summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
* wireshark: Fix do_compile errorLiu Yiding2026-02-061-2/+3
| | | | | | | | | | | If there is no mate_grammar.c, it will cause exit code 1 by "test -e" as following: WARNING: exit code 1 from a shell command. So use "if" instead of "test" Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* open62541: add historizing PACKAGECONFIGJohannes Kauffmann2026-02-061-1/+2
| | | | | | Release v1.4.15 fixes building without the historizing option. Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
* open62541: update to v1.4.15Johannes Kauffmann2026-02-062-116/+1
| | | | | | The patch has been applied upstream. Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
* ettercap: 0.8.3.1-> 0.8.4Liu Yiding2026-02-063-96/+3
| | | | | | | | | | | | 1. Changelog https://github.com/Ettercap/ettercap/releases/tag/v0.8.4 2. Remove following patches as they were merged upstream 0001-sslstrip-Enhance-the-libcurl-version-check-to-consid.patch 0002-allow-build-with-cmake-4.patch Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: upgrade 1.47.1 -> 1.47.3Wang Mingyu2026-02-061-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libcacard: upgrade 2.8.1 -> 2.8.2Wang Mingyu2026-02-061-2/+2
| | | | | | | | | | | | | Changelog: ========== - Sort certificates by underlying objects CKA_ID to provide deterministic object order - Avoid using uninitialized memory - Improve test coverage and build scripts - Improve compatibility with modern compilers (avoid strict warnings) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tunctl: Restore DEBUG_PREFIX_MAP in TARGET_LDFLAGSMingli Yu2026-02-061-0/+2
| | | | | | | | | | | | | oe-core has removed DEBUG_PREFIX_MAP from TARGET_LDFLAGS [1], restore it to fix the below error. ERROR: tunctl-1.5-r0.wr2401 do_package_qa: QA Issue: File /usr/sbin/.debug/tunctl in package tunctl-dbg contains reference to TMPDIR [buildpaths] ERROR: tunctl-1.5-r0.wr2401 do_package_qa: Fatal QA errors were found, failing task. [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* proftpd: ignore CVE-2021-47865Gyorgy Sarvari2026-02-041-0/+1
| | | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865 This CVE was opened based on a 5 years old Github issue[1], and has been made public recently. The CVE wasn't officially disputed (yet?), but based on the description and the given PoC the application is working as expected. The vulnerability description and the PoC basically configures proftpd to accept maximum x connections, and then when the user tries to open x + 1 concurrent connections, it refuses new connections over the configured limit. See also discussion in the Github issue. It seems that it won't be fixed, because there is nothing to fix. [1]: https://github.com/proftpd/proftpd/issues/1298 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ndpi: ignore CVE-2025-25066Gyorgy Sarvari2026-02-041-0/+3
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066 The vulnerable code was introduced in version 4.12[1], and the recipe version is not vulnerable yet. Due to this, ignore this CVE for now, until the recipe is upgraded. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ez-ipupdate: patch CVE-2003-0887Gyorgy Sarvari2026-02-022-0/+165
| | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887 The vulnerability is about the default (example) configurations, which place cache files into the /tmp folder, that is world-writeable. The recommendation would be to place them to a more secure folder. The recipe however does not install these example configurations, and as such it is not vulnerable either. Just to make sure, patch these folders to a non-tmp folder (and also install that folder, empty). Some more discussion about the vulnerability: https://bugzilla.suse.com/show_bug.cgi?id=48161 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireshark: upgrade 4.2.14 -> 4.6.3Gyorgy Sarvari2026-01-306-88/+61
