summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
* nbdkit: upgrade 1.47.7 -> 1.47.8Wang Mingyu2026-05-121-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* mdio-tools,mdio-netlink: upgrade 1.3.1 -> 1.3.2,1.3.1 -> 1.3.2Wang Mingyu2026-05-123-2/+3
| | | | | | | | | | | Changelog: =========== - Add a new addressing mode "mscc": Used to access PHYs from Microchip that uses C22 register 31 as a page register - Fix VPATH builds and various other build related warnings Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* cloudflared: add initial recipe for 2026.3.0 versionAyoub Zaki2026-05-073-0/+53
| | | | | | | | | | | Add initial recipe for Cloudflare Tunnel client (cloudflared). The upstream source vendors all Go dependencies so no go-mods.inc is needed. Includes systemd service with token-based authentication via /etc/default/cloudflared. Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libcoap: mark CVE-2026-29013 patchedGyorgy Sarvari2026-05-071-0/+1
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29013 The current recipe version contains the fix referenced by the NVD report. Mark the CVE as patched, because NVD tracks it without version info. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* networkmanager: re-implement the vala detectionJose Quaresma2026-04-241-1/+1
| | | | | | | | | | | | The introduction of DISTRO_FEATURES_OPTED_OUT allows rewriting the DISTRO_FEATURES by removing whatever is in DISTRO_FEATURES_OPTED_OUT from DISTRO_FEATURES. Thus, the logic of vala can be negated, and it can changed be to see if gobject-introspection-data is available in DISTRO_FEATURES. Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* memcached: drop libhugetlbfsJoao Marcos Costa2026-04-242-40/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Linux, memcached relies on transparent huge pages, and even if libhugetlbfs is enabled by the PACKAGECONFIG (and detected during do_configure, of course), it is simply not used: root@qemuriscv64:~# ldd $(which memcached) linux-vdso.so.1 (0x0000003fa4358000) libevent-2.1.so.7 => /lib/libevent-2.1.so.7 (0x0000003fa42b0000) libc.so.6 => /lib/libc.so.6 (0x0000003fa4157000) /usr/lib/ld-linux-riscv64-lp64d.so.1 (0x0000003fa435a000) The main reason is the fact that the only call to a function coming from libhugetlbfs is here: https://github.com/memcached/memcached/blob/master/memcached.c#L4274 and getpagesizes() is only called if the #if block evaluates to true: int ret = -1; size_t sizes[32]; int avail = getpagesizes(sizes, 32); (...) /* check if transparent hugepages is compiled into the kernel */ /* RH based systems possibly uses a different path */ static const char *mm_thp_paths[] = { "/sys/kernel/mm/transparent_hugepage/enabled", "/sys/kernel/mm/redhat_transparent_hugepage/enabled", NULL }; (...) This block relies on HAVE_MEMCNTL, which is a Solaris-specific feature. Therefore, the dependency link between memcached and libhugetlbfs doesn't exist in Linux. Drop libhugetlbfs from memcached's recipe. Signed-off-by: João Marcos Costa <joaomarcos.costa@bootlin.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* mdns: Upgrade 2881.80.4.0.1 -> 2881.100.56.0.1Alex Kiernan2026-04-241-1/+1
| | | | | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* frr: fix mgmtd crash on ARM32Yi Zhao2026-04-232-0/+353
| | | | | | | | | | Backport fix[1] for MGMT crash on first start on ARM32 platforms[2]. [1] https://github.com/FRRouting/frr/pull/21651 [2] https://github.com/FRRouting/frr/issues/20087 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* frr: upgrade 10.5.3 -> 10.6.1Yi Zhao2026-04-234-418/+2
| | | | | | | | | | | ChangeLog: https://github.com/FRRouting/frr/releases/tag/frr-10.6.0 https://github.com/FRRouting/frr/releases/tag/frr-10.6.1 Drop backport patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ebtables: Fix update-alternatives by setting ALTERNATIVE_TARGETKhem Raj2026-04-231-0/+1
| | | | | | | | | | | | | | | | | | The commit adding update-alternatives support omitted ALTERNATIVE_TARGET[ebtables], causing the bbclass to fall back to constructing the target as ${sbindir}/ebtables.ebtables which does not exist. The binary is installed as ebtables-legacy, so set ALTERNATIVE_TARGET accordingly. fixes QA warnings: ebtables: alternative target does not exist, skipping ebtables: NOT adding alternative provide /usr/sbin/ebtables ebtables: alt_link == alt_target: /usr/sbin/ebtables == /usr/sbin/ebtables Fixes: 584fec0f74ad ("ebtables: Use update alternatives for "ebtables"") Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* networkmanager: DISTRO_FEATURES_BACKFILL_CONSIDERED -> DISTRO_FEATURES_OPTED_OUTJose Quaresma2026-04-211-1/+1
