While working on it, also ignore CVE-2025-47711 and CVE-2025-47712.
Both vulnerabilities are fixed already (they were fixed before the
upgrade also, but there is no version-range associated with the CVE report).
CVE-2025-47711: https://gitlab.com/nbdkit/nbdkit/-/commit/e6f96bd1b77c0cc927ce6aeff650b52238304f39
CVE-2025-47712: https://gitlab.com/nbdkit/nbdkit/-/commit/a486f88d1eea653ea88b0bf8804c4825dab25ec7
Shortlog:
Merge branch '2025-optional-qemu-img' into 'master'
build: Check for qemu-img and disable some tests if not present
tests/curl: Skip test if 'disk' was not created
server/public.c: Use common/include parse_bool function
common/include: Extra bool parsing into a mini-library
docs: Shorter title and tweaks to the description
indexed-gzip: Include <stddef.h> to get ptrdiff_t
indexed-gzip: Move variable decl outside for loop
vddk: Sort synopsis into alphabetical order
ext2: Update docs since filter supports concurrent connections
docs: Move --short/--long-options to right place in synopsis
(origin/rhel-10.2) docs: Document how to probe for server command line options
server: Document --long-options and --short-options
docs/nbdkit-probing.pod: Rearrange synopsis to match description
server: Add --name parameter
docs: Fix bolding of --log=/path option
tests/test-python-plugin.py: Remove unused variables
python: Add binding for nbdkit_parse_bool
tests/test-python-plugin.py: Add name of test for test_parse_size
(tag: v1.45.6) Version 1.45.6.
Merge branch '2025-rounding' into 'master'
server/public.c: Use lrint() instead of implicit conversion to int
indexed-gzip: Fixes for 32-bit support
indexed-gzip: More editorially neutral content
Merge branch 'add-indexed-gzip-filter' into 'master'
Introduce index-gzip filter
Move unmodified index build/extract to ig_zran.h/c
Add serialize/deserialize fn for zran structs
Restructure zran.h, zran.c for use as library
Import zran.c/zran.h v1.6 (2 Aug 2024) from zlib
Merge branch '2025-delay-trigger' into 'master'
delay: Add new delay-trigger option
delay: Rearrange the options in alphabetical order in the documentation
tests/test-map.sh: Fix "nbd_pread: count cannot be 0: Invalid argument"
docs/nbdkit-client.pod: Document attaching NBD devices to QEMU VMs
docs/nbdkit-client.pod: Combine and rename "LIMITATIONS" section
Merge branch '2025-fix-golang-test' into 'master'
tests/test-golang-fork-warning.sh: Fix hanging test
Merge branch '2025-misc-fixes' into 'master'
tests: Use 'define script' in a few more places
tests: Modify make-pki and make-psk scripts to be atomic
tests: Define common functions for requiring TLS certs and PSK
tests/test-tls.sh: Remove unused export of pkidir
tests: Generate make-psk.sh
tests/make-psk.sh: Fix typo "pkstool" -> "psktool"
tests: Fix typo "An good" -> "A good"
map: Implement map-size feature
tests/test-at-file.sh: Fix srcdir != builddir
tests: Work around realpath error on BSDs
Merge branch '2025-eq-file' into 'master'
Merge branch '2025-server-debug' into 'master'
server: Use debug() instead of nbdkit_debug() consistently in the server
map: Refer to @PATH syntax in documentation
server: Add @PATH syntax
server/main.c: Factor out the function that parses key=value
server/main.c: Fix comment
server/main.c: Move key=value parsing to a new function
server/options.h: Reject empty string ("") as a short name
server/options.h: Add comment to is_short_name
server/main.c: Reject empty string as a plugin name or filter name
common: utils: Add const to <vector>_duplicate variable decls
data: Use new vector_append_array in a couple of places
map: Use new vector_append_array function instead of loop
common: utils: vector: Fix vector_uniq prototype and add a test
common: utils: vector: Add range functions for insert, append and remove
common: utils: vector: Prefer vector_reset over free()
Merge branch '2025-map-filter' into 'master'
New filter: map for remapping arbitrary blocks
common: utils: vector: Add new vector_uniq function
tests/functions: Factor out 2^63-1 constant used by a few tests
tests/test-cache-block-size.sh: Remove unused socket
data: Minor revisions to the documentation for clarity
full: Remove reference to equivalence of nbdkit-readonly-filter
tests/test-floppy.sh: Simplify this test
count: Add an example to the documentation
common/include/test-once.c: Further fixes for pthread_barrier_t
common/include/test-once.c: Skip test on macOS which lacks pthread_barrier_t
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For Samba's Active Directory Domain Controller functionality, it needs
to have python3-markdown listed as an RDEPENDS as well as a DEPENDS.
