Samba has a new build-time dependency, libquic[1]. The repository
builds an out-of-tree kernel module and a regular userspace library
with the same build script, however the Makefile seems to be fairly
hostile to cross-compilation. The Samba tarball also vendors the
same with their own build script - for now, this venodred version is used.
There are some efforts that the kernel part is mainlined[2], once it
happens it should be possible to easily remove this from the recipe.
pyldb was removed from RDEPENDS, as it seems that samba now builds its
own version of it.
Patches updated, unneeded patches dropped. Some patches contained a
considerable amount of whitespace changes - those were trimmed for
the ease of rebasing.
Added a backported patch to avoid infinite recursion during the generation
of the man pages.
Changelog:
https://gitlab.com/samba-team/samba/-/blob/samba-4.23.5/WHATSNEW.txt?ref_type=tags
(Switch to other branches to see earlier changelogs)
[1]: https://github.com/lxin/quic/
[2]: https://github.com/lxin/net-next/commits/quic/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fix following error when multilib is used:
Running transaction test
Error: Transaction test error:
file /etc/pam.d/vsftpd conflicts between attempted installs of vsftpd-3.0.5-r0.x86_64_v3 and lib32-vsftpd-3.0.5-r0.core2_32
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The incompatible pointer warning/error has been fixed upstream[1],
no need for custom CFLAGS for this anymore.
[1]: 43bcfbcdf5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Compilation with musl has been fixed by upstream[1], no need for custom
CFLAGS for this anymore.
[1]: d38b5d92ee
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Radiusd fails to start because the openssl legacy provider is no longer
built by default[1]:
$ radiusd -C -X
FreeRADIUS Version 3.2.8
[snip]
(TLS) Failed loading legacy provider
Add PACKAGECONFIG[legacy-openssl] to enable openssl legacy provider
support. When disabled, pass --enable-fips-workaround to configure
instead.
Backport two patches to fix the --enable-fips-workaround option.
[1] https://git.openembedded.org/openembedded-core/commit/?id=a150c3580f7f4962152444272c0fe07cfdb72df5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Beside other fixes, it contains a remediation for CVE-2026-25075
Changelog: https://github.com/strongswan/strongswan/releases/tag/6.0.5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
It isn't maintained anymore and requires workarounds when gnulib is
updated.
It was only used by libvirt and with the upstream [1] and meta-virt
changes to not require it anymore, this can be dropped.
[1] 35d5b26aa4
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* Use git instead of tarball in SRC_URI.
* Update configuration options.
* Clean up and refresh local patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop patch which is included in this release, and add a patch that
adapts a lua api call to the lua version that is used in OE.
License-Change: the unicode license text has been updated, there should
be no material change. However while examining these changes, I noticed
that some parts of the code are covered by licenses not mentined in the
recipe. It should reflect all licenses now.
Tis version contains fixes fox CVE-2025-59028, CVE-2025-59031, CVE-2026-24031,
CVE-2026-27859, CVE-2026-27860, CVE-2026-27857, CVE-2026-27856 and CVE-2026-27855
Changelog: https://github.com/dovecot/core/blob/main/NEWS
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Refer [1], this can fix do_configure failure:
| checking for libsoup-3.0... no
| configure: error: Package requirements (libsoup-3.0) were not met:
|
| Package 'libsoup-3.0' not found
[1] 6ddabf52d5
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `RDEPENDS:class-target +=` wouldn't result in any
unwanted override, there is no guarantee there won't be a change, which
would be hidden by this override. To avoid any surprises in the future
let's use `:append:class-target =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The openvpn 2.7.0 upgrade refactored
tests/unit_tests/openvpn/Makefile.am, changing how test_binaries is
defined. This caused autoreconf to generate Makefiles where
buildtest-TESTS and runtest-TESTS no longer have rule bodies, breaking
the existing ptest recipe which relied on these targets for compilation
and execution. The fix replaces these internal automake targets with
stable interfaces: check-am for compilation and direct binary execution
on target.
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Mbed OS has reached its ends of life in 2024 [1], the annoucement also
includes the change of the Mbed TLS homepage. This commit updates the
HOMEPAGE variable in the mbedtls recipe to reflect the new URL.
Additionally, the BUGTRACKER variable is added, as it is a required
field [2].
[1] https://os.mbed.com/blog/entry/Important-Update-on-Mbed/
[2] https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#required-variables
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.
Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.
Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Newer gnulib use python implementation by default if it
finds py3 on the system. However, netcf is old package
and its not expecting python implementation, therefore
make the shell implementation be used.