| | | | | | | | Variable DISTRO_FEATURES_BACKFILL_CONSIDERED has been renamed to DISTRO_FEATURES_OPTED_OUT. Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* wolfssl: mark fixed CVEs as patchedGyorgy Sarvari2026-04-201-0/+9
| | | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-5188 https://nvd.nist.gov/vuln/detail/CVE-2026-5392 https://nvd.nist.gov/vuln/detail/CVE-2026-5393 https://nvd.nist.gov/vuln/detail/CVE-2026-5447 https://nvd.nist.gov/vuln/detail/CVE-2026-5448 https://nvd.nist.gov/vuln/detail/CVE-2026-5460 https://nvd.nist.gov/vuln/detail/CVE-2026-5466 https://nvd.nist.gov/vuln/detail/CVE-2026-5479 https://nvd.nist.gov/vuln/detail/CVE-2026-5500 All of these CVEs are fixed in the current recipe version, however NVD tracks them without version. Each NVD advisory references the corresponding fix, and each of them are contained in 5.9.1. Mark all of them as patched explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ngtcp2: upgrade 1.22.0 -> 1.22.1Gyorgy Sarvari2026-04-201-2/+4
| | | | | | | | | | Contains fix for CVE-2026-40170 (which is tracked without version by NVD, so also mark explicitly as patched). Changelog: https://github.com/ngtcp2/ngtcp2/releases/tag/v1.22.1 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libcoap: upgrade 4.3.5a -> 4.3.5bGyorgy Sarvari2026-04-201-1/+1
| | | | | | | | | | Contains fix fox CVE-2026-29013 Shortlog: https://github.com/obgm/libcoap/compare/v4.3.5a...v4.3.5b Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* drbd-utils: upgrade 9.30.0 -> 9.34.0Haiqing Bai2026-04-173-38/+60
| | | | | | | | | | | | | Changes: - Drop 0001-Fix-build-with-gcc-15.patch (merged upstream). - Add 0001-fix-the-hardcoded-legacy-helper-path.patch: replace the hardcoded "/lib/drbd" path in add_lib_drbd_to_path() with the build-configured DRBD_LEGACY_LIB_DIR derived from LIBDIR - Remove sed fixup for the now-absent ocf.ra@.service. - Install new upstream 50-drbd.preset into systemd system-preset Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ruli: Delete -ansi and -pedantic from compiler commandlineKhem Raj2026-04-161-10/+15
| | | | | | | | | | | | | | | The build fails because ruli is compiled with -ansi (which implies C89/C90), but glibc's memchr macro uses _Generic, a C11 feature. Clang treats this as an error via -Werror,-Wc11-extensions. Fixes build with glibc 2.43+ | ruli_conf.c:86:12: error: '_Generic' is a C11 extension [-Werror,-Wc11-extensions] | 86 | if (!memchr(inbuf, '\0', LOAD_SEARCH_LIST_INBUFSZ)) | | ^ Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* dante,openflow,linux-atm: disable C23 support to fix configure checkKhem Raj2026-04-163-0/+6
| | | | | | | | Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23 compiler support, avoiding potential build failures as the package is not yet fully ported to support C23 standard. Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ruli: disable C23 support to fix buildKhem Raj2026-04-161-1/+1
| | | | | | | Avoid potential build failures as the package is not yet fully ported to support C23 standard. Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* dhcp-relay: disable C23 support to fix configure checkKhem Raj2026-04-161-1/+1
| | | | | | | | Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23 compiler support, avoiding potential build failures as the package is not yet fully ported to support C23 standard. Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* mosquitto: install default mosquitto.conf for systemd compatibilityRicardo Salveti2026-04-141-0/+2
| | | | | | | | | | | | | | | | | | The upgrade to mosquitto 2.1.2 follows an upstream change where the default configuration file is only installed as ${sysconfdir}/mosquitto/mosquitto.conf.example. However, the shipped systemd service explicitly starts mosquitto using ${sysconfdir}/mosquitto/mosquitto.conf. If this file is not present, the daemon exits immediately and the service fails to start. Install the default mosquitto.conf alongside the example file, using the upstream-provided configuration, to match the expectations of the service unit and ensure the service starts correctly by default, as done with the 2.0.22 version. Signed-off-by: Ricardo Salveti <ricardo.salveti@oss.qualcomm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* stunnel: upgrade 5.77 -> 5.78Wang Mingyu2026-04-142-9/+9
