master: subtree updates oct 4 2023
poky: 61531cd395..e444d2bed0:
Adrian Freihofer (3):
lib/oe/utils: Refactor to make multiprocess_launch callable without d
lib/oe/package: Refactor to make strip_execs callable without d
oeqa/selftest/devtool: Refactor runqemu pre-requisites
Alexander Kanavin (69):
cargo-c-native: fix version check
igt-gpu-tools: do not write shortened git commit hash into binaries
curl: build and run the full set of ptests
ptest: report tests that were killed on timeout
perl: use 64 bit integers across all targets
perl: ensure all failures are caught
strace: parallelize ptest
strace: remove from time64.inc exception list
busybox: enable 64 bit shell arithmetic (via long long type)
openssl: parallelize tests
openssl: ensure all ptest fails are caught
glibc-tests: rename to glibc-y2038-tests
sysstat: merge .inc into .bb
sysstat: update 12.6.2 -> 12.7.4
glib-2.0: update 2.76.4 -> 2.78.0
ovmf: update edk2-stable202305 -> edk2-stable202308
libdnf: update 0.70.1 -> 0.71.0
liburi-perl: update 5.17 -> 5.21
python3-pygobject: update 3.44.1 -> 3.46.0
go-helloworld: update to latest revision
gzip: update 1.12 -> 1.13
procps: update 4.0.3 -> 4.0.4
screen: update 4.9.0 -> 4.9.1
gobject-introspection: update 1.76.1 -> 1.78.0
igt-gpu-tools: update 1.27.1 -> 1.28
libva-utils: update 2.19.0 -> 2.20.0
piglit: update to latest revision
groff: add a patch to resolve build races
groff: fix another build race via backport
systemd: upgrade 254 -> 254.4
util-linux: upgrade 2.39.1 -> 2.39.2
cmake: upgrade 3.27.4 -> 3.27.5
jquery: upgrade 3.7.0 -> 3.7.1
python3-setuptools-rust: upgrade 1.6.0 -> 1.7.0
vulkan: upgrade 1.3.250.0 -> 1.3.261.1
libxcb: upgrade 1.15 -> 1.16
xcb-proto: upgrade 1.15.2 -> 1.16.0
boost: upgrade 1.82.0 -> 1.83.0
btrfs-tools: upgrade 6.3.3 -> 6.5.1
createrepo-c: upgrade 0.21.1 -> 1.0.0
debianutils: upgrade 5.12 -> 5.13
diffoscope: upgrade 244 -> 249
ethtool: upgrade 6.3 -> 6.5
font-util: upgrade 1.4.0 -> 1.4.1
freetype: upgrade 2.13.1 -> 2.13.2
ghostscript: upgrade 10.01.2 -> 10.02.0
iproute2: upgrade 6.4.0 -> 6.5.0
json-c: upgrade 0.16 -> 0.17
kmscube: upgrade to latest revision
libarchive: upgrade 3.7.1 -> 3.7.2
libsdl2: upgrade 2.28.0 -> 2.28.3
libsolv: upgrade 0.7.24 -> 0.7.25
man-pages: upgrade 6.04 -> 6.05.01
meson: upgrade 1.1.1 -> 1.2.1
mmc-utils: upgrade to latest revision
mtd-utils: upgrade 2.1.5 -> 2.1.6
puzzles: upgrade to latest revision
python3-dtschema: upgrade 2023.6.1 -> 2023.7
python3-git: upgrade 3.1.35 -> 3.1.36
python3-libarchive-c: upgrade 4.0 -> 5.0
python3-setuptools: upgrade 68.2.1 -> 68.2.2
python3-sphinx: upgrade 7.2.5 -> 7.2.6
seatd: upgrade 0.7.0 -> 0.8.0
sqlite3: upgrade 3.43.0 -> 3.43.1
tiff: upgrade 4.5.1 -> 4.6.0
vala: upgrade 0.56.8 -> 0.56.13
xf86-input-libinput: upgrade 1.3.0 -> 1.4.0
xwayland: upgrade 23.1.2 -> 23.2.1
python3-setuptools-scm: fix upstream version check
Alexandre Belloni (1):
python3: fix SoB on patch
Antoine Lubineau (1):
cve-check: add CVSS vector string to CVE database and reports
Bruce Ashfield (9):
linux-yocto/6.4: update to v6.4.15
linux-yocto/6.1: update to v6.1.52
linux-yocto/6.4: update to v6.4.16
linux-yocto/6.1: update to v6.1.53
linux-yocto/6.1: update to v6.1.55
linux-yocto-dev: update to v6.6-rcX
linux-yocto: introduce 6.5 reference kernel recipes
linux-libc-headers: uprev to v6.5
linux-libc-headers: default to 6.5
Charles-Antoine Couret (1):
systemd-boot-cfg: add .conf suffix to default entry label
Chen Qi (1):
python3: add cpython to CVE_PRODUCT
Daniel Semkowicz (2):
wic: bootimg-partition: Fix file name in debug message
uboot-extlinux-config.bbclass: Add missing variable descriptions
Deepthi Hemraj (2):
binutils: stable 2.41 branch updates.
glibc: stable 2.38 branch updates.
Denys Dmytriyenko (2):
bitbake.conf: add MACHINE to SDK_NAME
spdx: use TOOLCHAIN_OUTPUTNAME for SDK filename prefix
Derek Straka (1):
pypi.bbclass: Update the upstream checks to automatically replace '_' with '-'
Eilís 'pidge' Ní Fhlannagáin (2):
lib/oe/package_managegment: Add nativesdk-intercept PATH
update_mandb: deb fails due to missing man cache
Etienne Cordonnier (1):
bitbake: bitbake-worker/runqueue: Avoid unnecessary bytes object copies
Insu Park (1):
bitbake: data: Add missing dependency handling of remove operator
Jan Garcia (1):
insane.bbclass: Count raw bytes in shebang-size
Joshua Watt (6):
classes/create-spdx-2.2: Add extra debugging for missing package files
nfs-utils: Don't start nfs-statsd.service without exports
nfs-utils: Add StateDirectory for systemd services
bitbake: utils: Add path_is_descendant()
bitbake: fetch2: git: Use path_is_descendant() instead of path for repo check
classes/create-spdx-2.2: Show error if document is not found
Julien Stephan (1):
bitbake: bitbake: cooker: add a new function to retrieve task signatures
Kai Kang (2):
goarch.bbclass: not compatible with riscv32
adwaita-icon-theme: 43 -> 45.0
Khem Raj (25):
perl: Add packageconfig for setlocale functionality differences
libc-test: Run as non-root user
coreutils: Upgrade to 9.4
coreutils: Add config.h to ptest package
gettext: Add missing dependency on gawk autoconf
util-linux: Disable failing tests on musl
Revert "util-linux: scanf_cv_alloc_modifier changed from 'as' -> 'ms'"
util-linux: Fix lscpu on musl
qemu: Add PACKAGECONFIG for dax
llvm: Upgrade to 17.0.1
oeqa: Use 2.14 release of cpio instead of 2.13
musl: Update to latest
bsd-headers: Define __CONCAT and __STRING
mesa: Update clang-17 patch to upstream v2
musl-legacy-error: Add recipe
elfutils: Depend on musl-legacy-error for musl targets
debugedit: Use musl-legacy-error
systemd: Drop two upstreamed musl patches
systemd: Refresh patches to avoid patch-fuzz
glib-2.0: Enable possible locales with musl for ptests
glib-2.0: Remove failing ptests on musl
llvm: Upgrade to 17.0.2
createrepo-c: Fix function declaration bug found with clang
mesa: Simplify llvm-17 patch
mesa: Fix native build on hosts with llvm-dev installed
Lee Chee Yang (2):
bind: update to 9.18.19
cups: fix CVE-2023-4504
Markus Volk (8):
mesa: upgrade 23.1.3 -> 23.1.7
libportal: upgrade 0.6 -> 0.7.1
appstream: import recipe from meta-oe
libadwaita: upgrade 1.3.4 -> 1.4.0
maintainers.inc: add missing entries for appstream and libxmlb
libxmlb: import recipe from meta-oe
pulseaudio: dont include consolekit for systemd
mesa: Upgrade 23.1.7 -> 23.1.8
Marta Rybczynska (3):
python3-ply: add to nativesdk
python3-isodate: add homepage
python3-rdflib: add homepage
Martin Jansa (3):
gcc: backport a fix for ICE caused by CVE-2023-4039.patch
fontcache.bbclass: avoid native recipes depending on target fontconfig
multilib_script.bbclass: expand script name as well
Matthias Schnelte (1):
bitbake: fetch2: Adds vscode devcontainer support
Michael Opdenacker (18):
base: add newline before LICENSE_FLAGS_DETAILS
dev-manual: new-recipe.rst fix inconsistency with contributor guide
contributor-guide: recipe-style-guide: add Upstream-Status
dev-manual: licenses: update license manifest location
dev-manual: licenses: mention SPDX for license compliance
dev-manual: disk-space: improve wording for obsolete sstate cache files
sdk-manual: extensible.rst: fix multiple formatting issues
alsa-lib: upgrade 1.2.9 -> 1.2.10
alsa-utils: upgrade 1.2.9 -> 1.2.10
shadow: fix patch Upstream-Status
libevent: fix patch Upstream-Status
alsa-utils: update patch Upstream-Status
alsa-lib: fix patch Upstream-Status
lib/oe/qa: remove obsolete "Accepted" string for Upstream-Status
lib/oe/qa: update guidelines link for Upstream-Status
bsp-guide: bsp.rst: replace reference to wiki
dev-manual: new-recipe.rst: replace reference to wiki
maintainers.inc: add self for flac recipe
Mikko Rapeli (9):
