The state directory must be correctly specified as under /run because
RequiresMountsFor doesn't follow symbolic links which means the unit may
run before /run is mounted if the default of /var/run/rpcbind is kept
(From OE-Core rev: 3d5a85f173dffa14a6829edb9e6adbd5a3946d9c)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 561e853e97e2cfa325ed310233577a5e124d9049)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
On occasion a file is attmpeded to be opened prior to the
creation of the spdx_workdir. Create the directory before
the open, just in case.
File: '/build/layers/poky/meta/classes/create-spdx-2.2.bbclass', lineno: 1081, function: combine_spdx
1077: )
1078:
1079: image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json")
1080:
*** 1081: with image_spdx_path.open("wb") as f:
1082: doc.to_json(f, sort_keys=True, indent=get_json_indent(d))
(From OE-Core rev: 1b90a9c9c8180c080f780c8dd428fad3f55e879d)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb9f2a9c0ff5dcdeaf1a0beb6a614d0d022a2481)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We currently use mkdir -p to create missing parent directories within SSTATE_DIR.
Reading the man page for mkdir mentions that parent directories are created with
the current umask, *not* the mode passed upon the commandline.
We could fix this by setting and resetting the umask but since we already have
decent python code able to do this, move to using that injecting a python function
into the chain of functions already present.
This should help fix the occasional sstate directory creation with the wrong
permissions.
[YOCTO #14385]
(From OE-Core rev: 90d1e97b7c8bce0fb49714923989c63d243eb2da)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ae642a4b038c6946e6c8aa9778bf09099d938a31)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
===========
1.9.15p2:
- Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.
1.9.15p1:
- Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
sudoers from being able to read the ldap.conf file.
1.9.15:
- Fixed an undefined symbol problem on older versions of macOS
when "intercept" or "log_subcmds" are enabled in sudoers.
- Fixed "make check" failure related to getpwent(3) wrapping
on NetBSD.
- Fixed the warning message for "sudo -l command" when the command
is not permitted. There was a missing space between "list" and
the actual command due to changes in sudo 1.9.14.
- Fixed a bug where output could go to the wrong terminal if
"use_pty" is enabled (the default) and the standard input, output
or error is redirected to a different terminal. Bug #1056.
- The visudo utility will no longer create an empty file when the
specified sudoers file does not exist and the user exits the
editor without making any changes. GitHub issue #294.
- The AIX and Solaris sudo packages on www.sudo.ws now support
"log_subcmds" and "intercept" with both 32-bit and 64-bit
binaries. Previously, they only worked when running binaries
with the same word size as the sudo binary. GitHub issue #289.
- The sudoers source is now logged in the JSON event log. This
makes it possible to tell which rule resulted in a match.
Running "sudo -ll command" now produces verbose output that
includes matching rule as well as the path to the sudoers file
the matching rule came from. For LDAP sudoers, the name of the
matching sudoRole is printed instead.
- The embedded copy of zlib has been updated to version 1.3.
- The sudoers plugin has been modified to make it more resilient
to ROWHAMMER attacks on authentication and policy matching.
This addresses CVE-2023-42465.
- The sudoers plugin now constructs the user time stamp file path
name using the user-ID instead of the user name. This avoids a
potential problem with user names that contain a path separator
('/') being interpreted as part of the path name. A similar
issue in sudo-rs has been assigned CVE-2023-42456.
- A path separator ('/') in a user, group or host name is now
replaced with an underbar character ('_') when expanding escapes
in @include and @includedir directives as well as the "iolog_file"
and "iolog_dir" sudoers Default settings.
- The "intercept_verify" sudoers option is now only applied when
the "intercept" option is set in sudoers. Previously, it was
also applied when "log_subcmds" was enabled. Sudo 1.9.14
contained an incorrect fix for this. Bug #1058.
- Changes to terminal settings are now performed atomically, where
possible. If the command is being run in a pseudo-terminal and
the user's terminal is already in raw mode, sudo will not change
the user's terminal settings. This prevents concurrent sudo
processes from restoring the terminal settings to the wrong values.
GitHub issue #312.
- Reverted a change from sudo 1.9.4 that resulted in PAM session
modules being called with the environment of the command to be
run instead of the environment of the invoking user.
GitHub issue #318.
- New Indonesian translation from translationproject.org.
- The sudo_logsrvd server will now raise its open file descriptor
limit to the maximum allowed value when it starts up. Each
connection can require up to nine open file descriptors so the
default soft limit may be too low.
- Better log message when rejecting a command if the "intercept"
option is enabled and the "intercept_allow_setid" option is
disabled. Previously, "command not allowed" would be logged and
the user had no way of knowing what the actual problem was.
