subtree updates
poky: ee0d001b81..4161dbbbd6:
Aatir Manzur (1):
docs: add CONVERSION_CMD definition
Ahmed Hossam (1):
insane.bbclass: host-user-contaminated: Correct per package home path
Alejandro Hernandez Samaniego (1):
package.bbclass: Fix base directory for debugsource files when using externalsrc
Alex Kiernan (1):
python3-cryptography: Cleanup DEPENDS/RDEPENDS
Alexander Kanavin (53):
mesa: update 22.0.3 -> 22.1.2
python3-numpy: update 1.22.3 -> 1.22.4
python3-setuptools: update 62.3.2 -> 62.5.0
vulkan: upgrade 1.3.211.0 -> 1.3.216.0
lttng-modules: update 2.13.3 -> 2.13.4
go: update 1.18.2 -> 1.18.3
ell: update 0.50 -> 0.51
libdrm: update 2.4.110 -> 2.4.111
diffoscope: upgrade 215 -> 216
dos2unix: upgrade 7.4.2 -> 7.4.3
librsvg: upgrade 2.54.3 -> 2.54.4
puzzles: upgrade to latest revision
sudo: upgrade 1.9.10 -> 1.9.11p2
wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
x264: upgrade to latest revision
python3-requests: upgrade 2.27.1 -> 2.28.0
oeqa/sdk: drop the nativesdk-python 2.x test
python3-hatch-vcs: fix upstream version check
at: take tarballs from debian
pango: exclude 1.9x versions which are 2.x pre-releases.
adwaita-icon-theme: upgrade 41.0 -> 42.0
rust: update 1.60.0 -> 1.62.0
weston: update 10.0.0 -> 10.0.1
python3-setuptools-scm: upgrade 6.4.2 -> 7.0.3
waffle: correctly request wayland-scanner executable
openssl: update 3.0.4 -> 3.0.5
diffoscope: upgrade 216 -> 217
glib-2.0: upgrade 2.72.2 -> 2.72.3
glib-networking: upgrade 2.72.0 -> 2.72.1
gstreamer1.0: upgrade 1.20.2 -> 1.20.3
harfbuzz: upgrade 4.3.0 -> 4.4.1
kmod: upgrade 29 -> 30
libsoup: upgrade 3.0.6 -> 3.0.7
mesa: upgrade 22.1.2 -> 22.1.3
mpg123: upgrade 1.29.3 -> 1.30.0
nghttp2: upgrade 1.47.0 -> 1.48.0
piglit: upgrade to latest revision
pulseaudio: upgrade 16.0 -> 16.1
python3-cffi: upgrade 1.15.0 -> 1.15.1
python3-cryptography: upgrade 37.0.2 -> 37.0.3
python3-cryptography-vectors: upgrade 37.0.2 -> 37.0.3
python3-hatchling: upgrade 1.3.0 -> 1.3.1
python3-hypothesis: upgrade 6.46.11 -> 6.48.2
python3-jsonschema: upgrade 4.6.0 -> 4.6.1
python3-mako: upgrade 1.2.0 -> 1.2.1
python3-pycryptodomex: upgrade 3.14.1 -> 3.15.0
python3-requests: upgrade 2.28.0 -> 2.28.1
python3-setuptools: upgrade 62.5.0 -> 62.6.0
python3-sphinx: upgrade 5.0.0 -> 5.0.2
xcb-proto: upgrade 1.15 -> 1.15.2
procps: restrict version check to 3.x
ncurses: mark upstream version as unknown
wayland: update 1.20.0 -> 1.21.0
Alexandre Belloni (1):
oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail
Aryaman Gupta (5):
buildstats.py: enable collection of /proc/pressure data
pybootchartgui: render cpu and io pressure
buildstats.bbclass: correct sampling of system stats
buildstats.py: close /proc/pressure/cpu file descriptor
buildperf/base.py: skip reduced_proc_pressure directory
Bruce Ashfield (29):
perf: fix reproducibility in 5.19+
linux-yocto/5.10: update to v5.10.121
linux-yocto/5.15: update to v5.15.46
linux-yocto/5.15: update to v5.15.48
linux-yocto/5.10: update to v5.10.123
linux-yocto-dev: bump to v5.19-rc
linux-yocto/5.15: drop obselete GPIO sysfs ABI
lttng-modules: fix 5.19+ build
kernel-devsrc: fix reproducibility and buildpaths QA warning
linux-yocto/5.15: update to v5.15.52
linux-yocto/5.10: update to v5.10.128
kernel-devsrc: ppc32: fix reproducibility
linux-yocto/5.15: fix qemuppc buildpaths warning
linux-yocto/5.15: fix build_OID_registry buildpaths warning
yocto-bsps: update to v5.10.128 and buildpaths fixes
yocto-bsps: update to v5.15.52 and buildpaths fixes
linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning
linux-yocto/5.10: fix buildpaths issue with gen-mach-types
linux-yocto/5.15: fix buildpaths issue with gen-mach-types
yocto-bsps/5.10: fix buildpaths issue with gen-mach-types
yocto-bsps/5.15: fix buildpaths issue with gen-mach-types
linux-yocto/5.15: update to v5.15.54
linux-yocto/5.15: fix buildpaths issue with pnmtologo
linux-yocto/5.10: update to v5.10.130
linux-yocto/5.10: fix buildpaths issue with pnmtologo
yocto-bsps/5.10: fix buildpaths issue with pnmtologo
yocto-bsps/5.15: fix buildpaths issue with pnmtologo
yocto-bsps: update to v5.15.54
yocto-bsps: update to v5.10.130
Christoph Lauer (1):
package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo
David Bagonyi (1):
sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity
Dmitry Baryshkov (1):
linux-firmware: upgrade 20220509 -> 20220610
Enrico Scholz (6):
npm: replace 'npm pack' call by 'tar czf'
npm: return content of 'package.json' in 'npm_pack'
npm: take 'version' directly from 'package.json'
npm: disable 'audit' + 'fund'
lib:npm_registry: initial checkin
npm: use npm_registry to cache package
Federico Pellegrin (1):
signing-keys: fix RDEPENDS to signing-keys-dev
Gennaro Iorio (1):
bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls
He Zhe (1):
curl: Fix build failure for qemuriscv64
Jacob Kroon (1):
bitbake: bitbake-user-manual: Correct description of the ??= operator
Jose Quaresma (3):
archiver: don't use machine variables in shared recipes
sstate: Use the python3 ThreadPoolExecutor instead of the OE ThreadedPool
oe/utils: remove the ThreadedPool
Joshua Watt (1):
classes/create-spdx: Add SPDX_PRETTY option
Kai Kang (1):
glibc-tests: not clear BBCLASSEXTEND
Khem Raj (2):
libmodule-build-perl: Use env utility to find perl interpreter
ltp: Remove -mfpmath=sse on x86
Luca Ceresoli (1):
llvm: add PACKAGECONFIG[optviewer]
Lucas Stach (1):
perf: sort-pmuevents: really keep array terminators
Marius Kriegerowski (1):
