| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Change the SRC_URI to the correct value due to the following error:
WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/snort3/snort3/releases/tag/3.6.1.0
https://github.com/snort3/snort3/releases/tag/3.6.0.0
https://github.com/snort3/snort3/releases/tag/3.5.2.0
https://github.com/snort3/snort3/releases/tag/3.5.1.0
https://github.com/snort3/snort3/releases/tag/3.5.0.0
https://github.com/snort3/snort3/releases/tag/3.3.7.0
https://github.com/snort3/snort3/releases/tag/3.3.6.0
https://github.com/snort3/snort3/releases/tag/3.3.5.0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/FRRouting/frr/commit/5f0beaa0fdd00b7a60c1765067d1b6fa65ce96c0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debian has fixed this CVE with [1].
That patch is taken from [2].
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git describe 69628ea13
v0.13.1-190-g69628ea1
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git tag --contains 69628ea13
v0.13.2
[1] https://sources.debian.org/patches/spice/0.12.5-1%2Bdeb8u5/CVE-2016-2150/0002-improve-primary-surface-parameter-checks.patch/
[2] https://gitlab.freedesktop.org/spice/spice/-/commit/69628ea1375282cb7ca5b4dc4410e7aa67e0fc02
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/strongswan/strongswan/releases/tag/6.0.0
The aes, curve25519, des, fips-prf, gmp, hmac, md5, pkcs12, rc2, sha1,
sha2 plugins are not enabled by default[1]. Remove these plugins from
RDEPENDS and add PACKAGECONFIG for them.
[1] https://github.com/strongswan/strongswan/blob/6.0.0/NEWS#L38
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.50.0/NEWS
Drop 0001-libnm-systemd-core-Disable-sd_dhcp6_client_set_duid_.patch as
it has been merged upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/FRRouting/frr/releases/tag/frr-10.2
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Solves CVE-2024-46613
Update dependencies:
- remove openssl and icu
- add cjson and gettext-native
Remove patch to find gcrypt which is no longer needed.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Solves CVE-2024-9781
Release notes:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.7.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.8.html
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per [1] this is fixed by [2].
The commit message says that it is reverting feature added in:
$ git tag --no-contains d7a0084 | grep 1.0.18
1.0.18
This recipe is for the original memcached which is unmaintained now.
Hence the ignore instead of upgrade.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-27478
[2] https://github.com/awesomized/libmemcached/commit/48dcc61a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
After removing old libmemcached recipe version, these is no reasons
anymore to have this split.
The memcached resurrected project uses cmake and different urls.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This no longer compiles with latest toolchains.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Solves CVE-2023-46852 and CVE-2023-46853.
Upgrade done via "devtool upgrade".
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Download URL is not listable so devtool upgrade fails.
Using homepage works as it contains link to latest release,
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
It is fixed by [1] since 0.15.3.
NVD tracks this CVE as version-less.
[1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
NVD tracks this as version-less CVE for spice.
It was fixed by [1] and [2] included in 0.13.2.
[1] https://gitlab.freedesktop.org/spice/spice/-/commit/6b32af3e1746988bb5a5123263bcf61b65e5be7e
[2] https://gitlab.freedesktop.org/spice/spice/-/commit/359ac42a7ac02dcd1013757559292006647cd5c4
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix-openssl-no-des.patch
refreshed for 5.74
* Bugfixes
- Fixed a stapling cache deallocation crash.
- Fixed "redirect" with protocol negotiation.
* Features
- "protocolHost" support for "socks" protocol clients.
- More detailed logs in OpenSSL 3.0 or later.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chanh Nguyen <chanh@os.amperecomputing.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add exact CPE name (from NVD database) in CVE_PRODUCT in order to ensure
CVE filtering and not be disturb by futur potential false-positive CVEs.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."
Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.
[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* since elfutils upgrade to 0.192 in:
https://git.openembedded.org/openembedded-core/commit/?id=1d6ac3c811798732e6addc798656bbe104661d77
json-c is detected in RSS and ov-rest plugin gets enabled, but fails to build:
../../../openhpi-3.8.0/plugins/ov_rest/ov_rest_event.c:78:10: fatal error: amqp_ssl_socket.h: No such file or directory
78 | #include <amqp_ssl_socket.h>
| ^~~~~~~~~~~~~~~~~~~
compilation terminated.
../../../openhpi-3.8.0/plugins/ov_rest/ov_rest_re_discover.c:707:23: error: initialization of 'SaErrorT' {aka 'int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
707 | SaErrorT rv = NULL;
| ^~~~
* keep it explicitly disabled as it was disabled before
* add rabbitmq-c dependency for the first issue, the 2nd issue could be
worked around by:
# openhpi-3.8.0/plugins/ov_rest/ov_rest_re_discover.c:707:23: error: initialization of 'SaErrorT' {aka 'int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
CFLAGS += "-Wno-error=int-conversion"
or better fixed properly by someone actually using this recipe
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Mistakenly removed musl-fixes.patch in previous commit.
update & Include 0001-Musl-build-fix.patch based on latest upstream of ot-br-posix
Remove CXXFLAGS:append:libc-musl:toolchain-clang = " -Wno-error=sign-compare
-Wno-error=unused-but-set-variable", as issue is not reproducible with
current SRCREV of ot-br-posix.
