License-Update: the project was relicensed from GPL-2 to GPL-3
Inludes fixes for the following vulnerabilities:
CVE-2025-7394, CVE-2025-7395, CVE-2025-7396, CVE-2025-12888, CVE-2025-11936,
CVE-2025-11935, CVE-2025-11934, CVE-2025-11933, CVE-2025-11932, CVE-2025-11931,
CVE-2025-12889
Drop patch that is incorporated in this release.
Changelog: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md
Ptests passed:
START: ptest-runner
2025-12-09T18:23
BEGIN: /usr/lib/wolfssl/ptest
Wolfssl ptest logs are stored in /tmp/wolfss_temp.6rsnys/ptest.log
Test script returned: 0
unit_test: Success for all configured tests.
PASS: Wolfssl
DURATION: 13
END: /usr/lib/wolfssl/ptest
2025-12-09T18:23
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9648
It is already fixed in the currently used version.
Also, update CVE-2025-55763's status to "fixed-version" (so it will be
marked as "Patched" in the CVE report instead of "Ignored")
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- add OpenSSL 3.0+ PKCS#11 support using OSSL_STORE API
- add OpenSSL Engine support (with OpenSSL < 3.0)
- update package links for distros in README
- remove deprecated option --plugin
- increase the maximum size of the proxy response
- route: always remove wrong pppd route to self
- fix several Coverity warnings
- fix a memory leak in new ipv4_drop_wrong_route method
- HTTP: fixes missing '\0' in debug
- IO: fixes a RC use after free
- SSL: Avoid leaking SSL context
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix following conflicts when enabling multilib.
Error: Transaction test error:
file /usr/include/freeradius/features.h conflicts between attempted installs of freeradius-dev-3.2.8-r0.x86_64_v3 and lib32-freeradius-dev-3.2.8-r0.core2_32
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fixes for CVE-2025-54764 and CVE-2025-59438
Also, add the recipe to the ptest image list, because it was missing.
Ptests passed successfully.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
remove the following files which have the following license:
Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
This software may not be redistributed in any form without the prior
written consent of Network RADIUS.
src/modules/rlm_dpsk/rlm_dpsk.c
src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For Samba's Active Directory Domain Controller functionality, it needs
to have python3-markdown listed as an RDEPENDS as well as a DEPENDS.
When trying to provision a domain with samba-tool without this change
then it will error out like:
$ samba-tool domain provision --realm=EXAMPLE.COM --domain=EXAMPLE \
--adminpass='YourPassword123!' --server-role=dc \
--dns-backend=SAMBA_INTERNAL --use-rfc2307
<snip>
Temporarily overriding 'dsdb:schema update allowed' setting
ERROR(<class 'ModuleNotFoundError'>): uncaught exception - No module named 'markdown'
File "/usr/lib/python3.13/site-packages/samba/netcmd/init.py", line 279, in _run
return self.run(*args, **kwargs)
~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/samba/netcmd/domain/provision.py", line 343, in run
result = provision(self.logger,
session, smbconf=smbconf, targetdir=targetdir,
...<16 lines>...
backend_store=backend_store,
backend_store_size=backend_store_size)
File "/usr/lib/python3.13/site-packages/samba/provision/init.py", line 2404, in provision
raise e
File "/usr/lib/python3.13/site-packages/samba/provision/init.py", line 2394, in provision
forest = ForestUpdate(samdb, fix=True)
File "/usr/lib/python3.13/site-packages/samba/forest_update.py", line 212, in init
from samba.ms_forest_updates_markdown import read_ms_markdown
File "/usr/lib/python3.13/site-packages/samba/ms_forest_updates_markdown.py", line 27, in <module>
import markdown
Signed-off-by: Andrew Bradford <andrew.bradford@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This update contains a fix for CVE-2025-55763.
License-Update: copyright year bump to 2025.
Shortlog since last update:
5864b55a94...b6ef58f4c4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When enabling multilib with lib32, the radiusd will use etc file for lib32 as default
#systemctl status radiusd
......
/usr/sbin/radiusd -d /etc/lib32-raddb
It should be lib64 as default.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Fix bug that caused that challenge was incorrectly reused if invalid or expired.
* Add support for "data-ciphers-fallback" option.
* Add GUI support for "data-ciphers" option.
* Fix export for password connection type that was not exporting some fields.
* Fix mnemonics in editor's Identity - Advanced view
* Auth-dialog ported to GTK4
* Import certificates into the XDG_DATA_HOME directory.
