summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
* chrony: use inherit_defer for conditional inherit of useraddClayton Casciato12 days1-1/+1
| | | | | | | | | | | | [ Upstream commit 63df976d8eec0fa714e8da30f4333f8af23c57d3 ] conditionnal inherit is missed when PACKAGECONFIG privdrop is activated after this inherit, eg in .bbappend. Signed-off-by: Andreas Fenkart <afenkart@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* proftpd: Fix CVE-2024-57392Vijay Anusuri2025-05-212-0/+43
| | | | | | | Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: upgrade 2.6.12 -> 2.6.14Divya Chellam2025-04-161-1/+1
| | | | | | | | | | | | | | This includes CVE-fix for CVE-2025-2704 Changelog: ========== https://github.com/OpenVPN/openvpn/releases For full details, refer to: https://github.com/OpenVPN/openvpn/compare/v2.6.12...v2.6.14 Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: 3.6.2 -> 3.6.3Yi Zhao2025-04-161-5/+2
| | | | | | | | | | | | | | | | ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3 Remove mbedtls-framework repository, as the framework is now added as a flat directory rather than a submodule[1][2]. [1] https://github.com/Mbed-TLS/mbedtls/commit/b41194ce7f2fda63bf5959588631eba73c5c621e [2] https://github.com/Mbed-TLS/mbedtls/commit/2c824b4fe5dab7e1526560be203bf705857e372a Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 2.28.9 -> 2.28.10Yi Zhao2025-04-161-1/+1
| | | | | | | | | | ChangeLog https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fwknop: Specify target locations of gpg and wgetKhem Raj2025-04-161-1/+3
| | | | | | | | | This fixes emitting buildpaths into binary and also fixes the issue where these tools wont exist on the paths they were found on build machine Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* fetchmail: disable rpath to fix buildpaths warning.Wang Mingyu2025-04-161-4/+1
| | | | | | | | | | | There was an error with the last modification to the buildpaths warning, which could cause segment error. fix the following warning about buildpath: WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* fetchmail: Fix buildpaths warning.Wang Mingyu2025-04-161-0/+3
| | | | | | | | WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* keepalived: Make build reproducibleKhem Raj2025-04-162-0/+34
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* rdist: Fix contains reference to TMPDIR [buildpaths] warningalperak2025-04-161-1/+1
| | | | | | | | | | | Pass OE cflags to makefile WARNING: rdist-6.1.5-r0 do_package_qa: QA Issue: File /usr/bin/.debug/rdistd in package rdist-dbg contains reference to TMPDIR File /usr/bin/.debug/rdist in package rdist-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* blueman: Fix buildpathe issue with cython generated codeKhem Raj2025-04-162-0/+39
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Markus Volk <f_l_k@t-online.de> Signed-off-by: Armin Kuster <akuster@mvista.com>
* wolfssl: Add packageconfig for reproducible buildKhem Raj2025-04-161-0/+3
| | | | | | | | | | Make this option turned on by default Fixes WARNING: wolfssl-5.7.2-r0 do_package_qa: QA Issue: File /usr/lib/libwolfssl.so.42.2.0 in package wolfssl contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* wireshark: upgrade 4.2.7 -> 4.2.9Vijay Anusuri2025-03-232-135/+1
| | | | | | | | | | | | | | | | | Fixes CVE-2024-11595 CVE-2024-11596 Removed CVE-2024-9781.patch which is already fixed in 4.2.8 version Release notes: https://www.wireshark.org/docs/relnotes/wireshark-4.2.8.html https://www.wireshark.org/docs/relnotes/wireshark-4.2.9.html Reference: https://www.wireshark.org/security/wnpa-sec-2024-15.html https://www.wireshark.org/security/wnpa-sec-2024-14.html https://www.wireshark.org/security/wnpa-sec-2024-13.html Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wolfssl: Upgrade 5.7.0 -> 5.7.2Sofiane HAMAM2025-03-231-1/+1
| | | | | | | | | The upgrade includes many vulnerability fixes, new features and inhancements, refer to: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Wolfssl: add ptestSofiane HAMAM2025-03-234-2/+47