scriptutils: fix style to be more PEP8 compliant
Marta Rybczynska (2):
cve-check: add support for Ignored CVEs
oeqa/selftest/cve_check: add tests for Ignored and partial reports
Martin Jansa (3):
mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again
wic: fix WicError message
bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV
Maxime Roussin-Bélanger (1):
libffi: fix native build being not portable
Michael Halstead (2):
releases: include 3.1.17
releases: include 4.0.2
Michael Opdenacker (18):
rootfs-postcommands.bbclass: correct comments
dev-manual: mention the new CVE patch metrics page
dev-manual: fix references to BitBake user manual
docs: standards.md: add more rules: line wrapping and variables
doc: standard for bulleted lists
ref-manual: add description for the "sysroot" term
manuals: update host tool requirements
ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT
ref-manual: document SYSTEMD_DEFAULT_TARGET
ref-manual: IMAGE_FEATURES: add allow-root-login and correct allow-empty-password
ref-manual: correct description of empty-root-passwd in IMAGE_FEATURES
bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher
bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers
dev-manual: NPM packages: minor grammar fix
manuals: switch to the sstate mirror shared between all versions
manuals: replace hyphens with em dashes
dev-manual: update section about creating NPM packages
dev-manual: improve screenshot resolution
Ming Liu (3):
udev-extraconf: fix some systemd automount issues
meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE
udev-extraconf:mount.sh: fix path mismatching issues
Mingli Yu (1):
vim: not adjust script pathnames for native scripts either
Muhammad Hamza (6):
initramfs-framework: move storage mounts to actual rootfs
udev-extraconf/mount.sh: add LABELs to mountpoints
udev-extraconf/mount.sh: save mount name in our tmp filecache
udev-extraconf/mount.sh: only mount devices on hotplug
udev-extraconf: force systemd-udevd to use shared MountFlags
udev-extraconf/mount.sh: ignore lvm in automount
Nick Potenski (1):
systemd: systemd-systemctl: Support instance conf files during enable
Ola x Nilsson (1):
bitbake: ConfHandler: Remove lingering close
Pascal Bach (1):
bin_package: install into base_prefix
Paul Eggleton (4):
devtool: ignore pn- overrides when determining SRC_URI overrides
patch: handle if S points to a subdirectory of a git repo
devtool: finish: handle patching when S points to subdir of a git repo
oe-selftest: devtool: test modify git recipe building from a subdir
Paulo Neves (14):
python: Avoid shebang overflow on python-config.py
gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2
ref-manual: SYSTEMD_SERVICE allows multiple services
ref-manual: SYSTEMD_SERVICE overrides depend on SYSTEMD_PACKAGES
insane.bbclass: Make do_qa_staging check shebangs
oeqa/selftest: Add test for shebang overflow
oeqa/selftest: Test staged .la and .pc files
utils: Add cmdline_shebang_wrapper util.
libcheck: Fix too long shebang for native case.
utils: create_cmdline_shebang_wrapper whitespace and sed refactor
utils: create_cmdline_shebang_wrapper preserve permission and ownership
oeqa/sysroot.py: Check bitbake return status
bitbake: fetch: bb.fatal when trying to checksum non-existing files
oeqa: test_invalid_recipe_src_uri expect parse time error
Pavel Zhukov (4):
systemd: Add missed sys/file.h includes for musl
systemd: Rebase patches on v251
bitbake: tests/fetch: Add test for broken mirror tarball
systemd: update upstream status of merged patches
Peter Bergin (2):
systemd: add packageconfig for sysext
rust: fix issue building cross-canadian tools for aarch64 on x86_64
Peter Kjellerstedt (2):
ref-manual: Add documentation for INCOMPATIBLE_LICENSE_EXCEPTIONS
base.bbclass: Correct the test for obsolete license exceptions
Peter Marko (1):
alsa-state: correct license
Pgowda (1):
binutils : CVE-2019-1010204
Quentin Schulz (3):
docs: releases: move hardknott and honister to outdated section
docs: conf.py: bump minimum Sphinx version requirement
Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"
Raju Kumar Pothuraju (2):
runqemu: add QB_KERNEL_CMDLINE
kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set
Richard Purdie (42):
gcc-source: Fix incorrect task dependencies from ${B}
vim: Upgrade 8.2.5034 -> 8.2.5083
local.conf.sample: Update sstate url to new 'all' path
ref/dev-manual: Update multiconfig documentation
oeqa/runtime/scp: Disable scp test for dropbear
unzip: Port debian fixes for two CVEs
elfutils/flex: Disable parallel make ptest compile
bitbake: server/process: Fix logging issues where only the first message was displayed
coreutils: Tweak packaging variable names for coreutils-dev
packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
bitbake.conf/recipes: Introduce add DEV_PKG_DEPENDENCY to change RDEPENDS:${PN}-dev
bitbake.conf: Change -dev RDEPENDS to RRECOMMENDS
vim: 8.2.5083 -> 9.0.0005
ncurses: 6.3 -> 6.3+20220423
oe-selftest-image: Ensure the image has sftp as well as dropbear
cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
openssl: Upgrade 3.0.3 -> 3.0.4
insane: Fix buildpaths test to work with special devices
go: Filter build paths on staticly linked arches
glibc-tests: Avoid reproducibility issues
gperf: Add a patch to work around reproducibility issues
bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests
icon-naming-utils: Resurrect for sato-icon-theme
sato-icon-theme: Add back with support for scalable icons
lua: Fix multilib buildpath reproducibility issues
