Changelog:
==========
* src/dynamic-preprocessors/appid/service_plugins/service_ssl.c :
Fixed a scenario where SSL traffic was not detected correctly.
* src/dynamic-preprocessors/smtp/snort_smtp.c :
Fixed a possible memory corruption.
* src/dynamic-preprocessors/imap/imap_util.c
src/dynamic-preprocessors/pop/pop_util.c
src/dynamic-preprocessors/smtp/smtp_util.c
src/preprocessors/spp_httpinspect.c :
Fixed malformed packet debug engine output.
* src/preprocessors/Stream6/snort_stream_tcp.c :
Fixed security zones info in intrusion events.
* src/dynamic-preprocessors/appid/fw_appid.c :
Fixed URL lookup failure.
* src/preprocessors/HttpInspect/server/hi_server.c :
Fixed a possible memory leak.
* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c
src/dynamic-preprocessors/appid/fw_appid.c
src/dynamic-preprocessors/appid/fw_appid.h
src/dynamic-preprocessors/appid/detector_plugins/service_plugins/service_api.h :
Added support for dns root queries and underflow.
* src/dynamic-preprocessors/smtp/snort_smtp.c
src/Makefile.am
src/dynamic-examples/Makefile.am
src/dynamic-plugins/sf_dynamic_plugins.c
src/dynamic-plugins/sf_dynamic_preprocessor.h
src/dynamic-preprocessors/Makefile.am
src/dynamic-preprocessors/smtp/snort_smtp.h
src/dynamic-preprocessors/smtp/spp_smtp.c
src/smtp_api.h :
Added support to get extra data from SMTP and HTTP into IPS event.
* src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c
src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c :
Added support for login success and failure eventing for IMAP and POP3.
* src/dynamic-preprocessors/appid/hi_server.c :
Added support to handle empty string for SNI/CN/SAN/ORG.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
Merge pull request #1178 from yishaih/mlx5_misc
mlx5: Fix check for SQ overflow in bind_mw
mlx5: DR, Add support for modify IP ECN action for CX7
Merge pull request #1175 from zhijianli88/print-style
Merge pull request #1176 from EdwardSro/pr-extend-wqe-class
Merge pull request #1174 from EdwardSro/pr-pyverbs-read-write
Merge pull request #1170 from Hakon-Bugge/rdma_xserver_xclient
Merge pull request #1166 from EdwardSro/pr-tests-fixes
pyverbs/mr.pyx: Make MR and MW print style identical
pyverbs: Extend segments format of WQE class
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Copyright year updated to 2021.
0001-Fix-build-under-GCC-fno-common.patch
0001-configure-Check-for-flex-if-lex-is-not-found.patch
removed since they're included in 1.1.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Split out apache2-utils so this small package could be used by
other packages. For example, htpasswd could be used by docker-registry.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport 2 patches to fix the below build failure when
debug build is enabled.
Add DEBUG_BUILD = "1" in conf/local.conf.
$ bitbake s-nail
| /build/tmp-glibc/work/corei7-64-wrs-linux/s-nail/14.9.24-r0/recipe-sysroot-native/usr/bin/x86_64-wrs-linux/../../libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/12.1.0/ld: mx-047.o: in function `a_nm_alias_expand':
| /usr/src/debug/s-nail/14.9.24-r0/s-nail-14.9.24/src/mx/names.c:308: undefined reference to `su_cs_dict_lookup'
| /build/tmp-glibc/work/corei7-64-wrs-linux/s-nail/14.9.24-r0/recipe-sysroot-native/usr/bin/x86_64-wrs-linux/../../libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/12.1.0/ld: mx-028.o: in function `mx_fs_linepool_book':
| /usr/src/debug/s-nail/14.9.24-r0/s-nail-14.9.24/src/mx/file-streams.c:1036: undefined reference to `su_mem_get_can_book'
collect2: error: ld returned 1 exit status
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We encountered a runtime error with slappasswd:
$ slappasswd -s foo
Password generation failed for scheme {SSHA}:
This is because the URANDOM_DEVICE is not passed to CPPFLAGS correctly,
then the program can not open /dev/urandom.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
News in 1.11.1, 2022-06-10
--------------------------
* Build: minor improvements, small change to how enum-types are built.