- Sudo will now log the invoking user's environment as "submitenv"
in the JSON logs. The command's environment ("runenv") is no
longer logged for commands rejected by the sudoers file or an
approval plugin.
(cherry picked from OE-Core rev 5ea298680a8f17d3b808a2c43b0182e9c391f663)
(From OE-Core rev: 105ecb87e78b9133e4188a8b5c604ea0e9a47910)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
update include fix for CVE-2023-3019.
CVE-2023-3019 : 88e79a2dfd
(From OE-Core rev: 2a2f2b5be2070544f0ab98144e4c31c749b7d504)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pulls in the changes:
Eilís 'pidge' Ní Fhlannagáin (1):
subports: Add _GNU_SOURCE for syncfs probe
Richard Purdie (1):
SECURITY.md: Add file
Wu Zhenyu (1):
pseudo.1: Fix a typo
(From OE-Core rev: ff0dc585479136e3d031da08ef15e8e5c6e92c8d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9aab5be508c0dd88a4d9767f65ba5b6fcd5fb9dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
zstd is dual-licensed under BSD _OR_ GPLv2. License wording in the
README for v1.5.5 is misleading, but license headers in the code clearly
state that there is a choice between the two licenses.
(From OE-Core rev: 6c9a5fefeaa9225c193a0445bae869e6844bf34d)
Signed-off-by: Massimiliano Minella <massimiliano.minella@se.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 40f85de590c188c9c3985e64a83efaf06b0b4fbc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Avahi has moved to a new parent organisation on GitHub, so update the
URLs to match.
(From OE-Core rev: b541fbeb99df15a1548f93ddbd654fb629ebc2ce)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 02caef1567186f250e64ae3ef84fcff33d7323e4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake.
The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly
during do_compile the code. Due to this getting sporadic error like below,
fatal error: stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
As cmake already correctly initializes the variable from environment,
So we have to unset it in the toolchain file to avoid overwriting the
variable definition again.
(From OE-Core rev: 5599eaefee3818c865d71f5b7c3cc04fc01de848)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The current description is only pertinent to the kernel, even though
do_menuconfig task is used by other projects, such as Busybox and
U-Boot.
Replace "for the kernel" by an agnostic alternative (i.e., "in the
compilation directory").
(From OE-Core rev: adf91e340d5d8121c87585fd7340f947b21396b1)
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52e053bce5e359995ebdaa21d6899f04ad2306a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
bnx2x is another broadcom ethernet adapter with its own firmware. Place
it into its own subpackage.
(From OE-Core rev: bb9eeafb13a69fe71919832b89a01ef8b561f7d7)
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 414f71bb692da7ca1899b07ebb689edeb53f8e0d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The bnx2 module uses both the mips and rv2p files, so package them all
together. Remove -mips from the package name, but add an RPROVIDES for
compatibility.
(From OE-Core rev: 49ca6eb5ef93bf90c682ea06c83db147aed250fa)
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 46f2b7b3bebc7efdb4199cdfe386dc16c049d8d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The iwlwifi uses the .pnvm files for newer AX210+ cards, so package them
into the iwlwifi-misc subpackage.
(From OE-Core rev: d4f7a9f4715ba2eda753ff6bac07f6905233c3d7)
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 056c4de1422ff06745c5669f871a1bb6f5390d01)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.11..go1.20.12
97c8ff8d53 (tag: go1.20.12, origin/release-branch.go1.20) [release-branch.go1.20] go1.20.12
6446af942e [release-branch.go1.20] net/http: limit chunked data overhead
77397ffcb2 [release-branch.go1.20] crypto/rand,runtime: revert "switch RtlGenRandom for ProcessPrng"
d77307f855 [release-branch.go1.20] cmd/compile: fix findIndVar so it does not match disjointed loop headers
1bd76576fe [release-branch.go1.20] crypto/rand,runtime: switch RtlGenRandom for ProcessPrng
1b59b017db [release-branch.go1.20] path/filepath: consider \\?\c: as a volume on Windows
46bc33819a [release-branch.go1.20] cmd/go/internal/vcs: error out if the requested repo does not support a secure protocol
e1dc209be8 [release-branch.go1.20] cmd/go/internal/modfetch/codehost: set core.longpaths in Git repos on Windows
[1] https://github.com/golang/go/compare/go1.20.11...go1.20.12
(From OE-Core rev: 3e7981c7e575b0e16a7b7aba47993e9c58a719c5)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8515842b5c503b9a8840675d9cbcfe147d25c1d4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These test suites are full of timing-sensitive test cases, so skip
them too.
[ YOCTO #15321 ]
(From OE-Core rev: e6a2793afdf4d48479e5f369a0446db51a681117)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd06c3668dbe9ec1cf9a0a84d7a6bc9851f9c662)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There are several tests in the test suite which are very dependent on
timing and fail on a loaded host system, so skip them.
