Commit Graph

489 Commits

Author SHA1 Message Date
Aviv Daum 1bdff724ed lldpd: fix xml PACKAGECONFIG dependency
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.

Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.

Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-03-13 05:57:22 +01:00
Gyorgy Sarvari 5b9b91b0e2 keepalived: patch CVE-2024-41184
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184

Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-02-27 14:28:50 +01:00
Gyorgy Sarvari 8c092c4a82 proftpd: ignore CVE-2021-47865
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865

This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.

The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.

See also discussion in the Github issue.

I just put it on the ignore list.

[1]: https://github.com/proftpd/proftpd/issues/1298

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-30 18:59:29 +01:00
Gyorgy Sarvari e660c4f8dc squid: upgrade 4.15 -> 4.17
These are bugfix releases.

Changelogs:
4.17:
- WCCP: Validate packets better

4.16:
- Regression Fix: --with-valgrind-debug build broken since 4.15
- Bug 5129 pt1: remove Lock use from HttpRequestMethod
- Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
- Bug 4528: ICAP transactions quit on async DNS lookups

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-20 18:22:02 +01:00
Gyorgy Sarvari 60f0e23124 lldpd: patch CVE-2021-43612
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-43612

Pick the patch referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-08 22:03:03 +01:00
Peter Marko 6b7a0197f9 proftpd: set status of CVE-2001-0027
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."

Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."

Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.

[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7)

Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-08 22:03:03 +01:00
Gyorgy Sarvari 8611f92c20 proftpd: patch CVE-2024-48651
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651

Backport the patch mentioned in the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-12-17 15:38:00 +01:00
Gyorgy Sarvari 9b1be4d915 ncftp: correct SRC_URI
The original xz-compressed tarball isn't available at the download
location anymore - switch to the gz tarball which is still there.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-11-17 09:08:27 +01:00
Gyorgy Sarvari 0d9619b1bc keepalived: patch CVE-2021-44225
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44225

Pick patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-27 18:08:19 +01:00
Gyorgy Sarvari 88be6af76b squid: fix esi PACKAGECONFIG
libxml has derecated the "xmlSetFeature" call, and hid is behind a special
config flag (--with-legacy), which is not used by default in oe-core.

This makes compilation fail, when "esi" PACKAGECONFIG is enabled:

Libxml2Parser.cc:94:5: error: 'xmlSetFeature' was not declared in this scope; did you mean 'xmlHasFeature'?

This backported patch fixes this.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-27 11:17:33 +01:00
Gyorgy Sarvari efbc247121 squid: patch CVE-2025-59362
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59362

Pick the PR content that's referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-27 11:17:30 +01:00
Gyorgy Sarvari bb7620585c squid: patch CVE-2023-46724
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-46724

Pick the patch from the details of the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-27 11:17:28 +01:00
Gyorgy Sarvari 4c30475f5d squid: patch CVE-2022-41318
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41318

Pick the v4 patch referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-27 11:17:25 +01:00
Gyorgy Sarvari 3183e67999 squid: patch CVE-2022-41317
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41317

Pick the v4 patch referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-27 11:17:22 +01:00
Gyorgy Sarvari ccfa20cea9 squid: patch CVE-2021-46784
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-46784

Pick the backported patch from v4 branch, that referenced the same PR[1]
that the patch[2] from the nvd report refers to.

[1]: https://github.com/squid-cache/squid/pull/1022
[2]: https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-27 11:17:18 +01:00
Vijay Anusuri 6c8ae54fc3 proftpd: Fix CVE-2023-48795
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-20 11:59:36 +02:00
Peter Marko 5bb71a5f0f squid: mark CVE-2025-54574 as patched
Per [1] CVE-2025-54574 is fixed in patch for CVE-2023-5824.
That was a composite patch from more commits.
When checking it, it really contains also commit [2] which is mentioned
as fix for CVE-2025-54574.

[1] https://security-tracker.debian.org/tracker/CVE-2025-54574
[2] https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-17 10:51:27 +02:00
Randy MacLeod 3420cb0739 ncftp: Upgrade to 3.2.7
Switch the SRC_URI from "ftp:" to "https:". Drop the obsolete SRC_URI[md5sum].
Drop ncftp-3.2.5-gcc10.patch since we're using gcc13 and upstream has fixed the build
to work by adding an extern to sh_util/gpshare.c for example.