openssh: update Upstream-Status to Denied in test logging patch
openssh: improve banner ptest failure logging
testimage.bbclass: detect slirp from TEST_RUNQEMUPARAMS
oeqa dnf_runtime.py: fix HTTP server IP address and port
oeqa selftest runtime_test.py: append to TEST_RUNQEMUPARAMS
selftest runtime_test.py: add testimage.bbclass slirp test
openssh: capture logs in run-ptest
testimage.bbclass: remove QEMU_USE_SLIRP variable
oeqa/selftest/context.py: check git command return values
Ninad Palsule (1):
kernel-fitImage: Strip path component from dtb
Peter Kjellerstedt (7):
libsoup-2.4: Only specify --cross-file when building for target
libsoup: Only specify --cross-file when building for target
bitbake: tinfoil: Do not fail when logging is disabled and full config is used
bitbake: bitbake-getvar: Make --quiet work with --recipe
bitbake: bitbake-getvar: Make --value imply --quiet
bitbake: bitbake-getvar: Add a (suppressable) error for undefined variables
bitbake: bitbake-getvar: Treat undefined variables as empty with --value
Peter Marko (2):
openssl: Upgrade 3.1.2 -> 3.1.3
json-c: define CVE_VERSION
Qiu Tingting (1):
tar: add ptest support
Richard Purdie (34):
bitbake.conf: Add IMAGE_BASENAME to SDK_NAME
vim: Upgrade 9.0.1664 -> 9.0.1894
defaultsetup: Inherit create-spdx by default
oeqa/selftest/runtime_test: No need to use append with TEST_RUNQEMUPARAMS
devtool/build_sdk: Drop unused imports
bitbake: lib: Drop inotify support and replace with mtime checks
bitbake: server/process: Disable the flush() call in server logging
recipetool/devtool: Ensure server knows about changed files
lttng-tools: Upgrade 2.13.10 -> 2.13.11
oeqa/selftest/wic: Improve assertTrue calls
elfutils: Fix reproducibility issue with bunzip2
bitbake: cooker: Drop unneeded flush calls
sstate: Fix nativesdk entry in SSTATE_ARCHS
multilib: fix SSTATE_ARCHS for multilib usage
license/license_image: Fix license file layout to avoid overlapping files
oeqa/selftest/bbtests: Improve and update test_non_gplv3
create-spdx/sbom: Ensure files don't overlap between machines
sstate: Stop allowing overlapping symlinks from sstate
recipes: Drop remaining PR values from recipes
bitbake.conf: No longer support PR from filename
oeqa/selftest: Fix broken symlink removal handling
oeqa/selftest/reproducible: Avoid oe-selftest startup delays
oeqa: Streamline oe-selftest startup time
oeqa/selftest/oescripts: Avoid variable access at module load
bitbake: codeparser: Update debug variable reference
contributor-guide/style-guide: Refer to recipes, not packages
contributor-guide/style-guide: Add a note about task idempotence
lib: Import packagedata oe module by default
oeqa/runner: Ensure class setup errors are shown to bitbake logging
create-spdx: Ensure it is clear where the message comes from
oeqa/utils/gitarchive: Handle broken commit counts in results repo
python3-numpy: Fix reproducibility issue
scritps/runqemu: Ensure we only have two serial ports
glibc: Pull in stable branch fixes
Robert Joslyn (2):
curl: Update from 8.2.1 to 8.3.0
curl: Skip tests marked flaky
Robert Yang (1):
libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt
Roland Hieber (7):
template: fix typo in section header
ref-manual: point outdated link to the new location
contributor-guide: recipe-style-guide: add more patch tagging examples
contributor-guide: recipe-style-guide: add section about CVE patches
contributor-guide: discourage marking patches as Inappropriate
contributor-guide: deprecate "Accepted" patch status
contributor-guide: style-guide: discourage using Pending patch status
Ross Burton (19):
packagegroup-core-x11-xserver: add modesetting driver to default XSERVER
machine/qemu*: add modesetting drivers to XSERVER
beaglebone-yocto: remove redundant XSERVER assignment
gcc: Fix -fstack-protector issue on aarch64
testimage: respect target/server IPs when using slirp
manuals: document LICENSE_FLAGS_DETAILS
linux-yocto: update CVE ignores
libwebp: upgrade to 1.3.2
oeqa/runtime/parselogs: remove unused imports
oeqa/runtime/parselogs: don't bother to show target hardware information
oeqa/runtime/parselogs: remove obsolete LSB testing support
oeqa/runtime/parselogs: inline single-caller functions
oeqa/runtime/parselogs: improve find call
oeqa/runtime/parselogs: don't pass around members
oeqa/runtime/parselogs: move some variables out of global scope
oeqa/runtime/parselogs: select the correct machine-specific ignores early
oeqa/runtime/parselogs: parse the logs with Python, not grep
webkitgtk: reduce size of -dbg package
bitbake: bitbake/lib: spawn server/worker using the current Python interpreter
Samantha Jalabert (14):
python3-isodate: Copy recipe from meta-python
python3-booleanpy: Copy recipe from meta-python
python3-beartype: add recipe
python3-click: Copy recipe from meta-python
ptest-packagelists.inc: add python test click
python3-license-expression: Copy recipe from meta-python
ptest-packagelists.inc: add python test license-expression
python3-rdflib: Copy recipe from meta-python
python3-uritools: add recipe
python3-xmltodict: Copy recipe from meta-python
ptest-packagelists.inc: add python test xmltodict
python3-spdx-tools: add recipe
qa: Add selftest for python3-spdx-tools
maintainers.inc: add python3-spdx-tools and dependencies
Sean Nyekjaer (1):
gcc: depend on zstd
Stefan Tauner (1):
gdb: fix RDEPENDS for PACKAGECONFIG[tui]
Stephan Wurm (1):
python3-jsonschema: Update homepage URL
Tim Orling (1):
python3-cryptography{-vectors}: upgrade to 41.0.4
Trevor Gamblin (6):
patchtest: Add tests from patchtest oe repo
patchtest/selftest: remove configurable target
patchtest: add requirements.txt
patchtest: Add README.md for selftests
python3-ptest: skip test_input_no_stdout_fileno
patchtest/selftest: only split resultlines once
Ulrich Ölmann (1):
packagegroup-base: clean up setting packagegroup-machine-base's SUMMARY
Wang Mingyu (36):
alsa-ucm-conf: upgrade 1.2.9 -> 1.2.10
at-spi2-core: upgrade 2.48.3 -> 2.48.4
dbus: upgrade 1.14.8 -> 1.14.10
debianutils: upgrade 5.8 -> 5.12
dnf: upgrade 4.16.1 -> 4.17.0
harfbuzz: upgrade 8.1.1 -> 8.2.0
kexec-tools: upgrade 2.0.26 -> 2.0.27
libinput: upgrade 1.23.0 -> 1.24.0
libnl: upgrade 3.7.0 -> 3.8.0
nghttp2: upgrade 1.55.1 -> 1.56.0
ccache: upgrade 4.8.2 -> 4.8.3
pkgconf: upgrade 2.0.2 -> 2.0.3
python3-git: upgrade 3.1.34 -> 3.1.35
python3-hypothesis: upgrade 6.84.0 -> 6.84.3
python3-pyelftools: upgrade 0.29 -> 0.30
python3-pytest: upgrade 7.4.1 -> 7.4.2
python3-setuptools: upgrade 68.1.2 -> 68.2.1
strace: upgrade 6.4 -> 6.5
stress-ng: upgrade 0.16.04 -> 0.16.05
wayland-utils: upgrade 1.1.0 -> 1.2.0
wireless-regdb: upgrade 2023.05.03 -> 2023.09.01
at-spi2-core: upgrade 2.48.4 -> 2.50.0
enchant2: upgrade 2.5.0 -> 2.6.1
harfbuzz: upgrade 8.2.0 -> 8.2.1
kbd: upgrade 2.6.2 -> 2.6.3
libsecret: upgrade 0.21.0 -> 0.21.1
gobject-introspection: upgrade 1.78.0 -> 1.78.1
python3-numpy: upgrade 1.25.2 -> 1.26.0
python3-hypothesis: upgrade 6.84.3 -> 6.86.2
python3-pycryptodome: upgrade 3.18.0 -> 3.19.0
python3-pycryptodomex: upgrade 3.18.0 -> 3.19.0
python3-smmap: upgrade 5.0.0 -> 6.0.0
python3-trove-classifiers: upgrade 2023.8.7 -> 2023.9.19
python3-typing-extensions: upgrade 4.7.1 -> 4.8.0
python3-urllib3: upgrade 2.0.4 -> 2.0.5
python3-zipp: upgrade 3.16.2 -> 3.17.0
Yash Shinde (1):
glibc: fix CVE-2023-4527
Yogita Urade (2):
tiff: fix CVE-2023-40745
tiff: fix CVE-2023-41175
meta-openembedded: eff1b182c1..ea42cec2ec:
Alex Kiernan (2):
mdns: Upgrade 1790.80.10 -> 2200.0.8
jq: Upgrade 1.6+git -> 1.7
Archana Polampalli (2):
python3-appdirs: print ptest results in unified format
nodejs: upgrade 18.17.1 -> 20.5.1
Armin Kuster (1):
openldap: update to 2.5.16.
