<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking/recipes-daemons, branch kirkstone</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-03-13T04:57:22+00:00</updated>
<entry>
<title>lldpd: fix xml PACKAGECONFIG dependency</title>
<updated>2026-03-13T04:57:22+00:00</updated>
<author>
<name>Aviv Daum</name>
<email>aviv.daum@gmail.com</email>
</author>
<published>2026-03-12T18:17:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=1bdff724ed3229232f301dc686a1ee6dcfa1f74f'/>
<id>urn:sha1:1bdff724ed3229232f301dc686a1ee6dcfa1f74f</id>
<content type='text'>
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.

Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.

Signed-off-by: Aviv Daum &lt;aviv.daum@gmail.com&gt;
Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>keepalived: patch CVE-2024-41184</title>
<updated>2026-02-27T13:28:50+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-26T16:30:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5b9b91b0e2cd726e9ed1d35f4bb29c2ce1a13638'/>
<id>urn:sha1:5b9b91b0e2cd726e9ed1d35f4bb29c2ce1a13638</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184

Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>proftpd: ignore CVE-2021-47865</title>
<updated>2026-01-30T17:59:29+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-01-28T05:51:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8c092c4a82abcebfaae0d4e41f34379d9f5e5e00'/>
<id>urn:sha1:8c092c4a82abcebfaae0d4e41f34379d9f5e5e00</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865

This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.

The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.

See also discussion in the Github issue.

I just put it on the ignore list.

[1]: https://github.com/proftpd/proftpd/issues/1298

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: upgrade 4.15 -&gt; 4.17</title>
<updated>2026-01-20T17:22:02+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-01-12T11:20:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e660c4f8dcb5f27006c3daa62b354c116f322363'/>
<id>urn:sha1:e660c4f8dcb5f27006c3daa62b354c116f322363</id>
<content type='text'>
These are bugfix releases.

Changelogs:
4.17:
- WCCP: Validate packets better

4.16:
- Regression Fix: --with-valgrind-debug build broken since 4.15
- Bug 5129 pt1: remove Lock use from HttpRequestMethod
- Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
- Bug 4528: ICAP transactions quit on async DNS lookups

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>lldpd: patch CVE-2021-43612</title>
<updated>2026-01-08T21:03:03+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-01-04T09:12:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=60f0e23124054f06fb5f668cdc98e09af4d59a9c'/>
<id>urn:sha1:60f0e23124054f06fb5f668cdc98e09af4d59a9c</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-43612

Pick the patch referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>proftpd: set status of CVE-2001-0027</title>
<updated>2026-01-08T21:03:03+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-01-01T09:16:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=6b7a0197f94098316775625839bb334572ae5f63'/>
<id>urn:sha1:6b7a0197f94098316775625839bb334572ae5f63</id>
<content type='text'>
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."

Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."

Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.

[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 03a1b56bc7ce88a3b0ad6790606b0498899cc1e3)

Adapted to Kirkstone (CVE_STATUS -&gt; CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>proftpd: patch CVE-2024-48651</title>
<updated>2025-12-17T14:38:00+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-12-16T19:40:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8611f92c20ba3aab57f3586a6a2e3b9cd1fe00c7'/>
<id>urn:sha1:8611f92c20ba3aab57f3586a6a2e3b9cd1fe00c7</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651

Backport the patch mentioned in the NVD report.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>ncftp: correct SRC_URI</title>
<updated>2025-11-17T08:08:27+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-11-12T19:35:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9b1be4d9156ce42589efde3feb9405436af9ba74'/>
<id>urn:sha1:9b1be4d9156ce42589efde3feb9405436af9ba74</id>
<content type='text'>
The original xz-compressed tarball isn't available at the download
location anymore - switch to the gz tarball which is still there.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>keepalived: patch CVE-2021-44225</title>
<updated>2025-10-27T17:08:19+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-10-27T14:15:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=0d9619b1bc77f29e55cef0bfbdd09206d5aafb20'/>
<id>urn:sha1:0d9619b1bc77f29e55cef0bfbdd09206d5aafb20</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44225

Pick patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: fix esi PACKAGECONFIG</title>
<updated>2025-10-27T10:17:33+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-10-21T18:32:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=88be6af76b58bc6535fc8ccad3e8090aa61a91dd'/>
<id>urn:sha1:88be6af76b58bc6535fc8ccad3e8090aa61a91dd</id>
<content type='text'>
libxml has derecated the "xmlSetFeature" call, and hid is behind a special
config flag (--with-legacy), which is not used by default in oe-core.

This makes compilation fail, when "esi" PACKAGECONFIG is enabled:

Libxml2Parser.cc:94:5: error: 'xmlSetFeature' was not declared in this scope; did you mean 'xmlHasFeature'?

This backported patch fixes this.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
</feed>
