mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity
36,524 Commits 64 Branches 0 Tags
whinlatter
Commit Graph

4134 Commits

Author SHA1 Message Date
Ankur Tyagi f52f32952c wolfssl: patch CVE-2026-5778 
Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10125
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5778

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:28:45 +05:30
Ankur Tyagi 0722748606 wolfssl: patch CVE-2026-5772 
Backport commits from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10119
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5772

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:28:45 +05:30
Ankur Tyagi 2306b7a87e wolfssl: patch CVE-2026-5447 
Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10112
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5447

Dropped unit test changes during the backport.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:28:45 +05:30
Ankur Tyagi f75da20d3e wolfssl: patch CVE-2026-5446 
Backport commits from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10111
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5446

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:28:45 +05:30
Ankur Tyagi 8939b43735 wolfssl: patch CVE-2026-5392 
Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10039
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5392

Dropped unit test changes during the backport.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:28:45 +05:30
Ankur Tyagi bec67650c1 wolfssl: patch CVE-2026-5188 
Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10024
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5188

Dropped unit test changes during the backport.

Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:28:45 +05:30
Ankur Tyagi 6ed3dfda05 wolfssl: patch CVE-2026-3580 
Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/9855
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-3580

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:27:43 +05:30
Ankur Tyagi 657e8af9b5 wolfssl: patch CVE-2026-1005 
Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/9571
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-1005

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:26:30 +05:30
Ankur Tyagi d91b26edec libcoap: patch CVE-2026-29013 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29013

Debian[1] also identified this as a fix.
[1] https://security-tracker.debian.org/tracker/CVE-2026-29013

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-05-08 07:22:44 +05:30
Gyorgy Sarvari ae59325285 corosync: patch CVE-2026-35092 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35092

Pick the patch that mentions the CVE ID explicitly (the same commit
was identified by Debian also[1])

[1]: https://security-tracker.debian.org/tracker/CVE-2026-35092

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 5b72e39149 corosync: patch CVE-2026-35091 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35091

Pick the patch that mentions the CVE ID explicitly (it was identified
by Debian also as the fix[1])

[1]: https://security-tracker.debian.org/tracker/CVE-2026-35091

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari d994b091f6 dovecot: mark CVE-2026-0394 patched 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0394

As identified[1] by Debian, the recipe version already contains
the commits that fix this. Due to this mark it as patched.

[1]: https://security-tracker.debian.org/tracker/CVE-2026-0394

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 47ec93ee07 dovecot: patch CVE-2025-59031 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59031

Backport the patch that was identified[1] by Debian.

[1]: https://security-tracker.debian.org/tracker/CVE-2025-59031

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Ankur Tyagi 24333410e6 strongswan: patch CVE-2026-25075 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25075

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 6f87a552ab wolfssl: patch CVE-2026-4395 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4395

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 99b851ae0e wolfssl: patch CVE-2026-4159 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4159

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 5a858b3578 wolfssl: patch CVE-2026-3547 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3547

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 60443c7d85 wolfssl: patch CVE-2026-3230 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3230

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi d0e8fba3a1 wolfssl: ptach CVE-2026-3229 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3229

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 40f7bfd054 wolfssl: patch CVE-2026-2646 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2646

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi e4fbbe5138 wolfssl: patch CVE-2026-0819 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0819

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Aviv Daum adb631c144 lldpd: fix xml PACKAGECONFIG dependency 
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.

Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.

Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Gyorgy Sarvari 51be807682 ettercap: patch CVE-2026-3603 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606

Pick the commit that is marked to solve the related Github
issue[1]. Its commit message also references the CVE ID explicitly.