| | | | | | | | | | | | | | | | | Add ptest for Wolfssl package. Set IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-wolfssl to 700M enough to avoid a "No space left on device". BEGIN: /usr/lib/wolfssl/ptest Wolfssl ptest logs are stored in /tmp/wolfss_temp.qvuQ9h/ptest.log Test script returned: 0 unit_test: Success for all configured tests. PASS: Wolfssl DURATION: 7 END: /usr/lib/wolfssl/ptest Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* unbound: Fix CVE-2024-8508Virendra Thakur2025-03-072-1/+250
| | | | | | | | | | | | Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. Reference: https://nvd.nist.gov/vuln/detail/cve-2024-8508 Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ebtables: Remove the dependecy on bashPeter Kjellerstedt2025-03-032-12/+9
| | | | | | | Rewrite ebtables-legacy-save to avoid using bashisms. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mdio-tools: fix mdio-netlink kernel module reproducibilityYoann Congal2025-02-042-4/+3
| | | | | | | | | | | | | | | | | | mdio-netlink source make reference to ${S}/.. which breaks -fdebug-prefix-map and results in the full TMPDIR path being present in the -dbg package and, also, change a related CRC in the main package. This changes ${S} to enclose the whole SRC_URI repo and adapt relative paths to build (MODULES_MODULE_SYMVERS_LOCATION) This make mdio-netlink reproducible and fixes this warning: WARNING: mdio-netlink-1.3.1-r0 do_package_qa: QA Issue: File /lib/modules/6.6.29-yocto-standard/updates/.debug/mdio-netlink.ko in package mdio-netlink-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d161de0b00b91cd0c286fbbc1190f87cf20fe088) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark 4.2.7: Fix CVE-2024-9781Shubham Pushpkar2025-01-202-0/+134
| | | | | | | | | | | | | Upstream Repository: https://gitlab.com/wireshark/wireshark.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-9781 Type: Security Fix CVE: CVE-2024-9781 Score: 7.8 Patch: https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5 Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chrony: fix do_fetch errorJiaying Song2025-01-201-1/+1
| | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ndisc6: Fix reproducible buildKhem Raj2024-12-152-0/+86
| | | | | | | | | | | | includes the CFLAGS used to build the package in the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the absolute build path via (eg.) the -ffile-prefix-map flag. Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ndisc: Remove buildpaths from binariesKhem Raj2024-12-151-0/+4
| | | | | | | | | | configure emits its arguments into binaries via PACKAGE_CONFIGURE_INVOCATION therefore edit the paths from this in generated config.h before it gets into binaries. Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mosquitto: upgrade 2.0.19 -> 2.0.20Wang Mingyu2024-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== Broker: - Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers". Closes #3128. - Open files with appropriate access on Windows. - Don't allow invalid response topic values. - Fix some strict protocol compliance issues. Client library: - Fix cmake build on OS X. Build: - Fix build on NetBSD Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mosquitto: upgrade 2.0.18 -> 2.0.19Fabrice Aeschbacher2024-12-153-50/+1
| | | | | | | | | | | | | | - Solves CVE-2024-8376 - removed 1571.patch and 2894.patch, already applied in v2.0.19 https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-31949Zhang Peng2024-12-152-0/+164
| | | | | | | | | | | | | | | CVE-2024-31949: In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31949] Upstream patches: [https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-31948Zhang Peng2024-12-152-0/+131
| | | | | | | | | | | | | | | | CVE-2024-31948: In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31948] Upstream patches: [https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138] [https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-31951Zhang Peng2024-12-152-0/+111
| | | | | | | | | | | | | | | | CVE-2024-31951: In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31951] Upstream patches: [https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-31950Zhang Peng2024-12-152-0/+69
| | | | | | | | | | | | | | | | CVE-2024-31950: In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31950] Upstream patches: [https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix CVE-2024-34088Zhang Peng2024-12-152-0/+84
