Mbed OS has reached its ends of life in 2024 [1], the annoucement also
includes the change of the Mbed TLS homepage. This commit updates the
HOMEPAGE variable in the mbedtls recipe to reflect the new URL.
Additionally, the BUGTRACKER variable is added, as it is a required
field [2].
[1] https://os.mbed.com/blog/entry/Important-Update-on-Mbed/
[2] https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#required-variables
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.
Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.
Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Newer gnulib use python implementation by default if it
finds py3 on the system. However, netcf is old package
and its not expecting python implementation, therefore
make the shell implementation be used.
REALLOC_N is gone in latest gnulib so house a local
macro
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add new patch to fix breakage from Apple Wireless Direct Link support on
macOS.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: Change license to EPL-2.0 OR BSD-3-Clause
Clarify license in LICENSE.txt: f466e454e0
Updated NOTICE.md: https://github.com/eclipse-mosquitto/mosquitto/commit/827c803cb8d6376891548b856a1faa3f0ab5
Removed patch included in this release
Update PACKAGECONFIG/cmake options:
- manpages: -DDOCUMENTATION → -DWITH_DOCS (the CMake option was renamed in 2.1.x)
- ssl: removed -DWITH_EC=ON/-DWITH_EC=OFF; the WITH_EC option was dropped in 2.1.x
since Elliptic Curve support is now always included with TLS
- websockets — adapt websockets to properly use with picohttpparser
- persist-sqlite - for persistence support in the broker, have sqlite3 dependency
- ctrl-shell: mosquitto_ctrl interactive shell, have libedit dependency
Disable `DWITH_ADNS` option because it required Argon2, which is not part of
meta-oe layer
Disable `DWITH_TESTS` option because mosquitto start using GoogleTest
and we hit a common Yocto + CMake + GoogleTest problem
Improve shipped package to modern version
Changelog:
v2.1.2:
https://github.com/eclipse-mosquitto/mosquitto/blob/v2.1.2/ChangeLog.txtgT
Broker:
- Forbid running with `persistence true` and with a persistence plugin at the
same time.
Build:
- Build fixes for OpenBSD. Closes#3474.
- Add missing libedit to docker builds. Closes#3476.
- Fix static/shared linking of libwebsockets under cmake.
v2.1.1:
https://github.com/eclipse-mosquitto/mosquitto/blob/v2.1.1/ChangeLog.txt
v2.1.0:
https://github.com/eclipse-mosquitto/mosquitto/blob/v2.1.0/ChangeLog.txt
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Add man pages and adjust Makefile for man pages
- Avoid %#x printf pattern
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since there are no sources being fetched, set S to UNPACKDIR to fix:
| WARNING: wowlan-udev-1.0-r0 do_unpack: wowlan-udev: the directory
| ${UNPACKDIR}/${BP} ... pointed to by the S variable doesn't exist
| - please set S within the recipe to point to where the source has
| been unpacked to.
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently, the build of wireshark fails with
ERROR: wireshark-1_4.6.3-r0 do_package_qa: QA Issue: /usr/lib/libwsutil.so.17.0.0 contained in package wireshark requires libxxhash.so.0()(64bit), but no providers found in RDEPENDS:wireshark? [file-rdeps]
ERROR: wireshark-1_4.6.3-r0 do_package_qa: Fatal QA errors were found, failing task.
ERROR: Logfile of failure stored in: /build/tmp/work/core2-64-poky-linux/wireshark/4.6.3/temp/log.do_package_qa.302606
ERROR: Task (/build/../work/layers-3rdparty/openembedded/meta-networking/recipes-support/wireshark/wireshark_4.6.3.bb:do_package_qa) failed with exit code '1'
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVE fix is correct, but the CVE ID contains a typo. The correct
ID is CVE-2026-3606.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: updated to latest GPLv2 text version [1]
Changelog [2]
- Bug 5501: Squid may exit when ACLs decode an invalid URI
- ICP: Fix HttpRequest lifetime for ICP v3 queries
- ICP: Fix validation of packet sizes and URLs
- Do not escape malformed URI twice when sending ICP errors
- ... and some code, CI, and documentation cleanups
[1] 765c7f4e7f
[2] https://github.com/squid-cache/squid/releases/tag/SQUID_7_5
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Squid tags are in form SQUID_<MAJ>_<MIN>.
This can also be seen in SRC_URI download link.
This change will make "devtool latest-version squid" correctly show 7.5
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
OE-Core has dropped gstreamer1.0-vaaapi, breaking spice-gtk. Drop the
dependency and, while we are at it, enable libva as a dependency, making
sure VA-API is enabled.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Using old Python on the build host with SetupTools 82 results in an error
message during building:
| error: invalid command 'egg_info'
|
| ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel
| WARNING: exit code 1 from a shell command.