[1]: https://github.com/Ettercap/ettercap/issues/1297

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:23 +05:30
Wang Mingyu 6f989b75a0 postfix: upgrade 3.10.6 -> 3.10.8 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 09cc9579d4)

Release Notes:
https://www.postfix.org/announcements/postfix-3.10.7.html
https://www.postfix.org/announcements/postfix-3.10.8.html

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:08 +05:30
Wang Mingyu e771677d73 libcacard: upgrade 2.8.1 -> 2.8.2 
Changelog:
==========
- Sort certificates by underlying objects CKA_ID to provide deterministic
  object order
- Avoid using uninitialized memory
- Improve test coverage and build scripts
- Improve compatibility with modern compilers (avoid strict warnings)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bf0ea3fc28)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:07 +05:30
Ankur Tyagi bcc33ac73b open62541: upgrade 1.3.15 -> 1.3.17 
Release Notes:
https://github.com/open62541/open62541/releases/tag/v1.3.17
https://github.com/open62541/open62541/releases/tag/v1.3.16

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:07 +05:30
Liu Yiding 509063a7cc networkmanager-openvpn: upgrade 1.12.3 -> 1.12.5 
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fcebca61e5)

Release Notes:
https://github.com/NetworkManager/NetworkManager-openvpn/blob/1.12.5/NEWS

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:06 +05:30
Liu Yiding e8a99f2978 networkmanager: upgrade 1.52.0 -> 1.52.2 
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 14c9d10173)

Release Notes:
https://github.com/NetworkManager/NetworkManager/blob/1.52.2/NEWS

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:06 +05:30
Ankur Tyagi a38694da2b nopoll: upgrade 0.4.7.b429 -> 0.4.9.b462 
0.4.9
-----
Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.9.txt

0.4.8
-----
Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.8.txt

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:05 +05:30
Jason Schonberg 5672114d58 nopoll: Upgrade to 0.4.7.b429 
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5f7c5c6641)

Stable release with bug fixing, support for Debian Stretch and Ubuntu Bionic

Release Notes:
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.7.txt

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:05 +05:30
Ankur Tyagi 32ad58ec4e frr: upgrade 10.4.2 -> 10.4.3 
Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-10.4.3

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:05 +05:30
Gyorgy Sarvari 7b418ef060 unbound: patch CVE-2025-5994 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-5994

Backport the patch[1] provided by upstream, which is linked in
the upstream advisory[2] referenced by the NVD report.

Tests passed successfully in a locally prepared ptest image.

[1]: https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-5994_2.diff
[1]: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 07:49:32 +05:30
Ankur Tyagi ed8e7c6fb5 wolfssl: patch CVE-2025-7394 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7394

Backport patches from the PR[1][2][3] mentioned in the changelog[4].

[1] https://github.com/wolfSSL/wolfssl/pull/8849
[2] https://github.com/wolfSSL/wolfssl/pull/8867
[3] https://github.com/wolfSSL/wolfssl/pull/8898
[4] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025

Dropped changes to github workflow and tests during backport.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:06 +05:30
Ankur Tyagi 4243e66245 wolfssl: patch CVE-2025-7395 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7395

Backport patches from the PR[1] mentioned in the changelog[2]
[1] github.com/wolfSSL/wolfssl/pull/8833
[2] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:05 +05:30
Ankur Tyagi 6781da83ae wolfssl: patch CVE-2025-13912 
Backport changes from PR[1] mentioned in nvd[2]

[1] https://github.com/wolfSSL/wolfssl/pull/9148
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-13912

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:05 +05:30
Gyorgy Sarvari e23c3d78ff wireshark: patch CVE-2026-0962 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0962

Backport the commit that is referenced in the related gitlab issue[1].

[1]: https://gitlab.com/wireshark/wireshark/-/issues/20945

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:29 +05:30
Gyorgy Sarvari 4e828d8b46 linux-atm: fix SRC_URI 
The original SRC_URI's certificate has expired - change it to a working URL.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a1baa1c027)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-03 08:10:29 +05:30
Gyorgy Sarvari fd6e0c3762 proftpd: ignore CVE-2021-47865 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865

This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.

The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.

See also discussion in the Github issue.

It seems that it won't be fixed, because there is nothing to fix.

[1]: https://github.com/proftpd/proftpd/issues/1298

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-03 08:07:28 +05:30
Gyorgy Sarvari 0080dd7973 ez-ipupdate: patch CVE-2003-0887 
Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887

The vulnerability is about the default (example) configurations,
which place cache files into the /tmp folder, that is world-writeable.
The recommendation would be to place them to a more secure folder.

The recipe however does not install these example configurations,
and as such it is not vulnerable either.