Bruce Ashfield (2):
zfs: update to v2.2.0-rc4
vboxguestdrivers: fix kernel v6.5 build
Chi Xu (1):
mariadb: Add ptest support
Clément Péron (6):
etcd-cpp-apiv3: upgrade 0.14.3 -> 0.15.3
devtools: grpc: bump to 1.56.2
protobuf: upgrade 4.22.2 -> 4.23.4
protobuf-c: bump to next release to support protobuf 4.23.x
mariadb: add missing <cstdint> in rocksdb string_util.h
etcd-cpp-apiv3: fix build when gRPC is cross compiled
Daniel Semkowicz (2):
cockpit: Move packagekit to a separate package
cockpit: Move apps to a separate package
Derek Straka (54):
python3-absl: Update version 1.4.0 -> 2.0.0
python3-brotli: Update version 1.0.9 -> 1.1.0
python3-cachecontrol: Update version 0.13.0 -> 0.13.1
python3-cantools: Update version 38.0.2 -> 39.2.0
python3-cerberus: Update version 1.3.4 -> 1.3.5
python3-configshell-fb: Update version 1.1.29 -> 1.1.30
python3-custom-inherit: Update version 2.3.1 -> 2.4.1
python3-distlib: Update version 0.3.6 -> 0.3.7
python3-fasteners: Update version 0.18 -> 0.19
python3-filelock: Update version 3.12.0 -> 3.12.4
python3-bleak: Update version 0.20.2 -> 0.21.1
python3-dynamic-dispatch: Correct the upstream regex check for version upgrades
python3-google-api-python-client: Update version 2.99.0 -> 2.100.0
python3-sqlalchemy: Upgrade 2.0.20 -> 2.0.21
python3-netaddr: Update version 0.8.0 -> 0.9.0
python3-msgpack: Update version 1.0.5 -> 1.0.6
python3-protobuf: Update version 4.24.2 -> 4.24.3
python3-gevent: Update version 23.7.0 -> 23.9.1
python3-langtable: Update version 0.0.63 -> 0.0.64
python3-posix-ipc: Update version 1.0.5 -> 1.1.1
python3-websocket-client: Update version 1.5.3 -> 1.6.3
python3-web3: Update version 6.9.0 -> 6.10.0
python3-apiflask: Update version 2.0.1 -> 2.0.2
python3-argh: Update version 0.29.3 -> 0.29.4
python3-async-timeout: remove old version of the library
python3-pydantic: Update version 1.10.7 -> 2.4.1
python3-pyhamcrest: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-pyasn1-modules: Update version 0.2.8 -> 0.3.0
python-pyiface: Update version from git -> 0.0.11
python3-pymysql: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-pymysql: update verion 1.0.2 -> 1.1.0
python3-pyproj: update version 3.6.0 -> 3.6.1
python3-pyproject-api: update version 1.5.1 -> 1.6.1
python3-redis: update version 5.0.0 -> 5.0.1
python3-traitlets: update version 5.9.0 -> 5.10.1
python3-xxhash: update version 3.2.0 -> 3.3.0
python3-pyzmq: update version 25.0.0 -> 25.1.1
python3-cachecontrol: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-flask-babel: update version 2.0.0 -> 3.1.0
python3-idna-ssl: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-ninja-syntax: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-prettytable: update version 3.6.0 -> 3.9.0
python3-pytz-deprecation-shim: Remove outdated recipe meant to be a short lived shim
python3-tzlocal: Remove dependency on pytz_deprecation_shim removed in release 5.0
python3-astroid: update version 2.16.6 -> 3.0.0
python3-flask: update version 2.3.2 -> 2.3.3
python3-google-api-core: update version 2.12.0
python3-google-api-python-client: update version 2.100.0 -> 2.101.0
python3-google-auth: update version 2.23.0 -> 2.23.1
python3-parse-type: update version 0.5.2 -> 0.6.2
python3-nacl: Add recipe for the latest release of PyNaCl
python3-botocore: add recipe for latest version of botocore
python3-boto3: add recipe for latest version of boto3
python3-flask-cors: add initial version of the recipe for 4.0.0
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.20 -> 0.0.21
Gianfranco Costamagna (3):
mosquitto: do not automatically depend on dlt-daemon, it's a non-mandatory logging system
mosquitto: upgrade 2.0.15 -> 2.0.17
mosquitto: upgrade 2.0.17 -> 2.0.18
Jeffrey Pautler (1):
bolt: disable CVE checking for this recipe
Jonas Gorski (1):
frr: upgrade 8.4.4 -> 9.0.1
Julian Haller (1):
openct: Fix typo in SUMMARY variable
Kai Kang (1):
ostree: not compatible with riscv32 when ptest enabled
Khem Raj (25):
vlc: Fix build with gettext 0.22+
usbguard: Enable seccomp if distro features have it
sharutils: Check for intmax_t using configure
poco: Add pass/fail ststus into logs
mongodb: Add rdep on tzdata-core
mongodb: Upgrade to 4.4.24
meta-oe-ptest-image-poco: Increase size tp 1G
poco: Fix ptest runtime errors
poco: Do not enable MongoDB packageconfig by default
plocate: Upgrade to 1.1.19 release
xscreensaver: Add osuosl backup MIRROR
mozjs-115: Apply autoconf tuple mismatch fix
cpp-netlib: Fix build with boost 1.80+
cpp-netlib: Fix buildpaths in generated cmake files
python3-pybluez: Fix patch upstream-status
python3-pynetlinux: Fix patch upstream-status
libnet-idn-encode: Add recipe
libio-socket-ssl-perl: Change libnet-libidn-perl->libnet-idn-encode rdep for ptests
libnfs: Drop -Wno-implicit-function-declaration
webkitgtk3: Do not use musttail with clang on arm
fftw: Fix ptest result reporting
nodejs: Fix ptest result reporting
relayd: Update to latest tip of trunk
relayd: Fix build with clang
kernel-selftest: Build headers before compiling tests
Lee Chee Yang (8):
libsdl: fix CVE-2022-34568
keepalived: 2.2.2 -> 2.2.8
irssi: 1.4.2 -> 1.4.4
iniparser: Fix CVE-2023-33461
opensc: fix CVE-2023-2977
x11vnc: Fix CVE-2020-29074
libvncserver: update to 0.9.14
ntpsec: 1.2.2 -> 1.2.2a
Markus Volk (48):
libei: add recipe
libxmlb: update 0.3.10 -> 0.3.14
appstream: update 0.16.2 -> 0.16.3
webrtc-audio-processing: add recipe for 1.x
pipewire: upgrade 0.3.79 -> 0.3.80
evolution-data-server: upgrade 3.48.3 -> 3.50.0
appstream: remove workaround for cross-compile
libxmlb: fix a reproducibility and runtime issue with ptest
tracker-miners: upgrade 3.5.0 -> 3.6.0
mozjs: upgrade 102.9.0 -> 102.15.0
tecla: add recipe
polkit: upgrade 122 -> 123
tracker: upgrade 3.5.1 -> 3.6.0
libxmlb: remove recipe
appstream: remove recipe
gvfs: upgrade 1.51.90 -> 1.52.0
mutter: upgrade 44.3 -> 45.0
xdg-desktop-portal: upgrade 1.16.0 -> 1.18.0
gnome-boxes: upgrade 44.2 -> 45.0
gnome-session: upgrade 44.0 -> 45.0
gnome-text-editor: upgrade 44.0 -> 45.0
gnome-shell: upgrade 44.3 -> 45.0
eog: upgrade 44.3 -> 45.0
gnome-calculator: upgrade 44.0 -> 45.0
xdg-desktop-portal-gnome: upgrade 44.1 -> 45.0
gnome-calendar: upgrade 44.0 -> 45.0
gnome-software: upgrade 44.4 -> 45.0
zenity: upgrade 3.44.0 -> 3.44.2
gnome-system-monitor: upgrade 44.0 -> 45.0
webkitgtk: upgrade 2.40.5 -> 2.42.0
gnome-control-center: upgrade 44.3 -> 45.0
gnome-settings-daemon: upgrade 44.1 -> 45.0
tracker: add missing Upstream-Status
gdm: upgrade 44.1 -> 45.0.1
gnome-calendar: fix reproducibility issue
exiv2: Upgrade 0.27.6 -> 0.28.0
gexiv: Upgrade 0.14.0 -> 0.14.2
gjs: Upgrade 1.76.1 -> 1.78.0
mozjs: add recipe for v115