To avoid it, use the native Python environment built by OE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Create path to fix `meson` build errors
Add missing dependencies.
Disables man page generation. The build was using xsltproc to try
downloading http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
from the network, which fails in embedded build environments.
Changelog:
v1.56.0
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.56.0/NEWS?ref_type=tags
Changed:
- Unify the versioning to use everywhere the scheme with the -rcX or -dev
suffixes when appropriate. This affects, for example, the URL and filename
of the release tarball and the version reported by nmcli and the daemon.
As an exception, the C API will continue to use the 90+ scheme for RC versions.
- nmcli now supports viewing and managing WireGuard peers.
- Support reapplying the "sriov.vfs" property as long as
"sriov.total-vfs" is not changed.
- Support reapplying "bond-port.vlans".
- Accept hostnames longer than 64 characters from DNS lookup.
- Make that global-dns configuration overwrites DNS searches and
options from connections, instead of merging all together.
- Add support for a new rd.net.dhcp.client-id option in
nm-initrd-generator.
- Add gsm device-uid setting to restrict the devices the connection applies to.
- Support configuring the HSR protocol version via the
"hsr.protocol-version" property.
- Fix a bug that makes broadband connections auto-connect getting
blocked if the connection tries to reconnect when modem status is
"disconnecting" / "disconnected".
- Treat modem connection not having an operator code available
as a recoverable error.
- Add support for configuring systemd-resolved's DNSSEC option
per-connection via the "connection.dnssec" connection property.
- Support configuring the HSR interlink port via the
"hsr.interlink" property.
- Fix some connection properties not being applied to vpn connections
(connection.mdns, connection.llmnr, connection.dns-over-tls,
connection.mptcp-flags, ipv6.ip6-privacy)
- Update n-acd to always compile with eBPF enabled, as support
for eBPF is now detected at run time.
- Add new MPTCP 'laminar' endpoint type, and set it by default alongside
the 'subflow' one.
- For private connections (the ones that specify a user in the
"connection.permissions" property), verify that the user can access
the 802.1X certificates and keys set in the connection.
- Introduce a libnm function that can be used by VPN plugins to check
user permissions on certificate and keys.
v1.54.0
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.54.0/NEWS?ref_type=tags
Changed:
- Add support for configuring per-device IPv4 forwarding via the
"ipv4.forwarding" connection property.
- Add a new "prefix-delegation" setting containing a "subnet-id"
property that specifies the subnet to choose on the downstream
interface when using IPv6 prefix delegation.
- Support OCI baremetal in nm-cloud-setup
- When activating a WireGuard connection to an IPv6 endpoint, now
NetworkManager creates firewall rules to ensure that the incoming
packets are not dropped by kernel reverse path filtering.
- Add support for configuring the loopback interface in nmtui.
- Most of the properties of ovs-bridge and ovs-port connections can
now be reapplied at runtime without bringing the connection down.
- Add a new "sriov.preserve-on-down" property that controls whether
NetworkManager preserves the SR-IOV parameters set on the device
when the connection is deactivated, or whether it resets them to
their default value.
- Introduce a new "ovs-dpdk.lsc-interrupt" property to configure the
Link State Change (LSC) detection mode for OVS DPDK interfaces.
- The initrd-generator now can parse the NVMe Boot Firmware Table
(NBFT) to configure networking during early boot.
- Add systemd services to provide networking in the initrd.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tag is not on any branch.
Changelog:
1.14.2:
https://github.com/libcpr/cpr/releases/tag/1.14.2
Changed:
- test: don't reflect Content-Length from request
- Fixed curlholder Double Free
- Fix error when running CMake configure multiple times with CPR_BUILD_TESTS, bump CMake min version to 3.18
- fix: replace curl_error_map with switch to fix Static Initialization Order Fiasco
- Updated Bazel Instructions
- Bump actions/upload-artifact from 5 to 6
- Bump actions/checkout from 5 to 6
- Bump jwlawson/actions-setup-cmake from 1.14 to 2.1
v1.14.1:
https://github.com/libcpr/cpr/releases/tag/1.14.1
Changed:
- Fixed SSE Windows string parsing
v1.14.0
https://github.com/libcpr/cpr/releases/tag/1.14.0
Changed:
- fix: Crash when building with /MT in MSVC (double-destructor) #1276
- 1.14.0 Release Preparation - NuGet Release Build Fixes
- Add support for Server Sent Events (SSE)
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- tests: make slabs-reassign2 test more resilient
- proxy: reduce flakiness in t/proxyunits.t
- proxy: fix off by one in temp string with 250b key
- slabs: fix hang and crash.
