3735 Commits

Author SHA1 Message Date
Wang Mingyu dafa33c46b wolfssl: upgrade 5.1.0- > 5.2.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-24 08:35:24 -08:00
Wang Mingyu 6ed9d2d546 netplan: upgrade 0.103 -> 0.104
refresh patches for 0.104:
0001-Makefile-do-not-use-Werror.patch
0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch

0001-parse-nm-fix-32bit-format-string.patch
removed since it's included in 0.104

Changelog:
=========
Enable embedded-switch-mode setting on SmartNICs (#253)
Permit multiple patterns for the driver globs in match (#202), LP#1918421
Improve routing capabilities (#248), LP#1892272, LP#1805038
Support additional link offload options for networkd (#225) (#242), LP#1771740
Consolidate enum-to-string arrays (#230)
Handle differing ip6-privacy default value for NetworkManager (#263)
YAML state tracking (--state rootdir) for DBus API and netplan try (#231), LP#1943120
Support ConfigureWithoutCarrier (ignore-carrier) for networkd (#215)
Move primary git branch master to main
Documentation improvements (#226)
Compatibility for glib-2.70 (#235)
Cleanup Makefile, install only public headers
Improve test reliability & enable integration testing CI for autopkgtests
Netplan get to use the libnetplan parser (#252)
libnetplan:
- introduce the notion of NetplanState (#232)
- use an explicit parser context (#233)
- expose coherent generator APIs (#239)
- improve overall error handling (#234)
- consolidation of YAML parsing into the library (#241, #249, #250, #251)
Restrict the symbol export to a determined public API (#227)
- WARNING: We dropped some internal symbols from the API that we know
  have no external consumers (that we are aware of)
- 0.103: _serialize_yaml, contains_netdef_type, tmp, validate_default_route_consistency
- 0.102: cur_filename, netplan_netdef_new
- 0.100: address_option_handlers, is_hostname, validate_ovs_target, wireguard_peer_handlers
- 0.99: current_file, is_ip4_address, is_ip6_address, missing_id,
  missing_ids_found, parser_error, validate_backend_rules, validate_netdef_grammar,
  yaml_error

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-23 09:25:19 -08:00
Wang Mingyu 124c19a0a6 rdma-core: upgrade 38.0 -> 39.0
Changelog:
=========
b2fedc4 rsocket: Make sure that the allocated memory is aligned
ebbdb85 Merge pull request #1107 from Sindhu-Devale/libirdma-12-9-fixes
a83619b providers: Move input validation for memory window bind to core
a274c9c providers/rxe: Replace '%' with '&' in check_qp_queue_full()
812ab81 Merge pull request #1128 from Wenpeng-Liang/clear_rq_sge
1a9b2db docs: Fix typo in pyverbs example
d498180 libhns: Clear remaining unused sges when post recv
d99f61c Merge pull request #1127 from Wenpeng-Liang/misc_bugfix
7307264 verbs: Fix description of manual for ibv wc read byte len function
c298130 verbs: Fix a typo

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-23 09:25:19 -08:00
Wang Mingyu 358db10e03 iscsi-initiator-utils: upgrade 2.1.5 -> 2.1.6
0001-Fix-compiler-error-introduced-with-recent-IPv6-commi.patch
removed since it's included in 2.1.6.

Changelog:
=========
This release adds more bug fixes and cleanups. No major functionality changes.

 libopeniscsiusr: extend sysfs ignore_error to include EINVAL
 Fix compiler error introduced with recent IPv6 commit.
 Remove dependences from iscsi-init.service
 Use "sbindir" for path in systemd service files
 Updated README a bit
 Finish ability to have binary location configurable.
 Fix iscsi-init so that it runs when root writable
 remove redundant params in Makefile
 Fixing last parts of sbindir configuration
 Cosmetic cleanup on recent addition
 Update the iscsi-gen-initiatorname script: harden and generalize
 change iscsi-gen-initiatorname option -b => -p
 Add man page for the iscsi-gen-initiatorname script.
 Install new man page for iscsi-gen-initiatorname
 Fix issues discovered by gcc12
 Fix more issues discovered by gcc12
 iscsi sysfs: check state before onlining devs
 iscsistart: fix login timeout handling
 iscsid: use infinite timeout if passed in
 iscsid: add error code for req timeouts
 Improve 'iscsid.conf'
 iscsiadm: Call log_init() first to fix a segmentation fault
 iscsi_err: Add iscsid request timed out error messages
 Fix wrong install_systemd destination path
 actor: add name to struct actor and init it with function name
 actor: print thread name in log
 actor: enhanced: print error log when init a initilized thread
 initiator_common: make set operational parameter log easy to read
 iscsid: Check session id before start sync a thread