Just to make sure, patch these folders to a non-tmp folder
(and also install that folder, empty).

Some more discussion about the vulnerability:
https://bugzilla.suse.com/show_bug.cgi?id=48161

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-03 08:07:28 +05:30
Gyorgy Sarvari f52c71189f ndpi: ignore CVE-2025-25066 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066

The vulnerable code was introduced in version 4.12[1], and
the recipe version is not vulnerable yet. Due to this,
ignore this CVE.

[1]: https://github.com/ntop/nDPI/commit/b9348e9d6e0e754c4b17661c643ca258f1540ca1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-03 08:07:27 +05:30
Gyorgy Sarvari 508aa14cd8 frr: patch CVE-2025-61099..61107 
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-61099
https://nvd.nist.gov/vuln/detail/CVE-2025-61100
https://nvd.nist.gov/vuln/detail/CVE-2025-61101
https://nvd.nist.gov/vuln/detail/CVE-2025-61102
https://nvd.nist.gov/vuln/detail/CVE-2025-61103
https://nvd.nist.gov/vuln/detail/CVE-2025-61104
https://nvd.nist.gov/vuln/detail/CVE-2025-61105
https://nvd.nist.gov/vuln/detail/CVE-2025-61106
https://nvd.nist.gov/vuln/detail/CVE-2025-61107

The NVD advisory refernces a PR[1] that contains only an unfinished, and
ultimately unmerged attempt at the fixes. The actual solution comes from
a different PR[2]. These patches are 3 commits from that PR. The last
commit wasn't backported, because it is just code formatting.

[1]: https://github.com/FRRouting/frr/pull/19480
[2]: https://github.com/FRRouting/frr/pull/19983

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3cd47f72ad)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-02 08:12:52 +05:30
Gyorgy Sarvari 16cd5b1b8d libowfat: update SRC_URI 
The https link does not work anymore, it just refuses the connection.
http still works though.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8cab2b2977)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-21 10:28:20 +05:30
Gyorgy Sarvari 0f00860e5f ncp: update SRC_URI 
The https link does not work anymore, it just refuses the connection.
http still works though.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8da9f2fea2)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-21 10:28:09 +05:30
Gyorgy Sarvari a7e34f3531 python3-scapy: set CVE_PRODUCT 
The default ${PN} (python3-scapy) CVE fails to match relevant CVEs,
because they are tracked under the scapy:scapy CPE.

Set CVE_PRODUCT to the correct value.

See CVE db query:
sqlite> select * from products where product like '%scapy%';
CVE-2019-1010142|scapy|scapy|2.4.0|=||

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6f68f5fce7)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:17:23 +05:30
Gyorgy Sarvari 8c482ca886 tinyproxy: patch CVE-2025-63938 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938

Pick the patch referenced by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7981f52062)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:17:23 +05:30
Khem Raj 3c515557c4 dante: Add _GNU_SOURCE for musl builds 
This helps build fixes e.g. cpuset_t definitions etc.
glibc builds have _GNU_SOURCE defined inherently.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 848bac20ea)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:17:22 +05:30
Gyorgy Sarvari b42c7fbb73 dante: upgrade 1.4.3 -> 1.4.4 
License-Update: copyright year bump

Changelog:
- Fix potential security issue CVE-2024-54662, related to "socksmethod"
  use in client/hostid-rules.
- Add a missing call to setgroups(2).
- Patch to fix compilation with libminiupnp 2.2.8.
- Client connectchild optimizations.
- Client SIGIO handling improvements.
- Various configure/build fixes.
- Updated to support TCP_EXP1 version of TCP hostid format.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9f12c5fbc6)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:17:22 +05:30
Ankur Tyagi d11b64e25e frr: upgrade 10.4.1 -> 10.4.2 
Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-10.4.2

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:17:21 +05:30
Peter Marko c870a26c00 libcoap: set CVE version suffix 
CVE metrics currently report CVE-2025-34468 as open.
CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher
version, however by default cve-check only compares numbers.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:11 +05:30
Peter Marko 0d737e1419 net-snmp: patch CVE-2025-68615 
Pick patch per [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-68615

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:07 +05:30