| | | | | | | | | | | | | | | | CVE-2024-34088: In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-34088] Upstream patches: [https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* freeradius: upgrade 3.2.3 -> 3.2.5Yi Zhao2024-11-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_4 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_5 Security fixes: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://www.freeradius.org/security/ https://www.blastradius.fail/ https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95 (master rev: 28d82d17c8174ee17271ca43ad7eb2175211cacc) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: upgrade 2.6.10 -> 2.6.12Haixiao Yan2024-11-242-146/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.12/Changes.rst Security fixes: CVE-2024-4877: Windows: harden interactive service pipe. Security scope: a malicious process with "some" elevated privileges (SeImpersonatePrivilege) could open the pipe a second time, tricking openvn GUI into providing user credentials (tokens), getting full access to the account openvpn-gui.exe runs as. CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client. Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> [Drop CVE-2024-28882 patch not yet in stable] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: fix CVE-2024-28882Haixiao Yan2024-11-092-0/+145
| | | | | | | | | | | | CVE-2024-28882: OpenVPN in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session References: https://community.openvpn.net/openvpn/wiki/CVE-2024-28882 Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: conditionally set status of CVE-2024-45802Peter Marko2024-11-091-0/+6
| | | | | | | | | | | | | | | | | | | | | | According to [1] the ESI feature implementation in squid is vulnerable without any fix available. NVD says it's fixed in 6.10, however the change in this release only disables ESI by default (which we always did via PACKAGECONFIG). Commit in master branch related to this CVE is [2]. Title is "Remove Edge Side Include (ESI) protocol" and it's also what it does. So there will never be a fix for these ESI vulnerabilities. We should not break features in LTS branch and cannot fix this problem. So ignrore this CVE based on set PACKAGECONFIG which should remove it from reports for most users. Thos who need ESI need to assess the risk themselves. [1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj [2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpreplay: fix CVE-2023-43279Jiaying Song2024-11-092-0/+40
| | | | | | | | | | | | | | | Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command. References: https://nvd.nist.gov/vuln/detail/CVE-2023-43279 Upstream patches: https://github.com/appneta/tcpreplay/pull/860/commits/963842ceca79e97ac3242448a0de94fb901d3560 Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openipmi: upgrade 2.0.34->2.0.36Jiaying Song2024-11-091-1/+1
| | | | | | | | Full changelog: https://sourceforge.net/p/openipmi/news/ Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 3.6.1 -> 3.6.2Yi Zhao2024-11-091-1/+1
| | | | | | | | | | | | | ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2 Security Fix: CVE-2024-49195 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireguard-tools: fix do_fetch errorJiaying Song2024-11-091-1/+1
| | | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nftables: Conditionally add ${PN}-python as RDEPENDS for ptestNikhil R2024-10-061-1/+4
| | | | | | | | | | | | | | | | This commit updates the RDEPENDS for the ptest package to include ${PN}-python only when the 'python' PACKAGECONFIG option is enabled. This fix is required as ptest is enabled in the Distro features, which was causing the following error: ERROR: Nothing RPROVIDES 'nftables-python' (but /home/builder/src/base/node0/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb RDEPENDS on or otherwise requires it) NOTE: Runtime target 'nftables-python' is unbuildable, removing... Missing or unbuildable dependency chain was: ['nftables-python'] ERROR: Required build target 'nftables' has no buildable providers. Missing or unbuildable dependency chain was: ['nftables', 'nftables-python'] Signed-off-by: Nikhil R <nikhil.r@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nftables: avoid python dependencies when building without pythonMichael Olbrich2024-10-061-2/+2