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-22 08:30:50 -08:00
Martin Jansa 856902b8c0 Fix DeprecationWarning about regexps
* fixes:
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:125: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:126: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:128: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:129: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:130: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-graphics/ttf-fonts/ttf-mplus_027.bb:18: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio-paranoia_10.2+2.0.1.bb:21: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio_2.1.0.bb:28: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1342: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \-
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1344: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1345: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1348: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1350: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1353: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1355: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1358: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1360: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1365: DeprecationWarning: invalid escape sequence \.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
Khem Raj d9ec74d4c2 layers: Bump to use kirkstone
its not going to be backward ABI compatible with honister due to variable renaming.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
Khem Raj f2df270179 recipes: Use new CVE_CHECK_IGNORE variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
Khem Raj 1d4b29aa87 recipes: Use renamed SKIP_RECIPE varFlag
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
Clément Péron f3474b141d networking: add new netsniff-ng recipe version 0.6.8
Netsniff-ng is a fast zero-copy analyzer, pcap capturing and replaying tool.

Actually the Makefile doesn't create the folder when installing tools, let's
add a patch to fix this.

Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-17 14:54:56 -08:00
Khem Raj cd60040144 ntopng: Avoid linking libm statically
This fixes build on x86

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-16 08:26:02 -08:00
Christian Eggers 45479a258d ebtables: remove perl from RDEPENDS
The upstream ebtables-legacy-save perl script is replaced by a bash
implementation (taken from Fedora). So there's nothing left which
RDEPENDs on perl.

Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-14 08:33:23 -08:00
Khem Raj c633c22ad5 dhcp-relay: Package needed shared libs from bind
Fixes
ERROR: QA Issue: /usr/sbin/dhcrelay contained in package dhcp-relay requires libisccfg.so.163, but no providers found in RDEPENDS:dhcp-relay? [file-rdeps]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-11 10:35:40 -08:00
Yi Zhao 7f85c4ba98 samba: upgrade 4.14.11 -> 4.14.12
This is a security release in order to address the following defects:

CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
                https://www.samba.org/samba/security/CVE-2021-44142.html

CVE-2022-0336:  Re-adding an SPN skips subsequent SPN conflict checks.
                https://www.samba.org/samba/security/CVE-2022-0336.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-11 09:12:32 -08:00
Mark Jonas 1c5c88389a mbedtls: Upgrade to 2.28.0
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.

https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0

Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-11 09:10:38 -08:00
Oleksandr Kravchuk 0eaccf0031 fping: update to 5.1
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-11 09:10:38 -08:00
Yi Zhao e452e268e4 tcpreplay: update HOMEPAGE
The official site was moved to https://tcpreplay.appneta.com/.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-09 22:31:52 -08:00
Gianfranco Costamagna 887f69dde9 mosquitto: upgrade 2.0.12 -> 2.0.14
- Upgrade license hash due to whitespace changes
- refresh patch 1571.patch

Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-08 09:00:19 -08:00
Wang Mingyu 586b0b3f2c ntopng: upgrade 5.0 -> 5.2.1
change configure.seed to configure.ac.in
refresh 0001-Makefile.in-don-t-use-the-internal-lua.patch

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-08 08:59:08 -08:00
Wang Mingyu 5668251a49 ndpi: upgrade 4.0 -> 4.2
refresh 0001-autogen.sh-not-generate-configure.patch

Changelog:
=========
New Features
-----------
Add a "confidence" field indicating the reliability of the classification
Add risk exceptions for services and domain names via ndpi_add_domain_risk_exceptions()
Add ability to report whether a protocol is encrypted

New Supported Protocols and Services
-----------------------------------
Add protocol detection for:
Badoo
Cassandra
EthernetIP