vala: Fix on target wrapper buildpaths issue
gtk-doc: Remove hardcoded buildpath
gperf: Switch to upstream patch
qemu: Avoid accidental librdmacm linkage
kernel-arch: Fix buildpaths leaking into external module compiles
qemu: Fix slirp determinism issue
qemu: Add PACKAGECONFIG for brlapi
gcc-runtime: Fix build when using gold
insane: Add buildpaths to WARN_QA by default
insane: Reword staging to refer to populate_sysroot
bitbake: fetch2: Ensure directory exists before creating symlink
bitbake: fetch2: Drop DL_DIR fallback for local file fetcher
oeqa/selftest/sstatetests: Update test to work with bitbake changes
gcc-runtime: Fix missing MLPREFIX in debug mappings
insane: Drop debug exclusion from buildpaths test
selftest/runtime_test/virgl: Disable for all almalinux
local.conf.sample: Mention other MACHINE options may exist
Robert Joslyn (1):
curl: Update to 7.84.0
Ross Burton (24):
python3: fix a race condition in the test_socket.testSockName test
Add python3-editables (from meta-python)
Add python3-pathspec (from meta-python)
Add python3-hatchling (from meta-oe)
python3-hatch-vcs: add new recipe
python3-jsonschema: upgrade 4.5.1 -> 4.6.0
package_manager: Change complementary package handling to not include soft dependencies
cups: ignore CVE-2022-26691
cve-check: hook cleanup to the BuildCompleted event, not CookerExit
busybox: fix CVE-2022-30065
ncurses: use GitHub mirror, not Debian's packaging
ltp: remove open-posix-testsuite build logs
tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
perl: don't install Makefile.old into perl-ptest
vim: upgrade to 9.0.0021
ltp: fix builds when host ld doesn't know about target ELF formats
python3-setuptools-scm: add missing python3-typing-extensions dependency
python3-flit-core: bootstrap explicitly
python3-installer: bootstrap by installing installer with installer
python3-picobuild: add new recipe
python_pep517: use picobuild instead of manually calling the API
classes: remove obsolete PEP517_BUILD_API
python3-hatchling: remove PEP517_BUILD_API
documentation: remove obsolete PEP517_BUILD_API
Steve Sakoman (3):
qemu: add PACKAGECONFIG for capstone
qemu: Avoid accidental libvdeplug linkage
ruby: add PACKAGECONFIG for capstone
Sundeep KOKKONDA (2):
glibc: stable 2.35 branch updates
binutils : stable 2.38 branch updates
Thomas Perrot (1):
opensbi: Update to v1.1
Thomas Roos (1):
recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG
Xu Huan (2):
python3: upgrade 3.10.4 -> 3.10.5
python3-magic: upgrade 0.4.26 -> 0.4.27
Yi Zhao (2):
popt: fix override syntax in RDEPENDS
git: fix override syntax in RDEPENDS
Yogesh Tyagi (2):
testimage : remove curl-ptest from rpm index
curl : Add ptest
Yue Tao (1):
gnupg: upgrade to 2.3.7 to fix CVE-2022-34903
Yulong (Kevin) Liu (1):
python3-pyasn1: Eliminated ptest deprecation warnings
aatir (1):
docs: make DISTRO_FEATURES description more explicit
niko.mauno@vaisala.com (3):
ptest.bbclass: Honor PARALLEL_MAKE, PARALLEL_MAKEINST
valgrind: Drop redundant oe_runmake parameter
strace: Drop redundant oe_runmake parameter
pgowda (1):
gcc: Backport a fix for gcc bug 105039
ssuesens (3):
weston.py: added xwayland test
weston.init: enabled xwayland
xwayland.weston-start: adaption of X11-unix folder
wangmy (57):
btrfs-tools: upgrade 5.18 -> 5.18.1
ethtool: upgrade 5.17 -> 5.18
file: upgrade 5.41 -> 5.42
libx11: upgrade 1.8 -> 1.8.1
lighttpd: upgrade 1.4.64 -> 1.4.65
gnu-config: update to latest version
musl-obstack: upgrade 1.1 -> 1.2
piglit: upgrade to latest revision
stress-ng: upgrade 0.14.01 -> 0.14.02
erofs-utils: upgrade 1.4 -> 1.5
alsa-lib: upgrade 1.2.7 -> 1.2.7.1
alsa-plugins: upgrade 1.2.6 -> 1.2.7.1
alsa-ucm-conf: upgrade 1.2.7 -> 1.2.7.1
bind: upgrade 9.18.3 -> 9.18.4
kbd: upgrade 2.5.0 -> 2.5.1
libproxy: upgrade 0.4.17 -> 0.4.18
python3-dbusmock: upgrade 0.27.5 -> 0.28.0
sbc: upgrade 1.5 -> 2.0
strace: upgrade 5.17 -> 5.18
python3-chardet: upgrade 4.0.0 -> 5.0.0
python3-importlib-metadata: upgrade 4.11.4 -> 4.12.0
python3-babel: upgrade 2.10.1 -> 2.10.3
python3-certifi: upgrade 2022.5.18.1 -> 2022.6.15
python3-dbusmock: upgrade 0.28.0 -> 0.28.1
python3-numpy: upgrade 1.22.4 -> 1.23.0
python3-pycryptodome: upgrade 3.14.1 -> 3.15.0
dmidecode: upgrade 3.3 -> 3.4
git: upgrade 2.36.1 -> 2.37.0
harfbuzz: upgrade 4.3.0 -> 4.4.0
speexdsp: upgrade 1.2.0 -> 1.2.1
speex: upgrade 1.2.0 -> 1.2.1
repo: upgrade 2.26 -> 2.27
sqlite3: upgrade 3.38.5 -> 3.39.0
sudo: upgrade 1.9.11p2 -> 1.9.11p3
createrepo-c: upgrade 0.20.0 -> 0.20.1
gst-devtools: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
inetutils: upgrade 2.2 -> 2.3
python3-atomicwrites: upgrade 1.4.0 -> 1.4.1
python3-cryptography: upgrade 37.0.3 -> 37.0.4
python3-cryptography-vectors: upgrade 37.0.3 -> 37.0.4
python3-hatchling: upgrade 1.3.1 -> 1.5.0
python3-imagesize: upgrade 1.3.0 -> 1.4.1
python3-jsonschema: upgrade 4.6.1 -> 4.7.1
python3-numpy: upgrade 1.23.0 -> 1.23.1
python3-typing-extensions: upgrade 4.2.0 -> 4.3.0
python3-urllib3: upgrade 1.26.9 -> 1.26.10
init-system-helpers: upgrade 1.63 -> 1.64
dpkg: upgrade 1.21.8 -> 1.21.9
meta-security: 8c6fe006a1..7ad5f6a9da:
Armin Kuster (32):
apparmor: fix ownership issues
sssd:move to dynamic networking-layer
layer.conf:add meta-netorking to BBFILES_DYNAMIC
packagegroup-core-security: drop sssd
packagegroup-core-security.bbappend: add sssd
oeqa: fix checksec runtime test
sssd: use example conf file
oeqa: sssd.py fix tests
sssd: update to 2.7.1
security-test-image: auto include layers if present.
