| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
- Added 'vmware:open_vm_tools' to CVE_PRODUCT to align with the NVD
CPE and ensure accurate CVE reporting.
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.Changelog:
* tnftp.h: improve <arpa/nameser.h> compat.
* Sync inet_pton.c to lib/libc/inet/inet_pton.c 1.8, via
othersrc/libexec/tnftpd/libnetbsd/inet_pton.c 1.5:
* Lint issues.
* Hex formatting change from bind 9.4.0.
* Sync inet_ntop.c to lib/libc/inet/inet_ntop.c 1.12, via
othersrc/libexec/tnftpd/libnetbsd/inet_ntop.c 1.5:
* Always set errno when returning NULL.
* Sync fgetln.c to tools/compat/fgetln.c 1.12:
* Switch to a version that does not suffer from reporting the
wrong length if the file contains NULs. From OpenBSD.
* Fix -Wformat-overflow issues detected by gcc 11 in fetch.c.
(Also fixed in upstream NetBSD ftp, will be part of next import.)
2. LICENSE checksum has changed as Copyright year changed
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.5.5.
* Bugfixes
- Avoid attempting to fetch OCSP stapling for PSK-only
configuration sections.
* Features
- Merged applicable patches from Fedora and Debian:
- Use SOURCE_DATE_EPOCH for reproducible builds.
- Skip the OpenSSL version check when AUTOPKGTEST_TMP is set.
- Enable PrivateTmp in the stunnel.service template.
- Clarify the manual page for the "curves" option.
- Log client IP addresses on TLS errors.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The old link does not work anymore.
New page found based on other linuxfoundation.org link redirects.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The old link does not work anymore.
New page found based on other linuxfoundation.org link redirects.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/vmware/open-vm-tools/blob/stable-13.0.10/ReleaseNotes.md
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Submitted fix: https://github.com/HewlettPackard/netperf/pull/94
Fix for multiple definition error:
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:233: multiple definition of `signal_set'; nettest_bsd.o:<snip>/src/nettest_bsd.c:302: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:191: multiple definition of `interval_count'; nettest_bsd.o:<snip>/src/nettest_bsd.c:289: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:233: multiple definition of `signal_set'; nettest_bsd.o:<snip>/src/nettest_bsd.c:302: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:191: multiple definition of `interval_count'; nettest_bsd.o:<snip>/src/nettest_bsd.c:289: first defined here
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If there is no mate_grammar.c, it will cause exit code 1 by "test -e" as following:
WARNING: exit code 1 from a shell command.
So use "if" instead of "test"
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1. Changelog
https://github.com/Ettercap/ettercap/releases/tag/v0.8.4
2. Remove following patches as they were merged upstream
0001-sslstrip-Enhance-the-libcurl-version-check-to-consid.patch
0002-allow-build-with-cmake-4.patch
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Sort certificates by underlying objects CKA_ID to provide deterministic
object order
- Avoid using uninitialized memory
- Improve test coverage and build scripts
- Improve compatibility with modern compilers (avoid strict warnings)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
oe-core has removed DEBUG_PREFIX_MAP from TARGET_LDFLAGS [1], restore
it to fix the below error.
ERROR: tunctl-1.5-r0.wr2401 do_package_qa: QA Issue: File /usr/sbin/.debug/tunctl in package tunctl-dbg contains reference to TMPDIR [buildpaths]
ERROR: tunctl-1.5-r0.wr2401 do_package_qa: Fatal QA errors were found, failing task.
[1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066
The vulnerable code was introduced in version 4.12[1], and
the recipe version is not vulnerable yet. Due to this,
ignore this CVE for now, until the recipe is upgraded.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2025-0962.
Removed CVE-2025-9817.patch because it is included in this release.
Add a patch that allows it building for native: it is looking for iconv.h
header as a new dependency for (optional) zlib-ng support, however it
is not installed in the sysroot for native builds. Add a patch that removes
this hard dependency for native builds.