Improvements
------------
Significantly reduced memory footprint from 2.94 KB to 688 B per flow
Improve protocol detection for:
BitTorrent
ICloud Private Relay
IMAP, POP3, SMTP
Log4J/Log4Shell
Microsoft Azure
Pandora TV
RTP
RTSP
Salesforce
STUN
Whatsapp
QUICv2
Zoom
Add flow risk:
NDPI_CLEAR_TEXT_CREDENTIALS
NDPI_POSSIBLE_EXPLOIT (Log4J)
NDPI_TLS_FATAL_ALERT
NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE
Update WhatsAPP and Instagram addresses
Update the list of default ports for QUIC
Update WindowsUpdate URLs
Add support for the .goog Google TLD
Add googletagmanager.com
Add bitmaps and API for handling compressed bitmaps
Add JA3 in risk exceptions
Add entropy calculation to check for suspicious (encrypted) payload
Add extraction of hostname in SMTP
Add RDP over UDP dissection
Add support for TLS over IPV6 in Subject Alt Names field
Improve JSON and CSV serialization
Improve IPv6 support for almost all dissectors
Improve CI and unit tests, add arm64, armhf and s390x as part of CI
Improve WHOIS detection, reduce false positives
Improve DGA detection for skipping potential DGAs of known/popular domain names
Improve user agent analysis
Reworked HTTP protocol dissection including HTTP proxy and HTTP connect

Changes
--------
TLS obsolete protocol is set when TLS < 1.2 (used to be 1.1)
Numeric IPs are not considered for DGA checks
Differentiate between standard Amazon stuff (i.e market) and AWS
Remove Playstation VUE protocol
Remove pandora.tv from Pandora protocol
Remove outdated SoulSeek dissector

Fixes
-----
Fix race conditions
Fix dissectors to be big-endian friendly
Fix heap overflow in realloc wrapper
Fix errors in Kerberos, TLS, H323, Netbios, CSGO, Bittorrent
Fix wrong tuple comparison
Fix ndpi_serialize_string_int64
Fix Grease values parsing
Fix certificate mismatch check
Fix null-dereference read for Zattoo with IPv6
Fix dissectors initialization for XBox, Diameter
Fix confidence for STUN classifications
Fix FreeBSD support
Fix old GQUIC versions on big-endian machines
Fix aho-corasick on big-endian machines
Fix DGA false positive
Fix integer overflow for QUIC
Fix HTTP false positives
Fix SonarCloud-CI support
Fix clashes setting the hostname on similar protocols (FTP, SMTP)
Fix some invalid TLS guesses
Fix crash on ARM (Raspberry)
Fix DNS (including fragmented DNS) dissection
Fix parsing of IPv6 packets with extension headers
Fix extraction of Realm attribute in STUN
Fix support for START-TLS sessions in FTP
Fix TCP retransmissions for multiple dissectors
Fix DES initialisation
Fix Git protocol dissection
Fix certificate mismatch for TLS flows with no client hello observed
Fix old versions of GQUIC on big-endian machines

Misc
----
Add tool for generating automatically the Azure IP list

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-08 08:59:08 -08:00
wangmy 07c274c222 tcpreplay: upgrade 4.3.4 -> 4.4.0
Changelog:
=========
Update strlcpy.c and strlcat.c
PR #636
Apply #616 fix to flows.c, fix #665
Bug #670: update Travis CI to focal
Bug #669: LINUX installed netmap auto detection
Feature #626 - Support for Q-in-Q VLAN tags
Bug #677 skipbroadcast
Bug #689: add security policy document
Directories of pcaps as arguments
PR #682
Bug #679 fix PPS calc for long-running sessions
Bug #668 Improve SDK selection
Bug #696 fix directory include feature
Bug #695 mac os tests fail
Bug #674 - Revert "send_packet: Avoid clock drift by using time since first packet"
Feature #563 mac update on multicast

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-08 08:59:08 -08:00
wangmy 1320b9c9d2 opensaf: upgrade 5.21.09 -> 5.22.01
Changelog:
=========
* log: removal of letter 'C'/'R' from msgId in RFC5424 format [#3303]
* log: Stop all threads while releasing the log agent object [#3302]
* amf: Correct HC period to make it effect immediately[#3298]
* log: Correct condition to shutdown the log agent [#3301]
* log: Increase timeout in logtest [#3291]
* log: Shutdown log agent when not in use [#3291]
* log: Introduce the initial clm node status [#3291]
* amf: Correct the version of csi attribute message [#3296]
* ntf: correct the behavior of periodic check log pending [#3297]
* mds: Resolve active MxN VDEST conflict in split brain [#3281]
* smf: correct merge bundle rolling to single step [#3290]
* ntf: get attribute value from local when value not existed [#3289]
* immd: fix cannot find candidate for new immnd coordinator [#3284]
* smf: make more robustness in BISU upgrade [#3286]
* amfd: Tightens sync window condition to proceed headless restoration [#3271]
* osaf: fixed redefinition of typedef 'SaConstStringT' [#3287]
* amf: update runtime attributes of node to IMM in sync [#3285]
* amfd: Correct checking CSICOMP while deleting CSI [#3282]
* base: using mutex for test case sysf_ipc_test instead of atomic [#3283]
* build: adaptive python version for rpm build [#3270]