smack-test: more py3 covertion
oeqa: update smack runtime test
aide: add a few more config options
oeqa: add aide test
libmhash: add native pkg support
classes: add aide routines
aide: add native support for build time db creation
aide.conf: adjust to allow for build time db creation
firejail: Add new package
oeqa: Add a very basic firejail test
packagegroup-core-security: add firejail
security-test-image: add firejail and aide test suites
oeqa/clamav drop depricated --list-mirror test
oeqa: meta-tpm shut swtpm down before and after testing
oeqa: shut done swtpm before and after testing
ccs-tools: update to 1.8.9
lynis: update to 3.0.8
README: update email address
packagegroup-core-security: skip mips firejail
chipsec: update to 1.8.5
security-build-image: add lkrg-module to build image
lkrg: update to 0.9.3
Jeremy A. Puhlman (2):
clamav: make install owner match the added user name
python3-privacyidea: add correct path to lib/privacyidea
Jose Quaresma (1):
meta-integrity: kernel-modsign: prevents splitting out debug symbols
Yi Zhao (1):
aide: fix typo
meta-openembedded: 11df15765c..31c10bd3e6:
Adrian Freihofer (3):
firewalld: update to 1.1.1 fixes ptest
firewalld: upgrade 1.1.1 -> 1.2.0
libqmi: upgrade 1.30.4 -> 1.30.8
Akash Hadke (2):
ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g"
iperf: Set CVE_PRODUCT to "iperf_project:iperf"
Alex Kiernan (2):
jansson: Upgrade 2.13.1 -> 2.14
nftables: Upgrade 1.0.2 -> 1.0.4
Alex Stewart (1):
openvpn: distribute sample-config-files
Andreas Müller (1):
glmark2: Build with meson
Andrej Valek (1):
poco: upgrade 1.11.3 -> 1.12.0
Andrew Davis (1):
libsdl: The libsdl and libsdl2 are not virtual
Ashish Sharma (1):
netserver: don't change permissions on /dev/null
Aurélien Bertron (1):
fix(syslog-ng): warning about conf version
Bartosz Golaszewski (1):
python3-pybluez: fix a runtime issue with python 3.10
Ben Powell (1):
python3-can: Add typing-extensions dependency
Changqing Li (3):
chrony: create /var/lib/chrony by systemd-tmpfiles
redis: upgrade 6.2.6 -> 6.2.7
redis: upgrade 7.0.0 to 7.0.2
Chen Qi (2):
apache2: split out a new package apache2-utils
ntfs-3g-ntfsprogs: upgrade to 2022.5.17
Daide Li (1):
python3-iperf: initial add 0.1.11
Davide Gardenal (9):
usrsctp: add CVE_VERSION to correctly check for CVEs
ntp: ignore many CVEs
openflow: ignore CVE-2018-1078
emlog: ignore unrelated CVEs
imagemagick: upgrade 7.0.10-25 -> 7.0.10-62
wireshark: upgrade 3.4.11 -> 3.4.12
thrift: add CVE_PRODUCT to fix CVE reporting
spice: ignore patched CVEs
quagga: ignore CVE-2016-4049
Fabien Parent (1):
gpsd-machine-conf: allow creation of an empty package
Harshal (1):
lldpd: upgrade 1.0.8 -> 1.0.14
Hitendra Prajapati (1):
cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
Jan Vermaete (1):
netdata: version bump 1.34.1 -> 1.35.0
Javier Viguera (1):
networkmanager: fix build with enabled ppp
Jeremy Puhlman (1):
freeradius: mutlilib fixes
Jonas Gorski (1):
abseil-cpp: do not enforce -mfpu=neon on arm
Kai Kang (4):
libdbi-perl: fix interpreter on shebang line
libdev-checklib-perl: fix interpreter of script use-devel-checklib
libparse-yapp-perl: update interpreter of yapp
python3-flatbuffer: enable native
Khem Raj (8):
libxml++: Disable parallel make in ptest compile
geos: Disable inlining
php: Fix absolute paths to php in phar.phar scripts
libspiro: Add recipe
fontforge: Upgrade to 20220308
opencv: Link with libatomic on mips
fontforge: Use alternate way to detect libm
opencv: Link with libatomic on rv32
Leon Anavi (19):
python3-traitlets: Upgrade 5.2.1 -> 5.3.0
python3-humanize: Upgrade 4.1.0 -> 4.2.0
python3-autobahn: Upgrade 22.4.2 -> 22.5.1
python3-elementpath: Upgrade 2.5.0 -> 2.5.3
python3-eth-hash: Upgrade 0.3.2 -> 0.3.3
python3-serpent: Upgrade 1.40 -> 1.41
python3-web3: Upgrade 5.29.1 -> 5.29.2
python3-pika: Upgrade 1.2.1 -> 1.3.0
python3-tabulate: Upgrade 0.8.9 -> 0.8.10
python3-marshmallow: Upgrade 3.15.0 -> 3.17.0
python3-pychromecast: Upgrade 12.1.3 -> 12.1.4
python3-humanize: Upgrade 4.2.0 -> 4.2.3
python3-tornado: Upgrade 6.1 -> 6.2
python3-coverage: Upgrade 6.3.2 -> 6.4.1
python3-email-validator: Upgrade 1.1.3 -> 1.2.1
python3-networkx: Upgrade 2.7.1 -> 2.8.4
python3-unidiff: Upgrade 0.7.3 -> 0.7.4
python3-toolz: Upgrade 0.11.2 -> 0.12.0
python3-ansi2html: Upgrade 1.7.0 -> 1.8.0
Marcus Flyckt (1):
python3-pyconnman: Add 'future' runtime dependency
Markus Volk (1):
flatbuffers: update to 2.0.6
Martin Jansa (3):
glmark2: fix compatibility with python-3.11
leveldb: switch from master branch to main
tesseract-lang: switch from master branch to main
Mikko Rapeli (1):
polkit: switch back to mozjs but leave duktape as PACKAGECONFIG option
Mingli Yu (3):
kronosnet: Fix build with gcc-12
s-nail: Fix build with gcc-12
mariadb: Upgrade to 10.8.3
Pascal Bach (1):
python3-pybind11: upgrade 2.8.1 -> 2.9.2
Peter Kjellerstedt (1):
cryptsetup: Add support for building without SSH tokens
Ross Burton (5):
python3-cbor2: upgrade 5.4.2 to 5.4.3
cppzmq: fix -dev RDEPENDS
python3-hatchling: remove (now in oe-core)
python3-pathspec: remove (now in oe-core)
python3-editables: remove (now in oe-core)
Sakib Sajal (1):
minicoredumper: retry elf parsing as long as needed
Theodore A. Roth (1):
crda: Depend on correct wireless-regdb package
Wentao Zhang (1):
protobuf-c: update to 1.4.1 fix CVE-2022-33070
Xu Huan (20):
python3-lxml: upgrade 4.8.0 -> 4.9.0
python3-msgpack: upgrade 1.0.3 -> 1.0.4
python3-protobuf: upgrade 3.20.1 -> 4.21.1
python3-mypy: upgrade 0.960 -> 0.961
python3-pylint: upgrade 2.13.9 -> 2.14.1
python3-smbus2: upgrade 0.4.1 -> 0.4.2
python3-pillow: upgrade 9.0.1 -> 9.1.1
python3-pychromecast: upgrade 12.1.2 -> 12.1.3
python3-pylint: upgrade 2.14.1 -> 2.14.3
python3-pyscaffold: upgrade 4.2.2 -> 4.2.3
python3-redis: upgrade 4.3.1 -> 4.3.3
python3-aiohue: upgrade 4.4.1 -> 4.4.2
python3-astroid: upgrade 2.11.5 -> 2.11.6
python3-charset-normalizer: upgrade 2.0.12 -> 2.1.0
python3-colorama: upgrade 0.4.4 -> 0.4.5
python3-eth-typing: upgrade 3.0.0 -> 3.1.0
python3-autobahn: upgrade 22.5.1 -> 22.6.1
python3-awesomeversion: upgrade 22.5.2 -> 22.6.0
python3-grpcio: upgrade 1.45.0 -> 1.47.0
python3-lxml: upgrade 4.9.0 -> 4.9.1
Yi Zhao (12):