evince: Upgrade 44.2 -> 45.0
Nautilus: Upgrade 44.2.1 -> 45.0
gedit: Upgrade 44.2 -> 46.1
tepl: Upgrade 6.4.0 -> 6.8.0
libblockdev: Upgrade 2.28 -> 3.03
udisks2: Upgrade 2.9.4 -> 2.10.1
mozjs: Upgrade 102.15.0 -> 102.15.1
libnfs: dont install libnfs-config.cmake
gnome-remote-desktop: Upgrade 44.2 -> 45.0
Martin Jansa (20):
webrtc-audio-processing: Fix build with -Werror=return-type
freeglut: return x11 to REQUIRED_DISTRO_FEATURES
packagegroup-meta-multimedia: restore x11 restriction for projucer
btrfsmaintenance: move btrfs-tools dependency from build-time to run-time
btrfsmaintenance: drop allarch
ttf-google-fira: exclude siggen dependency on fontconfig
cukinia: drop allarch
mdio-tools: exclude siggen dependency on mdio-netlink
ot-br-posix: exclude siggen dependency on ipset
mongodb: add and fix Upstream-Status
mongodb: Fix build on 32bit
gupnp: fix build with meson-1.2.0
minifi-cpp, mozjs-115, redis-7.2.1, pv: add missing Upstream-Status
mozjs: fix filename in MULTILIB_SCRIPTS
gupnp-tools: fix build with meson-1.2.0
gnome-tweaks, networkmanager-fortisslvpn, libesmtp, json-schema-validator, python3-pybluez, python3-pynetlinux, apache2: Fix Malformed Upstream-Status
mozjs: use PV in MULTILIB_SCRIPTS
mosquitto, etcd-cpp-apiv3: add missing Upstream-Status
meta-oe/dynamic-layers: add Upstream-Status where missing
meta-oe/dynamic-layers: add one more missing Upstream-Status and fix one malformed
Michał Iwanicki (1):
python3-pyu2f: add recipe
Mingli Yu (4):
minifi-cpp: Remove the buildpath issue
hdf5: Upgrade to 1.14.2
vlock: Use EXTRA_CFLAGS
mozjs-102: Remove the buildpath
Richard Leitner (2):
python3-shellingham: add recipe for v1.5.3
python3-autoflake: add recipe for v2.2.1
Ross Burton (1):
webkitgtk3: reduce size of -dbg package
Sam Van Den Berge (6):
python3-flask-jwt-extended: add recipe
python3-flask-marshmallow: add recipe
python3-apispec: add recipe
python3-flask-httpauth: add recipe
python3-webargs: add recipe
python3-apiflask: add recipe
Samantha Jalabert (6):
Remove python3-rdflib
Remove python3-license-expression
Remove python3-xmltodict
Remove python3-booleanpy
Remove python3-click
Remove python3-isodate
Samuli Piippo (1):
protobuf: stage protoc binary to sysroot
Sanjay Chitroda (1):
netkit-telnet: Fix CVE-2022-39028
Trevor Gamblin (1):
python3-aiofiles: upgrade 23.1.0 -> 23.2.1
Vyacheslav Yurkov (3):
overlayfs-tools: Drop unneeded dependency
overlayfs-tools: Bump up the version
overlayfs-tools: Install fsck binary
Wang Mingyu (42):
freerdp: upgrade 2.10.0 -> 2.11.0
boost-sml: upgrade 1.1.8 -> 1.1.9
ctags: upgrade 6.0.20230827.0 -> 6.0.20230917.0
dovecot: upgrade 2.3.20 -> 2.3.21
freerdp: upgrade 2.11.0 -> 2.11.1
gensio: upgrade 2.7.5 -> 2.7.6
geoclue: upgrade 2.7.0 -> 2.7.1
hwloc: upgrade 2.9.2 -> 2.9.3
iperf3: upgrade 3.14 -> 3.15
libcloudproviders: upgrade 0.3.2 -> 0.3.4
libdeflate: upgrade 1.18 -> 1.19
libglvnd: upgrade 1.6.0 -> 1.7.0
libtommath: upgrade 1.2.0 -> 1.2.1
libcoap: upgrade 4.3.1 -> 4.3.3
python3-antlr4-runtime: upgrade 4.13.0 -> 4.13.1
python3-lazy: upgrade 1.5 -> 1.6
python3-pyfanotify: upgrade 0.2.0 -> 0.2.1
psqlodbc: upgrade 15.00.0000 -> 16.00.0000
python3-argcomplete: upgrade 3.1.1 -> 3.1.2
python3-bitstring: upgrade 4.1.1 -> 4.1.2
python3-cmake: upgrade 3.27.4.1 -> 3.27.5
python3-coverage: upgrade 7.3.0 -> 7.3.1
python3-engineio: upgrade 4.7.0 -> 4.7.1
python3-eth-utils: upgrade 2.2.0 -> 2.2.1
python3-flask-migrate: upgrade 4.0.4 -> 4.0.5
python3-flask-socketio: upgrade 5.3.5 -> 5.3.6
python3-google-api-python-client: upgrade 2.97.0 -> 2.99.0
python3-google-auth: upgrade 2.22.0 -> 2.23.0
python3-pillow: upgrade 10.0.0 -> 10.0.1
python3-pymisp: upgrade 2.4.175 -> 2.4.176
python3-pymodbus: upgrade 3.5.0 -> 3.5.2
python3-rapidjson: upgrade 1.10 -> 1.11
python3-rich: upgrade 13.5.2 -> 13.5.3
python3-term: upgrade 2.4 -> 2.5
python3-tox: upgrade 4.11.1 -> 4.11.3
python3-typeguard: upgrade 4.1.3 -> 4.1.5
python3-types-setuptools: upgrade 68.1.0.1 -> 68.2.0.0
python3-virtualenv: upgrade 20.24.4 -> 20.24.5
python3-xlsxwriter: upgrade 3.1.2 -> 3.1.3
python3-zeroconf: upgrade 0.97.0 -> 0.112.0
redis: upgrade 7.2.0 -> 7.2.1
remmina: upgrade 1.4.31 -> 1.4.32
Xiangyu Chen (3):
mosh: add support of protobuf 4.22.x
protobuf: upgrade 3.21.12 -> 4.22.2
protobuf-c: add support of protobuf 4.22.x
Yi Zhao (1):
audit: upgrade 3.1.1 -> 3.1.2
meta-arm: bd0953cc60..95789365f7:
Abdellatif El Khlifi (2):
arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472
arm-bsp/u-boot: corstone1000: purge U-Boot specific DT nodes before Linux
Adam Johnston (1):
arm-bsp/trusted-firmware-a: Fix BL32 path if usrmerge enabled
Divin Raj (1):
ci,doc,kas,arm-bsp,arm: Remove support for fvp-baser-aemv8r64 machine
Emekcan Aras (6):
arm-bsp/optee-os: corstone1000: Handling logging syscall correctly
CI: Add meta-secure-core
CI: Include meta-secure-core in corstone1000
kas: corstone1000: add meta-secure-core
arm-bsp/u-boot: corstone1000: introduce authenticated capsule update
arm-bsp/trusted-firmware-m: Enable authenticated capsule update
Javier Tia (2):
optee-client: start tee-supplicant.service when teeprivX dev is detected
libts: tee-udev.rules: Change ownership to tee group
Jon Mason (5):
arm/edk2: update to edk2-stable202308
arm/trusted-firmware-m: update to 1.8.1
arm/opencsd: update to v1.4.1
arm/scp-firmware: update to v2.13.0
README: remove reference to meta-arm-autonomy
Khem Raj (1):
layer.conf: update LAYERSERIES_COMPAT for nanbield
Mariam Elshakfy (2):
arm-bsp/optee-os: N1SDP upgrade optee-os to 3.22
arm-bsp/optee-os: N1SDP upgrade tadevkit and optee-test to 3.22
Peter Hoyes (2):
CI: Allow a GitHub container registry mirror to be specified
CI: Make update-repos more resilient to network issues
Ross Burton (15):
arm/generic-arm64: move SERIAL_CONSOLES to generic-arm64
arm/qemu-generic-arm64: force off KVM in qemu
arm/generic-arm64: set XSERVER to install the modesetting driver
CI: remove redundant variables in testimage.yml
arm-bsp: change port mapping for SSH to port 2222
arm/apply_local_src_patches: allow use in multiple directories
arm/trusted-services: pass through CMake generator
arm/trusted-services: add missing pkgconfig inherit
arm/trusted-services/ts-remote-test: move binary to $bindir
arm/trusted-services/ts-sp-env-test: add missing DEPENDS
arm/trusted-services/ts-sp-env-test: remove
arm/trusted-services: use apply_local_src_patches
arm/trusted-services: upgrade nanopb and fix build races
CI: use a venv for sphinx
CI: upgrade to Kas 4 container
Xueliang Zhong (2):
arm-bsp/n1sdp: update to linux yocto kernel 6.4
arm-bsp/corstone1000: bump kernel version to v6.4
meta-security: 1856a7cf43..aca6d4a9e7:
Armin Kuster (10):
suricata: fix build issue.