Signed-off-by: deepan.shivap <deepan.shivap@lge.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Conditionnal inherit may be missed when PACKAGECONFIG qt5 is activated
after this inherit, eg in .bbappend. see patch [0]
[0]: https://lists.openembedded.org/g/bitbake-devel/message/16815
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Wireshark is built with Qt6 by default when Qt is enabled.
Forcibly disable Qt6 in our Qt5 PACKAGECONFIG
Github issue: https://github.com/openembedded/meta-openembedded/issues/844
Reported-by: Ludovic Jozeau <ludovic.jozeau@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 14 compiler uses -fvisibility-inlines-hidden by default and
it creates visibility conflicts.
Add 0001-fix-build-on-GCC-14-for-yocto.patch file to resolve build error.
Remove musl-fixes.patch, not applicable for latest Upstream.
Update SRCREV to latest Upstream.
Signed-off-by: deepan.shivap <deepan.shivap@lge.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently, the official nbdkit repo has been changed:
from https://github.com/libguestfs/nbdkit
into https://gitlab.com/nbdkit/nbdkit
Additionally, the newest stable tag version is v1.40.4.
The patch used with version 1.33.11 is also copied
and modified to support the latest changes.
The version 1.33.11 is not removed for reference purposes.
It was tested with one of openbmc images.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Fix build with icu-76.x while here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Add exact CPE name in CVE_PRODUCT.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Add exact CPE name in CVE_PRODUCT.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Changes are
https://www.keepalived.org/release-notes/Release-2.3.0.html
https://www.keepalived.org/release-notes/Release-2.3.1.html
https://www.keepalived.org/release-notes/Release-2.3.2.html
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All test cases PASS.
Add openvpn to PTESTS_SLOW because test duration longer than 30s Below is parts of the run log:
[==========] xkey provider tests: Running 3 test(s).
[ RUN ] xkey_provider_test_fetch
[ OK ] xkey_provider_test_fetch
[ RUN ] xkey_provider_test_mgmt_sign_cb
[ OK ] xkey_provider_test_mgmt_sign_cb
[ RUN ] xkey_provider_test_generic_sign_cb
[ OK ] xkey_provider_test_generic_sign_cb
[==========] xkey provider tests: 3 test(s) run.
[ PASSED ] 3 test(s).
PASS: provider_testdriver
The files t_client.sh.in and t_cltsrv.sh were not added because they
require specific environment configuration files. It is recommended that
users configure these based on their environment before testing.
Since the recipe enables iproute2, the condition for t_net.sh based on
HAVE_SITNL is not met, so t_net.sh will not be included in the build.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Use the new cython class to avoid duplicated fixup code to remove build
paths.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Rewrite ebtables-legacy-save to avoid using bashisms.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to [1] the ESI implementation in squid feature is vulnerable
without any fix available.
NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).
This means CVE report would say Patched even if the vulnerability is
still present if someone adapts squid PACKAGECONFIG.
Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.
Based on this, remove vulnerable ESI PACKAGECONFIG already now.
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
License-Update: copyright year updated
Add patch to fix new build failure from release tarball.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
Closes #3128.
- Open files with appropriate access on Windows.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.
Client library:
- Fix cmake build on OS X.
Build:
- Fix build on NetBSD
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- daq_netmap: Fix build on Linux with non-system headers
- example: support snap encapsulation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
buildhistory-diff shows few new files in testdata:
packages/core2-64-oe-linux/unbound/unbound-ptest: FILELIST: added "
/usr/lib/unbound/ptest/tests/testdata/rpz_val_block.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_ttl_reset.rpl
/usr/lib/unbound/ptest/tests/testdata/val_negcache_ttl_prefetch.rpl
/usr/lib/unbound/ptest/tests/testdata/val_negcache_ttl.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_max_global_quota.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_unverified_glue.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_val_bogus.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_unverified_glue_fallback.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_client_timeout_val_bogus.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl
/usr/lib/unbound/ptest/tests/testdata/dns64_prefetch_cache.rpl"
wasn't tested in runtime, I don't use it, I just wanted to get rid of
random build failure from world builds (happens at least since kirkstone
which has 1.15.0).
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add local fixes for:
* definition for MAX()
* missing `limit` declarations
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chanh Nguyen <chanh@os.amperecomputing.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2
Security Fix:
CVE-2024-49195
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chanh Nguyen <chanh@os.amperecomputing.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Change the SRC_URI to the correct value due to the following error:
WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- Solves CVE-2024-8376
- removed 1571.patch and 2894.patch, already applied in v2.0.19
https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt
Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com>
Reviewed-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