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-08 01:44:49 -08:00
Khem Raj 2d12e85707 open-vm-tools: Fix build with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-07 13:35:33 -08:00
Khem Raj 95f7f8c51d crda: Fix buffer overflow in sscanf
Fixes build with clang14

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-04 09:27:57 -08:00
Ross Burton 014835f162 fping: set precise license
fping is under a non-standard license: it's almost BSD-3-Clause but is
phrased differently.  As interpretation of the licenses isn't something
we want to do, we can use the exact license text instead of referring to
the 3-clause BSD text.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-03 08:44:32 -08:00
Ross Burton 4378a4f84b spice-protocol: upgrade to 1.14.3
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-03 08:44:32 -08:00
Ross Burton 7c0c424b47 openipmi: use precise BSD license
This package is BSD-3-Clause.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-03 08:44:32 -08:00
Ross Burton 05a0b52ac6 spice: set correct LICENSE
Remove BSD, as this package is entirely LGPL2+.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-03 08:44:32 -08:00
Yi Zhao d0454ed6e6 tcpslice: upgrade 1.2a3 -> 1.5
* Update SRC_URI to official download page
* Drop patches which had been fixed upstream.
* Add UPSTREAM_CHECK_REGEX

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-03 08:41:05 -08:00
Yi Zhao 7a56dfe415 tcpdump: upgrade 4.99.0 -> 4.99.1
* Skip aclocal in do_configure
* Inherit pkgconfig then we can drop
  0001-aclocal.m4-Skip-checking-for-pcap-config.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-03 08:41:05 -08:00
wangmy 8888753834 networkmanager: upgrade 1.32.12 -> 1.34.0
Changelog:
=========
* initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6".
* core: better handle sd-resolved errors when resolving hostnames.
* nmcli: fix import WireGuard profile with DNS domain and address
  family disabled.
* ndisc: send router solicitations before expiry.
* policy: send earlier the ip configs to the DNS manager.
* core: support linking with LLD 13.
* wireguard: importing wg-quick configuration files with nmcli
  no longer sets a negative, exclusive "dns-priority". This plays
  better with common split DNS setups that use systemd-resolved.
  Adjust the "dns-priority" to your liking after import yourself.
* NetworkManager no longer listens for netlink events for traffic
  control objects (qdiscs and filters).
* core: add internal nm-priv-helper service for separating privileges
  and have a way to drop capabilities from NetworkManager daemon.
* bond: add support for setting queue-id of bond port.
* dns: support configuring DNS over TLS (DoT) with systemd-resolved.
* nmtui: add support for WireGuard profiles.
* nmcli: add aliases `nmcli device up|down` beside connect|disconnect.
* conscious language: Deprecate 'Device.Slaves' D-Bus property in favor of new
  'Device.Ports' property. Depracate 'nm_device_*_get_slaves()' in favor of
  'nm_device_get_ports()' in libnm.
* nmcli: invoking nmcli command without arguments will now show 'default'
  instead of null address in route4 or route6 section.

The following changes were backported to 1.32.x releases between 1.32.0
and 1.32.12 are also present in NetworkManager-1.34:

- 1.32.12:
* Fix wrong order of addresses when restarting NetworkManager.
* Preserve the IPv6 ff00::/8 route added by kernel in the local table,
  necessary for multicast communication.
* Fix emitting the signal for changed metered status of devices.
* Fix applying the ethtool autonegotiation and speed settings.
* initrd: fix crash parsing plain '=' without key.
* cloud-setup: use suppress_prefixlength rule to honor
  non-default-routes in the main table.

- 1.32.10:
* core: fix the order of IPv6 addresses changing on service restart.
* initrd: add command line option to configure link autonegotiation
  and speed.
* ifcfg-rh: fix crash when parsing invalid DNS address.
* ifcfg-rh: extend ifup/ifdown scripts to work with connection profile
  names.
* udev: also react to "move" (and "change") udev actions in our rules.