When trying to provision a domain with samba-tool without this change
then it will error out like:
$ samba-tool domain provision --realm=EXAMPLE.COM --domain=EXAMPLE \
--adminpass='YourPassword123!' --server-role=dc \
--dns-backend=SAMBA_INTERNAL --use-rfc2307
<snip>
Temporarily overriding 'dsdb:schema update allowed' setting
ERROR(<class 'ModuleNotFoundError'>): uncaught exception - No module named 'markdown'
File "/usr/lib/python3.13/site-packages/samba/netcmd/init.py", line 279, in _run
return self.run(*args, **kwargs)
~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/samba/netcmd/domain/provision.py", line 343, in run
result = provision(self.logger,
session, smbconf=smbconf, targetdir=targetdir,
...<16 lines>...
backend_store=backend_store,
backend_store_size=backend_store_size)
File "/usr/lib/python3.13/site-packages/samba/provision/init.py", line 2404, in provision
raise e
File "/usr/lib/python3.13/site-packages/samba/provision/init.py", line 2394, in provision
forest = ForestUpdate(samdb, fix=True)
File "/usr/lib/python3.13/site-packages/samba/forest_update.py", line 212, in init
from samba.ms_forest_updates_markdown import read_ms_markdown
File "/usr/lib/python3.13/site-packages/samba/ms_forest_updates_markdown.py", line 27, in <module>
import markdown
Signed-off-by: Andrew Bradford <andrew.bradford@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When enabling multilib with lib32, the radiusd will use etc file for lib32 as default
#systemctl status radiusd
......
/usr/sbin/radiusd -d /etc/lib32-raddb
It should be lib64 as default.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- dig wrapper function was broken since 2.1.2
- No longer send nslookup/dig stderr to /dev/null
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The patches were submitted to upstream, they are not pending anymore.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When compiling for 32-bit targets, two issues came to surface:
1. gcc was complaining that math.h is not included in snprintf, and some
calls were implicitly defined. Added a patch that includes the required
headers in snprintf.c file:
| snprintf.c: In function 'fmtfloat':
| snprintf.c:1232:13: error: implicit declaration of function 'isnan' [-Wimplicit-function-declaration]
| 1232 | if (isnan(value))
| | ^~~~~
| snprintf.c:50:1: note: include '<math.h>' or provide a declaration of 'isnan'
2. The code passes a time_t argument to a function that expects a long. This works for
64-bit targets, because on those usually time_t is long.
However on 32-bit systems time_t is usually long long, which makes compilation fail
with the following error:
| wd_json_data.c:540:66: error: passing argument 3 of 'json_get_long_value_for_key' from incompatible pointer type [-Wincompatible-pointer-types]
| 540 | if (json_get_long_value_for_key(root, "StartupTimeSecs", &wdNode->startup_time.tv_sec))
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
To account for this, add a new helper method in a patch that returns the required json value
as a time_t value.
The patches are in pending state, because the mailing list of the project is sufferring from
technical problems - when the site loads, sign up attempts throw internal server errors.
It is planned to submit the patches and to update the status once their infrastructure is back.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
- Memory allocation safety checks for event storage (thanks David.A for bug report)
- Fix off-by-one boundary check in seqmap code
- The minimum value for the period (-p flag) is now 0.001 milliseconds,
since it probably never makes sense to use a smaller value, and to avoid doing
a very large memory allocation for event storage.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Fix bug that caused that challenge was incorrectly reused if invalid or expired.
* Add support for "data-ciphers-fallback" option.
* Add GUI support for "data-ciphers" option.
* Fix export for password connection type that was not exporting some fields.
* Fix mnemonics in editor's Identity - Advanced view
* Auth-dialog ported to GTK4
* Import certificates into the XDG_DATA_HOME directory.
* Update translations: Hindi, Slovenian, Catalan, Polish, Brazilian Portuguese, Ukrainian, Georgian,
Swedish, Hebrew, Russian and Danish.
* Skip release 1.12.1 because of a bug in the release pipeline.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
api: add support for handling DIOCTL_SET_INJECT_DROP
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Moved the iproute2 backend enablement into a new PACKAGECONFIG.
It is enabled to keep the current defaults. Added the explicit
runtime dependency on iproute2-ip (the "ip" command) which this
backend requires.
Added a new PACKAGECONFIG[dco] which enables the libnl backend,
which is mutually incompatible with iproute2 backend in OpenVPN.
