<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking/recipes-protocols, branch dunfell-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=dunfell-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=dunfell-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2023-12-17T20:36:41+00:00</updated>
<entry>
<title>openflow: ignore CVE-2018-1078</title>
<updated>2023-12-17T20:36:41+00:00</updated>
<author>
<name>Davide Gardenal</name>
<email>davidegarde2000@gmail.com</email>
</author>
<published>2023-11-14T17:06:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=0689773963be28015e53128843cbcf3fedef06c4'/>
<id>urn:sha1:0689773963be28015e53128843cbcf3fedef06c4</id>
<content type='text'>
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.

Signed-off-by: Davide Gardenal &lt;davide.gardenal@huawei.com&gt;
(cherry picked from commit c1e7b0b993c294d52737e8e631badb5aaaefd2e3)
Backported: Changed CVE_CHECK_IGNORE to CVE_CHECK_WHITELIST
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>usrsctp: add CVE_VERSION to correctly check for CVEs</title>
<updated>2023-12-17T20:36:41+00:00</updated>
<author>
<name>Davide Gardenal</name>
<email>davidegarde2000@gmail.com</email>
</author>
<published>2023-11-14T14:10:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=85d87a62df3aa68a63aca106acf3b1f8e0c2f306'/>
<id>urn:sha1:85d87a62df3aa68a63aca106acf3b1f8e0c2f306</id>
<content type='text'>
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0  that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.

Signed-off-by: Davide Gardenal &lt;davide.gardenal@huawei.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 279fce2c87c990c942bcb2b72ea83a67e0d74170)
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>quagga: CVE-2021-44038 unsafe chown/chmod operations may lead to privileges escalation</title>
<updated>2023-07-14T11:08:54+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2023-07-10T05:50:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=2dd0c9db675b2abd546a3661ad65d27b03d61c71'/>
<id>urn:sha1:2dd0c9db675b2abd546a3661ad65d27b03d61c71</id>
<content type='text'>
Upstream-Status: Backport from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>net-snmp: CVE-2022-44792 &amp; CVE-2022-44793 Fix NULL Pointer Exception</title>
<updated>2023-02-22T16:24:23+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2023-01-20T05:07:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d07c7f658fb63c21b172523972885348fc11d974'/>
<id>urn:sha1:d07c7f658fb63c21b172523972885348fc11d974</id>
<content type='text'>
Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>recipes: Update SRC_URI branch and protocols</title>
<updated>2021-11-17T20:26:21+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2021-11-07T19:09:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=59bff77ad0b3a66417194670de25f60183a4f6bb'/>
<id>urn:sha1:59bff77ad0b3a66417194670de25f60183a4f6bb</id>
<content type='text'>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mdns: Whitelisted CVE-2007-0613 for mdns</title>
<updated>2021-03-16T15:40:06+00:00</updated>
<author>
<name>Sana Kazi</name>
<email>Sana.Kazi@kpit.com</email>
</author>
<published>2021-03-09T06:38:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=1ad4455f2830c408f9c2e7a4b094c5e555db0cf2'/>
<id>urn:sha1:1ad4455f2830c408f9c2e7a4b094c5e555db0cf2</id>
<content type='text'>
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613

Signed-off-by: Sana Kazi &lt;Sana.Kazi@kpit.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit f37e5423da984b7dc721d52f04673d3afc0879a1)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>net-snmp: Fix CVE-2020-15861 and CVE-2020-15862</title>
<updated>2020-09-03T15:28:37+00:00</updated>
<author>
<name>Ovidiu Panait</name>
<email>ovidiu.panait@windriver.com</email>
</author>
<published>2020-09-01T09:22:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d7b41ced4b9a9a68083b0fcceff3b226298cff8b'/>
<id>urn:sha1:d7b41ced4b9a9a68083b0fcceff3b226298cff8b</id>
<content type='text'>
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic
link (symlink) following.

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE
access to the EXTEND MIB provides the ability to run arbitrary commands as
root.

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-15861
https://nvd.nist.gov/vuln/detail/CVE-2020-15862

Upstream patches:
https://github.com/net-snmp/net-snmp/commit/2b3e300ade4add03b889e61d610b0db77d300fc3
https://github.com/net-snmp/net-snmp/commit/9cfb38b0aa95363da1466ca81dd929989ba27c1f
https://github.com/net-snmp/net-snmp/commit/114e4c2cec2601ca56e8afb1f441520f75a9a312
https://github.com/net-snmp/net-snmp/commit/2968b455e6f182f329746e2bca1043f368618c73
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205

CVE-2020-15861-0005.patch is the actual fix for CVE-2020-15861 and
CVE-2020-15861-0001.patch through CVE-2020-15861-0004.patch are context
patches needed by the fix to apply cleanly.

