1344 Commits

Author SHA1 Message Date
Armin Kuster
4bdd8014d5 wireshark: Update to a supported version 4.0.x
Drop CVE patch as its included.
Drop 0003-bison-Remove-line-directives.patch as file is not longer there.
refactor 0001-wireshark-src-improve-reproducibility.patch
LIC_FILES_CHKSUM changed do to re-structuring.
Remove TMPDIR found in some files.
Remove c-ares PACKAGECONFIG as its a required pkg

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-06 23:07:58 -07:00
Lei Maohui
dd3ce95fb0 dovecot: Fix install conflict when enable multilib.
There's conflict of config.h between dovecot and lib32-dovecot.

The differences of config-64.h and config-32.h are as follows:
@@ -774,7 +774,7 @@
#define MODULE_SUFFIX ".so"

/* Maximum value of off_t */
-#define OFF_T_MAX LONG_MAX
+#define OFF_T_MAX LLONG_MAX

/* Name of package */
#define PACKAGE "dovecot"
@@ -834,7 +834,7 @@
#define PRIdTIME_T "ld"

/* printf() format for uoff_t */
-#define PRIuUOFF_T "lu"
+#define PRIuUOFF_T "llu"

/* printf() fmt for hex time_t */
#define PRIxTIME_T "lx"
@@ -846,19 +846,19 @@
#define SIZEOF_INT 4

/* The size of `long', as computed by sizeof. */
-#define SIZEOF_LONG 8
+#define SIZEOF_LONG 4

/* The size of `long long', as computed by sizeof. */
#define SIZEOF_LONG_LONG 8

/* The size of `void *', as computed by sizeof. */
-#define SIZEOF_VOID_P 8
+#define SIZEOF_VOID_P 4

/* Build SQL drivers as plugins */
/* #undef SQL_DRIVER_PLUGINS */

/* Maximum value of ssize_t */
-#define SSIZE_T_MAX LONG_MAX
+#define SSIZE_T_MAX INT_MAX

/* C99 static array */
#define STATIC_ARRAY static
@@ -887,13 +887,13 @@
/* #undef UOFF_T_INT */

/* Define if off_t is long */
-#define UOFF_T_LONG /**/
+/* #undef UOFF_T_LONG */

/* Define if off_t is long long */
-/* #undef UOFF_T_LONG_LONG */
+#define UOFF_T_LONG_LONG /**/

/* Maximum value of uoff_t */
-#define UOFF_T_MAX ULONG_MAX
+#define UOFF_T_MAX ULLONG_MAX

/* Build with checkpassword userdb support */
#define USERDB_CHECKPASSWORD /**/
@@ -935,7 +935,7 @@
#endif

/* Number of bits in a file offset, on hosts where this is settable. */
-/* #undef _FILE_OFFSET_BITS */
+#define _FILE_OFFSET_BITS 64

/* Define for large files, on AIX-style hosts. */
/* #undef _LARGE_FILES */

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-06 09:00:27 -07:00
Wang Mingyu
d17e287c81 ntp: upgrade 4.2.8p15 -> 4.2.8p16
0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch
0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch
refreshed for new version.

Changelog
=========
- fixes 4 vulnerabilities (3 LOW and 1 None severity),
- fixes 46 bugs
- includes 15 general improvements
- adds support for OpenSSL-3.0

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-05 09:29:35 -07:00
Khem Raj
cf298e28e9 ettercap: Do not generate #line directives with bison/flex
Fixes
File /usr/src/debug/ettercap/0.8.3.1-r0/utils/ef_grammar.c in package ettercap-src contains reference to TMPDIR

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-28 16:35:00 -07:00
Khem Raj
12cb5d1337 rdma-core: Use target path for systemctl
Fixes
WARNING: rdma-core-46.0-r0 do_package_qa: QA Issue: File /usr/lib/udev/rules.d/60-srp_daemon.rules in package rdma-core contains reference to TMPDIR

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-28 16:35:00 -07:00
Khem Raj
227d7536f9 ruli: Pass cflags to makefile
Fixes
WARNING: ruli-0.36-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libruli.so.4 in package ruli-dbg contains reference to TMPDIR [buildpaths]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-28 16:34:59 -07:00
Khem Raj
3b73aba951 ipvsadm: Pass build environment cflags to compiler
This helps in avoiding absolute build time paths in binaries debug info

