<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking, branch langdale</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=langdale</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=langdale'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2023-05-08T12:03:57+00:00</updated>
<entry>
<title>meta-networking/licenses/netperf: remove unused license</title>
<updated>2023-05-08T12:03:57+00:00</updated>
<author>
<name>Arsalan H. Awan</name>
<email>arsalan.awan@siemens.com</email>
</author>
<published>2023-04-28T10:24:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4ecb60e17e8b5873270a9a9a60d5f7b905ae59b8'/>
<id>urn:sha1:4ecb60e17e8b5873270a9a9a60d5f7b905ae59b8</id>
<content type='text'>
This removes the old unused license for netperf as upstream
moved to using the MIT license for netperf.

See: meta-openembedded commit 587fe5877790b6c2e1d337c351b8f50603ad4db9

Signed-off-by: Arsalan H. Awan &lt;arsalan.awan@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 27bdecd1bcf1fa86bf4ebbc527fceb455efe2970)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>restinio: fix S variable in multilib builds</title>
<updated>2023-04-18T10:45:37+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>martin.jansa@gmail.com</email>
</author>
<published>2023-04-10T18:57:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=83ed568bdd5e7541f493915f5dae7b30d6a9550e'/>
<id>urn:sha1:83ed568bdd5e7541f493915f5dae7b30d6a9550e</id>
<content type='text'>
* do_populate_lic as well as do_configure fails in multilib builds, because S points to empty:
  lib32-restinio/0.6.13-r0/lib32-restinio-0.6.13/dev

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>dnsmasq: fix CVE-2023-28450</title>
<updated>2023-03-25T13:07:27+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2023-03-24T13:35:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b4ff73905b887cf7c489248de80dab2721090cbf'/>
<id>urn:sha1:b4ff73905b887cf7c489248de80dab2721090cbf</id>
<content type='text'>
The patch is modified by removing irrelevant and conflicting
CHANGELOG entry.

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393</title>
<updated>2023-03-21T18:37:51+00:00</updated>
<author>
<name>Stefan Ghinea</name>
<email>stefan.ghinea@windriver.com</email>
</author>
<published>2023-01-26T21:07:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=3f9340a9241d497753b330d90d6a3d8332c1ba7f'/>
<id>urn:sha1:3f9340a9241d497753b330d90d6a3d8332c1ba7f</id>
<content type='text'>
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) can recover an RSA private key after observing the victim
performing a single private-key operation, if the window size
(MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX &gt; 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
https://nvd.nist.gov/vuln/detail/CVE-2022-46393

Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

Signed-off-by: Stefan Ghinea &lt;stefan.ghinea@windriver.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 2ab113e8be42ae2dd61babb8e9a1742684df1f59)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ntp: whitelist CVE-2019-11331</title>
<updated>2023-03-16T12:12:34+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2023-03-14T19:49:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5750c2be10a7f843c602c039643083fb5f6bc40a'/>
<id>urn:sha1:5750c2be10a7f843c602c039643083fb5f6bc40a</id>
<content type='text'>
Links from https://nvd.nist.gov/vuln/detail/CVE-2019-11331 lead to
conclusion that this is how icurrent ntp protocol is designed.
New RFC is propsed for future but it will not be compatible with current
one.

See https://support.f5.com/csp/article/K09940637

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mdns: use git fetcher</title>
<updated>2023-02-15T13:02:50+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>Martin.Jansa@gmail.com</email>
</author>
<published>2023-02-15T11:09:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=30f4c2b3ae182513b967185e06bc8409a0ee6092'/>
<id>urn:sha1:30f4c2b3ae182513b967185e06bc8409a0ee6092</id>
<content type='text'>
* https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz
  is just redirect to unsafe github archives which are regenerated from time to
  time.