* Update translations: Hindi, Slovenian, Catalan, Polish, Brazilian Portuguese, Ukrainian, Georgian,
Swedish, Hebrew, Russian and Danish.
* Skip release 1.12.1 because of a bug in the release pipeline.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
api: add support for handling DIOCTL_SET_INJECT_DROP
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Includes the provided service and defaults files for using the
tailscale daemon on systemd init machines.
Added the other kernel modules necessary for tailscaled to work
without warnings to RRECOMMENDS.
Tested with `core-image-minimal` under qemu with machines
`qemux86-64`, `genericx86-64` and `qemuarm64`. Ping
host on tailscale network using magicDNS host lookup.
Signed-off-by: Dean Sellers <dean@sellers.id.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087
The framework directory has been changed into a git submodule.[1][2]
The recipe now uses Git Submodule Fetcher (gitsm)
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
[1] 8cf5666a17
[2] c90c6d8ff7
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Tailscale is a mesh VPN built on the WireGuard protocol.
On the client side, it includes a node agent (tailscaled)
and a client application for configuration (tailscale).
These components can be bundled into a single binary for
a more smaller total size, which is done in this recipe.
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Mark Bath <mark@baggywrinkle.co.uk>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bump minimum cmake dialect to be 3.5+, this is an openwrt
component, which does not get many updates these days. Ideally
the cmake files for the project should be fixed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to mosquitto 2.0.21. Update the patch status for issue 2895 and create a
new patch for an issue introduced in 2.0.19 which causes connections to get down
when the clock is changed.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Appends -Wno-error=vla-cxx-extension to CXXFLAGS as a temporary workaround for the following Clang error:
sctpthread.cpp:95:18: error: variable length arrays in C++ are a Clang extension [-Werror,-Wvla-cxx-extension]
95 | uint8_t buffer[m_linkMtuSize];
| ^~~~~~~~~~~~~
An upstream fix has been proposed: https://github.com/mguentner/cannelloni/pull/82
Please remove this workaround once the upstream patch is merged or fixed in some other way. Make sure it is fixed in the new version.
- Drop 0001-include-bits-stdc-.h-only-when-using-libstdc.patch because already fixed in newer version.
Changelog:
https://github.com/mguentner/cannelloni/compare/v1.1.0...v2.0.0
Fix:
| CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix:
| CMake Error at CMakeLists.txt:27 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Drop 0001-Fix-build-with-gcc-15.patch because fixed in the newer version.
Changelog:
https://github.com/snort3/snort3/blob/3.9.1.0/ChangeLog.md
Fix:
| CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- decode: add check for ipv4 fragmentation for decode_ip
- example: added IP configs for other systems
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Make connection notifications transient
- StatusNotifierItem: announce children-display
- Manager: Hide bt status switch when PowerManager is not available
- Handling for new StatusNotifierWatcher
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Issue was related to latest UNPACKDIR changes -> https://git.openembedded.org/openembedded-core/commit/?id=46480a5e66747a673041fe4452a0ab14a1736d5e
ERROR: autossh-1.4g-r0 do_compile: Execution of '/srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/autossh/1.4g/temp/run.do_compile.2252' failed with exit code 1
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Please see
https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265
for what changes are needed, and sed commands that can be used to make them en masse.
I've verified that bitbake -c patch world works with these, but did not run a world
build; the majority of recipes shouldn't need further fixups, but if there are
some that still fall out, they can be fixed in followups.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
samba-common installs a volatiles configuration file but had not been
calling populate-volatile.sh to apply the configuration. This causes
samba installation to fail on a running target due to missing
directories.
Call "populate-volatile.sh update" in samba-common's postinst which
creates the required directories and enables samba to work.
Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@emerson.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Using a string search for Fail is not going to work always e.g.
when all tests are passing it still prints a summary string with string
"Fail" in it which points to 0, however the logic here catches that and
counts it as 1 failure and marks the return value as 1 and ptest runner
interprets that as failure
Pass the return value from unit.test which should be 0 on all passes
or non zero otherwise.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- there is no tarball hosted at gnome anymore -> switch from
gnomebase class to meson + git
- add missing dependencies for uuid and nvme, add pkgconfig class
- dhcpcanon option was removed upstream
- gtkdoc is broken. Disable to unbreak builds if api-documentation
is enabled
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Move enabling of openssl 3.0 API from EXTRA_OECMAKE to
PACKAGECONFIG[ssl] so that this package can still be configured
successfully without ssl in PACKAGECONFIG.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
