- Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin.
- Added AES_CCM and SHA-3 signature support to openssl plugin.
- The x509 and openssl plugins now consider the authorityKeyIdentifier, if
available, before verifying signatures, which avoids unnecessary signature
verifications after a CA key rollover if both certificates are loaded.
- The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which
previously depended on a version check.
- charon-nm now supports using SANs as client identities, not only full DNs.
- charon-tkm now handles IKE encryption.
- A MOBIKE update is sent again if a a change in the NAT mappings is detected
but the endpoints stay the same.
- Converted most of the test case scenarios to the vici interface
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bug fix only release.
$ git shortlog --grep "^fix" v0.9.3..v0.9.4
Eric Garver (10):
fix(dbus): conf: setting deprecated properties should be ignored
fix(dbus): properties: IPv4 and IPv6 should be true if using nftables
fix(fw): when checking tables make sure to check the actual backend
fix(ipset): nftables: use interval flag for "ip" types
fix(rpm): applet: don't replace config modified by admin
fix(rpm): logrotate: don't replace config modified by admin
fix(ipv6_filter): match fwmark
fix(direct): rule order with multiple address with -s/-d
fix(nm): reload: only consider NM connections with a real interface
fix(policy): warn instead of error for overlapping ports
Fabrizio D'Angelo (1):
fix(ipset): fix hash:net,net functionality
Robert Richmond (1):
fix(ipset): entry delete with timeout
Ye Shu (1):
fix(applet): Show a basic tooltip instead of HTML
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Manually refresh 0002-fix-fail-to-enable-bluetooth.patch - it did not apply
2.2.1
Bugs fixed
Hard dependency of DBusService on NetworkManager
2.2
New features
Disconnect items in applet menu (plugin)
Desktop notifications on connect / disconnect (plugin)
Notifications with battery level for connecting devices (applet plugin)
Stop discovery and retry connection for broken adapter drivers
Auto-connect settings for supported services
Changes
Drop blueman-report
Drop blueman-assistant
Raise minimum Python version to 3.6
Raise GTK+ 3 version to 3.22
Raise minimum BlueZ version to 5.48
Allow opening device menus via keyboard (Shift+F10 or menu key)
Add Ctrl+Q and Ctrl+W accelerators for closing blueman-manager
Allow cancelling device connection attempts
Improved passkey handling (fixed padding, highlighting, single notifitication)
Hide devices with no name
Bugs fixed
Fix disconnecting NMDevice
Exceptions from asynchronous DBus calls (getting picked up by tools like Apport or ABRT)
DiscvManager plugin showed its icon unreliably
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add libparse-yapp-perl to RDEPENDS for pidl.
Fixes:
$ pidl
Can't locate Parse/Yapp/Driver.pm in @INC (you may need to install the Parse::Yapp::Driver module)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The shebang in pidl points to wrong location:
$ pidl
-sh: /usr/bin/pidl: /buildarea/build/tmp-glibc/hosttools/env: bad interpreter: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When using systemd, ntpdate-sync script will start in background
triggering the start of ntpd without actually exiting.
This results in an bind error in ntpd startup.
Add wait at the end of ntpdate script to ensure that when the ntpdate.service
is marked as finished the oneshot script ntpdate-sync finished and unbind the
ntp port
Fixes#386
Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.
Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We're not living in a perfect world so avoid build failures like:
ERROR: samba-4.14.5-r0 do_package_qa: QA Issue: samba-pidl contains perllocal.pod (/usr/lib/perl5/5.34.0/x86_64-linux/perllocal.pod), should not be installed [perllocalpod]
ERROR: samba-4.14.5-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Due to the sed commands in do_install_append() that removed
${STAGING_DIR_HOST} and it being empty when building for native, it was
impossible to add support for building this as native using a bbappend.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Remove the explicit dependency on libnl as the libnl PACKAGECONFIG
depends on it as necessary.
* Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF
directly.
* Sort the PACKAGECONFIGs.
* Some whitespace clean up.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Configure the recipe to use the module_install function from the module
source code and remove the overriden modules_install function from the
recipe.