| | | | | | | | | | | | | | | | | | | | | | Contains fix for CVE-2025-0962. Removed CVE-2025-9817.patch because it is included in this release. Add a patch that allows it building for native: it is looking for iconv.h header as a new dependency for (optional) zlib-ng support, however it is not installed in the sysroot for native builds. Add a patch that removes this hard dependency for native builds. Changelogs: https://www.wireshark.org/docs/relnotes/wireshark-4.6.3.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.2.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.1.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html Overall changelogs (including 4.4 also): https://www.wireshark.org/docs/relnotes/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libtdb: upgrade 1.4.14 -> 1.4.15Wang Mingyu2026-01-301-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libtalloc: upgrade 2.4.3 -> 2.4.4Wang Mingyu2026-01-301-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openl2tp: Fix do_package_qa IssueLiu Yiding2026-01-301-1/+2
| | | | | | | | Fix following issue when using customized kernel without kernel-module-l2tp-ppp enabled. ERROR: openl2tp-1.8-r0 do_package_qa: QA Issue: openl2tp-ptest rdepends on kernel-module-l2tp-ppp, but it isn't a build dependency? [build-deps] Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openhpi: remove snmp-bc from default packageconfigYi Zhao2026-01-301-1/+1
| | | | | | | | Disable snmp_bc plugin build by default as net-snmp no longer supports DES by default. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* net-snmp: Add PACKAGECONFIG for aesBenjamin B. Frost2026-01-271-0/+1
| | | | | | | Allows for net-snmp to be build with support for AES-192 and AES-256 Signed-off-by: Benjamin B. Frost <benjamin@geanix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* linux-atm: fix SRC_URIGyorgy Sarvari2026-01-271-1/+1
| | | | | | | The original SRC_URI's certificate has expired - change it to a working URL. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* net-snmp: remove des from default packageconfigYi Zhao2026-01-271-1/+1
| | | | | | | | The DES algorithm is considered weak and outdated. Remove des from default PACKAGECONFIG to disable it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* chrony: Ensure /var/lib/chrony belongs to correct user/groupSchulz, Andreas - Enabler & Imaging Software2026-01-221-2/+11
| | | | | Signed-off-by: Andreas Schulz <andreas.schulz2@karlstorz.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dnsmasq: upgrade 2.91 -> 2.92Wang Mingyu2026-01-221-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* weechat: upgrade 4.6.0 -> 4.8.1Wang Mingyu2026-01-221-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pure-ftpd: upgrade 1.0.52 -> 1.0.53Wang Mingyu2026-01-221-2/+2
| | | | | | | License-Update: Copyright year updated to 2026. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* frr: patch CVE-2025-61099..61107Gyorgy Sarvari2026-01-204-0/+416
| | | | | | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61099 https://nvd.nist.gov/vuln/detail/CVE-2025-61100 https://nvd.nist.gov/vuln/detail/CVE-2025-61101 https://nvd.nist.gov/vuln/detail/CVE-2025-61102 https://nvd.nist.gov/vuln/detail/CVE-2025-61103 https://nvd.nist.gov/vuln/detail/CVE-2025-61104 https://nvd.nist.gov/vuln/detail/CVE-2025-61105 https://nvd.nist.gov/vuln/detail/CVE-2025-61106 https://nvd.nist.gov/vuln/detail/CVE-2025-61107 The NVD advisory refernces a PR[1] that contains only an unfinished, and ultimately unmerged attempt at the fixes. The actual solution comes from a different PR[2]. These patches are 3 commits from that PR. The last commit wasn't backported, because it is just code formatting. [1]: https://github.com/FRRouting/frr/pull/19480 [2]: https://github.com/FRRouting/frr/pull/19983 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* adcli: upgrade 0.9.2 -> 0.9.3.1Liu Yiding2026-01-202-4/+60
| | | | | | | | | | | | | | | | | 1. Add pkgconfig to solve following configure error: ../sources/adcli-0.9.3.1/configure: line 15340: syntax error near unexpected token `LIBSELINUX,' ../sources/adcli-0.9.3.1/configure: line 15340: `PKG_CHECK_MODULES(LIBSELINUX, libselinux, found_libselinux=yes, found_libselinux=no)' 2. Add PACKAGECONFIG[selinux] for new selinux support in 0.9.3.1. 3. Add 0001-configure.ac-Fix-selinux-error-for-cross_compiling.patch to fix SELINUX_MAKEFILE file check in 0.9.3.1. 4. Add --disable-offline-join-support to solve following configure error configure: error: Couldn't build offline join support, Samba version too old or libnatapi devel package is missing Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libcoap: set CVE version suffixPeter Marko2026-01-201-0/+2
| | | | | | | | | CVE metrics currently report CVE-2025-34468 as open. CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher version, however by default cve-check only compares numbers. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* open62541: update to v1.4Johannes Kauffmann2026-01-163-32/+123