suricata: Update to 7.0.0
sssd: Update to 2.9.2
openscap: update to 1.3.9
python3-privacyidea: update to 3.8.1
lkrg-module: update to 0.9.7
libhtp: update to 0.5.45
swtpm: update 0.8.1
lynis: Update to 3.0.9
scap-security-guide: Drop Poky patch and update to tip
John Broadbent (1):
libhoth: Update
meta-raspberrypi: 6501ec892c..482d864b8f:
Joshua Watt (1):
rpi-base: Fix wic image kernel dependency
Khem Raj (5):
userland: Update to trunk from 20230419
linux-raspberrypi: Upgrade 6.1 release to latest point release 6.1.54
linux-firmware-rpidistro: Update to 20230210-5_bpo11+1
bluez-firmware-rpidistro: Update to 1.2-4+rpt10
raspberrypi-firmware: Update to 20230509~buster
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for nanbield
Change-Id: Id75112a3b0be4bd150dc5d9a28c01982ed48200e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-openembedded/meta-networking/conf/layer.conf b/meta-openembedded/meta-networking/conf/layer.conf
index 12ce08c..2343179 100644
--- a/meta-openembedded/meta-networking/conf/layer.conf
+++ b/meta-openembedded/meta-networking/conf/layer.conf
@@ -22,6 +22,8 @@
SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
wireguard-tools->wireguard-module \
+ mdio-tools->mdio-netlink \
+ ot-br-posix->ipset \
"
BBFILES_DYNAMIC += " \
meta-python:${LAYERDIR}/dynamic-layers/meta-python/recipes-*/*/*.bb \
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2894.patch b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2894.patch
new file mode 100644
index 0000000..7374cbd
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2894.patch
@@ -0,0 +1,25 @@
+From: Joachim Zobel <jz-2017@heute-morgen.de>
+Date: Wed, 13 Sep 2023 09:55:34 +0200
+Subject: [PATCH] Link correctly with shared websockets library if needed see:
+ https://github.com/eclipse/mosquitto/pull/2751
+
+Patch contributed by Joachim Zobel <jz-2017@heute-morgen.de> and Daniel Engberg <daniel.engberg.lists@pyret.net>
+---
+Upstream-Status: Pending
+
+ src/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 9380a04..dce8313 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -200,7 +200,7 @@ if (WITH_WEBSOCKETS)
+ link_directories(${mosquitto_SOURCE_DIR})
+ endif (WIN32)
+ else (STATIC_WEBSOCKETS)
+- set (MOSQ_LIBS ${MOSQ_LIBS} websockets)
++ set (MOSQ_LIBS ${MOSQ_LIBS} websockets_shared)
+ endif (STATIC_WEBSOCKETS)
+ endif (WITH_WEBSOCKETS)
+
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2895.patch b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2895.patch
new file mode 100644
index 0000000..853f881
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2895.patch
@@ -0,0 +1,27 @@
+From: Joachim Zobel <jz-2017@heute-morgen.de>
+Date: Wed, 13 Sep 2023 10:05:43 +0200
+Subject: [PATCH] Mosquitto now waits for network-online when starting
+ (Closes: #1036450)
+
+See: https://github.com/eclipse/mosquitto/issues/2878
+---
+Upstream-Status: Pending
+
+ service/systemd/mosquitto.service.simple | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/service/systemd/mosquitto.service.simple b/service/systemd/mosquitto.service.simple
+index 15ee0d6..c2a330b 100644
+--- a/service/systemd/mosquitto.service.simple
++++ b/service/systemd/mosquitto.service.simple
+@@ -1,8 +1,8 @@
+ [Unit]
+ Description=Mosquitto MQTT Broker
+ Documentation=man:mosquitto.conf(5) man:mosquitto(8)
+-After=network.target
+-Wants=network.target
++After=network-online.target
++Wants=network-online.target
+
+ [Service]
+ ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
index 9d5963c..d0da219 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
+++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
@@ -1,18 +1,18 @@
-#! /bin/sh
+#!/bin/sh
# Based on the Debian initscript for mosquitto
### BEGIN INIT INFO
-# Provides: mosquitto
-# Required-Start: $remote_fs $syslog
-# Required-Stop: $remote_fs $syslog
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: mosquitto MQTT message broker
-# Description:
-# This is a message broker that supports version 3.1/3.1.1 of the MQ Telemetry
+# Provides: mosquitto
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: mosquitto MQTT 3.1/3.1.1 message broker
+# Description:
+# This is a message broker that supports version 3.1 of the MQ Telemetry
# Transport (MQTT) protocol.
-#
+#
# MQTT provides a method of carrying out messaging using a publish/subscribe
# model. It is lightweight, both in terms of bandwidth usage and ease of
# implementation. This makes it particularly useful at the edge of the network
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.15.bb b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb
similarity index 94%
rename from meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.15.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb
index d06dd2d..0c9ccc8 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.15.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb
@@ -17,13 +17,15 @@
SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \
file://mosquitto.init \
file://1571.patch \
+ file://2894.patch \
+ file://2895.patch \
"
-SRC_URI[sha256sum] = "4735b1d32e3f91c7a8896741d88a3022e89730a1ee897946decfa0df27039ac6"
+SRC_URI[sha256sum] = "d665fe7d0032881b1371a47f34169ee4edab67903b2cd2b4c083822823f4448a"
inherit systemd update-rc.d useradd cmake pkgconfig
-PACKAGECONFIG ??= "ssl dlt websockets \
+PACKAGECONFIG ??= "ssl websockets \
${@bb.utils.filter('DISTRO_FEATURES','systemd', d)} \
"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0001-fix-ppp-2.5.0-build.patch b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0001-fix-ppp-2.5.0-build.patch
index 0a568fa..2e84a33 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0001-fix-ppp-2.5.0-build.patch
+++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0001-fix-ppp-2.5.0-build.patch
@@ -7,7 +7,7 @@
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-Upstream-Status: Accepted
+Upstream-Status: Backport
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
---
Makefile.am | 5 +-
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0002-fix-ppp-2.5.0-build.patch b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0002-fix-ppp-2.5.0-build.patch
index 798a57b..6ac8f2b 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0002-fix-ppp-2.5.0-build.patch
+++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0002-fix-ppp-2.5.0-build.patch
@@ -6,7 +6,7 @@
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-Upstream-Status: Accepted
+Upstream-Status: Backport
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
---
configure.ac | 6 +-----
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd/0001-rtnl_flush-Error-on-failed-write.patch b/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd/0001-rtnl_flush-Error-on-failed-write.patch
deleted file mode 100644
index eaaf304..0000000
--- a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd/0001-rtnl_flush-Error-on-failed-write.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 2fa326b26dc479942367dc4283e2f87372403988 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 17 Jun 2017 09:32:04 -0700
-Subject: [PATCH] rtnl_flush: Error on failed write()
-
-Fixes
-route.c:45:2: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
-| write(fd, "-1", 2);
-| ^~~~~~~~~~~~~~~~~~
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Submitted
-
- route.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/route.c b/route.c
-index c552d1f..fc5c31e 100644
---- a/route.c
-+++ b/route.c
-@@ -42,7 +42,8 @@ static void rtnl_flush(void)
- if (fd < 0)
- return;
-
-- write(fd, "-1", 2);
-+ if (write(fd, "-1", 2) < 0 )
-+ perror("write");
- close(fd);
- }
-
---
-2.13.1
-
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb
index 1da18d7..79e1743 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb
@@ -5,11 +5,9 @@
DEPENDS = "libubox"
-SRC_URI = "git://git.openwrt.org/project/relayd.git;branch=master \
- file://0001-rtnl_flush-Error-on-failed-write.patch \
-"
+SRC_URI = "git://git.openwrt.org/project/relayd.git;branch=master"
-SRCREV = "f4d759be54ceb37714e9a6ca320d5b50c95e9ce9"
+SRCREV = "f646ba40489371e69f624f2dee2fc4e19ceec00e"
PV = "0.0.1+git${SRCPV}"
UPSTREAM_CHECK_COMMITS = "1"
@@ -17,3 +15,5 @@
S = "${WORKDIR}/git"
inherit cmake
+
+CFLAGS:append:toolchain-clang = " -Wno-error=gnu-variable-sized-type-not-at-end"
diff --git a/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived/0001-layer4-Change-order-of-include-files.patch b/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived/0001-layer4-Change-order-of-include-files.patch
deleted file mode 100644
index 678a208..0000000
--- a/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived/0001-layer4-Change-order-of-include-files.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From a85ca79143a87286f793957e803ee3daf03c2b57 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 6 Jul 2021 14:06:44 -0700
-Subject: [PATCH] layer4: Change order of include files
-
-curent order to include standard headers first is causing an isue with
-glibc 2.34 + kernel-headers 5.13+ where order of including netinet/in.h
-and linux/in.h matters and it does not define __UAPI_DEF_IN_IPPROTO
-before including linux/in.h and then later includes netinet/in.h which
-then means lot of definitions will be defined twice and compile would
-fail. Re-ordering the local headers to appear first solves the issue
-amicably, and I think this is right order too
-
-Upsteam-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- keepalived/core/layer4.c | 21 ++++++++++-----------
- 1 file changed, 10 insertions(+), 11 deletions(-)
-
-diff --git a/keepalived/core/layer4.c b/keepalived/core/layer4.c
-index 90cdc84..c122c29 100644
---- a/keepalived/core/layer4.c
-+++ b/keepalived/core/layer4.c
-@@ -23,6 +23,16 @@
-
- #include "config.h"
-
-+#include "layer4.h"
-+#include "logger.h"
-+#include "scheduler.h"
-+#ifdef _WITH_LVS_
-+#include "check_api.h"
-+#endif
-+#include "bitops.h"
-+#include "utils.h"
-+#include "align.h"
-+
- #include <stdio.h>
- #include <errno.h>
- #include <unistd.h>
-@@ -33,17 +43,6 @@
- #include <sys/time.h>
- #endif
- #include <linux/errqueue.h>
--#include <netinet/in.h>
--
--#include "layer4.h"
--#include "logger.h"
--#include "scheduler.h"
--#ifdef _WITH_LVS_
--#include "check_api.h"
--#endif
--#include "bitops.h"
--#include "utils.h"
--#include "align.h"
-
- // #define ICMP_DEBUG 1
-
diff --git a/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb b/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.8.bb
similarity index 91%
rename from meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb
rename to meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.8.bb
index 204d2fd..dd193b1 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb
+++ b/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.8.bb
@@ -11,9 +11,8 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "http://www.keepalived.org/software/${BP}.tar.gz \
- file://0001-layer4-Change-order-of-include-files.patch \
"
-SRC_URI[sha256sum] = "103692bd5345a4ed9f4581632ea636214fdf53e45682e200aab122c4fa674ece"
+SRC_URI[sha256sum] = "85882eb62974f395d4c631be990a41a839594a7e62fbfebcb5649a937a7a1bb6"
UPSTREAM_CHECK_URI = "https://github.com/acassen/keepalived/releases"
DEPENDS = "libnfnetlink openssl"
@@ -29,6 +28,8 @@
EXTRA_OEMAKE = "initdir=${sysconfdir}/init.d"
+export EXTRA_CFLAGS = "${CFLAGS}"
+
do_install:append() {
if [ -f ${D}${sysconfdir}/init.d/${BPN} ]; then
chmod 0755 ${D}${sysconfdir}/init.d/${BPN}
diff --git a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.1.bb b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.3.bb
similarity index 92%
rename from meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.1.bb
rename to meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.3.bb
index efea3fa..6e5bc07 100644
--- a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.1.bb
+++ b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.3.bb
@@ -4,13 +4,13 @@
RF range, memory, bandwith, or network packet sizes."