* We do have src-uri-bad QA check which prevents to use github archives in SRC_URI
  since 2019:
  https://github.com/openembedded/openembedded-core/commit/21f84fcdd659544437fe393285c407e1e9432043
  but this cannot catch such redirects, see:

$ wget https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-878.30.4.tar.gz
--2023-01-31 10:06:02--  https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-878.30.4.tar.gz
Resolving opensource.apple.com (opensource.apple.com)... 17.253.73.203, 17.253.73.206, 2a01:b740:a26:f000::5, ...
Connecting to opensource.apple.com (opensource.apple.com)|17.253.73.203|:443... connected.
HTTP request sent, awaiting response... 302 Redirect
Location: https://github.com/apple-oss-distributions/mDNSResponder/archive/refs/tags/mDNSResponder-878.30.4.tar.gz [following]
--2023-01-31 10:06:02--  https://github.com/apple-oss-distributions/mDNSResponder/archive/refs/tags/mDNSResponder-878.30.4.tar.gz
Resolving github.com (github.com)... 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/apple-oss-distributions/mDNSResponder/tar.gz/refs/tags/mDNSResponder-878.30.4 [following]
--2023-01-31 10:06:02--  https://codeload.github.com/apple-oss-distributions/mDNSResponder/tar.gz/refs/tags/mDNSResponder-878.30.4
Resolving codeload.github.com (codeload.github.com)... 140.82.121.10
Connecting to codeload.github.com (codeload.github.com)|140.82.121.10|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/x-gzip]
Saving to: ?mDNSResponder-878.30.4.tar.gz?

* The tarball was regenerated recently as discussed in:
  https://github.com/orgs/community/discussions/45830

* Use top-level directory in S to fix DEBUG_PREFIX_MAP usage
  like the version in master does, the only exception here is that
  there still was top-level Makefile (which fails to set VER with:
  Makefile:26: *** missing separator.  Stop.
  so use the simple one like newer version in master)
* it's already included in master as part of version upgrade in:
  https://github.com/openembedded/meta-openembedded/commit/ec96eb577bd518b89e2e7834bd569ba269df458f

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>tinyproxy: fix CVE-2022-40468</title>
<updated>2023-02-11T17:04:47+00:00</updated>
<author>
<name>Chee Yang Lee</name>
<email>chee.yang.lee@intel.com</email>
</author>
<published>2023-02-10T09:36:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9fa9d2e3734e49c3c33d706c312643e82ad6f8b4'/>
<id>urn:sha1:9fa9d2e3734e49c3c33d706c312643e82ad6f8b4</id>
<content type='text'>
Signed-off-by: Chee Yang Lee &lt;chee.yang.lee@intel.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 795ccdd86cad05c425adae15af27797f42f33c56)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>net-snmp: CVE-2022-44792 &amp; CVE-2022-44793 Fix NULL Pointer Exception</title>
<updated>2023-02-11T17:03:50+00:00</updated>
<author>
<name>Narpat Mali</name>
<email>narpat.mali@windriver.com</email>
</author>
<published>2023-02-08T17:34:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=3c0581d3879212e97388bfb8531e9ae613733a48'/>
<id>urn:sha1:3c0581d3879212e97388bfb8531e9ae613733a48</id>
<content type='text'>
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-44792
https://nvd.nist.gov/vuln/detail/CVE-2022-44793

Signed-off-by: Narpat Mali &lt;narpat.mali@windriver.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 5ae6f9434f44a57389a3f52dce17da6fe5928e1f)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>net-snmp: Fix build with clang16</title>
<updated>2023-02-11T17:00:59+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2023-01-18T22:40:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f6bdd48158fc6141353e331bd3ff9ad50508b492'/>
<id>urn:sha1:f6bdd48158fc6141353e331bd3ff9ad50508b492</id>
<content type='text'>
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit ee0de616df82937191613c85f9df7e872b99ed6f)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861</title>
<updated>2023-02-11T16:08:44+00:00</updated>
<author>
<name>Yi Zhao</name>
<email>yi.zhao@eng.windriver.com</email>
</author>
<published>2023-02-09T04:02:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=cd15081a7c1b556bc97955d55689b25010cad965'/>
<id>urn:sha1:cd15081a7c1b556bc97955d55689b25010cad965</id>
<content type='text'>
CVE-2022-41860:
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option,
the server will try to look that option up in the internal dictionaries.
This lookup will fail, but the SIM code will not check for that failure.
Instead, it will dereference a NULL pointer, and cause the server to
crash.

CVE-2022-41861:
A flaw was found in freeradius. A malicious RADIUS client or home server
can send a malformed abinary attribute which can cause the server to
crash.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-41860
https://nvd.nist.gov/vuln/detail/CVE-2022-41861

Patches from:
CVE-2022-41860:
https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708

CVE-2022-41861:
https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62

Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