| | | | | | | | | | | | | | | | Use the latest commit from the 1.4 branch; the last 1.4 release was 3 months ago so it contains important fixes. - The contents of /usr/share/ are slightly different, so change the path slightly. - The new patch fixes the .pc file generation (it also ensures that there are no references to absolute paths in the .pc file which would need to be removed again). - PubSub information model is now enabled by default, add a new option to disable it (disabling only pubsub isn't enough). Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* adcli: Fix OECONFLiu Yiding2026-01-141-2/+1
| | | | | | | | | Remove "--disable-static" as it's not needed for default option. ./configure --help --enable-static[=PKGS] build static libraries [default=no] Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openfortivpn: upgrade 1.24.0 -> 1.24.1Wang Mingyu2026-01-131-1/+1
| | | | | | | | Changelog: fix regression where the 'plugin' was not passed to pppd Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* frr: upgrade 10.5.0 -> 10.5.1Yi Zhao2026-01-131-1/+1
| | | | | | | | ChangeLog: https://github.com/FRRouting/frr/releases/tag/frr-10.5.1 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nng: add ptestYi Zhao2026-01-122-3/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ptest results on genericx86-64 BSP: $ run-ptest PASS: compat_block PASS: compat_bug777 PASS: compat_bus PASS: compat_cmsg PASS: compat_device PASS: compat_iovec PASS: compat_msg PASS: compat_options PASS: compat_pair PASS: compat_pipeline PASS: compat_poll PASS: compat_reqrep PASS: compat_reqttl PASS: compat_shutdown PASS: compat_survey PASS: compat_surveyttl PASS: cplusplus_pair PASS: device PASS: files FAIL: httpclient PASS: httpserver PASS: inproc PASS: ipc PASS: ipcsupp PASS: multistress PASS: nonblock PASS: options PASS: pipe PASS: pollfd PASS: reqctx PASS: reqstress PASS: scalability PASS: synch PASS: tcp PASS: tcp6 PASS: tcpsupp PASS: tls PASS: ws PASS: wss The httpclient case attempts to retrieve the Content-Length field from HTTP header of http://example.com/, but because the site uses chunked transfer encoding, the Content-Length field is not present, leading to an assertion failure. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nng: upgrade 1.7.3 -> 1.11Yi Zhao2026-01-121-3/+2
| | | | | | | | | | | ChangeLog: https://github.com/nanomsg/nng/releases/tag/v1.11 https://github.com/nanomsg/nng/releases/tag/v1.10 https://github.com/nanomsg/nng/releases/tag/v1.9.0 https://github.com/nanomsg/nng/releases/tag/v1.8.0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nanomsg: add ptestYi Zhao2026-01-122-2/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ptest results: $ run-ptest PASS: async_shutdown PASS: block PASS: bug328 PASS: bug777 PASS: bus PASS: cmsg PASS: device PASS: device4 PASS: device5 PASS: device6 PASS: device7 PASS: domain PASS: emfile PASS: hash PASS: inproc PASS: inproc_shutdown PASS: iovec PASS: ipc PASS: ipc_shutdown PASS: ipc_stress PASS: list PASS: msg PASS: pair PASS: pipeline PASS: poll PASS: prio PASS: pubsub PASS: reqrep PASS: reqttl PASS: separation PASS: shutdown PASS: stats PASS: survey PASS: surveyttl PASS: symbol PASS: tcp PASS: tcp_shutdown PASS: term PASS: timeo PASS: trie PASS: ws PASS: ws_async_shutdown PASS: zerocopy Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nanomsg: upgrade 1.2.1 -> 1.2.2Yi Zhao2026-01-122-60/+2
| | | | | | | | | | | ChangeLog: https://github.com/nanomsg/nanomsg/releases/tag/1.2.2 Drop 0001-allow-build-with-cmake-4.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpdump: upgrade 4.99.5 -> 4.99.6Wang Mingyu2026-01-122-7/+4
| | | | | | | | add-ptest.patch refreshed for 4.99.6 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: upgrade 1.46.0 -> 1.47.1Wang Mingyu2026-01-121-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fping: upgrade 5.4 -> 5.5Wang Mingyu2026-01-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: =========== - New option -J / --json for JSON output. See doc/fping-json.md for the JSON schema. This feature is still in alpha and the schema might change in future releases - The -g, --generate option now also supports IPv6 addresses - New option --seqmap-timeout to control the time after which sequence numbers can be used again - Fix OpenBSD sprintf() warning - Fix fallback to SO\_TIMESTAMP if SO\_TIMESTAMPNS is not available - When