[ YOCTO #14825#14882#15081 ]
(From OE-Core rev: bd9070fbf4942d412099b4a0a8d199f9d63e33e3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 68beb4f4b5a0bea5d431decddf7656f18ac7a04a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The target_dumper code is basically broken. It has been reading binary files
over the text base serial communication and runs at every command failure which
makes no sense. Each run might overwrite files from the previous run and the
output appears corrupted due to confusion from the binary data.
For now, remove the commands and the target dumper code as the command
and execution point are problematic. Also remove the same pieces of the monitor
code but leave the command list since in theory this can be moved to a more
useful place in the code.
(From OE-Core rev: 4c7aa982a996b23a4c5100c5a5a9390e26e5fe46)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a24d787987dccc95fdd95b7e85bf525a1c55b285)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patch Signed-off-by test's output line is excessively long, and can
trigger a failsafe in the patchtest automated service's email content
generation. Shorten the output by reducing redundant phrasing and using
os.path.basename to get only the failing patch's name, not the entire
path, as the submitter should have a good idea of where it is located
regardless.
(From OE-Core rev: f6a6af896dd1968eded614b0c519dc375eff407a)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc7546ded87dd44a988d7a23f1d7645094b5cdd4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Skip -Werror to make it possible to compile this recipe with ICECC else
all fallthrough comments will be removed since we pre-process the files
on the host before sending them to the compile nodes which then cause
errors because of default -Werror switch.
Fixes: caf64f85b5c5 ("json-c: update 0.13.1 - > 0.14")
(From OE-Core rev: edda50f28826fd84f83ccecaffbc7705204bccd6)
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 915f8307b063e17ddadd5dface83578b8ad254e2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The Cups documentation states:
The default contains "admin", "lpadmin", "root", "sys" and/or "system".
https://www.cups.org/doc/man-cups-files.conf.html#:~:text=SystemGroup
Add root and sys accordingly
Also add wheel group. This is required for systems with polkit support in order to
control the printer settings with cups-pk-helper.
Not only for gnome-control-center, but also when using plain system-config-printer on
a system with running polkit, cups-pk-helper would be a required rdepend.
(From OE-Core rev: 1cca30bb163fbc3f6b79fe3cff6d6b405830a63a)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 572fed0ac6dbcf5749e19c7b624826fc30cf301e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bluez 5.69 added a regression. Bluetooth connection for playstation controllers
stopped working. This adds a backport patch for the issue
(From OE-Core rev: a4ba3de4248ee05119ae944a972f88517e4e087b)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be05a177f943e9c8ce6c0fdbd157ee6f9103eef9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
[YOCTO #14933]
test_storlines is yet another Python ptest that fails intermittently on
the Yocto AB, so disable it during ptests for now.
(From OE-Core rev: 11eab2b5d14efa75fcb0686a9f835f9675883113)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d7b9f8157e6214a83b5495e8a32e11540ae65ff8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes an issue running "opkg upgrade" on a system with systemd
(and when there is an update to "systemd-compat-units",
for example between yocto 4.2.2 and 4.2.3):
//var/lib/opkg/info/systemd-compat-units.postinst: cd: line 3: can't cd to /etc/init.d: No such file or directory
The existence of /etc/init.d is now tested
without causing an error if doesn't exist.
Fixes [YOCTO #15292]
(From OE-Core rev: d114814fa2628cfea2769d65a26514b76e61a0fa)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0330331a1386fd2a34b410a7f62b29bfc8dc23c4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The Source: variable is generated from FILE but this is excluded from checksums
normally which results in a reproduciubility issue when the filename changes.
Add in a dependency by reworking the code a little to avoid this.
(From OE-Core rev: 431e6ad7c5b0af3909f5a43599764c529146e6d6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ea7da76c6930031a0071069027b1d71f737fbc9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If we chdir(), do the chdir back to the original directory in a finally
block so they always run.
(From OE-Core rev: 1680d1766445b21e35c6b874c4767b385862017f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cdc40292818683b6df1c814498c7589450a163fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A previous commit tried to add the --follow-symlinks option to
the perform_passwd_expire function in useradd_base.bbclass, however it used
a single -.
This is interpreted as --file=ollow-symlinks which results in...
sed: couldn't open file ollow-symlinks: No such file or directory
and...
ERROR: <image name>: passwd --expire operation did not succeed.