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9dbf1b42bb)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-26 15:13:03 +02:00
Wang Mingyu 8b4a5ad2c6 pure-ftpd: upgrade 1.0.51 -> 1.0.52
nostrip.patch
refreshed for 1.0.52

License-Update: Copyright year updated to 2024

Changelog:
==========
 - The QUIT command is now accepted during a transfer.
 - The server can be built with --with-minimal again.
 - Fixed an out of bounds read in the MLSD command.
 - Larger mmap()ed pages are used on aarch64.
 - Improved compatibility with HPUX
 - Improved OpenSSL API compatibility
 - Improved compatibility with OpenWall Linux
 - Improved compatibility with Netfilter

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fac6357f60)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-26 15:13:03 +02:00
wangmy 1784ee6c9b pure-ftpd: upgrade 1.0.50 -> 1.0.51
0001-Remove-hardcoded-usr-local-includes-from-configure.a.patch
updated for new version.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8a50039955)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-26 15:13:03 +02:00
Vijay Anusuri 719a23e6f6 proftpd: Fix CVE-2024-57392
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-07-02 20:30:13 -04:00
Colin McAllister aa423dfd81 lldpd: Fix CVE-2023-41910
Adds patch to backport fix for CVE-2023-41910.

Signed-off-by: Colin McAllister <colin.mcallister@garmin.com>
Change-Id: Iab619f1f5ba26b1141dffea065c90ef0b180b46e
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-12-31 09:04:11 -05:00
Peter Marko 82a9ac867d squid: conditionally set status of CVE-2024-45802
According to [1] the ESI feature implementation in squid is vulnerable
without any fix available.
NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).

Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.

We should not break features in LTS branch and cannot fix this problem.
So ignrore this CVE based on set PACKAGECONFIG which should remove it
from reports for most users. Thos who need ESI need to assess the risk
themselves.

[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-12-08 14:38:16 -05:00
Vijay Anusuri 07b6c57f4a squid: Security fix CVE-2023-5824
References:
https://access.redhat.com/security/cve/cve-2023-5824
https://access.redhat.com/errata/RHSA-2023:7668

The patch is from RHEL8.

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-09-22 10:12:40 -04:00
Vijay Anusuri 5800571ad7 squid: Backport fix for CVE-2023-49286 and CVE-2023-50269
import patches from ubuntu to fix
 CVE-2023-49286
 CVE-2023-50269

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264
&
https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-02-28 08:18:18 -05:00
Ashish Sharma 667850f086 postfix: Backport fix for CVE-2023-51764
Import patches from ubuntu launchpad  fix CVE-2023-51764

Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-02-07 18:41:41 -05:00
Vijay Anusuri f81b181933 squid: backport Debian patch for CVE-2023-46728 and CVE-2023-46846
import patches from ubuntu to fix
 CVE-2023-46728
 CVE-2023-46846

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
&
https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270
&
https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-02-07 18:41:41 -05:00
Li Wang 182c4742c6 radvd: add '--shell /sbin/nologin' to /etc/passwd
the default setting USERADD_PARAM of yocto:
-s /bin/sh

follow redhat policy:
radvd/redhat/systemd/radvd.spec
  useradd ... -s /sbin/nologin ...

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-02-07 18:41:41 -05:00
Vivek Kumbhar b72149572d squid: Backport fix for CVE-2023-49285
Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b]

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-02-07 18:41:40 -05:00
Hitendra Prajapati 730e44900a proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-01-12 07:14:16 -05:00
vkumbhar 402affcc07 squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-12-13 13:35:51 -05:00
J.D. Schroeder a7a66cdb13 Fix groupname gid change warning
This patch fixes warnings when useradd-staticids.bbclass is used and
USERADD_PARAM is used to add the user to a group that has not been
explicitly created yet. By adding the GROUPADD_PARAM for the new group
being used the warnings for changing the gid from GID-OLD to GID-NEW
is eliminated.

Warnings fixed:
cyrus-sasl: Changing groupname mail's gid from (WXYZ) to (JKLM), verify configuration files!
radvd: Changing groupname nogroup's gid from (WXYZ) to (JKLM), verify configuration files!

Signed-off-by: JD Schroeder <sweng5080@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-08-03 16:50:52 -04:00
Khem Raj e6a91b2f95 postfix: Fix build on systems with linux 6.x
* cherry-picked from langdale "postfix: Upgrade to 3.7.3" commit
  dd5226bed9 without the upgrade.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-04-13 08:26:04 -04:00
Yi Zhao 29a2410f75 postfix: upgrade 3.6.5 -> 3.6.7
Changelog:
http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.6.7.HISTORY

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-01-12 11:06:02 -05:00
Hitendra Prajapati e5b177aea4 cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
Source: https://github.com/cyrusimap/cyrus-sasl
MR: 118497
Type: Security Fix
Disposition: Backport from https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc
ChangeID: 4736aae2b7d8986787b1666cfd6eecd590915120
Description:
       CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands.