Fixes
WARNING: ipvsadm-1.31-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/ipvsadm in package ipvsadm-dbg contains reference to TMPDIR [buildpaths]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-26 18:36:56 -07:00
Wang Mingyu
c0200da3dd rdma-core: upgrade 45.0 -> 46.0
Changelog:
==========
 Merge pull request #1327 from haoyue-Xu/bugfixes
 libhns: Disable local invalidate operation
 Merge pull request #1330 from amzn/change-maintainer
 MAINTAINERS: Update EFA provider maintainer
 Merge pull request #1329 from selvintxavier/bnxt_update
 bnxt_re/lib: Remove deferred arming logic
 bnxt_re/lib: Fix the UD completion reported
 Merge pull request #1328 from amzn/tests-fix
 tests: Skip rc_flush tests if not supported in kernel
 tests: Fix get_net_name for cases there is no net device

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-25 08:57:47 -07:00
Wang Mingyu
63a756a02c fetchmail: upgrade 6.4.23 -> 6.4.37
License-Update: Update SSL configure instructions and license info.

Changelog:
===========
- OpenSSL 1.1.1t and 3.0.8 and wolfSSL 5.5.4 (or newer on the respective compatible branches) remain supported.
- updated translations and bumped SSL/TLS library version requirements.
- fixed a critical softbounce bug
- finds both rst2html5 with and without .py suffix when rebuilding the distribution.
- updated the configure script for --with-ssl properly identifying the right
  OpenSSL on a system with multiple OpenSSL versions installed, and updates the
  manual page and its HTML conversion process, and adds some error checking to the .netrc parser.
- added a wolfSSL compatibility workaround
- updated the manual page and several other documentation files, adds preliminary
  wolfSSL 5.0 support on systems that provide a C99 compiler, fixed up a specific
  fix for a compatibility issue with the end-of-life OpenSSL 1.0.2 around the
  expiry of the DST Root CA X3 certificate which impairs connectivity to
  Let's-Encrypt-certified sites. Supported OpenSSL versions 1.1.1 and newer are unaffected.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-25 08:57:47 -07:00
Martin Jansa
8c8943590c ndpi: remove unused CVE-2021-36082.patch
* it was removed from SRC_URI in:
  https://git.openembedded.org/meta-openembedded/commit/?id=8359cf87458d185011831a8132b8af17bcbc9605

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-24 07:23:55 -07:00
Khem Raj
9a06629463 unbound: Remove references to buildpaths
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-23 08:48:18 -07:00
Khem Raj
8257604b8a curlpp: Remove references to buildpaths e.g. TMPDIR
Fixes
WARNING: curlpp-0.8.1-r0 do_package_qa: QA Issue: File /usr/bin/curlpp-config in package curlpp-dev contains reference to TMPDIR [buildpaths]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-23 08:48:18 -07:00
Khem Raj
068294c2d5 dovecot: Do not install dovecot-config
This contains references to source directories used during build, it
will not be useful on target without really editing it properly to
reflect target rootfs install. it perhaps never was used thus far, it
would have failed otherwise.

Fixes
WARNING: dovecot-2.3.20-r0 do_package_qa: QA Issue: File /usr/lib/dovecot/dovecot-config in package dovecot contains reference to TMPDIR [buildpaths]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-23 08:48:18 -07:00
Khem Raj
c75d0ca313 dovecot: Upgrade to 2.3.20
- Re-enable LTO again, it works ok.
- Turn systemd into a packageconfig and enable it when systemd is in
  distro features

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-23 08:48:18 -07:00
Khem Raj
da331ae8f1 nbdkit: Remove buildpaths from binaries
Drop unused patch 0001-server-Fix-build-when-printf-is-a-macro.patch

Fixes
WARNING: nbdkit-1.33.11-r0 do_package_qa: QA Issue: File /usr/lib/nbdkit/plugins/nbdkit-cc-plugin.so in package nbdkit contains reference to TMPDIR [buildpaths]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-23 08:48:18 -07:00
Petr Gotthard
d5b57d8505 strongswan: add PACKAGECONFIG for the NetworkManager module
Disabled by default. When enabled, a package 'strongswan-nm' gets created.
The package naming follows Debian/Ubuntu.

Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-11 11:28:34 -07:00
Martin Jansa
412fc53307 spice-gtk: respect gobject-introspection-data
* without gobject-introspection-data in DISTRO_FEATURES the bbclass
  correctly disables it:

  $ bitbake-getvar -r spice-gtk EXTRA_OEMESON
  #
  # $EXTRA_OEMESON [6 operations]
  #   :append /OE/build/oe-core/openembedded-core/meta/classes-recipe/meson.bbclass:44
  #     " ${PACKAGECONFIG_CONFARGS}"
  #   :prepend[class-target] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:28
  #     "${@['', '${GIRMESONTARGET}'][d.getVar('GIR_MESON_OPTION') != '']}"
  #   :prepend[class-native] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:33
  #     "${@['', '${GIRMESONBUILD}'][d.getVar('GIR_MESON_OPTION') != '']}"
  #   :prepend[class-nativesdk] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:34
  #     "${@['', '${GIRMESONBUILD}'][d.getVar('GIR_MESON_OPTION') != '']}"
  #   set /OE/build/oe-core/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb:49
  #     "-Dpie=true -Dvapi=enabled"
  #   :append[libc-musl] /OE/build/oe-core/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb:50
  #     " -Dcoroutine=libucontext"
  # pre-expansion value:
  #   "${@['', '${GIRMESONTARGET}'][d.getVar('GIR_MESON_OPTION') != '']}-Dpie=true -Dvapi=enabled ${PACKAGECONFIG_CONFARGS}"
  EXTRA_OEMESON="-Dintrospection=false -Dpie=true -Dvapi=enabled "

  and prevents build failure:
  http://errors.yoctoproject.org/Errors/Details/702789/
  Run-time dependency gobject-introspection-1.0 found: NO (tried pkgconfig)
  ../git/meson.build:346:0: ERROR: Dependency "gobject-introspection-1.0" not found, tried pkgconfig

* it just needs GIR_MESON_*_FLAG to be set to avoid:
  meson.build:4:0: ERROR: Value "false" (of type "string") for combo option "Check for GObject instrospection requirements" is not one of the choices. Possible choices are (as string): "enabled", "disabled", "auto".

* and enable vapi only when introspection is enabled, use PACKAGECONFIG for that to avoid:
  meson.build:358:4: ERROR: Problem encountered: VAPI support requested without introspection

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-03 21:24:55 -07:00
Peter Marko
648912f72d ntp: whitelist CVE-2019-11331
Links from https://nvd.nist.gov/vuln/detail/CVE-2019-11331 lead to
conclusion that this is how icurrent ntp protocol is designed.
New RFC is propsed for future but it will not be compatible with current
one.

See https://support.f5.com/csp/article/K09940637

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-19 09:39:15 -07:00
Wang Mingyu
2e782260d0 tcpdump: upgrade 4.99.3 -> 4.99.4
Changelog:
==========
Source code:
----------------
  Fix spaces before tabs in indentation.
Updated printers:
-----------------
  LSP ping: Fix "Unused value" warnings from Coverity.
  CVE-2023-1801: Fix an out-of-bounds write in the SMB printer.
  DNS: sync resource types with IANA.
  ICMPv6: Update the output to show a RPL DAO field name.
  Geneve: Fix the Geneve UDP port test.
Building and testing:
----------------------
  Require at least autoconf 2.69.
  Don't check for strftime(), as it's in C90 and beyond.
  Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Documentation:
-------------
  man: Document TCP flag names better.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-17 09:53:32 -07:00
Wang Mingyu
f613df1f33 openvpn: upgrade 2.6.2 -> 2.6.3
Changelog:
==========
  GHA: remove Ubuntu 18.04 builds
  vcpkg: request "tools" feature of openssl for MSVC build
  doc: run rst2* with --strict to catch warnings
  Support of DNS domain for DHCP-less drivers
  Bug-fix: segfault in dco_get_peer_stats()

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-17 09:53:31 -07:00
Wang Mingyu
4b28dff276 mctp: upgrade 1.0 -> 1.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-17 09:53:31 -07:00
Peter Kjellerstedt
2e0a581bee recipes: Remove double protocol= from SRC_URIs
With the exception of paho-mqtt-cpp, the double protocol= attributes
were added to the SRC_URIs when protocol=https was added to all SRC_URIs
fetching from github.com in commit b402a3076f (recipes: Update SRC_URI
branch and protocols).