- 1.32.8:
* firewalld: configure zones on "Reloaded" signal.
* core: fix wrong MTU for bridge interfaces.
* cloud-setup: fix gateway address for Aliyun cloud.

- 1.32.6:
* core: fix adding stale local routes when address changes.
* initrd: tag generated profiles with origin in user data.
* core: introduce "allowed-connections" option to disallow
  profiles on a device. This allows to filter out profiles
  that originate from initrd.
* core: introduce "keep-configuration" device option to forcefully
  activate a profile on start.
* dhcp: handle filename/bootfile_name DHCP option and write it to
  device state file for initrd/kickstart.
* initrd: add "ib.pkey=" command line option

- 1.32.4:
* core: remove stale entries from "seen-bssids" and "timestamp"
  files in "/var/lib/NetworkManager".
* bond: support the peer_notif_delay option.
* core: add ipv[46].required-timeout option to wait for IP
  configuration while activating.
* core: send ARP announcements when there is carrier.
* core: start DHCPv6 when a prefix delegation is needed for shared
  mode.
* firewall: fix nftables backend to create "ip" table for
  IPv4 only.
* initrd: set required-timeout of 20 seconds for default IPv4 configuration
  to opportunistically wait for IPv4.
* ifcfg: log warning about invalid keys in ifcfg files.
* ifcfg: reject non-UTF-8 from ifcfg files.
* nmcli: show DNS SEARCH field in device information.
* cloud-setup: add support for Aliyun cloud.

- 1.32.2:
* hostname: prefer IPv4 addresses for reverse DNS lookup.
* dhcp: ignore unauthenticated FORCERENEW messages with
  internal, systemd-based DHCPv4 plugin (CVE-2020-13529).
  This plugin is not used, unless the undocumented dhcp=systemd
  option was set.
* cloud-setup: preserve IP addresses, routes and rules from
  currently active connection profile.
* Various bugfixes and performance improvements.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-19 09:01:04 -08:00
wangmy 45ce976b2b mtr: upgrade 0.94 -> 0.95
0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch
removed since it is included in 0.95.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-19 09:01:04 -08:00
wangmy e5a020f4d3 rdma-core: upgrade 36.0 -> 38.0
Changelog:
=========
 Merge pull request #1085 from rleon/upgrade-fc35
 build: Update to clang 13
 build: Update to Fedora 35
 ci: Convert deprecated distutils
 Merge pull request #1084 from jgunthorpe/kernel-headers
 Update kernel headers
 build: Fix distutils deprecation warning during vuild
 pyverbs: Prepare code to Cython 3
 mlx5: Change pthread_yield to sched_yield
 Merge pull request #1083 from Wenpeng-Liang/fix_db

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Yi Zhao 2c710b005a postfix: upgrade 3.6.3 -> 3.6.4
Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Khem Raj 1844844186 tnftp: Add missing header stdc-predef.h
musl highlights this problem

Fixes
| ../../tnftp-20210827/libedit/chartype.h:47:3: error: wchar_t must store ISO 10646 characters
|         #error wchar_t must store ISO 10646 characters                                             |          ^
| 1 error generated.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Yi Zhao <yi.zhao@windriver.com>
2022-01-18 09:01:51 -08:00
Yi Zhao 1b3b4c65b3 tnftp: upgrade 20151004 -> 20210827
* License-Update: Update copyright years
* Drop tnftp-autotools.patch as the issue had been fixed upstream

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Yi Zhao 57d127e81e iscsi-initiator-utils: upgrade 2.1.4. -> 2.1.5
Backport a patch to fix the build error.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Yi Zhao 3b47273ced bridge-utils: upgrade 1.7 -> 1.7.1
* Update SRC_URI to official git repo per [1]
* Refresh patches
* Backport a patch to fix build error with musl

[1] https://wiki.linuxfoundation.org/networking/bridge

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Yi Zhao ec5cc94217 libnetfilter-queue: upgrade 1.0.3 -> 1.0.5
Drop 0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch
as the clang build issue had been fixed upstream.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Yi Zhao 171f429968 ipset: upgrade 7.11 -> 7.15
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Yi Zhao b4a07ab219 nftables: upgrade 1.0.0 -> 1.0.1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Ross Burton da4637b07c python3-scapy: remove redundant pycrypto RDEPENDS
Scapy moved from pycrypto to cryptography in 2.4.0 (commit c24298b).