REALLOC_N is gone in latest gnulib so house a local
macro
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add new patch to fix breakage from Apple Wireless Direct Link support on
macOS.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: Change license to EPL-2.0 OR BSD-3-Clause
Clarify license in LICENSE.txt: f466e454e0
Updated NOTICE.md: https://github.com/eclipse-mosquitto/mosquitto/commit/827c803cb8d6376891548b856a1faa3f0ab5
Removed patch included in this release
Update PACKAGECONFIG/cmake options:
- manpages: -DDOCUMENTATION → -DWITH_DOCS (the CMake option was renamed in 2.1.x)
- ssl: removed -DWITH_EC=ON/-DWITH_EC=OFF; the WITH_EC option was dropped in 2.1.x
since Elliptic Curve support is now always included with TLS
- websockets — adapt websockets to properly use with picohttpparser
- persist-sqlite - for persistence support in the broker, have sqlite3 dependency
- ctrl-shell: mosquitto_ctrl interactive shell, have libedit dependency
Disable `DWITH_ADNS` option because it required Argon2, which is not part of
meta-oe layer
Disable `DWITH_TESTS` option because mosquitto start using GoogleTest
and we hit a common Yocto + CMake + GoogleTest problem
Improve shipped package to modern version
Changelog:
v2.1.2:
https://github.com/eclipse-mosquitto/mosquitto/blob/v2.1.2/ChangeLog.txtgT
Broker:
- Forbid running with `persistence true` and with a persistence plugin at the
same time.
Build:
- Build fixes for OpenBSD. Closes#3474.
- Add missing libedit to docker builds. Closes#3476.
- Fix static/shared linking of libwebsockets under cmake.
v2.1.1:
https://github.com/eclipse-mosquitto/mosquitto/blob/v2.1.1/ChangeLog.txt
v2.1.0:
https://github.com/eclipse-mosquitto/mosquitto/blob/v2.1.0/ChangeLog.txt
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Add man pages and adjust Makefile for man pages
- Avoid %#x printf pattern
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since there are no sources being fetched, set S to UNPACKDIR to fix:
| WARNING: wowlan-udev-1.0-r0 do_unpack: wowlan-udev: the directory
| ${UNPACKDIR}/${BP} ... pointed to by the S variable doesn't exist
| - please set S within the recipe to point to where the source has
| been unpacked to.
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently, the build of wireshark fails with
ERROR: wireshark-1_4.6.3-r0 do_package_qa: QA Issue: /usr/lib/libwsutil.so.17.0.0 contained in package wireshark requires libxxhash.so.0()(64bit), but no providers found in RDEPENDS:wireshark? [file-rdeps]
ERROR: wireshark-1_4.6.3-r0 do_package_qa: Fatal QA errors were found, failing task.
ERROR: Logfile of failure stored in: /build/tmp/work/core2-64-poky-linux/wireshark/4.6.3/temp/log.do_package_qa.302606
ERROR: Task (/build/../work/layers-3rdparty/openembedded/meta-networking/recipes-support/wireshark/wireshark_4.6.3.bb:do_package_qa) failed with exit code '1'
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVE fix is correct, but the CVE ID contains a typo. The correct
ID is CVE-2026-3606.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: updated to latest GPLv2 text version [1]
Changelog [2]
- Bug 5501: Squid may exit when ACLs decode an invalid URI
- ICP: Fix HttpRequest lifetime for ICP v3 queries
- ICP: Fix validation of packet sizes and URLs
- Do not escape malformed URI twice when sending ICP errors
- ... and some code, CI, and documentation cleanups
[1] 765c7f4e7f
[2] https://github.com/squid-cache/squid/releases/tag/SQUID_7_5
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Squid tags are in form SQUID_<MAJ>_<MIN>.
This can also be seen in SRC_URI download link.
This change will make "devtool latest-version squid" correctly show 7.5
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
OE-Core has dropped gstreamer1.0-vaaapi, breaking spice-gtk. Drop the
dependency and, while we are at it, enable libva as a dependency, making
sure VA-API is enabled.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Using old Python on the build host with SetupTools 82 results in an error
message during building:
| error: invalid command 'egg_info'
|
| ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel
| WARNING: exit code 1 from a shell command.
To avoid it, use the native Python environment built by OE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Create path to fix `meson` build errors
Add missing dependencies.
Disables man page generation. The build was using xsltproc to try
downloading http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
from the network, which fails in embedded build environments.
Changelog:
v1.56.0
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.56.0/NEWS?ref_type=tags
Changed:
- Unify the versioning to use everywhere the scheme with the -rcX or -dev
suffixes when appropriate. This affects, for example, the URL and filename
of the release tarball and the version reported by nmcli and the daemon.
As an exception, the C API will continue to use the 90+ scheme for RC versions.
- nmcli now supports viewing and managing WireGuard peers.
- Support reapplying the "sriov.vfs" property as long as
"sriov.total-vfs" is not changed.
- Support reapplying "bond-port.vlans".
- Accept hostnames longer than 64 characters from DNS lookup.
- Make that global-dns configuration overwrites DNS searches and
options from connections, instead of merging all together.
- Add support for a new rd.net.dhcp.client-id option in
nm-initrd-generator.
- Add gsm device-uid setting to restrict the devices the connection applies to.
- Support configuring the HSR protocol version via the
"hsr.protocol-version" property.