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-07-09 12:09:42 -07:00
Khem Raj 83b283c528 opensaf: Fix build with gcc 12
Use configure logic to disable certain warnings if compiler supports
them

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-04-13 19:21:41 -07:00
Yi Zhao 6ebe45deb4 postfix: upgrade 3.6.4 -> 3.6.5
ChangeLog:
https://www.postfix.org/announcements/postfix-3.6.5.html

* Drop 0006-correct-signature-of-closefrom-API.patch as the issue has
been fixed upstream.

* Update main.cf to eliminate startup warning:
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload"

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-24 09:45:25 -07:00
Radovan Scasny d2ce8ff16e proftpd: update to 1.3.7c
Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-07 09:27:53 -08:00
Khem Raj 7d8a0e840d recipes: Update LICENSE variable to use SPDX license identifiers
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-04 17:41:45 -08:00
Khem Raj 055dd8ceab cyrus-sasl: Fix ptest builds
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Wang Mingyu <wangmy@fujitsu.com>
2022-03-01 09:13:42 -08:00
Wang Mingyu edd8bd0f24 cyrus-sasl: upgrade 2.1.27 -> 2.1.28
0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch
0001-makeinit.sh-fix-parallel-build-issue.patch
0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch
deleted since they're included in 2.1.28

CVE-2019-19906.patch
avoid-to-call-AC_TRY_RUN.patch
refreshed for new version

Changelog:
=========
build:
------
configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
makemd5.c - Fix potential out of bound writes
fix build with –disable-shared –enable-static
Dozens of fixes for Windows specific builds
Fix cross platform builds with SPNEGO
Do not try to build broken java subtree
Fix build error with –enable-auth-sasldb

common:
-------
plugin_common.c:
Ensure size is always checked if called repeatedly (#617)

documentation:
--------------
Fixed generation of saslauthd(8) man page
Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373)
Updates for additional SCRAM mechanisms
Fix sasl_decode64 and sasl_encode64 man pages
Tons of fixes for Sphinx

include:
--------
sasl.h:
Allow up to 16 bits for security flags

lib:
----
checkpw.c:
Skip one call to strcat
Disable auxprop-hashed (#374)
client.c:
Use proper length for fully qualified domain names
common.c:
CVE-2019-19906 Fix off by one error (#587)
external.c:
fix EXTERNAL with non-terminated input (#689)
saslutil.c:
fix index_64 to be a signed char (#619)

plugins:
--------
gssapi.c:
Emit debug log only in case of errors
ntlm.c:
Fail compile if MD4 is not available (#632)
sql.c:
Finish reading residual return data (#639)
CVE-2022-24407 Escape password for SQL insert/update commands.

sasldb:
-------
db_gdbm.c:
fix gdbm_errno overlay from gdbm_close

DIGEST-MD5 plugin:
------------------
Prevent double free of RC4 context
Use OpenSSL RC4 implementation if available

SCRAM plugin:
------------
Return BADAUTH on incorrect password (#545)
Add -224, -384, -512 (#552)
Remove SCRAM_HASH_SIZE
Add function to return SCRAM auth method name
Allocate enough memory in scam_setpass()
Add function to sort SCRAM methods by hash strength
Update windows build for newer SCRAM options

saslauthd:
---------
auth_httpform.c:
Avoid signed overflow with non-ascii characters (#576)
auth_krb5.c:
support setting an explicit auth_krb5 server name
support setting an explicit servername with Heimdal
unify the MIT and Heimdal auth_krb5 implementations
Remove call to krbtf
auth_rimap.c:
provide native memmem implementation if missing
lak.c:
Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
lak.h:
Increase supported DN length to 4096 (#626)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-01 09:13:42 -08:00
Wang Mingyu 358db10e03 iscsi-initiator-utils: upgrade 2.1.5 -> 2.1.6
0001-Fix-compiler-error-introduced-with-recent-IPv6-commi.patch
removed since it's included in 2.1.6.

