A buffer overflow in dnsmasq’s extract_addresses() function allows
an attacker to trigger a heap out-of-bounds read and crash by
exploiting a malformed DNS response, enabling extract_name()
to advance the pointer past the record’s end.
Reference:
[ https://nvd.nist.gov/vuln/detail/CVE-2026-5172 ]
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
dnsmasqs extract_name() function can be abused to cause a heap buffer
overflow, allowing an attacker to inject false DNS cache entries,
which could result in DNS lookups to redirect to an attacker-controlled
IP address, or to cause a DoS.
Reference:
[ https://nvd.nist.gov/vuln/detail/CVE-2026-2291 ]
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The dns-updown script is written in bash which is under the GPLv3
license. As this script is optional, it is preffered to have it in an extra
package.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- CVE-2026-35328 - Fixed a vulnerability in libtls related to the processing of
the supported_versions extension in TLS that can result in an infinite loop.
- CVE-2026-35329 - Fixed a vulnerability in libstrongswan and the pkcs7 plugin
related to the processing of encrypted PKCS#7 containers that can result in
a crash.
- CVE-2026-35330 - Fixed a vulnerability in in libsimaka related to the
processing of certain EAP-SIM/AKA attributes that can result in an infinite
loop or a heap-based buffer overflow and potentially remote code execution.
- CVE-2026-35331 - Fixed a vulnerability in the constraints plugin related to
the processing of X.509 name constraints that can allow authentication with
certificates that violate the constraints.
- CVE-2026-35332 - Fixed a vulnerability in libtls related to the processing of
ECDH public values in TLS < 1.3 that can result in a crash.
- CVE-2026-35333 - Fixed a vulnerability in libradius related to the processing
of RADIUS attributes that can result in an infinite loop or an out-of-bounds
read that may cause a crash.
- CVE-2026-35334 - Fixed a vulnerability in the gmp plugin related to RSA
decryption that can result in a crash.
- Made the Botan RNG types used/provided by the botan plugin configurable.
- The fix for the vulnerability in the constraints plugin now causes all
certificates that contain excluded name constraints of type directoryName (DN)
to get rejected.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Add a new addressing mode "mscc": Used to access PHYs from Microchip that
uses C22 register 31 as a page register
- Fix VPATH builds and various other build related warnings
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
In Linux, memcached relies on transparent huge pages, and even if
libhugetlbfs is enabled by the PACKAGECONFIG (and detected during
do_configure, of course), it is simply not used:
root@qemuriscv64:~# ldd $(which memcached)
linux-vdso.so.1 (0x0000003fa4358000)
libevent-2.1.so.7 => /lib/libevent-2.1.so.7 (0x0000003fa42b0000)
libc.so.6 => /lib/libc.so.6 (0x0000003fa4157000)
/usr/lib/ld-linux-riscv64-lp64d.so.1 (0x0000003fa435a000)
The main reason is the fact that the only call to a function coming from
libhugetlbfs is here:
https://github.com/memcached/memcached/blob/master/memcached.c#L4274
and getpagesizes() is only called if the #if block evaluates to true:
int ret = -1;
size_t sizes[32];
int avail = getpagesizes(sizes, 32);
(...)
/* check if transparent hugepages is compiled into the kernel */
/* RH based systems possibly uses a different path */
static const char *mm_thp_paths[] = {
"/sys/kernel/mm/transparent_hugepage/enabled",
"/sys/kernel/mm/redhat_transparent_hugepage/enabled",
NULL
};
(...)
This block relies on HAVE_MEMCNTL, which is a Solaris-specific feature.
Therefore, the dependency link between memcached and libhugetlbfs
doesn't exist in Linux.
Drop libhugetlbfs from memcached's recipe.
Signed-off-by: João Marcos Costa <joaomarcos.costa@bootlin.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changes:
- Drop 0001-Fix-build-with-gcc-15.patch (merged upstream).
- Add 0001-fix-the-hardcoded-legacy-helper-path.patch: replace the
hardcoded "/lib/drbd" path in add_lib_drbd_to_path() with the
build-configured DRBD_LEGACY_LIB_DIR derived from LIBDIR
- Remove sed fixup for the now-absent ocf.ra@.service.
- Install new upstream 50-drbd.preset into systemd system-preset
Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The build fails because ruli is compiled with -ansi
(which implies C89/C90), but glibc's memchr macro
uses _Generic, a C11 feature. Clang treats this as
an error via -Werror,-Wc11-extensions.
Fixes build with glibc 2.43+
| ruli_conf.c:86:12: error: '_Generic' is a C11 extension [-Werror,-Wc11-extensions]
| 86 | if (!memchr(inbuf, '\0', LOAD_SEARCH_LIST_INBUFSZ))
| | ^
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23
compiler support, avoiding potential build failures as the package
is not yet fully ported to support C23 standard.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: Copyright year updated to 2026
fix-openssl-no-des.patch
refreshed for 5.78
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Backport a patch from openLDAP to fix the configure errors with clang-22 -std=gnu23
Fix another issue by dropping C89 signatures in favor of C99 function prototypes
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The CVE is fixed in the current version already, however
NVD tracks it without version - suppress the report explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop patch which is included in this release, and add a patch that
adapts a lua api call to the lua version that is used in OE.
License-Change: the unicode license text has been updated, there should
be no material change. However while examining these changes, I noticed
that some parts of the code are covered by licenses not mentined in the
recipe. It should reflect all licenses now.
Tis version contains fixes fox CVE-2025-59028, CVE-2025-59031, CVE-2026-24031,
CVE-2026-27859, CVE-2026-27860, CVE-2026-27857, CVE-2026-27856 and CVE-2026-27855
Changelog: https://github.com/dovecot/core/blob/main/NEWS
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The openvpn 2.7.0 upgrade refactored
tests/unit_tests/openvpn/Makefile.am, changing how test_binaries is
defined. This caused autoreconf to generate Makefiles where
buildtest-TESTS and runtest-TESTS no longer have rule bodies, breaking
the existing ptest recipe which relied on these targets for compilation
and execution. The fix replaces these internal automake targets with
stable interfaces: check-am for compilation and direct binary execution
on target.
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Newer gnulib use python implementation by default if it
finds py3 on the system. However, netcf is old package
and its not expecting python implementation, therefore
make the shell implementation be used.
REALLOC_N is gone in latest gnulib so house a local
macro
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Khem Raj
Abhishek Bachiphale
Filipe Pires
Wang Mingyu
Louis Rannou
Joao Marcos Costa
Haiqing Bai
Gianfranco Costamagna
Zheng Ruoqin
Gyorgy Sarvari
Anuj Mittal
Changqing Li
Haixiao Yan
Zoltán Böszörményi
Khem Raj