Changelog:
=============
- Fix build with SWIG 4.4.
- Fix build in the event some parts of Boost are installed but Boost.Locale is not.
- Make GetClient() work in the OnClientGetSASLMechanisms module callback.
- Stop accidentally requiring new perl 5.35.1, regression from 1.10.0.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 8b4ce3276c)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog:
===========
- CVE-2026-35328 - Fixed a vulnerability in libtls related to the processing of
the supported_versions extension in TLS that can result in an infinite loop.
- CVE-2026-35329 - Fixed a vulnerability in libstrongswan and the pkcs7 plugin
related to the processing of encrypted PKCS#7 containers that can result in
a crash.
- CVE-2026-35330 - Fixed a vulnerability in in libsimaka related to the
processing of certain EAP-SIM/AKA attributes that can result in an infinite
loop or a heap-based buffer overflow and potentially remote code execution.
- CVE-2026-35331 - Fixed a vulnerability in the constraints plugin related to
the processing of X.509 name constraints that can allow authentication with
certificates that violate the constraints.
- CVE-2026-35332 - Fixed a vulnerability in libtls related to the processing of
ECDH public values in TLS < 1.3 that can result in a crash.
- CVE-2026-35333 - Fixed a vulnerability in libradius related to the processing
of RADIUS attributes that can result in an infinite loop or an out-of-bounds
read that may cause a crash.
- CVE-2026-35334 - Fixed a vulnerability in the gmp plugin related to RSA
decryption that can result in a crash.
- Made the Botan RNG types used/provided by the botan plugin configurable.
- The fix for the vulnerability in the constraints plugin now causes all
certificates that contain excluded name constraints of type directoryName (DN)
to get rejected.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit b05b177ae5)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The introduction of DISTRO_FEATURES_OPTED_OUT allows rewriting the
DISTRO_FEATURES by removing whatever is in DISTRO_FEATURES_OPTED_OUT
from DISTRO_FEATURES.
Thus, the logic of vala can be negated, and it can changed be to
see if gobject-introspection-data is available in DISTRO_FEATURES.
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
In Linux, memcached relies on transparent huge pages, and even if
libhugetlbfs is enabled by the PACKAGECONFIG (and detected during
do_configure, of course), it is simply not used:
root@qemuriscv64:~# ldd $(which memcached)
linux-vdso.so.1 (0x0000003fa4358000)
libevent-2.1.so.7 => /lib/libevent-2.1.so.7 (0x0000003fa42b0000)
libc.so.6 => /lib/libc.so.6 (0x0000003fa4157000)
/usr/lib/ld-linux-riscv64-lp64d.so.1 (0x0000003fa435a000)
The main reason is the fact that the only call to a function coming from
libhugetlbfs is here:
https://github.com/memcached/memcached/blob/master/memcached.c#L4274
and getpagesizes() is only called if the #if block evaluates to true:
int ret = -1;
size_t sizes[32];
int avail = getpagesizes(sizes, 32);
(...)
/* check if transparent hugepages is compiled into the kernel */
/* RH based systems possibly uses a different path */
static const char *mm_thp_paths[] = {
"/sys/kernel/mm/transparent_hugepage/enabled",
"/sys/kernel/mm/redhat_transparent_hugepage/enabled",
NULL
};
(...)
This block relies on HAVE_MEMCNTL, which is a Solaris-specific feature.
Therefore, the dependency link between memcached and libhugetlbfs
doesn't exist in Linux.
Drop libhugetlbfs from memcached's recipe.
Signed-off-by: João Marcos Costa <joaomarcos.costa@bootlin.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The commit adding update-alternatives support omitted
ALTERNATIVE_TARGET[ebtables], causing the bbclass to fall back to
constructing the target as ${sbindir}/ebtables.ebtables which does
not exist. The binary is installed as ebtables-legacy, so set
ALTERNATIVE_TARGET accordingly.
fixes QA warnings:
ebtables: alternative target does not exist, skipping
ebtables: NOT adding alternative provide /usr/sbin/ebtables
ebtables: alt_link == alt_target: /usr/sbin/ebtables == /usr/sbin/ebtables
Fixes: 584fec0f74 ("ebtables: Use update alternatives for "ebtables"")
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Variable DISTRO_FEATURES_BACKFILL_CONSIDERED has been renamed
to DISTRO_FEATURES_OPTED_OUT.
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changes:
- Drop 0001-Fix-build-with-gcc-15.patch (merged upstream).
- Add 0001-fix-the-hardcoded-legacy-helper-path.patch: replace the
hardcoded "/lib/drbd" path in add_lib_drbd_to_path() with the
build-configured DRBD_LEGACY_LIB_DIR derived from LIBDIR
- Remove sed fixup for the now-absent ocf.ra@.service.
- Install new upstream 50-drbd.preset into systemd system-preset
Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The build fails because ruli is compiled with -ansi
(which implies C89/C90), but glibc's memchr macro
uses _Generic, a C11 feature. Clang treats this as
an error via -Werror,-Wc11-extensions.