HOMEPAGE ="https://libcoap.net/"
-LICENSE = "BSD-2-Clause & BSD-1-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=0fbe4435d52b2d27a16f980ffc8ffc80"
+LICENSE = "BSD-2-Clause & BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1978dbc41673ab1c20e64b287c8317bc"
SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \
file://run-ptest \
"
-SRCREV = "02b76470ab9168947152c78ad50835bf043d7c84"
+SRCREV = "9cde7cdee171e3f47486c6e70d479fdf49f3d2d6"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch
new file mode 100644
index 0000000..e8c3f1d
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch
@@ -0,0 +1,53 @@
+From 4133a888aa256312186962ab70d4a36eed5920c1 Mon Sep 17 00:00:00 2001
+From: Brooks Davis <brooks@FreeBSD.org>
+Date: Mon, 26 Sep 2022 18:56:51 +0100
+Subject: [PATCH] telnetd: fix two-byte input crash
+
+Move initialization of the slc table earlier so it doesn't get
+accessed before that happens.
+
+For details on the issue, see:
+https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
+
+Reviewed by: cy
+Obtained from: NetBSD via cy
+Differential Revision: https://reviews.freebsd.org/D36680
+
+CVE: CVE-2022-39028
+Upstream-Status: Backport [https://cgit.freebsd.org/src/commit/?id=6914ffef4e23]
+
+(cherry picked from commit 6914ffef4e2318ca1d0ead28eafb6f06055ce0f8)
+Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
+
+---
+ telnetd/telnetd.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c
+index f36f505..efa0fe1 100644
+--- a/telnetd/telnetd.c
++++ b/telnetd/telnetd.c
+@@ -615,6 +615,11 @@ doit(struct sockaddr_in *who)
+ int level;
+ char user_name[256];
+
++ /*
++ * Initialize the slc mapping table.
++ */
++ get_slc_defaults();
++
+ /*
+ * Find an available pty to use.
+ */
+@@ -698,11 +703,6 @@ void telnet(int f, int p)
+ char *HE;
+ const char *IM;
+
+- /*
+- * Initialize the slc mapping table.
+- */
+- get_slc_defaults();
+-
+ /*
+ * Do some tests where it is desireable to wait for a response.
+ * Rather than doing them slowly, one at a time, do them all
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
index e28eeae..d3de038 100644
--- a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
@@ -16,6 +16,7 @@
file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \
file://0001-utility-Include-time.h-form-time-and-strftime-protot.patch \
file://0001-Drop-using-register-keyword.patch \
+ file://CVE-2022-39028.patch \
"
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/"
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch
deleted file mode 100644
index 872a67c..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From a82d704b1ec6ece47b01d12e0e067d4b62b10894 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Wed, 9 Nov 2022 20:24:45 +0100
-Subject: [PATCH] m4/ax_python.m4: check for python-x.y-emded.pc, not
- python-x.y.pc
-
-Only the embed version includes necessary linker flags to link
-with libpython.
-
-Upstream-Status: Backport
-[https://github.com/FRRouting/frr/commit/a82d704b1ec6ece47b01d12e0e067d4b62b10894]
-
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- m4/ax_python.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/m4/ax_python.m4 b/m4/ax_python.m4
-index 91d12b99b..f5e603b96 100644
---- a/m4/ax_python.m4
-+++ b/m4/ax_python.m4
-@@ -206,7 +206,7 @@ AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
- AC_MSG_CHECKING([whether pkg-config python-${tryver} is available])
- unset PYTHON_CFLAGS
- unset PYTHON_LIBS
-- pkg="python-${tryver}"
-+ pkg="python-${tryver}-embed"
- pkg="${pkg%-}"
- _PKG_CONFIG([PYTHON_CFLAGS], [cflags], [${pkg}])
- _PKG_CONFIG([PYTHON_LIBS], [libs], [${pkg}])
---
-2.25.1
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch
new file mode 100644
index 0000000..3e93cf3c
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch
@@ -0,0 +1,58 @@
+From 312d5ee1592f8c5b616d330233d1de2643f759e2 Mon Sep 17 00:00:00 2001
+From: Jonas Gorski <jonas.gorski@bisdn.de>
+Date: Thu, 14 Sep 2023 17:04:16 +0200
+Subject: [PATCH] tools: make --quiet actually suppress output
+
+When calling daemon_stop() with --quiet and e.g. the pidfile is empty,
+it won't return early since while "$fail" is set, "$2" is "--quiet", so
+the if condition isn't met and it will continue executing, resulting
+in error messages in the log:
+
+> Sep 14 14:48:33 localhost watchfrr[2085]: [YFT0P-5Q5YX] Forked background command [pid 2086]: /usr/lib/frr/watchfrr.sh restart all
+> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
+> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
+> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
+
+Fix this by moving the --quiet check into the block to log_failure_msg(),
+and also add the check to all other invocations of log_*_msg() to make
+--quiet properly suppress output.
+
+Fixes: 19a99d89f088 ("tools: suppress unuseful warnings during restarting frr")
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/312d5ee1592f8c5b616d330233d1de2643f759e2]
+---
+ tools/frrcommon.sh.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
+index f1f70119097e..00b63a78e2bc 100755
+--- a/tools/frrcommon.sh.in
++++ b/tools/frrcommon.sh.in
+@@ -207,8 +207,8 @@ daemon_stop() {
+ [ -z "$fail" -a -z "$pid" ] && fail="pid file is empty"
+ [ -n "$fail" ] || kill -0 "$pid" 2>/dev/null || fail="pid $pid not running"
+
+- if [ -n "$fail" ] && [ "$2" != "--quiet" ]; then
+- log_failure_msg "Cannot stop $dmninst: $fail"
++ if [ -n "$fail" ]; then
++ [ "$2" = "--quiet" ] || log_failure_msg "Cannot stop $dmninst: $fail"
+ return 1
+ fi
+
+@@ -220,11 +220,11 @@ daemon_stop() {
+ [ $(( cnt -= 1 )) -gt 0 ] || break
+ done
+ if kill -0 "$pid" 2>/dev/null; then
+- log_failure_msg "Failed to stop $dmninst, pid $pid still running"
++ [ "$2" = "--quiet" ] || log_failure_msg "Failed to stop $dmninst, pid $pid still running"
+ still_running=1
+ return 1
+ else
+- log_success_msg "Stopped $dmninst"
++ [ "$2" = "--quiet" ] || log_success_msg "Stopped $dmninst"
+ rm -f "$pidfile"
+ return 0
+ fi
+--
+2.42.0
+
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch
deleted file mode 100644
index 4a8a7e1..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From e61593f2ded104c4c7f01eb93e2b404e93e0c560 Mon Sep 17 00:00:00 2001
-From: harryreps <harryreps@gmail.com>
-Date: Fri, 3 Mar 2023 23:17:14 +0000
-Subject: [PATCH] babeld: fix #11808 to avoid infinite loops
-
-Replacing continue in loops to goto done so that index of packet buffer
-increases.
