<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-connectivity, branch styhead-5.1.4</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=styhead-5.1.4</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=styhead-5.1.4'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-03-22T14:06:30+00:00</updated>
<entry>
<title>openssh: patch CVE-2025-26465</title>
<updated>2025-03-22T14:06:30+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-03-12T18:37:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6277999680ffbda7472c448d12d9ca6e85db8ab8'/>
<id>urn:sha1:6277999680ffbda7472c448d12d9ca6e85db8ab8</id>
<content type='text'>
Pick commit:
https://github.com/openssh/openssh-portable/commit/0832aac79517611dd4de93ad0a83577994d9c907

(From OE-Core rev: 0d77609f814dec344535c5674f71a043a4e718e5)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>openssh: patch CVE-2025-26466</title>
<updated>2025-03-22T14:06:30+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-03-12T18:37:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2b1149f032cc405c9d91c168d7eb9d0b3d896794'/>
<id>urn:sha1:2b1149f032cc405c9d91c168d7eb9d0b3d896794</id>
<content type='text'>
Pick commit:
https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2

(From OE-Core rev: ec3912dcaaab85f1ac8907aa5b0b536c32540ff1)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>socat: patch CVE-2024-54661</title>
<updated>2025-01-29T14:20:43+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-01-16T22:42:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=05a5e1c1d73e2f965474d2af23840989841e9f8b'/>
<id>urn:sha1:05a5e1c1d73e2f965474d2af23840989841e9f8b</id>
<content type='text'>
Picked upstream commit
https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f

Since this was the only commit in 1.8.0.2 it also contained release
changes which were dropped.

(From OE-Core rev: 624b91c23559d7d1bc51ec221331513529853cd2)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>connman: Fix restart script</title>
<updated>2025-01-13T13:49:08+00:00</updated>
<author>
<name>Michael Nazzareno Trimarchi</name>
<email>michael@amarulasolutions.com</email>
</author>
<published>2024-11-10T15:00:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f7169136671458a98690a7eb3328aa743f02d19e'/>
<id>urn:sha1:f7169136671458a98690a7eb3328aa743f02d19e</id>
<content type='text'>
The script does not work if the connman service is already stopped.
The start-stop-daemon checks for the existence of a specified process.
If such a process exists, start-stop-daemon sends it the signal specified
by --signal, and exits with error status 0.  If such  a  process  does
not exist, start-stop-daemon exits with error status 1 (0 if --oknodo is specified).
The script uses set -e so we need to add --oknodo option to stop

(From OE-Core rev: f32ab69b4caef5ac2f61bb53102d8b08b94d54d5)

Signed-off-by: Michael Trimarchi &lt;michael@amarulasolutions.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit b1c1b67166049181136d5eb68740f3bf98bf670d)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>openssl: Fix SDK environment script to avoid unbound variable</title>
<updated>2024-11-30T13:41:59+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2024-10-31T07:52:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ad7bee26f895638aabbe29325d14c6836eb06ed0'/>
<id>urn:sha1:ad7bee26f895638aabbe29325d14c6836eb06ed0</id>
<content type='text'>
Avoid errors like:

buildtools/sysroots/x86_64-pokysdk-linux/environment-setup.d/openssl.sh: line 6: BB_ENV_PASSTHROUGH_ADDITIONS: unbound variable

by setting an explicit empty default value.

(From OE-Core rev: a57192131cbcb65e17b11f47aa0f90ef63258280)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 5a2a4910a22668f25679a47deaa9e2ed28665efa)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>bluez: Fix mesh builds on musl</title>
<updated>2024-10-29T12:51:03+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2024-09-18T14:12:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=90404038a99f86dedbe71e5c4f56f32873120873'/>
<id>urn:sha1:90404038a99f86dedbe71e5c4f56f32873120873</id>
<content type='text'>
When mesh is enabled on musl the build fails with conflicting basename
calls.

(From OE-Core rev: bab3e883cb770ef9fc28c002a98efd0ca5cbf60d)

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 2db90c6508e350d35782db973291bbf5ffdfd3a5)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>wpa-supplicant: Ignore CVE-2024-5290</title>
<updated>2024-10-29T12:51:03+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2024-09-28T15:43:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1111dd3ba1d4af04c4a5ee5e4e032648eb523433'/>
<id>urn:sha1:1111dd3ba1d4af04c4a5ee5e4e032648eb523433</id>
<content type='text'>
NVD CVE report [1] links Ubuntu bug [2] which has a very good
description/discussion about this issue.
It applies only to distros patching wpa-supplicant to allow non-root
users (e.g. via netdev group) to load modules.
This is not the case of Yocto.