Changelogs:
https://www.wireshark.org/docs/relnotes/wireshark-4.6.3.html
https://www.wireshark.org/docs/relnotes/wireshark-4.6.2.html
https://www.wireshark.org/docs/relnotes/wireshark-4.6.1.html
https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html
Overall changelogs (including 4.4 also): https://www.wireshark.org/docs/relnotes/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
The original SRC_URI's certificate has expired - change it to a working URL.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Andreas Schulz <andreas.schulz2@karlstorz.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
add-ptest.patch
refreshed for 4.99.6
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- New option -J / --json for JSON output. See doc/fping-json.md for
the JSON schema. This feature is still in alpha and the schema
might change in future releases
- The -g, --generate option now also supports IPv6 addresses
- New option --seqmap-timeout to control the time after which sequence
numbers can be used again
- Fix OpenBSD sprintf() warning
- Fix fallback to SO\_TIMESTAMP if SO\_TIMESTAMPNS is not available
- When reading target names from file or standard input, lines longer
than the static buffer are no longer interpreted as more than one line
- Typo fix in error message when SO\_BINDTODEVICE fails
- Options --print-tos and --print-ttl now also work for IPv6, and no
longer require privileges
- Report received ICMPv6 error messages
- Suppress duplicate reports in count mode with -q, --quiet or -Q, --squiet
- Switch to alpine-based multi-stage Docker build to reduce image size
and improve build performance; add OpenContainers-compatible labels
- Print receive ping moved to new functions
- Avoid unsigned overflow when determining the memory size to save
response times on systems where size\_t is the same as unsigned int
- Document the new minimum value for the -p option
- Fix build without IPv6 support
- Fix debug build use of dbg_printf in fping.c
- Remove MacOS-specific test for -I option
- GitHub Actions fixes
- Fix measurement of time for timed reports (-Q) to start after DNS name
resolution.
- Updated autoconf from 2.71 to 2.72
- Updated automake from 1.16.5 to 1.18.1
- Updated libtool from 2.4.6 to 2.5.4
- Implemented verification of autotools tarballs in Github actions.
- Implemented stricter flag value checking (e.g. -c 10xyz is not accepted anymore).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some PACKAGECONFIGs (cifsidmap, cifsacl, pam) were failing to build since
a while, erroring out with:
| ../sources/cifs-utils-7.4/resolve_host.c:23:10: fatal error: config.h: No such file or directory
| 23 | #include "config.h"
| | ^~~~~~~~~~
| compilation terminated.
The config.h header is generated in the root of build folder, and it seems
that the recipe can't be built 100% out of the source tree.
To avoid this issue, add ${B} as an include folder to CFLAGS, so it finds
the required header.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2025-2312
The recipe installs two scripts in bindir - this is nothing new.
But the shebang has changed from "/usr/bin/env python3" to
"/usr/bin/python3" - these were always python scripts, but
they weren't recognized as such during the QA checks, and
python wasn't installed as a runtime dependency.
Now QA check is complaining about missing python in RDEPENDS.
To avoid mandatory python installation, package the scripts
separately in cifs-utils-scripts package.
Shortlog:
cifs-utils: bump version to 7.4
mount.cifs: retry mount on -EINPROGRESS
cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP
cifscreds: use <libgen.h> for basename
getcifsacl, setcifsacl: use <libgen.h> for basename
cifs.upcall: fix memory leaks in check_service_ticket_exits()
cifs-utils: bump version to 7.3
Fix regression in mount.cifs with guest mount option
resolve_host.c: Initialize site_name
cldap_ping: Fix socket fd leak
cifs-utils: bump version to 7.2
getcifsacl: fix return code check for getting full ACL
cifs-utils: add documentation for upcall_target
cifs-utils: avoid using mktemp when updating mtab
cldap_ping.c: add missing <sys/types.h> include
configure.ac: libtalloc is now mandatory
cifscreds: allow user to set the key's timeout
cifscreds: use continue instead of break when matching commands
Do not pass passwords with sec=none and sec=krb5
docs: add esize description
docs: add max_cached_dirs description
docs: update actimeo description
Fix compiler warnings in mount.cifs
CIFS.upcall to accomodate new namespace mount opt
cifs-utils: Skip TGT check if valid service ticket is already available
use enums to check password or password2 in set_password, get_password_from_file and minor documentation additions
cifs-utils: support and document password2 mount option
smbinfo: add bash completion support for filestreaminfo, keys, gettconinfo
cifs-utils: bump version to 7.1
cifs: update documentation for sloppy mount option
docs: add closetimeo description
docs: add compress description
checkopts: update it to work with latest kernel version
cifs-utils: add documentation for multichannel and max_channels
cifs-utils: smbinfo: add gettconinfo command
Implement CLDAP Ping to find the closest site
mount.cifs.rst: update section about xattr/acl support
mount.cifs.rst: add missing reference for sssd
getcifsacl, setcifsacl: add missing <endian.h> include for le32toh
getcifsacl, setcifsacl: add missing <linux/limits.h> include for XATTR_SIZE_MAX
cifs-utils: Make automake treat /sbin as exec, not data
pam_cifscreds: fix warning on NULL arg passed to %s in pam_syslog()
cifs.upcall: fix UAF in get_cachename_from_process_env()
cifs-utils: add documentation for acregmax and acdirmax
setcifsacl: Fix uninitialized value.