- Fix a bug that makes broadband connections auto-connect getting
blocked if the connection tries to reconnect when modem status is
"disconnecting" / "disconnected".
- Treat modem connection not having an operator code available
as a recoverable error.
- Add support for configuring systemd-resolved's DNSSEC option
per-connection via the "connection.dnssec" connection property.
- Support configuring the HSR interlink port via the
"hsr.interlink" property.
- Fix some connection properties not being applied to vpn connections
(connection.mdns, connection.llmnr, connection.dns-over-tls,
connection.mptcp-flags, ipv6.ip6-privacy)
- Update n-acd to always compile with eBPF enabled, as support
for eBPF is now detected at run time.
- Add new MPTCP 'laminar' endpoint type, and set it by default alongside
the 'subflow' one.
- For private connections (the ones that specify a user in the
"connection.permissions" property), verify that the user can access
the 802.1X certificates and keys set in the connection.
- Introduce a libnm function that can be used by VPN plugins to check
user permissions on certificate and keys.
v1.54.0
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.54.0/NEWS?ref_type=tags
Changed:
- Add support for configuring per-device IPv4 forwarding via the
"ipv4.forwarding" connection property.
- Add a new "prefix-delegation" setting containing a "subnet-id"
property that specifies the subnet to choose on the downstream
interface when using IPv6 prefix delegation.
- Support OCI baremetal in nm-cloud-setup
- When activating a WireGuard connection to an IPv6 endpoint, now
NetworkManager creates firewall rules to ensure that the incoming
packets are not dropped by kernel reverse path filtering.
- Add support for configuring the loopback interface in nmtui.
- Most of the properties of ovs-bridge and ovs-port connections can
now be reapplied at runtime without bringing the connection down.
- Add a new "sriov.preserve-on-down" property that controls whether
NetworkManager preserves the SR-IOV parameters set on the device
when the connection is deactivated, or whether it resets them to
their default value.
- Introduce a new "ovs-dpdk.lsc-interrupt" property to configure the
Link State Change (LSC) detection mode for OVS DPDK interfaces.
- The initrd-generator now can parse the NVMe Boot Firmware Table
(NBFT) to configure networking during early boot.
- Add systemd services to provide networking in the initrd.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tag is not on any branch.
Changelog:
1.14.2:
https://github.com/libcpr/cpr/releases/tag/1.14.2
Changed:
- test: don't reflect Content-Length from request
- Fixed curlholder Double Free
- Fix error when running CMake configure multiple times with CPR_BUILD_TESTS, bump CMake min version to 3.18
- fix: replace curl_error_map with switch to fix Static Initialization Order Fiasco
- Updated Bazel Instructions
- Bump actions/upload-artifact from 5 to 6
- Bump actions/checkout from 5 to 6
- Bump jwlawson/actions-setup-cmake from 1.14 to 2.1
v1.14.1:
https://github.com/libcpr/cpr/releases/tag/1.14.1
Changed:
- Fixed SSE Windows string parsing
v1.14.0
https://github.com/libcpr/cpr/releases/tag/1.14.0
Changed:
- fix: Crash when building with /MT in MSVC (double-destructor) #1276
- 1.14.0 Release Preparation - NuGet Release Build Fixes
- Add support for Server Sent Events (SSE)
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- tests: make slabs-reassign2 test more resilient
- proxy: reduce flakiness in t/proxyunits.t
- proxy: fix off by one in temp string with 250b key
- slabs: fix hang and crash.
- Fix failing proxy*.t tests on some systems like OL8
- Account for absent 'ssl_proto_errors' in stats during SSL tests
- Fix test compatibility on IPv6-only systems.
- Use SSLv23 method when TLSv1.3 is unsupported (e.g., macOS)
- extstore: more compaction write patience
- parser: fix lru command regression
- Fix: avoid null print for slab busy reason
- extstore: testing around rescued compaction items
- extstore: fix compaction checks wrong refcount
- proto: armor against empty commands
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: update GPLv2 COPYING document
Some terminology and FSF address changes since the GPLv2
4c5fbc7e8d
Remove lines from patch, which modify not exist code.
Changelog:
https://github.com/squid-cache/squid/releases/tag/SQUID_7_4
Changes:
- Do not create world-readable directories
- digest_edirectory_auth: Fix LDAPS memory leaks
- snmplib: Improve handling of zero-length ASN OCTET STRINGs
- Debug tls_read_method()/tls_write_method() errors
- ICMP: Harden echo paths, fix overflows, UB, and leaks
- Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers
- security_file_certgen: Fix OPENSSL_malloc()/free(3) mismatch
- Detect FreeBSD ports Heimdal package
- Remove SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H macro
- Remove SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H macro
- ext_kerberos_ldap_group_acl: Do not prohibit all LDFLAGS
- negotiate_sspi_auth: Respond with ERR when FormatMessage() fails
- ... and some code cleanups
- ... and some CI improvements
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