openldap: pass correct URANDOM_DEVICE to CPPFLAGS
openvpn: eliminate build path from openvpn --version option
grubby: fix syntax for ALTERNATIVE
duktape: fix override syntax in RDEPENDS
polkit-group-rule-udisks2: fix override syntax in RDEPENDS
libcrypt-openssl-guess-perl: fix syntax for PROVIDES
evince: fix typo for RRECOMMENDS
blueman: fix typo for RRECOMMENDS
dnsmasq: Security fix CVE-2022-0934
strongswan: upgrade 5.9.5 -> 5.9.6
openvpn: add PACKAGECONFIG for systemd
openvpn: add PACKAGECONFIG for selinux
Yue Tao (2):
exo: upgrade 4.16.3 -> 4.16.4
dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291
Zoltán Böszörményi (5):
opencv: Upgrade to version 4.6.0
proj: Upgrade to 8.2.1
python3-pyproj: New recipe for pyproj version 3.3.1
geos: Upgrade to 3.9.3
libspatialite: Upgrade to 5.0.1
jybros (1):
clinfo: use virtual opencl loader provider
wangmy (72):
python3-cantools: upgrade 37.0.7 -> 37.1.0
python3-regex: upgrade 2022.4.24 -> 2022.6.2
python3-sqlalchemy: upgrade 1.4.36 -> 1.4.37
python3-twine: upgrade 4.0.0 -> 4.0.1
python3-waitress: upgrade 2.1.1 -> 2.1.2
python3-xmlschema: upgrade 1.11.0 -> 1.11.1
gspell: upgrade 1.10.0 -> 1.11.1
ctags: upgrade 5.9.20220529.0 -> 5.9.20220605.0
feh: upgrade 3.8 -> 3.9
inotify-tools: upgrade 3.22.1.0 -> 3.22.6.0
apache2: upgrade 2.4.53 -> 2.4.54
libnftnl: upgrade 1.2.1 -> 1.2.2
nbdkit: upgrade 1.31.7 -> 1.31.8
irssi: upgrade 1.2.3 -> 1.4.1
musl-nscd: upgrade 1.0.2 -> 1.1.0
rdma-core: upgrade 40.0 -> 41.0
snort: upgrade 2.9.19 -> 2.9.20
php: upgrade 8.1.6 -> 8.1.7
poco: upgrade 1.11.2 -> 1.11.3
pyxdg: upgrade 0.27 -> 0.28
syslog-ng: upgrade 3.36.1 -> 3.37.1
dnf-plugin-tui: Added postatinstall
python3-dill: upgrade 0.3.4 -> 0.3.5.1
python3-robotframework-seriallibrary: upgrade 0.3.1 -> 0.4.3
python3-ujson: upgrade 5.1.0 -> 5.3.0
python3-watchdog: upgrade 2.1.8 -> 2.1.9
python3-websocket-client: upgrade 1.3.2 -> 1.3.3
gnome-commander: upgrade 1.14.2 -> 1.14.3
libwacom: upgrade 2.2.0 -> 2.3.0
nbdkit: upgrade 1.31.8 -> 1.31.9
googletest: upgrade 1.11.0 -> 1.12.0
gperftools: upgrade 2.9.1 -> 2.10
iwd: upgrade 1.27 -> 1.28
libzip: upgrade 1.8.0 -> 1.9.0
postgresql: upgrade 14.3 -> 14.4
uftrace: upgrade 0.11 -> 0.12
python3-googleapis-common-protos: upgrade 1.56.2 -> 1.56.3
python3-ifaddr: upgrade 0.1.7 -> 0.2.0
python3-jmespath: upgrade 1.0.0 -> 1.0.1
python3-pandas: upgrade 1.4.2 -> 1.4.3
python3-zeroconf: upgrade 0.38.6 -> 0.38.7
geocode-glib: upgrade 3.26.2 -> 3.26.3
gnome-bluetooth: upgrade 42.0 -> 42.1
gnome-calculator: upgrade 42.0 -> 42.2
gnome-text-editor: upgrade 42.1 -> 42.2
gtk4: upgrade 4.6.4 -> 4.6.6
gtksourceview5: upgrade 5.4.1 -> 5.4.2
gvfs: upgrade 1.50.0 -> 1.50.2
abseil-cpp: upgrade 20211102 -> 20220623
capnproto: upgrade 0.9.1 -> 0.10.2
ctags: upgrade 5.9.20220605.0 -> 5.9.20220703.0
fwupd: upgrade 1.7.6 -> 1.8.1
googletest: upgrade 1.12.0 -> 1.12.1
nautilus: upgrade 42.1.1 -> 42.2
nbdkit: upgrade 1.31.9 -> 1.31.10
openconnect: upgrade 8.20 -> 9.01
bats: upgrade 1.6.1 -> 1.7.0
cloc: upgrade 1.92 -> 1.94
hwdata: upgrade 0.360 -> 0.361
libvpx: upgrade 1.11.0 -> 1.12.0
libzip: upgrade 1.9.0 -> 1.9.2
pegtl: upgrade 3.2.5 -> 3.2.6
phoronix-test-suite: upgrade 10.8.3 -> 10.8.4
poppler: upgrade 22.06.0 -> 22.07.0
netdata: upgrade 1.35.0 -> 1.35.1
evince: upgrade 42.2 -> 42.3
gjs: upgrade 1.72.0 -> 1.72.1
gnome-bluetooth: upgrade 42.1 -> 42.2
libadwaita: upgrade 1.1.1 -> 1.1.2
liburing: upgrade 2.1 -> 2.2
libcrypt-openssl-rsa-perl: upgrade 0.32 -> 0.33
libencode-perl: upgrade 3.17 -> 3.18
zhengruoqin (23):
python3-absl: upgrade 1.0.0 -> 1.1.0
python3-alembic: upgrade 1.7.7 -> 1.8.0
python3-asyncinotify: upgrade 2.0.3 -> 2.0.4
python3-crc32c: upgrade 2.2.post0 -> 2.3
python3-msk: upgrade 0.3.16 -> 0.4.0
python3-bitstruct: upgrade 8.14.1 -> 8.15.1
python3-google-api-python-client: upgrade 2.49.0 -> 2.50.0
python3-google-auth: upgrade 2.6.6 -> 2.7.0
python3-xmlschema: upgrade 1.11.1 -> 1.11.2
python3-flask-wtf: upgrade 0.15.1 -> 1.0.1
python3-gnupg: upgrade 0.4.8 -> 0.4.9
python3-google-api-python-client: upgrade 2.50.0 -> 2.51.0
python3-kiwisolver: upgrade 1.4.2 -> 1.4.3
python3-nmap: upgrade 1.5.1 -> 1.5.4
python3-asyncinotify: upgrade 2.0.4 -> 2.0.5
python3-google-auth: upgrade 2.7.0 -> 2.8.0
python3-protobuf: upgrade 4.21.1 -> 4.21.2
python3-sqlalchemy: upgrade 1.4.37 -> 1.4.39
python3-xmlschema: upgrade 1.11.2 -> 1.11.3
python3-engineio: upgrade 4.3.2 -> 4.3.3
python3-google-api-core: upgrade 2.8.0 -> 2.8.2
python3-google-auth: upgrade 2.8.0 -> 2.9.0
python3-grpcio-tools: upgrade 1.46.3 -> 1.47.0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I22f0dab7f3253d77cc99fd462c6be45ddeb333cd
diff --git a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb
index 57dd635..8ce9e1d 100644
--- a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb
+++ b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb
@@ -126,6 +126,10 @@
${D}${systemd_unitdir}/system/chronyd.service
sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/chronyd
sed -i 's!^EnvironmentFile=.*!EnvironmentFile=-${sysconfdir}/default/chronyd!' ${D}${systemd_unitdir}/system/chronyd.service
+
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ echo "d /var/lib/chrony 0755 root root -" > ${D}${sysconfdir}/tmpfiles.d/chronyd.conf
+
}
FILES:${PN} = "${sbindir}/chronyd ${sysconfdir} ${localstatedir}/lib/chrony ${localstatedir}"
diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
new file mode 100644
index 0000000..6bd734d
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
@@ -0,0 +1,191 @@
+From 3cdecc159e0f417a2f8d43d99632af26beea630f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 31 Mar 2022 21:35:20 +0100
+Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934
+ refers.
+
+CVE: CVE-2022-0934
+
+Upstream-Status: Backport
+[https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=03345ecefe]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ CHANGELOG | 3 +++
+ src/rfc3315.c | 48 +++++++++++++++++++++++++++---------------------
+ 2 files changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 5e54df9..a28da2a 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,4 +1,7 @@
+ version 2.86
++ Fix write-after-free error in DHCPv6 server code.