Signed-off-by: Ovidiu Panait &lt;ovidiu.panait@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>net-snmp: Security fix CVE-2019-20892</title>
<updated>2020-07-13T02:20:17+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster@mvista.com</email>
</author>
<published>2020-06-26T23:14:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b2acef67030e2586297690379ec91550ac76f19d'/>
<id>urn:sha1:b2acef67030e2586297690379ec91550ac76f19d</id>
<content type='text'>
Source: net-snmp.org
MR: 104509
Type: Security Fix
Disposition: Backport from https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
ChangeID: 206d822029d48d904864f23fd1b1af69dffc26c8
Description:

Fixes CVE-2019-20892 which affect net-snmp &lt;= 5.8pre1

Had to fix up some file do to later code restructioning.
"int             refcnt;" addition was done in include/net-snmp/library/snmpusm.h

Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 96a63b1ecf321c9a63880a963ed257086998133b)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>freediameter: Fix testcnx ptest failure</title>
<updated>2020-07-13T02:20:17+00:00</updated>
<author>
<name>Ovidiu Panait</name>
<email>ovidiu.panait@windriver.com</email>
</author>
<published>2020-07-09T04:45:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5be9567ffbbc767b2b35ba4e284613166d378ccf'/>
<id>urn:sha1:5be9567ffbbc767b2b35ba4e284613166d378ccf</id>
<content type='text'>
Currently, testcnx ptest fails due to expired CA certificates:
Test project /usr/lib64/freeDiameter/ptest
...
Start 10: testcnx
10/11 Test #10: testcnx ..........................***Failed 0.12 sec
...

&lt;snip&gt;
Command: "/usr/lib64/freeDiameter/ptest/testcnx"
Directory: /usr/lib64/freeDiameter/ptest
"testcnx" start time: Jun 17 10:52 UTC
Output:
----------------------------------------------------------
10:52:43  ERROR  ERROR: Invalid parameter '(conn-&gt;cc_rcvthr != (pthread_t)((voidd
 *)0))', 22
10:52:43  ERROR  TLS: Remote certificate invalid on socket 6 (Remote: 'localhostt
.localdomain')(Connection: '{---T} TCP from [127.0.0.1]:57898 (4&lt;-6)') :
10:52:43  ERROR   - The certificate has expired.
10:52:43  ERROR  TLS ERROR: in 'ret = gnutls_handshake(conn-&gt;cc_tls_para.sessionn
)' :    Error in the certificate.
10:52:43  FATAL! testcnx.c:867: CHECK FAILED : fd_cnx_handshake(server_side, GNUU
TLS_SERVER, ALGO_HANDSHAKE_DEFAULT , NULL, NULL) == 16 != 0
10:52:43  FATAL! FAILED: testcnx.c
&lt;end of output&gt;
Test time =   0.02 sec
&lt;snip&gt;

Backport upstream patch [1] to fix this issue.

[1] http://www.freediameter.net/hg/freeDiameter/rev/eff5bb332b5a

This patch is present in version 1.4.0, so master is not affected.

Signed-off-by: Ovidiu Panait &lt;ovidiu.panait@windriver.com&gt;

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>net-snmp: refresh patches</title>
<updated>2020-06-12T16:32:04+00:00</updated>
<author>
<name>Patrick Williams</name>
<email>patrick@stwcx.xyz</email>
</author>
<published>2020-05-28T15:28:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=33deca895a155c639160c2b4bec26f20759770d7'/>
<id>urn:sha1:33deca895a155c639160c2b4bec26f20759770d7</id>
<content type='text'>
Refreshed patches for 5.8 due to the following:

    ERROR: net-snmp-5.8-r0 do_patch: Command Error: 'quilt --quiltrc .../net-snmp/5.8-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0  Output:
    Applying patch 0001-Add-pkg-config-support-for-building-applications-and.patch
    patching file configure
    ...
    Hunk #1 succeeded at 32248 with fuzz 2 (offset 1826 lines).
    Hunk #2 FAILED at 31447.
    1 out of 2 hunks FAILED -- rejects in file configure
    ...
    Patch 0001-Add-pkg-config-support-for-building-applications-and.patch does not apply (enforce with -f)

Signed-off-by: Patrick Williams &lt;patrick@stwcx.xyz&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 9c3b872f846e0a2491fe8bf16ae38db82609938c)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