Use explicit "#!/usr/bin/python3"
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It takes <10s to execute.
Sample output:
root@qemux86-64:~# ptest-runner
START: ptest-runner
2025-12-23T17:45
BEGIN: /usr/lib/tinyproxy/ptest
starting web server... done (listening on 127.0.0.3:32123)
starting tinyproxy... done (listening on 127.0.0.2:12321)
waiting for 1 seconds.. done
checking direct connection to web server... ok
testing connection through tinyproxy... ok
requesting statspage via stathost url... ok
signaling tinyproxy to reload config...ok
checking direct connection to web server... ok
testing connection through tinyproxy... ok
requesting statspage via stathost url... ok
checking bogus request... ok, got expected error code 400
testing connection to filtered domain... ok, got expected error code 403
requesting connect method to denied port... ok, got expected error code 403
testing unavailable backend... ok, got expected error code 502
0 errors
killing tinyproxy... ok
killing webserver... ok
done
PASS: run_tests.sh
DURATION: 1
END: /usr/lib/tinyproxy/ptest
2025-12-23T17:45
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938
Pick the patch referenced by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Contains fix for CVE-2025-30189
Changelog: https://github.com/dovecot/core/releases/tag/2.4.2
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Fixed a vulnerability in the NetworkManager plugin charon-nm that potentially
allows using credentials of other local users.
- Concurrent requests to fetch the same CRL URI by multiple threads are now
combined.
- Increased the max. supported length for section names in swanctl.conf to 256.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2025-61962.
License-Update: added a warning about linking against the newly relicensed WolfSSL.
Changelog: https://gitlab.com/fetchmail/fetchmail/-/blob/6.6.2/NEWS
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipe had already an almost working ptest config which
wasn't enabled, it just needed some small fixes to make it work:
correct the output of the run-ptest script, and install some
extra testdata.
Execution is quick, single digit seconds:
root@qemux86-64:/usr/lib/unbound/ptest/tests# ptest-runner
START: ptest-runner
2025-12-16T11:53
BEGIN: /usr/lib/unbound/ptest
Start of unbound 1.24.2 unit test.
test authzone functions
test negative cache functions
test ub_random functions
[...many lines...]
PASS: ./testdata/val_unsecds_negcache.rpl
PASS: ./testdata/val_unsecds_qtypeds.rpl
PASS: ./testdata/val_wild_pos.rpl
PASS: ./testdata/version_bind.rpl
PASS: ./testdata/version_bind_hide.rpl
PASS: ./testdata/views.rpl
DURATION: 4
END: /usr/lib/unbound/ptest
2025-12-16T11:53
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fixes for CVE-2025-11411 and CVE-2025-5994.
Drop patch that was incorporated in this release.
Changelogs:
https://github.com/NLnetLabs/unbound/releases/tag/release-1.24.2
https://github.com/NLnetLabs/unbound/releases/tag/release-1.24.1
https://github.com/NLnetLabs/unbound/releases/tag/release-1.24.0
https://github.com/NLnetLabs/unbound/releases/tag/release-1.23.1
https://github.com/NLnetLabs/unbound/releases/tag/release-1.23.0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
- Windows/interactive service: fix erroneous exit on error that could
be used by a local Windows users to achieve a local denial-of-service
(CVE-2025-13751)
- Windows/interactive service: improve service pipe robustness against
file access races (uuid) and access by unauthorized processes (ACL).
upgrade bundled build instruction (vcpkg and patch) for pkcs11-helper
to 1.31, fixing a parser bug
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* The option -fcanon-prefix-map is added to CFLAGS after the commit [1]
introduced and result in the below build error.
Making all in sdrcomp
make[3]: Entering directory '/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37/lanserv/sdrcomp'
aarch64-wrs-linux-gcc -mcpu=cortex-a57+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot -DHAVE_CONFIG_H -I. -I../.. -DSTATEDIR='"/var"' -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o sdrcomp.o sdrcomp.c
gcc -o sdrcomp_build ../../lanserv/sdrcomp/sdrcomp.c -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -lm
gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’?
