Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next 2025-07-13T18:41:22+00:00 2025-07-13T18:41:22+00:00 Archana Polampalli archana.polampalli@windriver.com 2025-07-11T11:35:29+00:00 urn:sha1:2e921c24862553df742a6b5ace574fbb942776cc tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-07-13T18:41:17+00:00 Hitendra Prajapati hprajapati@mvista.com 2025-07-11T05:25:13+00:00 urn:sha1:12375606232655c1562f69ad757d365ae711a430 Upstream-Status: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1100-1225-VGAuth-updates.patch Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-07-03T00:30:13+00:00 Vijay Anusuri vanusuri@mvista.com 2025-05-23T07:50:17+00:00 urn:sha1:719a23e6f6eb2803ae8adc53bfe217b230c4361d Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-07-03T00:29:51+00:00 Ashish Sharma asharma@mvista.com 2025-05-20T01:55:03+00:00 urn:sha1:4a099116873cc7bd44fde320c9091ab369651c2e Upstream-Status: Backport from https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-05-25T18:48:44+00:00 Zhang Peng peng.zhang1.cn@windriver.com 2025-04-22T10:21:07+00:00 urn:sha1:85275437cd64196d1bef8e16656df04201296fbf CVE-2024-55553: In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-55553] [https://frrouting.org/security/cve-2024-55553/] Upstream patch: backport [https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-04-20T17:43:55+00:00 Jinfeng Wang jinfeng.wang.cn@windriver.com 2025-04-09T03:13:07+00:00 urn:sha1:e42549cef364ae09b3b7c8b64bbeab32e50f1bb0 Backport patch [1] to fix memory leak by freeing tclist [1] https://github.com/net-snmp/net-snmp/commit/4bd0d9a8a2860c2c46307aef5ee1ccc69f7e3b62 Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> 2025-04-20T17:43:06+00:00 Jinfeng Wang jinfeng.wang.cn@windriver.com 2025-04-14T07:03:36+00:00 urn:sha1:77e91fceec324a17be4c186207000332f4f9c849 Backport patch[1] to fix CVE-2022-4968. [1] https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> 2025-04-20T17:42:58+00:00 Jiaying Song jiaying.song.cn@windriver.com 2025-04-14T05:07:00+00:00 urn:sha1:709ab51234c8cc230dc4b53b76d87c08583a808c Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. References: https://nvd.nist.gov/vuln/detail/CVE-2025-30472 Upstream patches: https://github.com/corosync/corosync/commit/7839990f9cdf34e55435ed90109e82709032466a Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> 2025-03-29T18:24:38+00:00 Haixiao Yan haixiao.yan.cn@windriver.com 2025-03-28T09:50:48+00:00 urn:sha1:f8dddbfcbfe502cb71375a7a907e61a92e8d4474 Renew the sample keys to fix the test issue: WARNING: Your certificate has expired! The renewed sample keys from [1] contain binary files which can't be patched by quilt, so archive the files into sample-keys-renew-for-the-next-10-years.tar.gz. [1] https://github.com/OpenVPN/openvpn/commit/98e70e7 Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-03-29T18:24:38+00:00 Jiaying Song jiaying.song.cn@windriver.com 2025-03-20T05:40:09+00:00 urn:sha1:66fa0288c95bd2666434d80de174862682cd7e1e Change the SRC_URI to the correct value due to the following error: WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8ffe8112f733c6812732b0fcfa8db7d3849914d0) Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>