Within tcpreplay's tcprewrite, a double free vulnerability has been identified
in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c.
This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly
invokes the cleanup routine multiple times on the same memory region.
By supplying a specifically crafted pcap file to the tcprewrite binary,
a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2.
The impacted element is the function untrunc_packet of the file
src/tcpedit/edit_packet.c of the component tcprewrite. Executing
manipulation can lead to use after free. It is possible to launch
the attack on the local host. The exploit has been publicly disclosed
and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da.
Applying a patch is advised to resolve this issue.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
With the exception of paho-mqtt-cpp, the double protocol= attributes
were added to the SRC_URIs when protocol=https was added to all SRC_URIs
fetching from github.com in commit b402a3076f (recipes: Update SRC_URI
branch and protocols).
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2e0a581bee)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
===========
-A memory leak fix in the prior version wasn't applied correctly, resulting
in an invalid memory access causing a crash.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5d050f078a)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
=========
-Fixed bug that caused crash when a CLIENT_KEY arrived out of order
-Fixed option handling on Windows when an argument is missing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93a5628ae6)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
==========
-On very low speed transfers (<10Kbps) sessions would time out due to a very
large interpacket transmission interval. Fixed by putting a lower limit
on the advertised GRTT of of the interpacket transmission interval.
-Sending of ABORT messages on early shutdown would sometimes fail due to
OpenSSL cleanup functions running before application cleanup. Changed the
ordering of atexit() handlers to ensure OpenSSL cleanup happens last.
-Fixed missing timestamp update when clients read CONG_CTRL messages
-Fix to GRTT handling on server to ensure it doesn't fall below minumim.
-Fixed bypassed checking of existing files on client for backup
-Various logging fixes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0a58426ed0)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
=========
# Do not ignore multicast advertisements when discovery was sent as unicast
(fix regression from 1.0.5).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a014528ede)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Switch the SRC_URI from "ftp:" to "https:". Drop the obsolete SRC_URI[md5sum].
Drop ncftp-3.2.5-gcc10.patch since we're using gcc13 and upstream has fixed the build
to work by adding an extern to sh_util/gpshare.c for example.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9dbf1b42bb)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This tarball is not available on debian ftp archive anymore
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fe62e64c97)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Original repo seems to be not accessible.
Fix build with clang-18
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 59bffb6844)
Adapted for Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
1. Set the correct LICENSE value
2. Csocket is a submodule of the main znc project. Instead of
cloning it separately in a subfolder, just let the gitsm fetcher
to fetch the correct revisions, at the correct place.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6a8d205e5c)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Drop 0001-avoid-naming-local-function-as-one-of-printf-family.patch as
the issue has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 333cdd80c6)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
nostrip.patch
refreshed for 1.0.52
License-Update: Copyright year updated to 2024
Changelog:
==========
- The QUIT command is now accepted during a transfer.
- The server can be built with --with-minimal again.
- Fixed an out of bounds read in the MLSD command.
- Larger mmap()ed pages are used on aarch64.
- Improved compatibility with HPUX
- Improved OpenSSL API compatibility
- Improved compatibility with OpenWall Linux
- Improved compatibility with Netfilter
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fac6357f60)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The NetworkManager meson.build is searching for iptables and nft by
passing absolute paths to meson's find_program. The result is that it
locates tools on the host machine when they exist at those locations. If
they don't, it uses default locations. This often works out, but in some
cases, such as when the host uses a merged usr scheme and the build
target does not, the paths will be incorrect and the tools won't be
found at runtime.
These could be PACKAGECONFIG options, but since they have fallback
values, completely disabling the use of either iptables or nft would
require patching the meson.build or setting a bogus location.
Note that this meson.build file follows the same pattern elsewhere, but
most cases are already covered by PACKAGECONFIG options.
Signed-off-by: Jim Broadus <jim@thruwave.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7c44094532)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Upgrade to mosquitto 2.0.21. Update the patch status for issue 2895 and create a
new patch for an issue introduced in 2.0.19 which causes connections to get down
when the clock is changed.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2a27eacee2)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This ensures that host tools like 'gen' are built for build host and not
target. internal bind build supplies its own options to configuring it,
where it does not pass --host option and as a result it does not deduce
it to be a cross compile and hence these variables are not set property
inside bind build
Fixes
| ./gen: /usr/lib/libc.so.6: version `GLIBC_2.38' not found (required by ./gen)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d57c465562)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changes since 4.4.3 (Bug Fixes)
Corrected a reference count leak that occurs when the server builds
responses to leasequery packets. Thanks to VictorV of Cyber Kunlun
Lab for reporting the issue.
[Gitlab #253]
CVE: CVE-2022-2928
Corrected a memory leak that occurs when unpacking a packet that has an
FQDN option (81) that contains a label with length greater than 63
bytes.
Thanks to VictorV of Cyber Kunlun Lab for reporting the issue.
[Gitlab #254]
CVE: CVE-2022-2929
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 354608cb88)
Adapted to Kirkstone. Dropped two CVE patches, because they are included in
this patch release.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Correct "startline=" to "beginline=" in LIC_FILES_CHKSUM so that the
correct lines from autossh.c and daemon.h are used. Also remove
autossh.spec from LIC_FILES_CHKSUM as it doesn't really contain any
license information.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 506b6c9411)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Vijay Anusuri
Peter Marko
Rajeshkumar Ramasamy
Archana Polampalli
Peter Kjellerstedt
Wang Mingyu
Yi Zhao
Randy MacLeod
Khem Raj
Bergin, Peter
alperak
Philippe Coval
Jim Broadus
Gianfranco Costamagna
Louis Rannou
Zhang Xiao