Add a patch fixing the autoconf 2.13-era idioms that abort autom4te
under autoconf 2.73, and regenerate the existing patches so they apply
without fuzz.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The Debian package page is not the appropriate homepage. And we can add the
bug tracker URL and a description. Configure has some more options we can
expose as PACKAGECONFIG. In INSTALL file in the source repository states
that libpcre2 (instead of libpcre) should be used. And std=gnu89 is no
longer needed.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Comparator objects used in standard containers (such as std::set)
must be invocable as const. Opensaf contains several comparators
that lack the 'const' qualifier, leading to compilation failures like:
error: passing 'const XxxCompare*' as 'this' argument discards qualifiers
Add a backported patch to fix the comparators in imm_xmlw_dump.cc
and amfd/node.h by adding the missing 'const' to operator().
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
- Issue 2057 - SQL Injection in mod_wrap2_sql via reverse DNS
hostname (CVE-2026-44331).
- Issue 2056 - Incomplete fix for session management with OpenSSL 3.2.x or
later, when using TLSv1.2 or earlier. This complements the fix for
Issue #1963.
- Issue 2098 - Hard quota limits on uploads do not cause SFTP WRITE requests
to fail as expected.
- Issue 2102 - SSH payload length underflow calculation for ETM/ChaChaPoly
algorithms in mod_sftp.
- Issue 2104 - SSH packet with empty payload triggers null pointer dereference
in mod_sftp.
- Issue 2106 - Bad DSA signatures can lead to out-of-bounds read of heap memory
in mod_sftp.
- Issue 2108 - Mismatched RSA/DSA algorithm signatures can lead to null
dereference in mod_sftp.
- Issue 2115 - SFTP request payload length underflow calculation in mod_sftp.
- Issue 2120 - Several modules fail to build using OpenSSL 4.0.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* Refresh patch to mute patch-fuzz
* Remove 0001-makedefs-Account-for-linux-7.x-version.patch
* This upgrade include the following commit, which make postfix can
compile on latest stable ubuntu 26.04, which have Linux 7.x kernel
Postfix works on Linux 7.x kernels. Frank Scheiner. Files:
makedefs, util/sys_defs.h.
Changes:
https://www.ftp.saix.net/MTA/postfix/official/postfix-3.11.2.HISTORY
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Multiple hardening fixes across PureDB, the IP access checker, PAM, LDAP,
quota handling, and pure-pwconvert.
- IP access rules now support IPv6 patterns. Hostname rules are resolved
using the client's address family, so AAAA records can match IPv6 clients;
previously this path was IPv4-only.
- Malformed CIDR widths in PureDB allow/deny lists now fail closed and a
warning is logged identifying the offending pattern.
- LDAP searches that return more than one entry are now rejected as
ambiguous and a warning is logged identifying the offending uid.
- Malformed quota files no longer reset usage to zero; the failure
surfaces during quota checks instead.
- PureDB virtual users with a non-numeric or partially numeric uid or
gid field are now rejected. Records with uid or gid 0 continue to require
ACCEPT_ROOT_VIRTUAL_USERS at build time, as documented.
- Anonymous LDAP binds work again after a regression introduced in 1.0.53.
- Pure-pwconvert skips entries whose fields contain ':' or newline
characters rather than emitting corrupted records.
igned-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: update LICENSE from https://www.gnu.org/licenses/
Changelog:
=============
- merge README* to single README.md
- Merge pull request #2 from feckert/pr/20250902-build-fixes
- Fix fortify abort when LTO is enabled
- Fix uninitialized buffer data.
- Enable listening on IPv6
- test.sh: redirect stderr to /dev/null when counting lines
- Declare variable D as local in stop_and_clean
- Fix pthread_t format warning for fprintf
- Fix incompatible-pointer-types for pcre2_substring_list_free
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fix following error when multilib is used:
Running transaction test
Error: Transaction test error:
file /etc/pam.d/vsftpd conflicts between attempted installs of vsftpd-3.0.5-r0.x86_64_v3 and lib32-vsftpd-3.0.5-r0.core2_32
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* Use git instead of tarball in SRC_URI.