| | | | | | | | | | | | | | | Use inherit_defer instead of inhert. This way, setuptools3 is not inherited when python is removed from PACKAGECONFIG in a .bbappend file. This avoids dependencies added by setuptools3. Don't add nftables-python to PACKAGES if python is disabled. It adds extra runtime dependencies on python3-core and python3-json. Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5cf3766cf6395d4bfa5de20cf7427950ca498eaa) Signed-off-by: Nikhil R <nikhil.r@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libldb: upgrade 2.8.0 -> 2.8.1Yi Zhao2024-10-061-1/+1
| | | | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 09f8ef2242c2d7f83101effed09ee7894e14c069) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tgt: fix CVE-2024-45751Hitendra Prajapati2024-09-222-0/+72
| | | | | | | Upstream-Status: Backport from https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 2.28.8 -> 2.28.9Yi Zhao2024-09-221-1/+1
| | | | | | | | | | | | | ChangeLog https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9 Security fix: CVE-2024-45157 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 3.6.0 -> 3.6.1Yi Zhao2024-09-221-4/+5
| | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1 Security fixes: CVE-2024-45157 CVE-2024-45158 CVE-2024-45159 * According to commit[1], install data_files into framework directory for ptest. [1] https://github.com/Mbed-TLS/mbedtls/commit/9c4dd4ee6fe570b6a50a275d78b7d140fec0e02f Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samba: upgrade 4.19.7 -> 4.19.8Wang Mingyu2024-09-151-1/+1
| | | | | | | | | | Changelog: https://www.samba.org/samba/history/samba-4.19.8.html Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3cbd140c7d85d99afc81ffd83b75698ee621c1c1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samba: upgrade 4.19.6 -> 4.19.7Yi Zhao2024-09-151-1/+1
| | | | | | | | | | ChangeLog: https://www.samba.org/samba/history/samba-4.19.7.html Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 41df431b91f1d81070c1f0e8633995d7afba52e4) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: upgrade 4.2.5 -> 4.2.7Vijay Anusuri2024-09-091-1/+1
| | | | | | | | | | | | | CVE's fixed by upgrade: CVE-2024-8250 Other Changes between 4.2.5 -> 4.2.7 ====================================== https://www.wireshark.org/docs/relnotes/wireshark-4.2.7.html https://www.wireshark.org/docs/relnotes/wireshark-4.2.6.html Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* networkmanager: remove modemmanager rdependsAdrian Freihofer2024-08-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit: 5edb8335dc46450fd6bcdbb3fcf55336b32bd422 The Networkmanager package must not depend on ModemManager. Only the Networkmanager-wwan package should depend on the ModemManager package. The mobile-broadband-provider-info is fully optional and it is often not required for embedded devices. Let the user choose if it gets installed or not. Adding it explicitely to IMAGE_INSTALL is simple. Adding an RRECOMMENS would work as well. But adding an RDEPENDS is bad. In general, NetworkManager packaging is intended to provide a set of binary packages suitable for building many different images. NetworkManager is designed to be used for binary packages distributions where it is not possible to rebuild NetworkManager just to install Modemmanager. Also for OE, where a rebuilding is possible, a rebuild is a disadvantage. So please do not destroy this flexibility by adding RDEPENDS, which are firstly wrong and secondly only suitable for your specific needs. Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: patch CVE-2024-37894Peter Marko2024-08-212-0/+37
| | | | | | | Reference: https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tayga: Fix contains reference to TMPDIR [buildpaths] warningalperak2024-08-101-0/+3
| | | | | | | | | | | WARNING: tayga-0.9.2-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/tayga in package tayga-dbg contains reference to TMPDIR [buildpaths] Make sure that the OE provided CFLAGS are passed to the compiler. Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d1bf2db7cc2bcb8b6ac45bb382c3f2b6bb762053) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* znc: Fix buildpaths QA errorsJ. S.2024-08-101-0/+1
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 28d77dddad1c86ac5771859e59504e662eb68813) Signed-off-by: Armin Kuster <akuster808@gmail.com>