++ CVE-2022-0934 refers.
++
+ Handle DHCPREBIND requests in the DHCPv6 server code.
+ Thanks to Aichun Li for spotting this omission, and the initial
+ patch.
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 5c2ff97..6ecfeeb 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -33,9 +33,9 @@ struct state {
+ unsigned int mac_len, mac_type;
+ };
+
+-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
+ struct in6_addr *client_addr, int is_unicast, time_t now);
+-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now);
++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);
+ static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
+ static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);
+ static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);
+@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if
+ }
+
+ /* This cost me blood to write, it will probably cost you blood to understand - srk. */
+-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
+ struct in6_addr *client_addr, int is_unicast, time_t now)
+ {
+ void *end = inbuff + sz;
+ void *opts = inbuff + 34;
+- int msg_type = *((unsigned char *)inbuff);
++ int msg_type = *inbuff;
+ unsigned char *outmsgtypep;
+ void *opt;
+ struct dhcp_vendor *vendor;
+@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+ return 1;
+ }
+
+-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now)
++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)
+ {
+ void *opt;
+- int i, o, o1, start_opts;
++ int i, o, o1, start_opts, start_msg;
+ struct dhcp_opt *opt_cfg;
+ struct dhcp_netid *tagif;
+ struct dhcp_config *config = NULL;
+ struct dhcp_netid known_id, iface_id, v6_id;
+- unsigned char *outmsgtypep;
++ unsigned char outmsgtype;
+ struct dhcp_vendor *vendor;
+ struct dhcp_context *context_tmp;
+ struct dhcp_mac *mac_opt;
+@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ v6_id.next = state->tags;
+ state->tags = &v6_id;
+
+- /* copy over transaction-id, and save pointer to message type */
+- if (!(outmsgtypep = put_opt6(inbuff, 4)))
++ start_msg = save_counter(-1);
++ /* copy over transaction-id */
++ if (!put_opt6(inbuff, 4))
+ return 0;
+ start_opts = save_counter(-1);
+- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
+-
++ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;
++
+ /* We're going to be linking tags from all context we use.
+ mark them as unused so we don't link one twice and break the list */
+ for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)
+@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
+
+ {
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ o1 = new_opt6(OPTION6_STATUS_CODE);
+ put_opt6_short(DHCP6USEMULTI);
+ put_opt6_string("Use multicast");
+@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ struct dhcp_netid *solicit_tags;
+ struct dhcp_context *c;
+
+- *outmsgtypep = DHCP6ADVERTISE;
++ outmsgtype = DHCP6ADVERTISE;
+
+ if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
+ {
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ state->lease_allocate = 1;
+ o = new_opt6(OPTION6_RAPID_COMMIT);
+ end_opt6(o);
+@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int start = save_counter(-1);
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ state->lease_allocate = 1;
+
+ log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
+@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int address_assigned = 0;
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
+
+@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int good_addr = 0;
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
+
+@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
+ if (ignore)
+ return 0;
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ tagif = add_options(state, 1);
+ break;
+ }
+@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ case DHCP6RELEASE:
+ {
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPRELEASE", NULL, NULL);
+
+@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ case DHCP6DECLINE:
+ {
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPDECLINE", NULL, NULL);
+
+@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ }
+
+ }
+-
++
++ /* Fill in the message type. Note that we store the offset,
++ not a direct pointer, since the packet memory may have been
++ reallocated. */
++ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype;
++
+ log_tags(tagif, state->xid);
+ log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));
+
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
index 31ca51e..0f7880c 100644
--- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
+++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
@@ -3,5 +3,6 @@
SRC_URI[dnsmasq-2.86.sha256sum] = "ef15f608a83ee2b1d1d2c1f11d089a7e0ac401ffb0991de73fc01ce5f290e512"
SRC_URI += "\
file://lua.patch \
+ file://CVE-2022-0934.patch \
"
diff --git a/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb b/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.10.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb
rename to meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.10.bb
index 2de32cc..07870bb 100644
--- a/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb
+++ b/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.10.bb
@@ -11,8 +11,7 @@
SRC_URI = "git://github.com/libguestfs/nbdkit.git;protocol=https;branch=master \
"
-
-SRCREV = "7c0e2d19d30eb0bd2e079febb5a2c31f65e5023d"
+SRCREV = "1c31e0e5397646ae3709b1fbfd9c3b47b904f254"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-networking/recipes-support/netperf/files/netserver_permissions.patch b/meta-openembedded/meta-networking/recipes-support/netperf/files/netserver_permissions.patch
new file mode 100644
index 0000000..5531636
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/netperf/files/netserver_permissions.patch
@@ -0,0 +1,29 @@
+From 78c9ae7d9a6735575bc72dd28a19b2bc3a251981 Mon Sep 17 00:00:00 2001
+From: Andrew Elble <aweits@rit.edu>
+Date: Mon, 8 Oct 2018 14:31:20 -0400
+Subject: [PATCH] netserver: don't change permissions on /dev/null
+
+the (now default) suppress_debug=1 changes permissions on /dev/null
+to 0644. Don't do this.
