Changelog
========
* Add support for AES-GCM-SIV in GnuTLS
* Add support for corrections from PTP transparent clocks
* Add support for systemd socket activation
* Fix presend in interleaved mode
* Fix reloading of modified sources from sourcedir
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libldb.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtevent.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtalloc.
* Add ptest.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove PACKAGECONFIG[libaio] as libaio is no longer required by
libtdb.
* Add ptest.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
By default keepalived installs a bunch of sample configurations to
/etc/keepalived/samples. These are good demonstrations but will almost
certainly not apply to any real world situation.
Move the sample files to a separate package.
Signed-off-by: Jordan Crouse <jorcrous@amazon.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Bug 5328: Fix ESI build with libxml2 v2.12.0
- Bug 5319: QOS Netfilter MARK preservation is always disabled
- Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data"
- Bug 5317: FATAL attempt to read data from memory
- Bug 5154: Do not open IPv6 sockets when IPv6 is disabled
- FTP: Ignore credentials with a NUL-prefixed username
- log_db_daemon: Fix DSN construction
- Limit the number of allowed X-Forwarded-For hops
- Do not update StoreEntry expiration after errorAppendEntry()
- improve handling of response sending errors
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This resolves dependency on removed python distutils in particular.
openipmi-remove-host-path-from-la_LDFLAGS.patch is removed
as issue is fixed upstream.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the nmtui being now handled via tha PACKAGECONFIG, there is no need
for the global libnewt dependency, PACKAGECONFIG["nmtui"] handles it
correctrly. Drop the libnewt from DEPENDS list.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
-A memory leak fix in the prior version wasn't applied correctly, resulting
in an invalid memory access causing a crash.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Install headers so that dependencies can use this to build against. Make
`brssl` executable, fixup library soname. Drop patches which change
build flags in favour of command line overrides. Add support for static
build.
Changes:
Thomas Pornin (4):
Added generic API for date range validation (with callbacks).
Fixed RSA PSS verificatiobn bug (when hash_len != salt_len).
Added macro that indicates presence of the time callback feature. Also added C++ compatibility.
Fixed spurious warning about old-style prototype.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- to build and package nmtui
- to automatically append networkmanager-adsl and
networkmanager-wwan in recommended packages.
- to fix an invalid-packageconfig QA issue that is raised when
adsl and wwan are added in pkgconfig.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX.
Changes:
Dave Rodgman (12):
Header updates
Fix some non-standard headers
Update documentation
Add Changelog for license
Update license for p256-m
README improvements to 3rdparty section
assemble Changelog
Fix typos in changelog
Bump version
Update BRANCHES
Update Changelog with bugfix entry
Add docs re Everest license
David Horstmann (1):
Fix 3rdparty target names for custom config
License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes:
| Dependency spice-server found: NO found UNKNOWN but need: '>=0.14.0'
| Run-time dependency spice-server found: NO
|
| ../qemu-8.1.2/meson.build:1038:10: ERROR: Dependency lookup for spice-server
with method 'pkgconfig' failed: Invalid version, need 'spice-server'
['>=0.14.0'] found 'UNKNOWN'.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Move the config files to a separate squid-conf package. This allows
shipping new configs via a custom conf package.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This
allows building squid without authentication support and all its related
dependencies.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh patches and clean up ones that are no longer needed:
* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
cd3dc147bf8abc0225237ced865c6660fffcb63a
Fix squid-conf-tests to allow running on target device.
License change: Update year
The version update eliminates the following CVEs:
* CVE-2023-5824 (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-tools-make-quiet-actually-suppress-output.patch
CVE-2023-46752.patch
CVE-2023-46753.patch
CVE-2023-47234.patch
CVE-2023-47235.patch
removed since they're included in 9.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Otherwise install packages reported warning at do_rootfs
...log.do_rootfs...
Installing : freeradius-ldap-3.0.26-r0.corei7_64 1235/1236
warning: user radiusd does not exist - using root
warning: group radiusd does not exist - using root
Installing : freeradius-krb5-3.0.26-r0.corei7_64 1236/1236
warning: user radiusd does not exist - using root
...log.do_rootfs...
The user/group radiusd is added by package freeradius,
explicitly made the sub packages to runtime depends on freeradius
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Put sip_monitor, sip_reg and sip_storm in a separate libexosip2-tools
package as they won't be needed most of the time.
Signed-off-by: Charles Perry <charles.perry@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fixed a vulnerability in charon-tkm related to processing DH public values
that can lead to a buffer overflow and potentially remote code execution.
- The new `pki --ocsp` command produces OCSP responses based on certificate
status information provided by plugins.
- The cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
- The --priv argument for charon-cmd allows using any type of private key.
- Support for nameConstraints of type iPAddress has been added (the openssl
plugin previously didn't support nameConstraints at all).
- SANs of type uniformResourceIdentifier can now be encoded in certificates.
- Password-less PKCS#12 and PKCS#8 files are supported.
- A new global option allows preventing peers from authenticating with trusted
end-entity certificates (i.e. local certificates).
- ECDSA public keys that encode curve parameters explicitly are now rejected by
all plugins that support ECDSA.
- charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can
also use the name in connection.interface-name.
- The resolve plugin tries to maintain the order of installed DNS servers.
- The kernel-libipsec plugin always installs routes even if no address is found
in the local traffic selectors.
- Increased the default receive buffer size for Netlink sockets to 8 MiB and
simplified its configuration.
- Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of
always generating a hash of the subjectPublicKey.
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors.
- Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT,
instead callbacks are always invoked even if only errors are signaled.
- Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when
handling invalid messages.
- Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs.
- Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if
CHILD_SA is not found during rekeying.
- The testing environment is now based on Debian 12 (bookworm), by default.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
-Fixed bug that caused crash when a CLIENT_KEY arrived out of order
-Fixed option handling on Windows when an argument is missing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
dco: fix crash when --multihome is used with --proto tcp
Mock openvpn_exece on win32 also for test_tls_crypt
Add warning for the --show-groups command that some groups are missing
Print peer temporary key details
Add warning if a p2p NCP client connects to a p2mp server
Remove openssl engine method for loading the key
Remove saving initial frame code
Double check that we do not use a freed buffer when freeing a session
Fix using to_link buffer after freed
GHA: do not trigger builds in openvpn-build anymore
GHA: new workflow to submit scan to Coverity Scan service
buffer: use memcpy in buf_catrunc
vcpkg-ports/pkcs11-helper: Backport MinGW series from master to release/2.6
CMake: backport CMake buildsystem from master to release/2.6
Remove all traces of the previous MSVC build system
doc: fix argument name in --route-delay documentation
dns option: remove support for exclude-domains
Warn user if INFO control command is too long
dco-win: get driver version
dco: warn if DATA_V1 packets are sent to userspace
Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant
Log OpenSSL errors on failure to set certificate
configure: disable engines if OPENSSL_NO_ENGINE is defined
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