With these:
PACKAGECONFIG:remove = "iproute2"
PACKAGECONFIG:append = " dco"
the data channel offload is enabled:
checking for LIBNL_GENL... yes
configure: Enabled ovpn-dco support for Linux
With Linux kernel 6.16 or newer, and CONFIG_OVPN enabled,
the data channel offload will be used.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Includes the provided service and defaults files for using the
tailscale daemon on systemd init machines.
Added the other kernel modules necessary for tailscaled to work
without warnings to RRECOMMENDS.
Tested with `core-image-minimal` under qemu with machines
`qemux86-64`, `genericx86-64` and `qemuarm64`. Ping
host on tailscale network using magicDNS host lookup.
Signed-off-by: Dean Sellers <dean@sellers.id.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add opencommands directive to select remote monitoring commands
- Add interval option to driftfile directive
- Add waitsynced and waitunsynced options to local directive
- Add sanity checks for integer values in configuration
- Add support for systemd Type=notify service
- Add RTC refclock driver
- Allow PHC refclock to be specified with network interface name
- Don’t require multiple refclock samples per poll to simplify filter configuration
- Keep refclock reachable when dropping samples with large delay
- Improve quantile-based filtering to adapt faster to larger delay
- Improve logging of selection failures
- Detect clock interference from other processes
- Try to reopen message log (-l option) on cyclelogs command
- Fix sourcedir reloading to not multiply sources
- Fix tracking offset after failed clock step
- Drop support for NTS with Nettle < 3.6 and GnuTLS < 3.6.14
- Drop support for building without POSIX threads
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixed issues like incompatible hash sections
it was added in 2009 [1], however these errors are
not seen in todays OE builds
On the contrary it regresses build with clang since
it rejects the options which results in some configure
test failures, resulting finally in build/compile failures
arm-yoe-linux-gnueabi-clang: warning: -Wl,-O1: 'linker' input unused [-Wunused-command-line-argument]
[1] https://git.openembedded.org/openembedded/commit/?id=07f750c6382476b799201b5ca47f93a5f7aa7e84
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jan Luebbe <jlu@pengutronix.de>
Tailscale is a mesh VPN built on the WireGuard protocol.
On the client side, it includes a node agent (tailscaled)
and a client application for configuration (tailscale).
These components can be bundled into a single binary for
a more smaller total size, which is done in this recipe.
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Mark Bath <mark@baggywrinkle.co.uk>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-pki-Fix-signature-of-help-to-match-that-of-a-callbac.patch
0002-callback-job-Replace-return_false-in-constructors-wi.patch
0003-Cast-uses-of-return_-nop-and-enumerator_create_empty.patch
removed since they're included in 6.0.2
Changelog:
=============
- Support for per-CPU SAs (RFC 9611) has been added (Linux 6.13+).
- Basic support for AGGFRAG mode (RFC 9347) has been added (Linux 6.14+).
- POSIX regular expressions can be used to match remote identities.
- Switching configs based on EAP-Identities is supported. Setting
'remote.eap_id' now always initiates an EAP-Identity exchange.
- On Linux, sequence numbers from acquires are used when installing SAs. This
allows handling narrowing properly.
- During rekeying, the narrowed traffic selectors are now proposed instead of
the configured ones.
- The default AH/ESP proposals contain all supported key exchange methods plus
'none' to make PFS optional and accept proposals of older peers.
- GRO for ESP in enabled for NAT-T UDP sockets, which can improve performance
if the esp4|6_offload modules are loaded.
- charon-nm sets the VPN connection as persistent, preventing NetworkManager
from tearing down the connection if the network connectivity changes.
- ML-KEM is supported via OpenSSL 3.5+.
- The wolfssl plugin is now compatible to wolfSSL's FIPS module.
- The libsoup plugin has been migrated to libsoup 3, libsoup 2 is not supported
anymore.
- The long defunct uci plugin has been removed.
- Log messages by watcher_t are now logged in a separate log group ('wch').
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bump minimum cmake dialect to be 3.5+, this is an openwrt
component, which does not get many updates these days. Ideally
the cmake files for the project should be fixed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Wang Mingyu
Gyorgy Sarvari
Rajeshkumar Ramasamy
Andrew Bradford
Liu Yiding
Archana Polampalli
Jason Schonberg
Khem Raj
Alex Kiernan
Jiaying Song
Zoltán Böszörményi
Gianfranco Costamagna
Dean Sellers
Guðni Már Gilbert
Jeroen Hofstee