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-05 15:56:47 -07:00
Wang Mingyu
fc221b3211 openvpn: upgrade 2.6.1 -> 2.6.2
Changelog:
==========
 dco: don't use NetLink to exchange control packets
 dco: print version to log if available
 dco-linux: remove M_ERRNO flag when printing netlink error message
 multi: don't call DCO APIs if DCO is disabled
 dco-freebsd: use m->instances[] instead of m->hash
 dco-linux: implement dco_get_peer_stats{, multi} API
 Set netlink socket to be non-blocking
 Ensure n = 2 is set in key2 struct in tls_crypt_v2_unwrap_client_key
 Fix memory leaks in open_tun_dco()
 Fix memory leaks in HMAC initial packet generation
 Use key_state instead of multi for tls_send_payload parameter
 Make sending plain text control message session aware
 Only update frame calculation if we have a valid link sockets
 Improve description of compat-mode
 Simplify --compress parsing in options.c
 Refuse connection if server pushes an option contradicting allow-compress
 Add 'allow-compression stub-only' internally for DCO
 Parse compression options and bail out when compression is disabled
 tests/unit_tests: Fix 'make distcheck' with subdir-objects enabled
 preparing release 2.6.2
 dns option: allow up to eight addresses per server
 dco: print FreeBSD version
 Support --inactive option for DCO
 Fix '--inactive <time> 0' behavior for DCO
 Print DCO client stats on SIGUSR2
 Don't overwrite socket flags when using DCO on Windows
 using OpenSSL3 API for EVP PKEY type name reporting
 Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded form
 Import some sample certificates into Windows store for testing
 Add tests for finding certificates in Windows cert store
 Refactor SSL_CTX_use_CryptoAPI_certificate()
 Add a test for signing with certificates in Windows store
 Unit tests: add test for SSL_CTX_use_Cryptoapi_certificate()
 Improve error message on short read from socks proxy
 Make error in setting metric for IPv6 interface non-fatal

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-04 13:39:46 -07:00
Wang Mingyu
a014528ede ndisc6: upgrade 1.0.6 -> 1.0.7
Changelog:
=========
# Do not ignore multicast advertisements when discovery was sent as unicast
  (fix regression from 1.0.5).

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-04 13:39:46 -07:00
Wang Mingyu
d414cd15b3 libldb: upgrade 2.7.1 -> 2.7.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-04 13:39:46 -07:00
Khem Raj
77c6192de7 fwknop: Fix AS_IF configure syntax
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-02 10:06:48 -07:00
Khem Raj
0dbd8cf7d0 fwknop: Use pkg-config instead of gpgme-config
pkg-config is sysroot aware which is needed for cross-builds

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-02 10:06:48 -07:00
Peter Marko
c90081cebd dnsmasq: fix CVE-2023-28450
The patch is modified by removing irrelevant and conflicting
CHANGELOG entry.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-25 08:54:59 -07:00
Wang Mingyu
d7ff124b03 nbdkit: upgrade 1.33.10 -> 1.33.11
License-Update:
 "Copyright (C) 2013-2020 Red Hat Inc." changed to "Copyright Red Hat"

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-23 21:46:12 -07:00
Fabio Estevam
ea6112ae77 ettercap: Update Upstream-Status
The patch has been applied upstream, so update the Upstream-Status
line accordingly.

Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-23 16:57:01 -07:00
Khem Raj
977d61c936 ettercap: Fix build with libcurl >= 8
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-23 15:03:43 -07:00
Yi Zhao
7473b1ebf2 tcpreplay: 4.4.2 -> 4.4.3
ChangeLog:
https://github.com/appneta/tcpreplay/releases/tag/v4.4.3

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-23 15:03:43 -07:00
Lei Maohui
25ef3eec88 pgpool2: Added a new recipe.
Pgpool-II is a middleware that works between PostgreSQL servers and a PostgreSQL database client. It is distributed under a license similar to BSD and MIT. It provides the  following features.

Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-22 09:10:39 -07:00
Zhixiong Chi
6315006aad ntp: drop the deprecated ntpdate
The combination of ntpd and sntp now implements the functions of
ntpdate, which has been deprecated.
Now we don't need ntpdate anymore, and we can use the following
command 'ntpd -q -g -x' instead.
So drop the related section of ntpdate now.

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-17 07:06:56 -07:00
Wang Mingyu
a029621253 rdma-core: upgrade 44.0 -> 45.0
Changelog:
==========
    53ee89b Merge pull request #1299 from zhuyj/dmabuf
    95507d0 Merge pull request #1311 from EdwardSro/pr-pyverbs-tests
    087deb5 irdma: Add support for ibv_reg_dmabuf_mr
    6644617 Merge pull request #1309 from hz-cheng/master
    fe9e480 Merge pull request #1304 from EdwardSro/pr-tests-fixes
    5c9f444 Merge pull request #1303 from EdwardSro/pr-mlx5-dr-steering
    8f56a83 Merge pull request #1310 from joshuafried/mlx5_dr_bugfix
    638ace8 tests: Add test for devx DBR-less mode data path
    25a4bf0 tests: Skip CUDA tests if there is no CUDA device
    5dad658 tests: Add set and copy modify action of metadata

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-17 07:06:55 -07:00
Yi Zhao
8577ba2ee0 libldb: upgrade 2.6.1 -> 2.7.1
Refresh 0002-ldb-Add-configure-options-for-packages.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-14 07:42:47 -07:00
Petr Gotthard
4138f34899 openvpn: upgrade 2.6.0 -> 2.6.1
Changelog:
https://github.com/OpenVPN/openvpn/blob/v2.6.1/Changes.rst

Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-10 17:21:15 -08:00
Wang Mingyu
05d26628dc nbdkit: upgrade 1.33.7 -> 1.33.10
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-09 23:45:17 -08:00
Wang Mingyu
b4fad2defe stunnel: upgrade 5.67 -> 5.69
License-Update: Copyright year updated to 2023.