Fix by adding the missing -
(From OE-Core rev: 67721b71bf677097645b9150a31ac833125c0c23)
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3c0deafcfcea3f610c7dd9a2d2884a16fbfe0497)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If /etc/passwd is a symlink, sed -i on same file will replace the
symlink with a new file. Prevent that by adding --follow-symlinks
option to sed
(From OE-Core rev: 7b4343a30a02d8f8664ac4c4bc09e5acfb4fa60e)
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6ec004b2e7b4342465af8e5e6cc66041834821a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As stated in the LICENSES/README.md "Unless otherwise noted, the systemd
project sources are licensed under the terms and conditions of the GNU
Lesser General Public License v2.1 or later", so replace LGPL-2.1-only
with LGPL-2.1-or-later.
With the exception of some udev sources that are licensed under
GPL-2.0-or-later (but are packaged separately), the project is licensed
under LGPL, and all the components are LGPL or under LGPL compatible
licenses. The package libsystemd is currently under the main package
license, which can cause problems when scanning for GPL software linked
to CLOSED one. Add more granularity by setting a license for libsystemd
to LGPL-2.1-or-later.
(From OE-Core rev: 2c65ec32ce3c4a74b7117588151a94a4c6e506a6)
Signed-off-by: Massimiliano Minella <massimiliano.minella@se.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 54975f4b2184fe12c4995c289eba8358958e6c21)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changes made since CMake 3.27.6:
Brad King (6):
Android: Require Clang 18 for -std=c++23
Tests: Clarify RunCMake.CTestTimeout case name
ctest: Restore support for --timeout values higher than default test timeout
Help: Document CMP0124 behavior on already-set variables
FindPostgreSQL: Add support for version 16
CMake 3.27.7
Orkun Tokdemir (1):
Linting: Fix empty evaluated genex
(From OE-Core rev: 3f3f3118dd6976259e8d971ebf76f2eeaf96f930)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 0faec0c8606b31216702252d0db7aa88388df231)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
===========
- extensions: Don't search imports for extension prefixes
- transform: Check maximum depth when processing default templates
- build: Add more missing includes
- python: Don't set deprecated global
- build: Add missing includes
- imports: Limit nesting depth
- extensions: Report top-level elements in xsltDebugDumpExtensions
- Add extern "C" { } block to xsltlocale.h
- python: Make it compatible with python3.12
- date: Fix check for localtime_s
- date: Fix check for gmtime_s
- pkg-config files include cflags for static builds
- Handle NOCONFIG case when setting locations from CMake target properties
- autotools: Make xslt-config executable
- tests: Structured error handler now passes a const xmlError
- python: Fix tests on MinGW
- fuzz: Fix xmlFuzzEntityLoader after recent libxml2 changes
(From OE-Core rev: 7828e780813857a6667cb07472a0371823781e9b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 48b353f3fb8e5ab1853cba7faa3065d2fe6f36b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
- Fix public key computation for other EdDSA curves.
- Remove out of core handler diagnostic in FIPS mode.
- Check that the digest size is not zero in gcry_pk_sign_md and
gcry_pk_verify_md.
- Make store an s-exp with \0 is considered to be binary.
- Various constant-time improvements.
- Use getrandom call only when supported by the platform.
- Change the default for --with-libtool-modification to never.
(From OE-Core rev: 451480be9e8693d026fb408f5bfd1c6c77ad7182)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e21583896116cf37bf6b95aea466854e4fd5e54b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
============
-Fix missing newlines in the output of "rndc nta -dump".
-Take into account local authoritative zones when falling back to serve-stale.
-Fix assertion failure when using lock-file configuration option together -X
argument to named.
-The 'lock-file' file was being removed when it shouldn't have been making it
ineffective if named was started 3 or more times.
-Fix a shutdown race in dns__catz_update_cb().
-B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b.
-The timeouts for resending zone refresh queries over UDP were lowered to enable
named to more quickly determine that a primary is down.
-Don't schedule resign operations on the raw version of an inline-signing zone.
-Fix a possible assertion failure on an error path in resolver.c:fctx_query(),
when using an uninitialized link.
-Add semantic patch to do an explicit cast from char to unsigned char in ctype.h
class of functions.
-Python system tests have to be executed by invoking pytest directly. Executing
them with the legacy test runner is no longer supported.
-The wrong covered value was being set by dns_ncache_current for RRSIG records
in the returned rdataset structure. This resulted in TYPE0 being reported as
the covered value of the RRSIG when dumping the cache contents.
(From OE-Core rev: 6103a28c3b3df76a679acae577140d4ad2346894)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9b34124561d926d9273c52163853161515e5666a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Version 0.7.26
- selected bug fixes:
* fix evr roundtrip in testcases
* do not use deprecated headerUnload with newer rpm versions
(From OE-Core rev: a749063e3f978a429d192445dcb5d636de668b82)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit abd47f16a4ef8a50af4287795969832d1391d8d2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