reading target names from file or standard input, lines longer than the static buffer are no longer interpreted as more than one line - Typo fix in error message when SO\_BINDTODEVICE fails - Options --print-tos and --print-ttl now also work for IPv6, and no longer require privileges - Report received ICMPv6 error messages - Suppress duplicate reports in count mode with -q, --quiet or -Q, --squiet - Switch to alpine-based multi-stage Docker build to reduce image size and improve build performance; add OpenContainers-compatible labels - Print receive ping moved to new functions - Avoid unsigned overflow when determining the memory size to save response times on systems where size\_t is the same as unsigned int - Document the new minimum value for the -p option - Fix build without IPv6 support - Fix debug build use of dbg_printf in fping.c - Remove MacOS-specific test for -I option - GitHub Actions fixes - Fix measurement of time for timed reports (-Q) to start after DNS name resolution. - Updated autoconf from 2.71 to 2.72 - Updated automake from 1.16.5 to 1.18.1 - Updated libtool from 2.4.6 to 2.5.4 - Implemented verification of autotools tarballs in Github actions. - Implemented stricter flag value checking (e.g. -c 10xyz is not accepted anymore). Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* net-snmp: Update to 5.9.5.2Peter Kjellerstedt2026-01-061-1/+1
| | | | | | | | | | | 5.9.5.1: * Only a version numbering fix. 5.9.5.2: * Fix an issue with needing limits.h included. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsomeip: Don't fail on Boost.Asio deprecation warningsKhem Raj2026-01-031-0/+2
| | | | | | | Append -Wno-error=deprecated-declarations to CXXFLAGS so builds don't break when Boost marks APIs like strand::wrap() as deprecated. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-scapy: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The default ${PN} (python3-scapy) CVE fails to match relevant CVEs, because they are tracked under the scapy:scapy CPE. Set CVE_PRODUCT to the correct value. See CVE db query: sqlite> select * from products where product like '%scapy%'; CVE-2019-1010142|scapy|scapy|2.4.0|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager-openvpn: upgrade 1.12.3 -> 1.12.5Liu Yiding2025-12-311-1/+3
| | | | | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: upgrade 1.52.0 -> 1.52.2Liu Yiding2025-12-311-2/+2
| | | | | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libowfat: update SRC_URIGyorgy Sarvari2025-12-281-1/+1
| | | | | | | | The https link does not work anymore, it just refuses the connection. http still works though. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ncp: update SRC_URIGyorgy Sarvari2025-12-281-1/+1
| | | | | | | | The https link does not work anymore, it just refuses the connection. http still works though. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cifs-utils: fix broken PACKAGECONFIGsGyorgy Sarvari2025-12-251-0/+2
| | | | | | | | | | | | | | | | | | | Some PACKAGECONFIGs (cifsidmap, cifsacl, pam) were failing to build since a while, erroring out with: | ../sources/cifs-utils-7.4/resolve_host.c:23:10: fatal error: config.h: No such file or directory | 23 | #include "config.h" | | ^~~~~~~~~~ | compilation terminated. The config.h header is generated in the root of build folder, and it seems that the recipe can't be built 100% out of the source tree. To avoid this issue, add ${B} as an include folder to CFLAGS, so it finds the required header. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cifs-utils: upgrade 7.0 -> 7.4Gyorgy Sarvari2025-12-251-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contains fix for CVE-2025-2312 The recipe installs two scripts in bindir - this is nothing new. But the shebang has changed from "/usr/bin/env python3" to "/usr/bin/python3" - these were always python scripts, but they weren't recognized as such during the QA checks, and python wasn't installed as a runtime dependency. Now QA check is complaining about missing python in RDEPENDS. To avoid mandatory python installation, package the scripts separately in cifs-utils-scripts package. Shortlog: cifs-utils: bump version to 7.4 mount.cifs: retry mount on -EINPROGRESS cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP cifscreds: use <libgen.h> for basename getcifsacl, setcifsacl: use <libgen.h> for basename cifs.upcall: fix memory leaks in check_service_ticket_exits() cifs-utils: bump