Using the default modules_install (instead of the function defined in
the recipe file) the module is signed when DISTRO_FEATURE contains modsign.
Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: notice.html does not exist in this version, use NOTICE.md to
check.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes cif-utils recipe build when DISTRO_FEATURES includes 'usrmerge'
Add do_configure_prepend() to override ROOTSSBINDIR environment variable
so that the utilities are installed in /usr/sbin rather than /sbin.
Setting --exec-prefix or --prefix in EXTRA_OECONF does not work.
Update do_install_append() to NOT remove /usr/bin /usr/sbin if usrmerge
is set in DISTRO_FEATURES
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For distros that want to use the ENABLE_LIB_ONLY option, the rm call
will fail, because ENABLE_HPACK_TOOLS (set implicitly as part of
ENABLE_LIB_ONLY) removes those two binaries from the build, so they then
can't be removed again. This commit sets ENABLE_HPACK_TOOLS=OFF, which not
only allows for the option to be overridden in other meta layers, also
allows a simplified use of ENABLE_LIB_ONLY in meta layers that don't
want to ship the binaries.
Signed-off-by: Ed Tanous <ed@tanous.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable backtrace in bundled bind to fix build error for qemuarm on
musl.
Fixes:
bind/bind-9.11.32/lib/isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update the bundled bind from 9.11.14 to 9.11.32.
Fixes build error on qemuarmv5:
stats.c: In function 'setcounter':
stats.c:300:36: error: 'val' undeclared (first use in this function); did you mean 'value'?
300 | stats->counters[counter] = val;
| ^~~
| value
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-dbus-Remove-unused-variabes.patch
0002-Makefile-Exclude-.h-files-from-target-rule.patch
Removed since these are included in 0.102.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are some options are deprecated in smb.conf.
Refer to
https://salsa.debian.org/samba-team/samba/-/blob/master/debian/smb.conf
to update it.
* Remove the deprecated "syslog only" and "syslog" global options and
replace them with the "logging" statement.
* Remove wins support and wins server comments since WINS protocol is
outdated.
* Improve idmap config
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The 4.10.x is EOL: https://wiki.samba.org/index.php/Samba_Release_Planning
Upgrade to latest 4.14.x.
Remove PACKAGECONFIG[gnutls] since the gnutls is now the mandatory
requirement for samba. See:
https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Mandatory
Refresh patches:
16-do-not-check-xsltproc-manpages.patch
20-do-not-import-target-module-while-cross-compile.patch
21-add-config-option-without-valgrind.patch
0001-Add-options-to-configure-the-use-of-libbsd.patch
dnsserver-4.7.0.patch
iconv-4.7.0.patch
0001-samba-fix-musl-lib-without-innetgr.patch
Drop patches:
0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch
0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch
0001-waf-add-support-of-cross_compile.patch
0002-util_sec.c-Move-__thread-variable-to-global-scope.patch
CVE-2020-14318.patch
CVE-2020-14383.patch
glibc_only.patch
smb_conf-4.7.0.patch
Add new patches:
0007-wscript_configure_system_gnutls-disable-check-gnutls.patch
0008-source3-wscript-disable-check-fcntl-F_OWNER_EX.patch
source3-wscript-disable-check-fcntl-RW_HINTS.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable the options by default, as we use different compilers there are
more warnings to handle then upstream
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade libnftnl in preparation for the upgrade of nftables, since the
latter requires libnftnl >= 1.2.0.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The bundled libtool files are arcane and do not work in OE cross build
environment, resulting in creating wrong entried in DT_NEEDED section
as well as emitting build paths into rpaths into ELF files, therefore
copy the OE provided libtool files to fix this issue
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Khem Raj
zangrc
Andreas Müller
Yi Zhao
Adrian Zaharia
Akifumi Chikazawa
Persian Prince
wangmy
Peter Kjellerstedt
Daiane Angolini
Sekine Shigeki
Geoff Parker
Ed Tanous
ito-yuichi@fujitsu.com
zhengruoqin
Trevor Gamblin
Armin Kuster