Changelog:
==========
* New features
  - Improved logging performance with the "output" option.
  - Improved file read performance on the WIN32 platform.
  - DH and kDHEPSK ciphersuites removed from FIPS defaults.
  - Set the LimitNOFILE ulimit in stunnel.service to allow
    for up to 10,000 concurrent clients.
  - Added the new 'CAengine' service-level option
    to load a trusted CA certificate from an engine.
  - Added requesting client certificates in server
    mode with 'CApath' besides 'CAfile'.
  - Improved file read performance.
  - Improved logging performance.
* Bugfixes
  - Fixed the "CApath" option on the WIN32 platform by
    applying https://github.com/openssl/openssl/pull/20312.
  - Fixed stunnel.spec used for building rpm packages.
  - Fixed tests on some OSes and architectures by merging
    Debian 07-tests-errmsg.patch (thx to Peter Pentchev).
  - Fixed EWOULDBLOCK errors in protocol negotiation.
  - Fixed handling TLS errors in protocol negotiation.
  - Prevented following fatal TLS alerts with TCP resets.
  - Improved OpenSSL initialization on WIN32.
  - Improved testing suite stability.
* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.8.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-09 23:45:17 -08:00
Yi Zhao
338c278f4c traceroute: upgrade 2.1.1 -> 2.1.2
Changes in 2.1.2:
  * Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1
    (Eric Dumazet, SF bug #14)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-06 08:41:13 -08:00
Yi Zhao
4e453dae3b strongswan: 5.9.9 -> 5.9.10
Changelog:
https://github.com/strongswan/strongswan/releases/tag/5.9.10

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-06 08:41:13 -08:00
Petr Gotthard
2c1b55a059 openvpn: upgrade 2.5.8 -> 2.6.0
New features and improvements in 2.6.0 compared to 2.5.8:
 - Data Channel Offload (DCO) kernel acceleration support for Windows,
   Linux, and FreeBSD.
 - OpenSSL 3 support.
 - Improved handling of tunnel MTU, including support for pushable MTU.
 - Outdated cryptographic algorithms disabled by default, but there are
   options to override if necessary.
 - Reworked TLS handshake, making OpenVPN immune to replay-packet state
   exhaustion attacks.
 - Added --peer-fingerprint mode for a more simplistic certificate setup
   and verification.
 - Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
 - Improved protocol negotiation, leading to faster connection setup.

Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-24 08:45:44 -08:00
Martin Jansa
285b7cd79f .patch: fix Upstream-Status formatting issues reported by patchreview tool from oe-core
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-24 08:45:44 -08:00
Yi Zhao
ac0da5190f meta-networking: fix Upstream-Status format
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-24 08:45:44 -08:00
Wang Mingyu
0d69dd2a4a rdma-core: upgrade 42.0 -> 44.0
0001-examples-Include-alloca.h-for-strdupa.patch
removed since it's included in 44.0

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-20 00:23:02 -08:00
Wang Mingyu
e82c7e601e libtalloc: upgrade 2.3.4 -> 2.4.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-18 13:19:36 -08:00
Wang Mingyu
80cf1039de libtdb: upgrade 1.4.7 -> 1.4.8
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-18 13:19:36 -08:00
Wang Mingyu
91fa0cd42a libtevent: upgrade 0.13.0 -> 0.14.1
0001-Add-configure-options-for-packages.patch
refreshed for new version.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-18 13:19:36 -08:00
Michael Opdenacker
d691725280 ipcalc: update to 1.0.2
- Now built with meson
- Update the source git repository and home page
  https://github.com/nmav/ipcalc redirects to https://gitlab.com/ipcalc/ipcalc
- USE_GEOIP = "no" not necessary in the recipe, already
  set by default in the code.

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-18 13:19:36 -08:00
Wang Mingyu
b448af492d htpdate: upgrade 1.3.6 -> 1.3.7
Changelog:
==========
- bugfix: wrong default portnumber for proxy was used
- bugfix: https://bugs.launchpad.net/ubuntu/+source/htpdate/+bug/1850740
- improvement: Avoid bouncing between upper/lower limit when (almost) in sync
- improvement: Set SSL server hostname on SSL object

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-16 19:33:29 -08:00