-
-Signed-off-by: harryreps <harryreps@gmail.com>
-
-CVE: CVE-2023-3748
-
-Upstream-Status: Backport
-[https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- babeld/message.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/babeld/message.c b/babeld/message.c
-index 7d45d91bf..2bf233796 100644
---- a/babeld/message.c
-+++ b/babeld/message.c
-@@ -439,7 +439,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
- debugf(BABEL_DEBUG_COMMON,
- "Received Hello from %s on %s that does not have all 0's in the unused section of flags, ignoring",
- format_address(from), ifp->name);
-- continue;
-+ goto done;
- }
-
- /*
-@@ -451,7 +451,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
- debugf(BABEL_DEBUG_COMMON,
- "Received Unicast Hello from %s on %s that FRR is not prepared to understand yet",
- format_address(from), ifp->name);
-- continue;
-+ goto done;
- }
-
- DO_NTOHS(seqno, message + 4);
-@@ -469,7 +469,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
- debugf(BABEL_DEBUG_COMMON,
- "Received hello from %s on %s should be ignored as that this version of FRR does not know how to properly handle interval == 0",
- format_address(from), ifp->name);
-- continue;
-+ goto done;
- }
-
- changed = update_neighbour(neigh, seqno, interval);
---
-2.25.1
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch
deleted file mode 100644
index 59633ef..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 9efd9a47db4f13ebf88c2ffe14301d7441bcb40d Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Tue, 22 Aug 2023 22:52:04 +0300
-Subject: [PATCH 1/2] bgpd: Do not process NLRIs if the attribute length is
- zero
-
-```
-3 0x00007f423aa42476 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26
-4 0x00007f423aef9740 in core_handler (signo=11, siginfo=0x7fffc414deb0, context=<optimized out>) at lib/sigevent.c:246
-5 <signal handler called>
-6 0x0000564dea2fc71e in route_set_aspath_prepend (rule=0x564debd66d50, prefix=0x7fffc414ea30, object=0x7fffc414e400)
- at bgpd/bgp_routemap.c:2258
-7 0x00007f423aeec7e0 in route_map_apply_ext (map=<optimized out>, prefix=prefix@entry=0x7fffc414ea30,
- match_object=match_object@entry=0x7fffc414e400, set_object=set_object@entry=0x7fffc414e400, pref=pref@entry=0x0) at lib/routemap.c:2690
-8 0x0000564dea2d277e in bgp_input_modifier (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, attr=attr@entry=0x7fffc414e770,
- afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST, rmap_name=rmap_name@entry=0x0, label=0x0, num_labels=0, dest=0x564debdd5130)
- at bgpd/bgp_route.c:1772
-9 0x0000564dea2df762 in bgp_update (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, addpath_id=addpath_id@entry=0,
- attr=0x7fffc414eb50, afi=afi@entry=AFI_IP, safi=<optimized out>, safi@entry=SAFI_UNICAST, type=9, sub_type=0, prd=0x0, label=0x0,
- num_labels=0, soft_reconfig=0, evpn=0x0) at bgpd/bgp_route.c:4374
-10 0x0000564dea2e2047 in bgp_nlri_parse_ip (peer=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, packet=0x7fffc414eaf0)
- at bgpd/bgp_route.c:6249
-11 0x0000564dea2c5a58 in bgp_nlri_parse (peer=peer@entry=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50,
- packet=packet@entry=0x7fffc414eaf0, mp_withdraw=mp_withdraw@entry=false) at bgpd/bgp_packet.c:339
-12 0x0000564dea2c5d66 in bgp_update_receive (peer=peer@entry=0x7f4238f59010, size=size@entry=109) at bgpd/bgp_packet.c:2024
-13 0x0000564dea2c901d in bgp_process_packet (thread=<optimized out>) at bgpd/bgp_packet.c:2933
-14 0x00007f423af0bf71 in event_call (thread=thread@entry=0x7fffc414ee40) at lib/event.c:1995
-15 0x00007f423aebb198 in frr_run (master=0x564deb73c670) at lib/libfrr.c:1213
-16 0x0000564dea261b83 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:505
-```
-
-With the configuration:
-
-```
-frr version 9.1-dev-MyOwnFRRVersion
-frr defaults traditional
-hostname ip-172-31-13-140
-log file /tmp/debug.log
-log syslog
-service integrated-vtysh-config
-!
-debug bgp keepalives
-debug bgp neighbor-events
-debug bgp updates in
-debug bgp updates out
-!
-router bgp 100
- bgp router-id 9.9.9.9
- no bgp ebgp-requires-policy
- bgp bestpath aigp
- neighbor 172.31.2.47 remote-as 200
- !
- address-family ipv4 unicast
- neighbor 172.31.2.47 default-originate
- neighbor 172.31.2.47 route-map RM_IN in
- exit-address-family
-exit
-!
-route-map RM_IN permit 10
- set as-path prepend 200
-exit
-!
-```
-
-The issue is that we try to process NLRIs even if the attribute length is 0.
-
-Later bgp_update() will handle route-maps and a crash occurs because all the
-attributes are NULL, including aspath, where we dereference.
-
-According to the RFC 4271:
-
-A value of 0 indicates that neither the Network Layer
- Reachability Information field nor the Path Attribute field is
- present in this UPDATE message.
-
-But with a fuzzed UPDATE message this can be faked. I think it's reasonable
-to skip processing NLRIs if both update_len and attribute_len are 0.
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38]
-
-CVE: CVE-2023-41358
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- bgpd/bgp_packet.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index ec54943f3..3c2e73c59 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -1951,7 +1951,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
- /* Network Layer Reachability Information. */
- update_len = end - stream_pnt(s);
-
-- if (update_len) {
-+ if (update_len && attribute_len) {
- /* Set NLRI portion to structure. */
- nlris[NLRI_UPDATE].afi = AFI_IP;
- nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
---
-2.35.5
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch
deleted file mode 100644
index 8ee3985..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 9ecacf2176d2bac4b90e17d49facb8712c1b467a Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Sun, 20 Aug 2023 22:15:27 +0300
-Subject: [PATCH 2/2] bgpd: Don't read the first byte of ORF header if we are
- ahead of stream
-
-Reported-by: Iggy Frankovic iggyfran@amazon.com
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702]
-
-CVE: CVE-2023-41360
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- bgpd/bgp_packet.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index 3c2e73c59..f1d0e54c0 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -2375,7 +2375,8 @@ static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
- * and 7 bytes of ORF Address-filter entry from
- * the stream
- */
-- if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
-+ if (p_pnt < p_end &&
-+ *p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
- if (bgp_debug_neighbor_events(peer))
- zlog_debug(
- "%pBP rcvd Remove-All pfxlist ORF request",
---
-2.35.5
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.4.4.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb
similarity index 90%
rename from meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.4.4.bb
rename to meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb
index 826b687..bddc08a 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.4.4.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb
@@ -6,18 +6,15 @@
SECTION = "net"
LICENSE = "GPL-2.0-only & LGPL-2.1-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c"
+LIC_FILES_CHKSUM = "file://doc/licenses/GPL-2.0;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://doc/licenses/LGPL-2.1;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.4 \
+SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.0 \
file://frr.pam \
- file://0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch \
- file://CVE-2023-3748.patch \
- file://CVE-2023-41358.patch \
- file://CVE-2023-41360.patch \
+ file://0001-tools-make-quiet-actually-suppress-output.patch \
"
-SRCREV = "45e36c0c00a517ad1606135b18c5753e210cfc0d"
+SRCREV = "31ed3dd753d62b5d8916998bc32814007e91364b"
UPSTREAM_CHECK_GITTAGREGEX = "frr-(?P<pver>\d+(\.\d+)+)$"
@@ -28,7 +25,7 @@
inherit autotools-brokensep python3native pkgconfig useradd systemd
DEPENDS:class-native = "bison-native elfutils-native"
-DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native"
+DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native protobuf-c-native protobuf-c"
RDEPENDS:${PN}:class-target = "iproute2 python3-core bash"
@@ -64,6 +61,9 @@
CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'"
+# https://github.com/FRRouting/frr/issues/14469
+DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
+
LDFLAGS:append:mips = " -latomic"
LDFLAGS:append:mipsel = " -latomic"
LDFLAGS:append:powerpc = " -latomic"
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Handle-interface-without-ifa_addr.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Handle-interface-without-ifa_addr.patch
new file mode 100644
index 0000000..daee318
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Handle-interface-without-ifa_addr.patch
@@ -0,0 +1,38 @@
+From 1cc54320306e07c1fc0eed98e7fbcbb07a2f3b28 Mon Sep 17 00:00:00 2001
+From: Stefan Agner <stefan@agner.ch>
+Date: Fri, 23 Jun 2023 10:10:00 +0200
+Subject: [PATCH] Handle interface without `ifa_addr`
+
+It seems that certain interface types may have `ifa_addr` set to null.