* Update configuration options.
* Clean up and refresh local patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `RDEPENDS:class-target +=` wouldn't result in any
unwanted override, there is no guarantee there won't be a change, which
would be hidden by this override. To avoid any surprises in the future
let's use `:append:class-target =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.
Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.
Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Squid tags are in form SQUID_<MAJ>_<MIN>.
This can also be seen in SRC_URI download link.
This change will make "devtool latest-version squid" correctly show 7.5
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: update GPLv2 COPYING document
Some terminology and FSF address changes since the GPLv2
https://github.com/squid-cache/squid/commit/4c5fbc7e8db25352722de4ebe7fe1cab904b62b6
Remove lines from patch, which modify not exist code.
Changelog:
https://github.com/squid-cache/squid/releases/tag/SQUID_7_4
Changes:
- Do not create world-readable directories
- digest_edirectory_auth: Fix LDAPS memory leaks
- snmplib: Improve handling of zero-length ASN OCTET STRINGs
- Debug tls_read_method()/tls_write_method() errors
- ICMP: Harden echo paths, fix overflows, UB, and leaks
- Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers
- security_file_certgen: Fix OPENSSL_malloc()/free(3) mismatch
- Detect FreeBSD ports Heimdal package
- Remove SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H macro
- Remove SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H macro
- ext_kerberos_ldap_group_acl: Do not prohibit all LDFLAGS
- negotiate_sspi_auth: Respond with ERR when FormatMessage() fails
- ... and some code cleanups
- ... and some CI improvements
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
It seems that it won't be fixed, because there is nothing to fix.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable snmp_bc plugin build by default as net-snmp no longer supports
DES by default.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct
latest stable verison.
Before the patch:
$ devtool latest-version radvd
INFO: Current version: 2.20
INFO: Latest version:
After the patch:
$ devtool latest-version radvd
INFO: Current version: 2.20
INFO: Latest version: 2.20
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Inherit sourceforge-releases class to check the correct latest stable
verison.
Before the patch:
$ devtool latest-version ptpd
INFO: Current version: 2.3.1
INFO: Latest version:
After the patch:
$ devtool latest-version ptpd
INFO: Current version: 2.3.1
INFO: Latest version: 2.3.1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct
latest stable verison.
Before the patch:
$ devtool latest-version postfix
INFO: Current version: 3.10.5
INFO: Latest version:
After the patch:
$ devtool latest-version postfix
INFO: Current version: 3.10.5
INFO: Latest version: 3.10.5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The used version was moved to another folder - and was also repackaged
with gzip compression.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* https://github.com/squid-cache/squid/releases/tag/SQUID_7_3
- Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit
- Quit NTLM authenticate() on missing NTLM authorization header
- Fix Auth::User::absorb() IP list transfer logic
- Fix type mismatch in new/delete of addrinfo::ai_addr
- Fix libntlmauth string parsing on big-endian machines
- ... and some code cleanups
- ... and some CI improvements
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Handles CVE-2025-62168.
Remove CVE patch included in this release.
Refresh remaining patches.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refresh all patches.
ptest patches needed larger rework for new test testHeader.
License-Update: copyright years refreshed
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Devtool could not find latest versions before.
Download page [1] shows message
"Squid sources are released through GitHub. Please refer to the Releases
Page to find all released versions."
Note that also squid security advisories were moved to Github.
[1] https://www.squid-cache.org/Versions/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Please see
https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265
for what changes are needed, and sed commands that can be used to make them en masse.
I've verified that bitbake -c patch world works with these, but did not run a world
build; the majority of recipes shouldn't need further fixups, but if there are
some that still fall out, they can be fixed in followups.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>