version to 7.3 Fix regression in mount.cifs with guest mount option resolve_host.c: Initialize site_name cldap_ping: Fix socket fd leak cifs-utils: bump version to 7.2 getcifsacl: fix return code check for getting full ACL cifs-utils: add documentation for upcall_target cifs-utils: avoid using mktemp when updating mtab cldap_ping.c: add missing <sys/types.h> include configure.ac: libtalloc is now mandatory cifscreds: allow user to set the key's timeout cifscreds: use continue instead of break when matching commands Do not pass passwords with sec=none and sec=krb5 docs: add esize description docs: add max_cached_dirs description docs: update actimeo description Fix compiler warnings in mount.cifs CIFS.upcall to accomodate new namespace mount opt cifs-utils: Skip TGT check if valid service ticket is already available use enums to check password or password2 in set_password, get_password_from_file and minor documentation additions cifs-utils: support and document password2 mount option smbinfo: add bash completion support for filestreaminfo, keys, gettconinfo cifs-utils: bump version to 7.1 cifs: update documentation for sloppy mount option docs: add closetimeo description docs: add compress description checkopts: update it to work with latest kernel version cifs-utils: add documentation for multichannel and max_channels cifs-utils: smbinfo: add gettconinfo command Implement CLDAP Ping to find the closest site mount.cifs.rst: update section about xattr/acl support mount.cifs.rst: add missing reference for sssd getcifsacl, setcifsacl: add missing <endian.h> include for le32toh getcifsacl, setcifsacl: add missing <linux/limits.h> include for XATTR_SIZE_MAX cifs-utils: Make automake treat /sbin as exec, not data pam_cifscreds: fix warning on NULL arg passed to %s in pam_syslog() cifs.upcall: fix UAF in get_cachename_from_process_env() cifs-utils: add documentation for acregmax and acdirmax setcifsacl: Fix uninitialized value. Use explicit "#!/usr/bin/python3" Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: upgrade 1.45.15 -> 1.46.0Wang Mingyu2025-12-241-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* memcached: upgrade 1.6.39 -> 1.6.40Wang Mingyu2025-12-241-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wolfssl: ignore CVE-2025-11931 and CVE-2025-12889Gyorgy Sarvari2025-12-241-0/+3
| | | | | | | | | | | | | | | | | | NVD claims that WolfSSL 5.8.4 is affected by both of these vulnerabilities, however actually both have been fixed in that version. CVE-2025-11931: NVD[1] references [2] PR as a patch, which was merged in [3]. CVE-2025-12889: NVD[4] referenced [5] PR as a patch, which was merged in [6]. [1]: https://nvd.nist.gov/vuln/detail/CVE-2025-11931 [2]: https://github.com/wolfSSL/wolfssl/pull/9223 [3]: https://github.com/wolfSSL/wolfssl/commit/e497d28ae1b364e0136849996b893f55d8a8fd4a [4]: https://nvd.nist.gov/vuln/detail/CVE-2025-12889 [5]: https://github.com/wolfSSL/wolfssl/pull/9395 [6]: https://github.com/wolfSSL/wolfssl/commit/2db1c7a522ba258d841fbce95ab84156669a5a3e Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tinyproxy: add ptest supportGyorgy Sarvari2025-12-243-1/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It takes <10s to execute. Sample output: root@qemux86-64:~# ptest-runner START: ptest-runner 2025-12-23T17:45 BEGIN: /usr/lib/tinyproxy/ptest starting web server... done (listening on 127.0.0.3:32123) starting tinyproxy... done (listening on 127.0.0.2:12321) waiting for 1 seconds.. done checking direct connection to web server... ok testing connection through tinyproxy... ok requesting statspage via stathost url... ok signaling tinyproxy to reload config...ok checking direct connection to web server... ok testing connection through tinyproxy... ok requesting statspage via stathost url... ok checking bogus request... ok, got expected error code 400 testing connection to filtered domain... ok, got expected error code 403 requesting connect method to denied port... ok, got expected error code 403 testing unavailable backend... ok, got expected error code 502 0 errors killing tinyproxy... ok killing webserver... ok done PASS: run_tests.sh DURATION: 1 END: /usr/lib/tinyproxy/ptest 2025-12-23T17:45 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tinyproxy: patch CVE-2025-63938Gyorgy Sarvari2025-12-242-0/+44
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938 Pick the patch referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>