Quote:
So upstream isn't vulnerable as they only expose the dbus interface to
root. Downstreams like Ubuntu and Chromium added a patch that grants
access to the netdev group. The patch is the problem, not the upstream
code IMHO.

There is also a commit [3] associated with this CVE, however that only
provides build-time configuration to limit paths which can be accessed
but it acts only as a mitigation for distros which allow non-root users
to load crafted modules.

The patch is included in version 2.11, however NVD has this CVE
version-less, so explicit ignore is necessary.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-5290
[2] https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
[3] https://w1.fi/cgit/hostap/commit/?id=c84388ee4c66bcd310db57489eac4a75fc600747

(From OE-Core rev: 617cf25b0f49b732f961f1fa4d1390e8e883f12b)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 6cb794d44a8624784ec0f76dca764616d81ffbf5)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>wpa-supplicant: add patch to check for kernel header version when compiling macsec</title>
<updated>2024-09-17T11:16:01+00:00</updated>
<author>
<name>Jon Mason</name>
<email>jdmason@kudzu.us</email>
</author>
<published>2024-09-16T23:53:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d141a3f1ef04bb35dd84c78034f431d9c26830b8'/>
<id>urn:sha1:d141a3f1ef04bb35dd84c78034f431d9c26830b8</id>
<content type='text'>
When using Arm binary toolchain, version 2.11 of wpa-supplicant is
failing to compile with the following error:

| ../src/drivers/driver_macsec_linux.c:81:29: error: field ‘offload’ has incomplete type
|    81 |         enum macsec_offload offload;
|       |

Backport a recent patch that corrects the issue by adding a check for
the version of kernel headers being used in compilation and disabling
that enum if too old a version is being used (or is used by the
binary toolchain).

(From OE-Core rev: 373d8d4f5316416d70eb2c0733d9838e57419ac3)

Signed-off-by: Jon Mason &lt;jdmason@kudzu.us&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bluez5: remove redundant patch for MAX_INPUT</title>
<updated>2024-09-17T11:16:01+00:00</updated>
<author>
<name>Guðni Már Gilbert</name>
<email>gudni.m.g@gmail.com</email>
</author>
<published>2024-09-15T21:14:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5f2557e8ed8c02d9a896c293a81e0c1f3c0e406a'/>
<id>urn:sha1:5f2557e8ed8c02d9a896c293a81e0c1f3c0e406a</id>
<content type='text'>
The solution to the problem upstream was fixed by the following commit:
https://github.com/bluez/bluez/commit/ca6546fe521360fcf905bc115b893f322e706cb2

Now MAX_INPUT is defined for non-glibc systems such as musl.
This fix was added in BlueZ 5.67.

(From OE-Core rev: fea1bb917ebb1f99c83dbbc87a6f0ffc3627879a)

Signed-off-by: Guðni Már Gilbert &lt;gudni.m.g@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bind: Fix build with the `httpstats` package config enabled</title>
<updated>2024-09-12T15:15:09+00:00</updated>
<author>
<name>Alban Bedel</name>
<email>alban.bedel@aerq.com</email>
</author>
<published>2024-09-11T06:26:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3a3bcf0e05d00737c855b1d95af0b6c864b30038'/>
<id>urn:sha1:3a3bcf0e05d00737c855b1d95af0b6c864b30038</id>
<content type='text'>
------C65ED3E1A5DE826CA595746785F6AF6F
To: openembedded-core@lists.openembedded.org
CC: Alban Bedel &lt;alban.bedel@aerq.com&gt;
Subject: [PATCH] bind: Fix build with the `httpstats` package config enabled
Date: Wed, 11 Sep 2024 08:26:47 +0200
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
MIME-Version: 1.0

When the `httpstats` package config is enabled configure fails with
the error:

&gt; configure: error: Specifying libxml2 installation path is not
&gt; supported, adjust PKG_CONFIG_PATH instead

Drop the explicit path from `--with-libxml2` to solve this issue.

(From OE-Core rev: 9b076fa51f5e6fd685066fb817c47239960778e6)

Signed-off-by: Alban Bedel &lt;alban.bedel@aerq.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