+Handle this case gracefully.
+
+Upstream-Status: Submitted [https://github.com/apple-oss-distributions/mDNSResponder/pull/2/commits/11b410d4d683c90e693c40315997bb3e8ec90e9a]
+
+Signed-off-by: Stefan Agner <stefan@agner.ch>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSPosix/mDNSPosix.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c
+index d7f31cc4d5cf..f10301253f58 100644
+--- a/mDNSPosix/mDNSPosix.c
++++ b/mDNSPosix/mDNSPosix.c
+@@ -1895,6 +1895,7 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context)
+ continue;
+
+ if ((ifa_loop4 == NULL) &&
++ ((*ifi)->ifa_addr != NULL) &&
+ ((*ifi)->ifa_addr->sa_family == AF_INET) &&
+ ((*ifi)->ifa_flags & IFF_UP) &&
+ ((*ifi)->ifa_flags & IFF_LOOPBACK))
+@@ -1903,7 +1904,8 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context)
+ continue;
+ }
+
+- if ( (((*ifi)->ifa_addr->sa_family == AF_INET)
++ if ( ((*ifi)->ifa_addr != NULL) &&
++ (((*ifi)->ifa_addr->sa_family == AF_INET)
+ #if HAVE_IPV6
+ || ((*ifi)->ifa_addr->sa_family == AF_INET6)
+ #endif
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-mDNSShared-Drop-MacOS-specific-__block-qualifier.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-mDNSShared-Drop-MacOS-specific-__block-qualifier.patch
deleted file mode 100644
index 0ac0bb6..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-mDNSShared-Drop-MacOS-specific-__block-qualifier.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 4c0954f77ba05d77192ee1519929a39fbc978321 Mon Sep 17 00:00:00 2001
-From: Alex Kiernan <alex.kiernan@gmail.com>
-Date: Mon, 5 Dec 2022 15:14:22 +0000
-Subject: [PATCH 3/6] mDNSShared: Drop MacOS specific __block qualifier
-
-Support for this extension only exists in MacOS/Clang, also it's not
-actually used here, so we can just drop it.
-
-Upstream-Status: Pending
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
----
- mDNSShared/uds_daemon.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/mDNSShared/uds_daemon.c b/mDNSShared/uds_daemon.c
-index 9ae5f78542d6..8c006b71a4ea 100644
---- a/mDNSShared/uds_daemon.c
-+++ b/mDNSShared/uds_daemon.c
-@@ -2912,7 +2912,7 @@ exit:
- mDNSlocal mStatus add_domain_to_browser(request_state *info, const domainname *d)
- {
- browser_t *b, *p;
-- __block mStatus err;
-+ mStatus err;
-
- for (p = info->u.browser.browsers; p; p = p->next)
- {
---
-2.35.1
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0005-mDNSCore-Fix-broken-debug-parameter.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0005-mDNSCore-Fix-broken-debug-parameter.patch
index 39e67cd..4cda71b 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0005-mDNSCore-Fix-broken-debug-parameter.patch
+++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0005-mDNSCore-Fix-broken-debug-parameter.patch
@@ -1,28 +1,25 @@
-From 60533a8947af714cc593bae6b20d47f3a4828589 Mon Sep 17 00:00:00 2001
+From 764b6202402e9e5687ff873330e5ad6be6f69df7 Mon Sep 17 00:00:00 2001
From: Alex Kiernan <alex.kiernan@gmail.com>
Date: Mon, 5 Dec 2022 22:49:49 +0000
-Subject: [PATCH 5/6] mDNSCore: Fix broken debug parameter
+Subject: [PATCH] mDNSCore: Fix broken debug parameter
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
----
Upstream-Status: Pending
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
mDNSCore/mDNS.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mDNSCore/mDNS.c b/mDNSCore/mDNS.c
-index 66979587ee82..e0a982fa1762 100644
+index eecd7daa724e..1e843c081938 100644
--- a/mDNSCore/mDNS.c
+++ b/mDNSCore/mDNS.c
-@@ -9831,7 +9831,7 @@ mDNSlocal void mDNSCoreReceiveNoUnicastAnswers(mDNS *const m, const DNSMessage *
+@@ -10210,7 +10210,7 @@ mDNSlocal void mDNSCoreReceiveNoUnicastAnswers(mDNS *const m, const DNSMessage *
#else
const DNSServRef dnsserv = qptr->qDNSServer;
#endif
-- debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, name->c, DNSTypeName(q.qtype));
+- debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, currentQName, DNSTypeName(q.qtype));
+ debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, currentQName->c, DNSTypeName(q.qtype));
// Create a negative record for the current name in the CNAME chain.
MakeNegativeCacheRecord(m, &m->rec.r, currentQName, currentQNameHash, q.qtype, q.qclass, negttl, mDNSInterface_Any,
dnsserv, response->h.flags);
---
-2.35.1
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0015-Add-missing-limits.h.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0015-Add-missing-limits.h.patch
new file mode 100644
index 0000000..9fe721f
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0015-Add-missing-limits.h.patch
@@ -0,0 +1,23 @@
+From 9fc45a2cf3b78573a568abf538a6e6f4bd30b2d7 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Wed, 27 Sep 2023 11:45:26 +0100
+Subject: [PATCH] Add missing limits.h
+
+Upstream-Status: Pending
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSShared/PlatformCommon.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mDNSShared/PlatformCommon.c b/mDNSShared/PlatformCommon.c
+index 9ce15468e217..c308af3e8b0e 100644
+--- a/mDNSShared/PlatformCommon.c
++++ b/mDNSShared/PlatformCommon.c
+@@ -32,6 +32,7 @@
+ #include <time.h>
+ #include <sys/time.h> // Needed for #include <sys/time.h>().
+ #include <assert.h>
++#include <limits.h>
+
+
+ #include "mDNSEmbeddedAPI.h" // Defines the interface provided to the client layer above
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_2200.0.8.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_2200.0.8.bb
index aff7954..8370ed5 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_2200.0.8.bb
@@ -6,10 +6,9 @@
DEPENDS:append:libc-musl = " musl-nscd"
-SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=rel/mDNSResponder-1790 \
+SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=main \
file://0001-dns-sd-Include-missing-headers.patch \
file://0002-make-Set-libdns_sd.so-soname-correctly.patch \
- file://0003-mDNSShared-Drop-MacOS-specific-__block-qualifier.patch \
file://0004-make-Separate-TLS-targets-from-libraries.patch \
file://0005-mDNSCore-Fix-broken-debug-parameter.patch \
file://0006-make-Add-top-level-Makefile.patch \
@@ -23,8 +22,10 @@
file://0008-Handle-errors-from-socket-calls.patch \
file://0009-remove-unneeded-headers.patch \
file://mdns.service \
+ file://0015-Add-missing-limits.h.patch \
+ file://0001-Handle-interface-without-ifa_addr.patch \
"
-SRCREV = "8769ab51605e465425d33d757f602ce5905ca639"
+SRCREV = "d5029b5dff8aa59d1fc07ed796e994106ef58dee"
# We install a stub Makefile in the top directory so that the various checks
# in base.bbclass pass their tests for a Makefile, this ensures (that amongst
diff --git a/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb b/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb
similarity index 97%
rename from meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb
rename to meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb
index e41dd93..17fbd78 100644
--- a/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb
+++ b/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb
@@ -12,7 +12,7 @@
file://0001-not-check-pandoc.patch \
file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \
"
-SRC_URI[sha256sum] = "caa832eb968148abdf35ee9d0f534b779fa732c0ce4a913d9ab8c3469b218552"
+SRC_URI[sha256sum] = "05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d"
DEPENDS = "openssl xz zlib bzip2 libcap icu libtirpc bison-native"
CFLAGS += "-I${STAGING_INCDIR}/tirpc"
diff --git a/meta-openembedded/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch b/meta-openembedded/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch
index 64938a4..dbdd644 100644
--- a/meta-openembedded/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch
+++ b/meta-openembedded/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch
@@ -11,7 +11,7 @@
Like 1.0.6, it will check openssl MD4 algorithm support as MD4 is
insecure and modern systems may drop MD4 support.
-Upstream-Status: Accepted [https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d]
+Upstream-Status: Backport [https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d]
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
---
meson.build | 13 ++++++++++---
diff --git a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2a.bb
similarity index 97%
rename from meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb
rename to meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2a.bb
index d11ada6..af41d49 100644
--- a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb
+++ b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2a.bb
@@ -17,7 +17,7 @@
file://0001-wscript-Add-BISONFLAGS-support.patch \
"
-SRC_URI[sha256sum] = "2f2848760b915dfe185b9217f777738b36ceeb78a7fc208b7e74e039dec22df5"
+SRC_URI[sha256sum] = "e0ce93af222a0a9860e6f5a51aadba9bb5ca601d80b2aea118a62f0a3226950e"
UPSTREAM_CHECK_URI = "ftp://ftp.ntpsec.org/pub/releases/"