+
+Upstream-Status: Pending [https://github.com/HewlettPackard/netperf/pull/27/commits/78c9ae7d9a6735575bc72dd28a19b2bc3a251981]
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+---
+ src/netserver.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/netserver.c b/src/netserver.c
+index 00c8d23..86a1c45 100644
+--- a/src/netserver.c
++++ b/src/netserver.c
+@@ -278,7 +278,8 @@ open_debug_file()
+
+ #if !defined(WIN32)
+
+- chmod(FileName,0644);
++ if (!suppress_debug)
++ chmod(FileName,0644);
+
+ /* redirect stdin to "/dev/null" */
+ rd_null_fp = fopen(NETPERF_NULL,"r");
diff --git a/meta-openembedded/meta-networking/recipes-support/netperf/netperf_git.bb b/meta-openembedded/meta-networking/recipes-support/netperf/netperf_git.bb
index 62ba966..06b2edd 100644
--- a/meta-openembedded/meta-networking/recipes-support/netperf/netperf_git.bb
+++ b/meta-openembedded/meta-networking/recipes-support/netperf/netperf_git.bb
@@ -14,6 +14,7 @@
file://netserver.service \
file://0001-netlib.c-Move-including-sched.h-out-og-function.patch \
file://0001-nettest_omni-Remove-duplicate-variable-definitions.patch \
+ file://netserver_permissions.patch \
"
SRCREV = "3bc455b23f901dae377ca0a558e1e32aa56b31c4"
diff --git a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index fe2bd07..a30f720 100644
--- a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -29,7 +29,31 @@
SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
# CVE-2016-9312 is only for windows.
-CVE_CHECK_IGNORE += "CVE-2016-9312"
+# The other CVEs are not correctly identified because cve-check
+# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
+CVE_CHECK_IGNORE += "\
+ CVE-2016-9312 \
+ CVE-2015-5146 \
+ CVE-2015-5300 \
+ CVE-2015-7975 \
+ CVE-2015-7976 \
+ CVE-2015-7977 \
+ CVE-2015-7978 \
+ CVE-2015-7979 \
+ CVE-2015-8138 \
+ CVE-2015-8139 \
+ CVE-2015-8140 \
+ CVE-2015-8158 \
+ CVE-2016-1547 \
+ CVE-2016-2516 \
+ CVE-2016-2517 \
+ CVE-2016-2519 \
+ CVE-2016-7429 \
+ CVE-2016-7433 \
+ CVE-2016-9310 \
+ CVE-2016-9311 \
+"
+
inherit autotools update-rc.d useradd systemd pkgconfig
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
new file mode 100644
index 0000000..03b454d
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
@@ -0,0 +1,48 @@
+From ea179d83b0aa62719d90748cd1fb260f40055f15 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 13 Jun 2022 22:44:28 +0800
+Subject: [PATCH] configure.ac: eliminate build path from openvpn --version
+ option
+
+Before the patch:
+$ openvpn --version
+OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
+[snip]
+Compile time defines: enable_async_push=no enable_comp_stub=no
+[snip]
+with_crypto_library=openssl with_gnu_ld=yes
+with_libtool_sysroot=/buildarea/build/tmp/work/core2-64-poky-linux/openvpn/2.5.7-r0/recipe-sysroot
+with_mem_check=no with_openssl_engine=auto
+
+After the patch:
+$ openvpn --version
+OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
+[snip]
+Compile time defines: enable_async_push=no enable_comp_stub=no
+[snip]
+with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no
+with_openssl_engine=auto
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2f5f6bc..eddcbc5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1377,7 +1377,7 @@ if test "${enable_async_push}" = "yes"; then
+ esac
+ fi
+
+-CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
++CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*=' | grep -v 'libtool_sysroot'`"
+ AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
+
+ TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn
old mode 100755
new mode 100644
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf
deleted file mode 100644
index 1205806..0000000
--- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
-d @LOCALSTATEDIR@/run/openvpn 0755 root root -
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
deleted file mode 100644
index 01dd2e8..0000000
--- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
-After=syslog.target network.target
-
-[Service]
-PrivateTmp=true
-Type=forking
-PIDFile=/var/run/openvpn/%i.pid
-ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
index 3ed90a7..a28c73a 100644
--- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
+++ b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
@@ -5,12 +5,12 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=b76abd82c14ee01cc34c4ff5e3627b89"
DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-inherit autotools systemd update-rc.d
+inherit autotools systemd update-rc.d pkgconfig
SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
+ file://0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch \
file://openvpn \
- file://openvpn@.service \
- file://openvpn-volatile.conf"
+ "
UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
@@ -19,9 +19,6 @@
# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569"
-SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
-SYSTEMD_AUTO_ENABLE = "disable"
-
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME:${PN} = "openvpn"
INITSCRIPT_PARAMS:${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ."
