mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-04-02 02:49:12 +00:00
3c4c97f230
Changelog: ========== - Fixed a vulnerability in charon-tkm related to processing DH public values that can lead to a buffer overflow and potentially remote code execution. - The new `pki --ocsp` command produces OCSP responses based on certificate status information provided by plugins. - The cert-enroll script handles the initial enrollment of an X.509 host certificate with a PKI server via the EST or SCEP protocols. - The --priv argument for charon-cmd allows using any type of private key. - Support for nameConstraints of type iPAddress has been added (the openssl plugin previously didn't support nameConstraints at all). - SANs of type uniformResourceIdentifier can now be encoded in certificates. - Password-less PKCS#12 and PKCS#8 files are supported. - A new global option allows preventing peers from authenticating with trusted end-entity certificates (i.e. local certificates). - ECDSA public keys that encode curve parameters explicitly are now rejected by all plugins that support ECDSA. - charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can also use the name in connection.interface-name. - The resolve plugin tries to maintain the order of installed DNS servers. - The kernel-libipsec plugin always installs routes even if no address is found in the local traffic selectors. - Increased the default receive buffer size for Netlink sockets to 8 MiB and simplified its configuration. - Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of always generating a hash of the subjectPublicKey. - Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with unrelated traffic selectors. - Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT, instead callbacks are always invoked even if only errors are signaled. - Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when handling invalid messages. - Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs. - Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if CHILD_SA is not found during rekeying. - The testing environment is now based on Debian 12 (bookworm), by default. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 077489fda8f27336942457da1eaa022804f327c2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-networking
This layer is intended to be a central point for networking-related packages and configuration. It should be useful directly on top of oe-core and compliments meta-openembedded. It should be primarily useful to the following groups:
- Anyone building a small networking device (eg. a home router /
bridge / switch).
- Anyone wanting to add network services to their device (eg.
anything that might benefit from a small ftp/tftp server)
Dependencies
This layer depends on:
URI: git://git.openembedded.org/openembedded-core branch: nanbield
For some recipes, the meta-oe layer is required:
URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-oe branch: nanbield
URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-python branch: nanbield
Maintenance
Layer maintainers: Armin Kuster akuster808@gmail.com
Please see the MAINTAINERS file for information on contacting the maintainers of this layer, as well as instructions for submitting patches.