<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking/recipes-connectivity, branch kirkstone-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2025-04-20T17:43:06+00:00</updated>
<entry>
<title>netplan: Fix CVE-2022-4968</title>
<updated>2025-04-20T17:43:06+00:00</updated>
<author>
<name>Jinfeng Wang</name>
<email>jinfeng.wang.cn@windriver.com</email>
</author>
<published>2025-04-14T07:03:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=77e91fceec324a17be4c186207000332f4f9c849'/>
<id>urn:sha1:77e91fceec324a17be4c186207000332f4f9c849</id>
<content type='text'>
Backport patch[1] to fix CVE-2022-4968.

[1] https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee

Signed-off-by: Jinfeng Wang &lt;jinfeng.wang.cn@windriver.com&gt;
</content>
</entry>
<entry>
<title>mbedtls: fix CVE-2024-28755 and CVE-2024-28836</title>
<updated>2025-02-09T15:58:36+00:00</updated>
<author>
<name>Yogita Urade</name>
<email>yogita.urade@windriver.com</email>
</author>
<published>2025-02-05T05:24:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b7dc1e8eb72b01595a60367f8fd375625268b8a2'/>
<id>urn:sha1:b7dc1e8eb72b01595a60367f8fd375625268b8a2</id>
<content type='text'>
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When
an SSL context was reset with the mbedtls_ssl_session_reset()
API, the maximum TLS version to be negotiated was not restored
to the configured one. An attacker was able to prevent an Mbed
TLS server from establishing any TLS 1.3 connection, potentially
resulting in a Denial of Service or forced version downgrade from
TLS 1.3 to TLS 1.2.

fix indent issue in mbedtls_3.5.2.bb file.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-28755
https://security-tracker.debian.org/tracker/CVE-2024-28836

Signed-off-by: Yogita Urade &lt;yogita.urade@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mosquitto: upgrade 2.0.19 -&gt; 2.0.20</title>
<updated>2024-12-31T13:59:59+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2024-12-19T11:31:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=54933d4bc0c9c2fef00e35d47f65aa0a59e3a487'/>
<id>urn:sha1:54933d4bc0c9c2fef00e35d47f65aa0a59e3a487</id>
<content type='text'>
Changelog:
==========
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
  Closes #3128.
- Open files with appropriate access on Windows.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.

Client library:
- Fix cmake build on OS X.

Build:
- Fix build on NetBSD

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
</content>
</entry>
<entry>
<title>mosquitto: upgrade 2.0.18 -&gt; 2.0.19</title>
<updated>2024-12-31T13:59:56+00:00</updated>
<author>
<name>Fabrice Aeschbacher</name>
<email>fabrice.aeschbacher@siemens.com</email>
</author>
<published>2024-12-19T11:31:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=255faa7b69033910ff32d58cc871cf171efd334a'/>
<id>urn:sha1:255faa7b69033910ff32d58cc871cf171efd334a</id>
<content type='text'>
- Solves CVE-2024-8376
- removed 1571.patch and 2894.patch, already applied in v2.0.19

https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt

Signed-off-by: Fabrice Aeschbacher &lt;fabrice.aeschbacher@siemens.com&gt;
Reviewed-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
</content>
</entry>
<entry>
<title>freeradius: upgrade 3.0.21 -&gt; 3.0.27</title>
<updated>2024-12-08T19:54:19+00:00</updated>
<author>
<name>Haixiao Yan</name>
<email>haixiao.yan.cn@windriver.com</email>
</author>
<published>2024-11-18T07:07:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=feb37930707107748a31300acb5f30189b7232a3'/>
<id>urn:sha1:feb37930707107748a31300acb5f30189b7232a3</id>
<content type='text'>
ChangeLog:
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_27

Configuration changes:
BlastRADIUS mitigations have been added to the "security" section. See
require_message_authenticator and also limit_proxy_state.
BlastRADIUS mitigations have been added to radclient. See man radclient,
and the -b option.