| | | | | | | | | | License-Update: Copyright year updated to 2026 fix-openssl-no-des.patch refreshed for 5.78 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* atftp: upgrade 0.8.0 -> 0.8.1Wang Mingyu2026-04-141-2/+2
| | | | | | | | | | | | | | | | | | | License-Update: update LICENSE from https://www.gnu.org/licenses/ Changelog: ============= - merge README* to single README.md - Merge pull request #2 from feckert/pr/20250902-build-fixes - Fix fortify abort when LTO is enabled - Fix uninitialized buffer data. - Enable listening on IPv6 - test.sh: redirect stderr to /dev/null when counting lines - Declare variable D as local in stop_and_clean - Fix pthread_t format warning for fprintf - Fix incompatible-pointer-types for pcre2_substring_list_free Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* wolfssl: upgrade 5.9.0 -> 5.9.1Gyorgy Sarvari2026-04-141-1/+10
| | | | | | | | | | | | | | | | Contains many CVE fixes. Changelog: https://github.com/wolfSSL/wolfssl/releases/tag/v5.9.1-stable There are a number of fixed CVEs in this version that are tracked without version by NVD - mark them as patched explicitly. Ptests passed: Test script returned: 0 unit_test: Success for all configured tests. PASS: Wolfssl Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ntp: Fix build with -std=gnu23Khem Raj2026-04-133-0/+136
| | | | | | | Backport a patch from openLDAP to fix the configure errors with clang-22 -std=gnu23 Fix another issue by dropping C89 signatures in favor of C99 function prototypes Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ez-ipupdate: add CVE tag to CVE-fixing patchGyorgy Sarvari2026-04-131-1/+6
| | | | | | | | | | | | | | | | An already existing patch fixes a CVE (CVE-2004-0980), but it since the patch didn't have the CVE tag, the cve checker did not pick it up. Rectify this ommission. CVE details: https://nvd.nist.gov/vuln/detail/CVE-2004-0980 The same patch is used by Gentoo to mitigate this issue. Gentoo CVE advisory: https://security.gentoo.org/glsa/200411-20 Linked Gentoo bug, containing this patch: https://bugs.gentoo.org/69658 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* corosync: patch CVE-2026-35092Gyorgy Sarvari2026-04-132-0/+58
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35092 Pick the patch that mentions the CVE ID explicitly (the same commit was identified by Debian also[1]) [1]: https://security-tracker.debian.org/tracker/CVE-2026-35092 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* corosync: patch CVE-2026-35091Gyorgy Sarvari2026-04-132-0/+48
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35091 Pick the patch that mentions the CVE ID explicitly (it was identified by Debian also as the fix[1]) [1]: https://security-tracker.debian.org/tracker/CVE-2026-35091 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* tailscale: upgrade 1.84.3 -> 1.94.2Ayoub Zaki2026-04-123-64/+95
| | | | | | | | | | -Update tailscale recipe to version 1.94.2 -Regenerate go module dependencies and license checksums -Export GOFLAGS with build tags so do_update_modules discovers all dependencies -Manually verify and complete Unknown license entries Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* netperf: Fix build with std=gnu23Khem Raj2026-04-122-0/+26
| | | | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* samba: upgrade 4.19.9 -> 4.23.5Gyorgy Sarvari2026-04-117-441/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Samba has a new build-time dependency, libquic[1]. The repository builds an out-of-tree kernel module and a regular userspace library with the same build script, however the Makefile seems to be fairly hostile to cross-compilation. The Samba tarball also vendors the same with their own build script - for now, this venodred version is used. There are some efforts that the kernel part is mainlined[2], once it happens it should be possible to easily remove this from the recipe. pyldb was removed from RDEPENDS, as it seems that samba now builds its own version of it. Patches updated, unneeded patches dropped. Some patches contained a considerable amount of whitespace changes - those were trimmed for the ease of rebasing. Changelog: https://gitlab.com/samba-team/samba/-/blob/samba-4.23.5/WHATSNEW.txt?ref_type=tags (Switch to other branches to see earlier changelogs) [1]: https://github.com/lxin/quic/ [2]: https://github.com/lxin/net-next/commits/quic/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* dovecot: Fix checksum mismatchWang Mingyu2026-04-101-1/+1