* A few documentation improvements.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove change of default for clear_untrusted_proxy_headers
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bugfixes
==========
Improve logging when keyring fails. (#890)
Reconfgure root logger to show all log messages. (#896)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
*Improved macro definition logic and platform detection to enable building
universal2 binary wheels for macOS, alongside arm64 and x86_64 ones;
added step to GitHub Actions to generate and publish them (#28).
*Mention explicit support for Python 3.10.
*Fixed minor compilation warning in ARM64 builds.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add dependence asyncio.
Changelog:
==========
Parse SPNs in SYM Files
Miscellaneous smaller fixes
Implement support for AUTOSAR secure on-board communication
Distribute & expose type annotations per PEP 561
Add more type annotations
Improve encoding performance
Add Support for Dumping Database as SYM File
Fix SYM file bugs
Fix parsing of referenced data in CDDs
implement decoding of partial messages
Use floating point scaling in encoding
Small improvements after #417
minor bug fixes and improvements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
*Alembic 1.8 now supports Python 3.7 and above.
*The "Pylons" environment template has been removed as of Alembic 1.8. This
template was based on the very old pre-Pyramid Pylons web framework which
has been long superseded by Pyramid.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
*Flag instances now raise an error if used in a bool context.
This prevents the occasional mistake of testing an instance for truthiness
rather than testing flag.value.
*absl-py no longer depends on six.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
Support Python 3.11 (beta)
refresh ci settings.
Don't define _*ENDIAN macro on Unix.
Update setuptools and black
Use PyFloat_Pack8() on Python 3.11a7
Upgrade black to fix CI
Fix Unpacker max_buffer_length handling
ci: Update action versions.
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
Bugs fixed
----------
* GH#341: The mixin inheritance order in ''lxml.html'' was corrected.
Patch by xmo-odoo.
Other changes
-------------
* Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.
* Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35
(libxml2 2.9.12+ and libxslt 1.1.34 on Windows).
* GH#343: Windows-AArch64 build support in Visual Studio.
Patch by Steve Dower.
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Maximum number of tries, in rare cases, is insufficient for
elf parse. Backport patch that fixes the issue.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cryptsetup SSH tokens is the only feature that has a dependency on
libssh. Add a packageconfig to control this dependency.
Change-Id: Iac4f91e099ad2e3a79aab183734108f8bfbff57f
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update firewalld by 2 major versions, which also includes breaking and
behavioral changes.
Highlights from 0.9 to 1.0:
- Reduced dependencies
- Intra-zone forwarding by default
- NAT rules moved to inet family (reduced rule set)
- Default target is now similar to reject
- ICMP blocks and block inversion only apply to input, not forward
- tftp-client service has been removed
- iptables backend is deprecated
- Direct interface is deprecated
- CleanupModulesOnExit defaults to no (kernel modules not unloaded)
Details:
- https://firewalld.org/2021/07/firewalld-1-0-0-release
- https://github.com/firewalld/firewalld/compare/v0.9.0...v1.0.0
From 1.0 to 1.1 is mostly a bug fix release update.
Details:
- https://firewalld.org/2022/02/firewalld-1-1-0-release
- https://github.com/firewalld/firewalld/compare/v0.9.0...v1.0.0
Improvements on the recipe:
- Add ptest
- Very helpful to get all the kernel modules
- Long running, probably not suitable for any OE autobuilder
- RRECOMMENS kernel modules, document configuration
- Improve package splitting
- firewalld-config and firewalld-applet depend on QT5, pyqt5 and GTK.
The dependencies were not correctly set but the code was ending up
on the target device. Now the code gets into a separate package but
the dependeinces are probably still not complete. Since this is
probably not used anyway it is not tested yet. It's still not
perfect but much better than installing broken stuff to the target
device.
- The dependenices are added to variables instead of rdepends to keep
the meta-qt5 and gnome layers optional also at build-time.
- New packageconfigs: ebtables, ipset. This is mosly required to get the
test suite running but probably also usable otherwise.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
zhengruoqin
Martin Jansa
Yi Zhao
wangmy
Ashish Sharma
Chen Qi
Jan Vermaete
Mingli Yu
Mikko Rapeli
Xu Huan
Sakib Sajal
Peter Kjellerstedt
Adrian Freihofer