* Pass BUILD_CFLAGS for BUILD_CC to fix the above build issue.
[1] https://git.openembedded.org/openembedded-core/commit/?id=3dbc4a79f01ebfc54da024c1460c06772659088d
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Drop 0001-snprintf-Add-math.h-to-ensure-isnan-and-isinf-are-de.patch and
v1-0001-Make-time-calculations-always-long-long.patch as those were merged upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The application has received its last upstream update
11 years ago. It has been on the skiplist[1] of meta-networking
for the past 6 years due to being severly outdated.
There are no recipes that would depend on this recipe in the meta-oe
layers, nor in the layer-index[3].
Let's bid farewell.
[1]: https://github.com/linux-wpan/lowpan-tools/commits/master/
[2]: https://github.com/openembedded/meta-openembedded/commit/13830393555adbb70ccec18bea177131ff405edc
[3]: https://layers.openembedded.org/layerindex/branch/master/recipes/?q=depends%3Alowpan-tools
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A version newer than 1.195 is required for certain features of newer
versions of cloud-init. May as well bump to the version in Debian
Testing.
I also noticed it appears the licence was incorrectly specified, and is
indeed BSD-3-Clause.
License-update: Added copyright holders and clarified man page licence
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Code maintenance / Compat changes
---------------------------------
- adapt to new "encrypt-then-mac" cipher suites in OpenSSL 3.6.0 - these
need special handling which we don't do, so the t_lpback self-test
failed on them. Exclude from list of allowed ciphers, as there is no
strong reason today to make OpenVPN use these.
- fix various compile-time warnings
Documentation updates
---------------------
- fix outdated and non-HTTPS URLs throughout the tree (doxygen, warnings,
manpage, ...)
Bugfixes
--------
- Fix memcmp check for the hmac verification in the 3way handshake.
This bug renders the HMAC based protection against state exhaustion on
receiving spoofed TLS handshake packets in the OpenVPN server inefficient.
CVE: 2025-13086
- fix invalid pointer creation in tls_pre_decrypt() - technically this is
a memory over-read issue, in practice, the compilers optimize it away
so no negative effects could be observed.
- Windows: in the interactive service, fix the "undo DNS config" handling.
- Windows: in the interactive service, disallow using of "stdin" for the
config file, unless the caller is authorized OpenVPN Administrator
- Windows: in the interactive service, change all netsh calls to use
interface index and not interface name - sidesteps all possible attack
avenues with special characters in interface names.
- Windows: in the interactive service, improve error handling in
some "unlikely to happen" paths.
- auth plugin/script handling: properly check for errors in creation on
$auth_failed_reason_file (arf).
- for incoming TCP connections, close-on-exec option was applied to
the wrong socket fd, leaking socket FDs to child processes.
- sitnl: set close-on-exec flag on netlink socket
- ssl_mbedtls: fix missing perf_pop() call (optional performance profiling)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Build it with fortify disabled to get the intended behavior
of the test
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Implement support for CURLOPT_CAINFO_BLOB
- Added support for CURLOPT_SSLCERT_BLOB
- Refactor: Pass std::string_view by value instead of by const reference
- Add connection pool option (V3)
- fix: Calling empty callbacks
- fix: callback function pointer type mismatch in writeFunction
- 1.12.0 CI Fixes
- fix: Cmake config file
- fix: make is_same_v check constexpr in set_option_internal
- cpr::MultiPerform fixes - #1047 and #1186
- Bump actions/setup-python from 5 to 6
- Bump actions/checkout from 3 to 5
- Allow disabling PSL
- Make curl dependency management optional
- curl_container: allow calling GetContent without CurlHolder
- Bump stefanzweifel/git-auto-commit-action from 6 to 7
- Bump actions/upload-artifact from 4 to 5
- Bump actions/setup-python from 1 to 5
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit 3200122d68 (chrony: create /var/lib/chrony by systemd-tmpfiles)
tmpfiles.d mechanism already ensures populating /var/lib/chrony at runtime.
Introduce volatiles mechanism to make sure the directory is created
at runtime for sysvinit as well.
Since /var/lib/chrony is populated at runtime, stop packaging at build time.
this helps to align towards stateless system expectations
or when updates are done via meta-updater.
Signed-off-by: Vishwas Udupa <vudupa@qti.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