Security fixes:
CVE-2024-3596:
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a
local attacker who can modify any valid Response (Access-Accept,
Access-Reject, or Access-Challenge) to any other response using a
chosen-prefix collision attack against MD5 Response Authenticator signature.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3596
https://www.freeradius.org/security/
https://www.blastradius.fail/
https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95

Signed-off-by: Haixiao Yan &lt;haixiao.yan.cn@windriver.com&gt;
[Drop CVE-2024-3596 patch backported early]
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mbedtls: Upgrade 2.28.8 -&gt; 2.28.9</title>
<updated>2024-12-08T19:39:17+00:00</updated>
<author>
<name>Mingli Yu</name>
<email>mingli.yu@windriver.com</email>
</author>
<published>2024-10-25T06:51:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=33eb562e382d0c90fc6574c3de2fff3e79a414cf'/>
<id>urn:sha1:33eb562e382d0c90fc6574c3de2fff3e79a414cf</id>
<content type='text'>
The mbedtls 2.28.9 includes the security fix for CVE-2024-45157,
bug fixes and minor enhancements [1].

[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9

Signed-off-by: Mingli Yu &lt;mingli.yu@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>freeradius: Security fix for CVE-2024-3596</title>
<updated>2024-12-08T19:39:17+00:00</updated>
<author>
<name>Rohini Sangam</name>
<email>rsangam@mvista.com</email>
</author>
<published>2024-10-15T06:57:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=61b0967009b1743637c8f02f21c2e3eef08d648e'/>
<id>urn:sha1:61b0967009b1743637c8f02f21c2e3eef08d648e</id>
<content type='text'>
CVE fixed:
- CVE-2024-3596 freeradius: forgery attack
Upstream-Status: Backport from v3.0.x branch, commit range 3a00a6ecc188629b0441fd45ad61ca8986de156e..da643f1edc267ce95260dc36069e6f1a7a4d66f8

Signed-off-by: Rohini Sangam &lt;rsangam@mvista.com&gt;
Signed-off-by: Siddharth Doshi &lt;sdoshi@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mbedtls: upgrade 2.28.7-&gt;2.28.8</title>
<updated>2024-05-26T19:22:08+00:00</updated>
<author>
<name>Yogita Urade</name>
<email>yogita.urade@windriver.com</email>
</author>
<published>2024-04-26T13:04:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d02d0149c7b1630f12a8e2283e7516d712fc0aca'/>
<id>urn:sha1:d02d0149c7b1630f12a8e2283e7516d712fc0aca</id>
<content type='text'>
Includes security fixes for:
CVE-2024-28960 - Insecure handling of shared memory in PSA Crypto APIs

Release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8

Signed-off-by: Yogita Urade &lt;yogita.urade@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mbedtls: Upgrade 3.5.0 -&gt; 3.5.2</title>
<updated>2024-02-28T13:18:18+00:00</updated>
<author>
<name>Soumya Sambu</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2024-02-19T12:46:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=fda737ec0cc1d2a5217548a560074a8e4d5ec580'/>
<id>urn:sha1:fda737ec0cc1d2a5217548a560074a8e4d5ec580</id>
<content type='text'>
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()

Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX.

License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later

Changelog:
https://github.com/Mbed-TLS/mbedtls/blob/v3.5.2/ChangeLog

Signed-off-by: Soumya Sambu &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mbedtls: upgrade 2.28.5 -&gt; 2.28.7</title>
<updated>2024-02-28T13:18:18+00:00</updated>
<author>
<name>Soumya Sambu</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2024-02-19T12:46:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7d07ad57002a0af09ceb0fbe59b48ccd2ce4a740'/>
<id>urn:sha1:7d07ad57002a0af09ceb0fbe59b48ccd2ce4a740</id>
<content type='text'>
Includes security fixes for:
CVE-2024-23170 - Timing side channel in private key RSA operations
CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()

License updated to dual Apache-2.0 OR GPL-2.0-or-later.

Changelog:
https://github.com/Mbed-TLS/mbedtls/blob/v2.28.7/ChangeLog

Signed-off-by: Soumya Sambu &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
