17 -> 4.10.18
This is security release in order to address CVE-2020-1472
(Unauthenticated domain takeover via netlogon ("ZeroLogon")).

See: https://www.samba.org/samba/history/samba-4.10.18.html

Also remove 3 backported patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-10-14 08:39:34 -07:00
Zang Ruochen 2519ac6932 firewalld: upgrade 0.9.0 -> 0.9.1
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-10-13 22:33:05 -07:00
Alexander Vickberg 35459c1d25 wolfssl: upgrade 4.4.0 -> 4.5.0
Add patch from upstream which fixes building on big endian.

Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-10-06 08:45:24 -07:00
Winfried Dobbe 92524727d4 firewalld: Add missing rdep on nftables-python
Fixes Issue #280

Signed-off-by: Winfried Dobbe <winfried.dobbe@xmsnet.nl>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-09-26 07:20:26 -07:00
Romain Naour 25b91b3d2b libiec61850: add recipe for libiec61850
IEC 61850 is an international standard for communication systems in
Substation Automation Systems (SAS) and management of Decentralized
Energy Resources (DER). It is seen as one of the communication
standards of the emerging Smart Grid.

Add two upstream patch fixing build issues with musl libc.

Enable the libiec61850 python binding (pyiec61850) that require a fix
to find the correct PYTHON_SITE_DIR path while cross-compiling.

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-09-24 12:42:04 -07:00
Robert Yang ac313b6380 crda: rdepends on wireless-regdb-static
The wireless-regdb has been moved to oe-core. According the commit
message:

wireless-regdb-static should be used with kernel >= 4.15.
wireless-regdb can be used with older kernels and is mostly
irrelevant here, but keeping it in meta-networking would
create needless recipe duplication.

it should replace runtime dependency wireless-regdb with
wireless-regdb-static.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-09-24 12:42:04 -07:00
Todd Cunningham 3c35fe419d firewalld: upgrade 0.8.3 -> 0.9.0
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-09-23 19:45:53 -07:00
Zang Ruochen 535b9088dc libdnet: upgrade 1.12 -> 1.14
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-09-10 21:20:23 -07:00