Changelog:
=========
This release adds more bug fixes and cleanups. No major functionality changes.

 libopeniscsiusr: extend sysfs ignore_error to include EINVAL
 Fix compiler error introduced with recent IPv6 commit.
 Remove dependences from iscsi-init.service
 Use "sbindir" for path in systemd service files
 Updated README a bit
 Finish ability to have binary location configurable.
 Fix iscsi-init so that it runs when root writable
 remove redundant params in Makefile
 Fixing last parts of sbindir configuration
 Cosmetic cleanup on recent addition
 Update the iscsi-gen-initiatorname script: harden and generalize
 change iscsi-gen-initiatorname option -b => -p
 Add man page for the iscsi-gen-initiatorname script.
 Install new man page for iscsi-gen-initiatorname
 Fix issues discovered by gcc12
 Fix more issues discovered by gcc12
 iscsi sysfs: check state before onlining devs
 iscsistart: fix login timeout handling
 iscsid: use infinite timeout if passed in
 iscsid: add error code for req timeouts
 Improve 'iscsid.conf'
 iscsiadm: Call log_init() first to fix a segmentation fault
 iscsi_err: Add iscsid request timed out error messages
 Fix wrong install_systemd destination path
 actor: add name to struct actor and init it with function name
 actor: print thread name in log
 actor: enhanced: print error log when init a initilized thread
 initiator_common: make set operational parameter log easy to read
 iscsid: Check session id before start sync a thread

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-22 08:30:50 -08:00
Khem Raj f2df270179 recipes: Use new CVE_CHECK_IGNORE variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
wangmy 1320b9c9d2 opensaf: upgrade 5.21.09 -> 5.22.01
Changelog:
=========
* log: removal of letter 'C'/'R' from msgId in RFC5424 format [#3303]
* log: Stop all threads while releasing the log agent object [#3302]
* amf: Correct HC period to make it effect immediately[#3298]
* log: Correct condition to shutdown the log agent [#3301]
* log: Increase timeout in logtest [#3291]
* log: Shutdown log agent when not in use [#3291]
* log: Introduce the initial clm node status [#3291]
* amf: Correct the version of csi attribute message [#3296]
* ntf: correct the behavior of periodic check log pending [#3297]
* mds: Resolve active MxN VDEST conflict in split brain [#3281]
* smf: correct merge bundle rolling to single step [#3290]
* ntf: get attribute value from local when value not existed [#3289]
* immd: fix cannot find candidate for new immnd coordinator [#3284]
* smf: make more robustness in BISU upgrade [#3286]
* amfd: Tightens sync window condition to proceed headless restoration [#3271]
* osaf: fixed redefinition of typedef 'SaConstStringT' [#3287]
* amf: update runtime attributes of node to IMM in sync [#3285]
* amfd: Correct checking CSICOMP while deleting CSI [#3282]
* base: using mutex for test case sysf_ipc_test instead of atomic [#3283]
* build: adaptive python version for rpm build [#3270]

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-08 01:44:49 -08:00
Yi Zhao 2c710b005a postfix: upgrade 3.6.3 -> 3.6.4
Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Yi Zhao 57d127e81e iscsi-initiator-utils: upgrade 2.1.4. -> 2.1.5
Backport a patch to fix the build error.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-18 09:01:51 -08:00
Yi Zhao 45fee2d0ce postfix: upgrade 3.6.2 -> 3.6.3
Release Notes:
http://www.postfix.org/announcements/postfix-3.6.3.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-21 18:49:37 -08:00
wangmy c9a95c095d pure-ftpd: upgrade 1.0.49 -> 1.0.50
License-Update: year updated to 2021.

Changelog
==========
This version fixes some really old issues, the most significant one being
excessive memory use for large memory listings.

When virtual quotas were used, transfers were not aborted after the limit was
reached; files were only removed at the end of a transfer. That should now be fixed.

Support for MD5, SHA1 and the MySQL PASSWORD() function were removed for
password hashing. You should now use scrypt, argon2 or the system crypt(3) function.

The server used to reject class E reserved network ranges. People reported that
Linux containers may use them, so this is now accepted.

Finally, it is now possible to recursively include additional files in a
configuration file, with the new Include directive.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-29 09:09:03 -08:00
Khem Raj 6d8edf440c ippool: silence a DeprecationWarning
Use regex strings (r’’)
Fixes

meta-networking/recipes-daemons/ippool/ippool_1.3.bb:99:
DeprecationWarning: invalid escape sequence \d
  r = re.compile("\d*\.\d*\.\d*")

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-25 10:14:18 -08:00
Peter Kjellerstedt fce137d50b opensaf: Make sure a file needed by opensafd.service is not removed
Rename /etc/init.d/opensafd to /usr/lib/opensaf/opensafd-init as it is
needed by opensafd.service, but /etc/init.d is removed by
systemd.bbclass if sysvinit is not in DISTRO_FEATURES.

Note that this will not actually make the initscript and service file
work since they depend on /lib/lsb/init-functions, which does not exist
since the lsb recipe was removed from OE-Core.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-04 06:52:50 -07:00