<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking/recipes-daemons, branch scarthgap</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-05-21T03:27:47+00:00</updated>
<entry>
<title>postfix: upgrade 3.8.12 -&gt; 3.8.16</title>
<updated>2026-05-21T03:27:47+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-05-13T05:04:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=c756576c1c8013c40159b62f25e486475f6c15c6'/>
<id>urn:sha1:c756576c1c8013c40159b62f25e486475f6c15c6</id>
<content type='text'>
3.8.13
http://www.postfix.org/announcements/postfix-3.10.6.html

3.8.14
http://www.postfix.org/announcements/postfix-3.10.7.html

3.8.15
http://www.postfix.org/announcements/postfix-3.10.8.html

3.8.16
http://www.postfix.org/announcements/postfix-3.11.2.html

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>lldpd: fix xml PACKAGECONFIG dependency</title>
<updated>2026-03-24T10:18:20+00:00</updated>
<author>
<name>Aviv Daum</name>
<email>aviv.daum@gmail.com</email>
</author>
<published>2026-03-23T10:37:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4439caa1998279fc4ce12365ded7bfa10e367cf6'/>
<id>urn:sha1:4439caa1998279fc4ce12365ded7bfa10e367cf6</id>
<content type='text'>
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.

Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.

Signed-off-by: Aviv Daum &lt;aviv.daum@gmail.com&gt;
Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
(cherry picked from commit cec3e0fd96650a133c6b0d60eb2b52d1aa7cd742)
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>keepalived: patch CVE-2024-41184</title>
<updated>2026-03-24T03:22:01+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-03-05T14:15:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=a0a3169b2b844dfc1bc5d83764cb627eb172552c'/>
<id>urn:sha1:a0a3169b2b844dfc1bc5d83764cb627eb172552c</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184

Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>proftpd: ignore CVE-2021-47865</title>
<updated>2026-02-12T08:08:12+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-07T10:33:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d691a39655c535e4a47c8ad0afe6f8c57f65ef5a'/>
<id>urn:sha1:d691a39655c535e4a47c8ad0afe6f8c57f65ef5a</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865

This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.

The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.

See also discussion in the Github issue.

It seems that it won't be fixed, because there is nothing to fix.

[1]: https://github.com/proftpd/proftpd/issues/1298

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>proftpd: patch CVE-2024-48651</title>
<updated>2026-01-12T02:22:00+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-01-09T09:28:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=bfd8dda3ba5e3e0a820e489ed177de6d60ddfa50'/>
<id>urn:sha1:bfd8dda3ba5e3e0a820e489ed177de6d60ddfa50</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>proftpd: Fix CVE-2023-48795</title>
<updated>2025-12-11T02:32:03+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-12-10T17:38:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b4812b18eec77e9f0286bd6b81a5c3032ac0d3be'/>
<id>urn:sha1:b4812b18eec77e9f0286bd6b81a5c3032ac0d3be</id>
<content type='text'>
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
(cherry picked from commit 6c8ae54fc345fb6249f1cc92ed769d451ddc12b5)
Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>squid: patch CVE-2025-62168</title>
<updated>2025-11-17T06:20:20+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-11-06T21:02:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=23c3bdefbe9171b755af4c0b600964834235eea4'/>
<id>urn:sha1:23c3bdefbe9171b755af4c0b600964834235eea4</id>
<content type='text'>
Pick commit mentioned in NVD CVE report.

Conflict in src/errorpage.cc resolved per patch from Debian bookworm.

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>proftpd: set status of CVE-2001-0027</title>
<updated>2025-11-17T06:20:20+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-11-15T18:23:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=1a6b962e47873171f1c5ef7ba239c1f2a570d6f1'/>
<id>urn:sha1:1a6b962e47873171f1c5ef7ba239c1f2a570d6f1</id>
<content type='text'>
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."

Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."

Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.

[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 03a1b56bc7ce88a3b0ad6790606b0498899cc1e3)
Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>ncftp: fix SRC_URI</title>
<updated>2025-11-12T06:02:47+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-11-09T16:00:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=bb36ace7000f310d159c8b8cd455cc7014966e4d'/>
<id>urn:sha1:bb36ace7000f310d159c8b8cd455cc7014966e4d</id>
<content type='text'>
The downloaded tarball was moved to a new folder, causing
fetching failures.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>squid: upgrade 6.12 -&gt; 6.14</title>
<updated>2025-11-12T05:58:45+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2025-11-11T09:37:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f029d9802632a9a5ab0f6944bc00e7e1f596eb65'/>
<id>urn:sha1:f029d9802632a9a5ab0f6944bc00e7e1f596eb65</id>
<content type='text'>
License-Update: copyright years updated

Changelog:
https://github.com/squid-cache/squid/releases/tag/SQUID_6_13
https://github.com/squid-cache/squid/releases/tag/SQUID_6_14

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
</feed>