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
2022-01-18 08:59:58 -08:00
Alex Kiernan ccab46e8bf ntpsec: Add glibc-2.34/kernel-5.14 seccomp fixes
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-05 11:10:02 -08:00
wangmy 0a1f6a9879 wolfssl: upgrade 5.0.0 -> 5.1.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-05 11:10:02 -08:00
wangmy ac69402cc6 weechat: upgrade 3.0 -> 3.4
refresh 0001-use-pkg-config-for-gcrypt-instead.patch

License-Update:
Url changed
from "https://www.gnu.org/philosophy/why-not-lgpl.html"
to "https://www.gnu.org/licenses/why-not-lgpl.html"

Changelog:
=========
New features
----------------
core: add support of static arrays in hdata
core: add command /toggle
api: add parameters pointers, extra_vars and options in function hdata_search
api: add user variables in evaluation of expressions with "define:name,value"
api: add IRC message parameters "param1" to "paramN" and "num_params" in output of irc_message_parse
irc: allow quotes around IRC message in command /server fakerecv
trigger: hide key and password in command "/msg nickserv setpass nick key password"
trigger: add support of option "-server" when hiding passwords in command /msg nickserv register

Bug fixes
---------------
core: fix memory leak in evaluated expression "split:number,seps,flags,xxx" when multiple "strip_items" are given
core: fix random integer number with large range in evaluation of expressions on GNU/Hurd
core: fix access to integer/long/time arrays in hdata
api: fix search of option when the section is not given in functions config_search_option and config_search_section_option
irc: fix join of channels with long name (issue #1717)
irc: fix parsing of parameters in all IRC messages (issue #1666)
irc: fix parsing of CAP message when there is no prefix (issue #1707)
irc: fix parsing of TAGMSG message when there is a colon before the channel

Documentation
---------------
doc: remove tester's guide
doc: add dark theme (automatic, following browser/desktop settings)
doc: make build reproducible
doc: disable web fonts
doc: switch from prettify to pygments for syntax highlighting

Tests
--------------
core: add build with CMake and Ninja in CI
core: add build on macOS 11 in CI

Build
------------
ruby: add detection of Ruby 3.0 (issue #1721, issue #1605)
core: add targets "changelog" and "rn" to build HTML version of ChangeLog and release notes (CMake build only)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-05 11:10:02 -08:00
Armin Kuster a8a0f80553 wireshark: update to latest stable 3.4.11
For more infromation, see:
https://www.wireshark.org/docs/relnotes/wireshark-3.4.11.html

refresh 0004-lemon-Remove-line-directives.patch

Includes CVEs:

3.4.11:
wnpa-sec-2021-16 Gryphon dissector crash. Issue 17737. CVE-2021-4186.
wnpa-sec-2021-17 RTMPT dissector infinite loop. Issue 17745. CVE-2021-4185.
wnpa-sec-2021-18 BitTorrent DHT dissector infinite loop. Issue 17754. CVE-2021-4184.
wnpa-sec-2021-20 RFC 7468 file parser infinite loop. Issue 17801. CVE-2021-4182.
wnpa-sec-2021-21 Sysdig Event dissector crash. CVE-2021-4181.

3.4.10:
wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
wnpa-sec-2021-08 Bluetooth HCI_ISO dissector crash. Issue 17649. CVE-2021-39926.
wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.
wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
wnpa-sec-2021-15 IPPUSB dissector crash. Issue 17705. CVE-2021-39920.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-05 08:17:18 -08:00
Andreas Müller 114e1213ba blueman: upgrade 2.2.1 -> 2.2.3
2.2.3:
Bugs fixed
    Recent connections disabled after suspend and resume
    Service authorization notifications did not respond
    Passkeys did not get displayed

2.2.2:
Bugs fixed
    Issues with power level bars
    Error message in blueman-mechanism

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-05 08:17:18 -08:00
Armin Kuster cddbbeeb7c strongswan: remove redundant DEPENDS
drop openssl and gmp from DEPENDS, covered in PACKAGECONFIG

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-27 14:19:00 -08:00
Armin Kuster f1af0f3690 strongswan: add integrity options
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-27 14:18:55 -08:00
Armin Kuster 0b75181350 strongswan: add tpm PACKAGECONFIG
migrate meta-tpm strongswan tweaks to meta-networking

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-27 14:18:49 -08:00
Armin Kuster 2b733d2a70 strongswan: provide PACKAGECONFIG for cureve25519
Not everyone wants this to be installed by default. Enable to remove
cureve25519 is someone wants to.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-27 14:18:40 -08:00