- Fix failing proxy*.t tests on some systems like OL8
- Account for absent 'ssl_proto_errors' in stats during SSL tests
- Fix test compatibility on IPv6-only systems.
- Use SSLv23 method when TLSv1.3 is unsupported (e.g., macOS)
- extstore: more compaction write patience
- parser: fix lru command regression
- Fix: avoid null print for slab busy reason
- extstore: testing around rescued compaction items
- extstore: fix compaction checks wrong refcount
- proto: armor against empty commands
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: update GPLv2 COPYING document
Some terminology and FSF address changes since the GPLv2
4c5fbc7e8d
Remove lines from patch, which modify not exist code.
Changelog:
https://github.com/squid-cache/squid/releases/tag/SQUID_7_4
Changes:
- Do not create world-readable directories
- digest_edirectory_auth: Fix LDAPS memory leaks
- snmplib: Improve handling of zero-length ASN OCTET STRINGs
- Debug tls_read_method()/tls_write_method() errors
- ICMP: Harden echo paths, fix overflows, UB, and leaks
- Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers
- security_file_certgen: Fix OPENSSL_malloc()/free(3) mismatch
- Detect FreeBSD ports Heimdal package
- Remove SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H macro
- Remove SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H macro
- ext_kerberos_ldap_group_acl: Do not prohibit all LDFLAGS
- negotiate_sspi_auth: Respond with ERR when FormatMessage() fails
- ... and some code cleanups
- ... and some CI improvements
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes:
- Added abilty to build and run in a docker container
- kas is the default symbol lookup method now
- Fix building without libtool installed
- Misc fixes for kas lookup logic
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The last release was almost a decade ago, but there are quite
a few commits that were added to the project since that.
Instead of waiting for a new release, use the tip of the repository.
Changelog:
https://github.com/jpbarrette/curlpp/compare/v0.8.1...ec1b66e699557cd9d608d322c013a1ebda16bd08
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It is fetched from git, so the checksums are not doing anything.
While touching it, switch to the project's own license file instead
of using a generic one from the COMMON_LICENSE_DIR.
The license itself has not changed, still gpl 2.0, only.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The patch removed manual generation completely from the build scripts,
however upstream has added a configure option in version 1.11.0[1] to
do it in a more gentle way.
Drop the patch, and use the configure option instead.
[1]: 5ba958829f
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bugfix release. Changes:
- USB HID dissector memory exhaustion. CVE-2026-3201.
- NTS-KE dissector crash. CVE-2026-3202.
- RF4CE Profile dissector crash. CVE-2026-3203.
- Wireshark doesn’t start if Npcap is configured with
"Restrict Npcap driver’s Access to Administrators only"
- PQC signature algorithm not reported in signature_algorithms.
- Unexpected JA4 ALPN values when space characters sent.
- Expert Info seems to have quadratic performance (gets slower and slower)
- IKEv2 EMERGENCY_CALL_NUMBERS Notify payload cannot be decoded.
- TShark and editcap fails with segmentation fault when output format (-F) set to blf.
- Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee
Direct Tunneling Zigbee NWK PDUs NULL hash table]
- Wiretap writes pcapng custom options with string values invalidly.
- RDM status in Output Status (GoodOutputB) field incorrectly
decoded in Art-Net PollReply dissector.
- Wiretap writes invalid pcapng Darwin option blocks.
- TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to
incorrect expectation of TYPE_VARLEN (MaxLen)
- Only first HTTP POST is parsed inside SOCKS with "Decode As".
- TShark: Bogus "Dissector bug" messages generated in pipelines
where something after tshark exits before reading all its input.
- New Diameter RAT-Types in TS 29.212 not decoded.
- Malformed packet error on Trigger HE Basic frames.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ngtcp2 project is an effort to implement IETF QUIC protocol
It is a dependency of the new Samba recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
HTTP/3 library written in C
A new dependency for Samba recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
On some platforms (for example, QCx6490), XO (Crystal Oscillator) shutdown
is prevented by Wireless Processor Subsystem votes on interconnect
bandwidth and XO unless the WoWLAN magic-packet trigger is enabled. These
votes are released only after running:
iw phy0 wowlan enable magic-packet
Add an udev rule to automatically enable WoWLAN magic-packet support when
a Wi-Fi PHY is registered. This rule is provided via a dedicated
wowlan-udev package and is not enabled by default.
Integrators should include this package only if their platform requires
automatic WoWLAN magic-packet enablement.
Signed-off-by: Miaoqing Pan <miaoqing.pan@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Added 'vmware:open_vm_tools' to CVE_PRODUCT to align with the NVD
CPE and ensure accurate CVE reporting.
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