| | | | | | | Update the sha256sum to match the current upstream archive. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* freeradius: Update to latest on 3.2 releaseKhem Raj2026-04-107-563/+6
| | | | | | | Drop backports which are already in this SHA update Add -DTLS_STORAGE_CLASS=__thread via cflags Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* mjansson-mdns: add new recipePeter Marko2026-04-102-0/+35
| | | | | | | | | | | | | Public domain mDNS/DNS-SD library in C Add github namespace to recipe name and handle it in CVE_PRODUCT because there already is a different mdns recipe in meta-openembedded. Example application is built but not installed. This is good to verify that current toolchain is copatible with headers. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* nbdkit: upgrade 1.47.5 -> 1.47.7Wang Mingyu2026-04-101-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* networkmanager: Do not ship initrd specific services into rootfsZhixiong Chi2026-04-101-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | Those systemd services were added in 1.54 upstream https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2089 According the comments we can see they are meant for the inird other than using for rootfs. They will conflict with the main services and can lead to potentially confusing error messages. So remove them for now to avoid the following issue. >$systemd-analyze --man=false verify \ > /lib/systemd/system/NetworkManager-wait-online-initrd.service Failed to put bus name to hashmap: File exists NetworkManager-initrd.service: Two services allocated for the \ same bus name org.freedesktop.NetworkManager, refusing operation. Test: PASS: bitbake core-image-minimal PASS: runqemu qemux86-64 PASS: systemd-analyze --man=false verify \ /lib/systemd/system/NetworkManager.service Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ettercap: 0.8.4-> 0.8.4.1Gianfranco Costamagna2026-04-102-50/+1
| | | | | | | | | | | | 1. Changelog https://github.com/Ettercap/ettercap/releases/tag/v0.8.4.1 2. Remove following patches as they were merged upstream CVE-2026-3606.patch Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org> Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* linux-atm: Add kernel-module as RRECOMMENDSZheng Ruoqin2026-04-061-0/+1
| | | | | | | | Runtime command line atmtcp depends on kernel module atmtcp, so add it as RRECOMMENDS. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* tinyproxy: patch CVE-2026-3945Gyorgy Sarvari2026-04-063-0/+62
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3945 Backport the patches which are references by the NVD avisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* tinyproxy: upgrade 1.11.2 -> 1.11.3Gyorgy Sarvari2026-04-062-45/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that was merged upstream. Shortlog: https://github.com/tinyproxy/tinyproxy/compare/1.11.2...1.11.3 Ptests passed successfully: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-04-06T15:25 BEGIN: /usr/lib/tinyproxy/ptest starting web server... done. listening on 127.0.0.3:32123 starting tinyproxy... done (listening on 127.0.0.2:12321) waiting for 1 seconds. 1 done checking direct connection to web server... ok testing connection through tinyproxy... ok requesting statspage via stathost url... ok signaling tinyproxy to reload config...ok checking direct connection to web server... ok testing connection through tinyproxy... ok requesting statspage via stathost url... ok checking bogus request... ok, got expected error code 400 testing connection to filtered domain... ok, got expected error code 403 requesting connect method to denied port... ok, got expected error code 403 testing unavailable backend... ok, got expected error code 502 0 errors killing tinyproxy... ok killing webserver... ok done PASS: run_tests.sh DURATION: 2 END: /usr/lib/tinyproxy/ptest 2026-04-06T15:25 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* wolfssl: ignore fixed CVEsGyorgy Sarvari2026-04-061-0/+5