@@ -35,31 +32,36 @@
# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip"
+EXTRA_OECONF += "SYSTEMD_UNIT_DIR=${systemd_system_unitdir} \
+ TMPFILES_DIR=${nonarch_libdir}/tmpfiles.d \
+ "
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
+ "
+
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
+
do_install:append() {
install -d ${D}/${sysconfdir}/init.d
install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
install -d ${D}/${sysconfdir}/openvpn
+ install -d ${D}/${sysconfdir}/openvpn/server
+ install -d ${D}/${sysconfdir}/openvpn/client
+
install -d ${D}/${sysconfdir}/openvpn/sample
- install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
- install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+ install -m 644 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
+ install -m 644 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+ install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-config-files
install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
+ install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-scripts
+ install -m 644 ${S}/sample/sample-config-files/* ${D}${sysconfdir}/openvpn/sample/sample-config-files
install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
+ install -m 644 ${S}/sample/sample-scripts/* ${D}${sysconfdir}/openvpn/sample/sample-scripts
- if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d ${D}/${systemd_unitdir}/system
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
-
- install -d ${D}/${localstatedir}
- install -d ${D}/${localstatedir}/lib
- install -d -m 710 ${D}/${localstatedir}/lib/openvpn
-
- install -d ${D}${sysconfdir}/tmpfiles.d
- install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
- sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
- fi
+ install -d -m 710 ${D}/${localstatedir}/lib/openvpn
}
PACKAGES =+ " ${PN}-sample "
@@ -67,9 +69,9 @@
RRECOMMENDS:${PN} = "kernel-module-tun"
FILES:${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
-FILES:${PN} += "${systemd_unitdir}/system/openvpn@.service \
- ${sysconfdir}/tmpfiles.d \
+FILES:${PN} += "${systemd_system_unitdir}/openvpn-server@.service \
+ ${systemd_system_unitdir}/openvpn-client@.service \
+ ${nonarch_libdir}/tmpfiles.d \
"
-FILES:${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
- ${systemd_unitdir}/system/openvpn@loopback-client.service \
- ${sysconfdir}/openvpn/sample/"
+FILES:${PN}-sample = "${sysconfdir}/openvpn/sample/ \
+ "
diff --git a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb
rename to meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
index c567e33..e5ecc5c 100644
--- a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb
+++ b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
@@ -6,7 +6,7 @@
RDEPENDS:${PN} = "bash perl"
SRC_URI = "git://github.com/linux-rdma/rdma-core.git;branch=master;protocol=https"
-SRCREV = "a3e69268892bbd5ab30123748e89a26509a25ac5"
+SRCREV = "467363efbc0fea706752c1ba7a21c313823017e7"
S = "${WORKDIR}/git"
#Default Dual License https://github.com/linux-rdma/rdma-core/blob/master/COPYING.md
diff --git a/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb b/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
index d9083bc..1887a55 100644
--- a/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
@@ -30,6 +30,12 @@
S = "${WORKDIR}/git"
+CVE_CHECK_IGNORE += "\
+ CVE-2016-0749 \
+ CVE-2016-2150 \
+ CVE-2018-10893 \
+"
+
inherit autotools gettext python3native python3-dir pkgconfig
DEPENDS += "spice-protocol jpeg pixman alsa-lib glib-2.0 python3-pyparsing-native python3-six-native glib-2.0-native"
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
new file mode 100644
index 0000000..e730fe1
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
@@ -0,0 +1,31 @@
+From d23c0ea81e630af3cfda89aeeb52146c0c84c960 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 2 May 2022 09:31:49 +0200
+Subject: [PATCH] enum: Fix compiler warning
+
+Closes strongswan/strongswan#1025
+
+Upstream-Status: Backport
+[https://github.com/strongswan/strongswan/commit/d23c0ea81e630af3cfda89aeeb52146c0c84c960]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/libstrongswan/utils/enum.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c
+index 79da450f0c..1e77489f6f 100644
+--- a/src/libstrongswan/utils/enum.c
++++ b/src/libstrongswan/utils/enum.c
+@@ -97,7 +97,7 @@ char *enum_flags_to_string(enum_name_t *e, u_int val, char *buf, size_t len)
+ return buf;
+ }
+
+- if (snprintf(buf, len, e->names[0]) >= len)
++ if (snprintf(buf, len, "%s", e->names[0]) >= len)
+ {
+ return NULL;
+ }
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
deleted file mode 100644
index 7da48cd..0000000
--- a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Wed, 23 Feb 2022 17:29:02 +0100
-Subject: [PATCH] openssl: Don't unload providers
-
-There is a conflict between atexit() handlers registered by OpenSSL and
-some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
-Because plugins are usually loaded after atexit() has been called, the
-handler registered by OpenSSL will run before our handler. So when the
-latter destroys the plugins it's a bad idea to try to access any OpenSSL
-objects as they might already be invalid.
-
-Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
-Closes strongswan/strongswan#921
-
-Upstream-Status: Backport
-[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- .../plugins/openssl/openssl_plugin.c | 27 +++----------------
- 1 file changed, 3 insertions(+), 24 deletions(-)
-
-diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-index 6b4923649..1491d5cf8 100644
---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-@@ -16,7 +16,6 @@
-
- #include <library.h>
- #include <utils/debug.h>
--#include <collections/array.h>
- #include <threading/thread.h>
- #include <threading/mutex.h>
- #include <threading/thread_value.h>
-@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
- * public functions
- */
- openssl_plugin_t public;
--
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- /**
-- * Loaded providers
-- */
-- array_t *providers;
--#endif
- };
-
- /**
-@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
- METHOD(plugin_t, destroy, void,
- private_openssl_plugin_t *this)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- OSSL_PROVIDER *provider;
-- while (array_remove(this->providers, ARRAY_TAIL, &provider))
-- {
-- OSSL_PROVIDER_unload(provider);
-- }
-- array_destroy(this->providers);
--#endif /* OPENSSL_VERSION_NUMBER */
--
- /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
- * can't call it as we couldn't re-initialize the library (as required by the
- * unit tests and the Android app) */
-@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
- DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
- return NULL;
- }
-- array_insert_create(&this->providers, ARRAY_TAIL, fips);
- /* explicitly load the base provider containing encoding functions */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "base"));
-+ OSSL_PROVIDER_load(NULL, "base");
- }
- else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
- TRUE, lib->ns))
- {
- /* load the legacy provider for algorithms like MD4, DES, BF etc. */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "legacy"));
-+ OSSL_PROVIDER_load(NULL, "legacy");
- /* explicitly load the default provider, as mentioned by crypto(7) */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "default"));
-+ OSSL_PROVIDER_load(NULL, "default");
- }
- ossl_provider_names_t data = {};
- OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
---
-2.25.1
-
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
similarity index 97%
rename from meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb
rename to meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
index cfb7b41..1b82dce 100644
--- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb
+++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
@@ -9,10 +9,10 @@
DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}"
SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
- file://0001-openssl-Don-t-unload-providers.patch \
+ file://0001-enum-Fix-compiler-warning.patch \
"
-SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd"
+SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7"
UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
similarity index 96%
rename from meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
rename to meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index f1dba22..38fdbce 100644
--- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
+++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -19,7 +19,7 @@
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
-SRC_URI[sha256sum] = "a0e227bce2cc3a51ef3301891a0243231990b52a39b68a84a6e32f69c4e75279"
+SRC_URI[sha256sum] = "881a13303e263b7dc7fe337534c8a541d4914552287879bed30bbe76c5bf68ca"
PE = "1"