Fixes build with glibc 2.43+
| ruli_conf.c:86:12: error: '_Generic' is a C11 extension [-Werror,-Wc11-extensions]
| 86 | if (!memchr(inbuf, '\0', LOAD_SEARCH_LIST_INBUFSZ))
| | ^
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23
compiler support, avoiding potential build failures as the package
is not yet fully ported to support C23 standard.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23
compiler support, avoiding potential build failures as the package
is not yet fully ported to support C23 standard.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The upgrade to mosquitto 2.1.2 follows an upstream change where the
default configuration file is only installed as
${sysconfdir}/mosquitto/mosquitto.conf.example.
However, the shipped systemd service explicitly starts mosquitto using
${sysconfdir}/mosquitto/mosquitto.conf. If this file is not present, the
daemon exits immediately and the service fails to start.
Install the default mosquitto.conf alongside the example file, using the
upstream-provided configuration, to match the expectations of the
service unit and ensure the service starts correctly by default, as done
with the 2.0.22 version.
Signed-off-by: Ricardo Salveti <ricardo.salveti@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: Copyright year updated to 2026
fix-openssl-no-des.patch
refreshed for 5.78
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: update LICENSE from https://www.gnu.org/licenses/
Changelog:
=============
- merge README* to single README.md
- Merge pull request #2 from feckert/pr/20250902-build-fixes
- Fix fortify abort when LTO is enabled
- Fix uninitialized buffer data.
- Enable listening on IPv6
- test.sh: redirect stderr to /dev/null when counting lines
- Declare variable D as local in stop_and_clean
- Fix pthread_t format warning for fprintf
- Fix incompatible-pointer-types for pcre2_substring_list_free
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Backport a patch from openLDAP to fix the configure errors with clang-22 -std=gnu23
Fix another issue by dropping C89 signatures in favor of C99 function prototypes
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
-Update tailscale recipe to version 1.94.2
-Regenerate go module dependencies and license checksums
-Export GOFLAGS with build tags so do_update_modules discovers all dependencies
-Manually verify and complete Unknown license entries
Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Samba has a new build-time dependency, libquic[1]. The repository
builds an out-of-tree kernel module and a regular userspace library
with the same build script, however the Makefile seems to be fairly
hostile to cross-compilation. The Samba tarball also vendors the
same with their own build script - for now, this venodred version is used.
There are some efforts that the kernel part is mainlined[2], once it
happens it should be possible to easily remove this from the recipe.
pyldb was removed from RDEPENDS, as it seems that samba now builds its
own version of it.
Patches updated, unneeded patches dropped. Some patches contained a
considerable amount of whitespace changes - those were trimmed for
the ease of rebasing.
Changelog:
https://gitlab.com/samba-team/samba/-/blob/samba-4.23.5/WHATSNEW.txt?ref_type=tags
(Switch to other branches to see earlier changelogs)
[1]: https://github.com/lxin/quic/
[2]: https://github.com/lxin/net-next/commits/quic/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Public domain mDNS/DNS-SD library in C
Add github namespace to recipe name and handle it in CVE_PRODUCT because
there already is a different mdns recipe in meta-openembedded.
Example application is built but not installed.
This is good to verify that current toolchain is copatible with headers.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Those systemd services were added in 1.54 upstream
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2089
According the comments we can see they are meant for the inird
other than using for rootfs. They will conflict with the main
services and can lead to potentially confusing error messages.
So remove them for now to avoid the following issue.
>$systemd-analyze --man=false verify \
> /lib/systemd/system/NetworkManager-wait-online-initrd.service
Failed to put bus name to hashmap: File exists
NetworkManager-initrd.service: Two services allocated for the \
same bus name org.freedesktop.NetworkManager, refusing operation.
Test:
PASS: bitbake core-image-minimal
PASS: runqemu qemux86-64
PASS: systemd-analyze --man=false verify \
/lib/systemd/system/NetworkManager.service
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The CVE is fixed in the current version already, however
NVD tracks it without version - suppress the report explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
It has been unmaintained/EOL for over a year - there is
a recipe for a newer, still supported version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The ebtables utility can be provided by both ebtables and iptables
packages. Set higher priority for the version provided by iptables
to prefer it.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fix following error when multilib is used:
Running transaction test
Error: Transaction test error:
file /etc/pam.d/vsftpd conflicts between attempted installs of vsftpd-3.0.5-r0.x86_64_v3 and lib32-vsftpd-3.0.5-r0.core2_32
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Yi Zhao
Wang Mingyu
Changqing Li
Gyorgy Sarvari
Jose Quaresma
Joao Marcos Costa
Alex Kiernan
Khem Raj
Haiqing Bai
Ricardo Salveti
Ayoub Zaki
Peter Marko
Zhixiong Chi
Gianfranco Costamagna
Zheng Ruoqin
Zhang Xiao