| | | | | | | | | | | | | | | | | These CVEs are tracked without a version by NVD, but all of them have been fixed in the current recipe version. The relevant fixes (from the NVD reports): CVE-2026-0819: https://github.com/wolfSSL/wolfssl/commit/2d3941056b6b961828947a2f159200df7f7d1cb2 CVE-2026-2646: https://github.com/wolfSSL/wolfssl/commit/7245ad02bb1a41235d923288fd640d40c1ecb2ea and https://github.com/wolfSSL/wolfssl/commit/67abcc6f2d0cc45f918325c4ae6fe2b8d5bc8f72 CVE-2026-3503: https://github.com/wolfSSL/wolfssl/commit/cc2fdda54cd6387e554b444eb2844fa840bd9d5d CVE-2026-3548: https://github.com/wolfSSL/wolfssl/commit/84ca4a05fac9c6c055a514f05880c448ecbbed56 and https://github.com/wolfSSL/wolfssl/commit/b3f08f33b845d2d6bb523f0f38d191ca25635e1c Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* strongswan: mark CVE-2026-25075 as patchedGyorgy Sarvari2026-04-061-0/+2
| | | | | | | | The CVE is fixed in the current version already, however NVD tracks it without version - suppress the report explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* mbedtls: upgrade 3.6.5 -> 3.6.6Gyorgy Sarvari2026-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Contains fixes for CVE-2026-25833, CVE-2026-25834, CVE-2026-25835, CVE-2026-34872, CVE-2026-34873, CVE-2026-34874 and CVE-2026-34875. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6 Ptests passed successfully: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-04-06T14:04 BEGIN: /usr/lib/mbedtls/ptest PASS: test_suite_aes.cbc PASS: test_suite_aes.cfb PASS: test_suite_aes.ctr ... PASS: test_suite_version PASS: test_suite_x509parse PASS: test_suite_x509write DURATION: 24 END: /usr/lib/mbedtls/ptest 2026-04-06T14:04 STOP: ptest-runner Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* mbedtls: drop recipe for v2Gyorgy Sarvari2026-04-061-79/+0
| | | | | | | | It has been unmaintained/EOL for over a year - there is a recipe for a newer, still supported version. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* dovecot: ignore already fixed CVEsGyorgy Sarvari2026-04-061-0/+5
| | | | | | | | | | | | | | | | | | | The following CVEs are fixed in the current version already, however they are tracked without version info. Upstream has confirmed[1] that these vulnerabilities are fixed, and Debian has also identified the relevant commits: CVE-2025-30189: https://security-tracker.debian.org/tracker/CVE-2025-30189 CVE-2026-0394: https://security-tracker.debian.org/tracker/CVE-2026-0394 CVE-2026-24031: https://security-tracker.debian.org/tracker/CVE-2026-24031 CVE-2026-27855: https://security-tracker.debian.org/tracker/CVE-2026-27855 CVE-2026-27860: https://security-tracker.debian.org/tracker/CVE-2026-27860 [1]: https://seclists.org/fulldisclosure/2026/Mar/13 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ez-ipupdate: Update to 3.0.11b8Khem Raj2026-04-055-83/+60
| | | | | | | Drop upstreamed patches Add a patch to fix C23 build break Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ebtables: Use update alternatives for "ebtables"Zhang Xiao2026-04-021-1/+5
| | | | | | | | | The ebtables utility can be provided by both ebtables and iptables packages. Set higher priority for the version provided by iptables to prefer it. Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* vsftpd: Fix multilib install conflictsZheng Ruoqin2026-04-011-1/+2
| | | | | | | | | | Fix following error when multilib is used: Running transaction test Error: Transaction test error: file /etc/pam.d/vsftpd conflicts between attempted installs of vsftpd-3.0.5-r0.x86_64_v3 and lib32-vsftpd-3.0.5-r0.core2_32 Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ngtcp2: upgrade 1.21.0 -> 1.22.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* networkmanager: remove (another) obsolete CLAGS extensionGyorgy Sarvari2026-04-011-7/+0
| | | | | | | | | | The incompatible pointer warning/error has been fixed upstream[1], no need for custom CFLAGS for this anymore. [1]: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/43bcfbcdf5e255544adee3d02d0e98efa088c5d3 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* networkmanager: remove obsolete CLAGS extensionGyorgy Sarvari2026-04-011-7/+0
| | | | | | | | | | Compilation with musl has been fixed by upstream[1], no need for custom CFLAGS for this anymore. [1]: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/d38b5d92ee66b0243fd5ea6d8fdf58a456e3a5f4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>