60443c7d85
wolfssl: patch CVE-2026-3230
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3230
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
d0e8fba3a1
wolfssl: ptach CVE-2026-3229
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3229
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
40f7bfd054
wolfssl: patch CVE-2026-2646
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2646
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
e4fbbe5138
wolfssl: patch CVE-2026-0819
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0819
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
adb631c144
lldpd: fix xml PACKAGECONFIG dependency
...
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.
Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.
Signed-off-by: Aviv Daum <aviv.daum@gmail.com >
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
51be807682
ettercap: patch CVE-2026-3603
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606
Pick the commit that is marked to solve the related Github
issue[1]. Its commit message also references the CVE ID explicitly.
[1]: https://github.com/Ettercap/ettercap/issues/1297
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
6f989b75a0
postfix: upgrade 3.10.6 -> 3.10.8
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 09cc9579d4https://www.postfix.org/announcements/postfix-3.10.7.html
https://www.postfix.org/announcements/postfix-3.10.8.html
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:08 +05:30
e771677d73
libcacard: upgrade 2.8.1 -> 2.8.2
...
Changelog:
==========
- Sort certificates by underlying objects CKA_ID to provide deterministic
object order
- Avoid using uninitialized memory
- Improve test coverage and build scripts
- Improve compatibility with modern compilers (avoid strict warnings)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bf0ea3fc28ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:07 +05:30
bcc33ac73b
open62541: upgrade 1.3.15 -> 1.3.17
...
Release Notes:
https://github.com/open62541/open62541/releases/tag/v1.3.17
https://github.com/open62541/open62541/releases/tag/v1.3.16
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:07 +05:30
509063a7cc
networkmanager-openvpn: upgrade 1.12.3 -> 1.12.5
...
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit fcebca61e5https://github.com/NetworkManager/NetworkManager-openvpn/blob/1.12.5/NEWS
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:06 +05:30
e8a99f2978
networkmanager: upgrade 1.52.0 -> 1.52.2
...
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 14c9d10173https://github.com/NetworkManager/NetworkManager/blob/1.52.2/NEWS
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:06 +05:30
a38694da2b
nopoll: upgrade 0.4.7.b429 -> 0.4.9.b462
...
0.4.9
-----
Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.9.txt
0.4.8
-----
Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.8.txt
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:05 +05:30
5672114d58
nopoll: Upgrade to 0.4.7.b429
...
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5f7c5c6641https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.7.txt
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:05 +05:30
32ad58ec4e
frr: upgrade 10.4.2 -> 10.4.3
...
Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-10.4.3
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:05 +05:30
7b418ef060
unbound: patch CVE-2025-5994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-5994
Backport the patch[1] provided by upstream, which is linked in
the upstream advisory[2] referenced by the NVD report.
Tests passed successfully in a locally prepared ptest image.
[1]: https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-5994_2.diff
[1]: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:32 +05:30
ed8e7c6fb5
wolfssl: patch CVE-2025-7394
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7394
Backport patches from the PR[1][2][3] mentioned in the changelog[4].
[1] https://github.com/wolfSSL/wolfssl/pull/8849
[2] https://github.com/wolfSSL/wolfssl/pull/8867
[3] https://github.com/wolfSSL/wolfssl/pull/8898
[4] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025
Dropped changes to github workflow and tests during backport.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:06 +05:30
4243e66245
wolfssl: patch CVE-2025-7395
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7395
Backport patches from the PR[1] mentioned in the changelog[2]
[1] github.com/wolfSSL/wolfssl/pull/8833
[2] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:05 +05:30
6781da83ae
wolfssl: patch CVE-2025-13912
...
Backport changes from PR[1] mentioned in nvd[2]
[1] https://github.com/wolfSSL/wolfssl/pull/9148
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-13912
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:05 +05:30
e23c3d78ff
wireshark: patch CVE-2026-0962
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0962
Backport the commit that is referenced in the related gitlab issue[1].
[1]: https://gitlab.com/wireshark/wireshark/-/issues/20945
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:29 +05:30
4e828d8b46
linux-atm: fix SRC_URI
...
The original SRC_URI's certificate has expired - change it to a working URL.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a1baa1c027anuj.mittal@oss.qualcomm.com >
2026-02-03 08:10:29 +05:30
fd6e0c3762
proftpd: ignore CVE-2021-47865
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
It seems that it won't be fixed, because there is nothing to fix.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-03 08:07:28 +05:30
0080dd7973
ez-ipupdate: patch CVE-2003-0887
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887
The vulnerability is about the default (example) configurations,
which place cache files into the /tmp folder, that is world-writeable.
The recommendation would be to place them to a more secure folder.
The recipe however does not install these example configurations,
and as such it is not vulnerable either.
Just to make sure, patch these folders to a non-tmp folder
(and also install that folder, empty).
Some more discussion about the vulnerability:
https://bugzilla.suse.com/show_bug.cgi?id=48161
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-03 08:07:28 +05:30
f52c71189f
ndpi: ignore CVE-2025-25066
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066
The vulnerable code was introduced in version 4.12[1], and
the recipe version is not vulnerable yet. Due to this,
ignore this CVE.
[1]: https://github.com/ntop/nDPI/commit/b9348e9d6e0e754c4b17661c643ca258f1540ca1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-03 08:07:27 +05:30
508aa14cd8
frr: patch CVE-2025-61099..61107
...
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-61099
https://nvd.nist.gov/vuln/detail/CVE-2025-61100
https://nvd.nist.gov/vuln/detail/CVE-2025-61101
https://nvd.nist.gov/vuln/detail/CVE-2025-61102
https://nvd.nist.gov/vuln/detail/CVE-2025-61103
https://nvd.nist.gov/vuln/detail/CVE-2025-61104
https://nvd.nist.gov/vuln/detail/CVE-2025-61105
https://nvd.nist.gov/vuln/detail/CVE-2025-61106
https://nvd.nist.gov/vuln/detail/CVE-2025-61107
The NVD advisory refernces a PR[1] that contains only an unfinished, and
ultimately unmerged attempt at the fixes. The actual solution comes from
a different PR[2]. These patches are 3 commits from that PR. The last
commit wasn't backported, because it is just code formatting.
[1]: https://github.com/FRRouting/frr/pull/19480
[2]: https://github.com/FRRouting/frr/pull/19983
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 3cd47f72adskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:52 +05:30
16cd5b1b8d
libowfat: update SRC_URI
...
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8cab2b2977anuj.mittal@oss.qualcomm.com >
2026-01-21 10:28:20 +05:30
0f00860e5f
ncp: update SRC_URI
...
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8da9f2fea2anuj.mittal@oss.qualcomm.com >
2026-01-21 10:28:09 +05:30
a7e34f3531
python3-scapy: set CVE_PRODUCT
...
The default ${PN} (python3-scapy) CVE fails to match relevant CVEs,
because they are tracked under the scapy:scapy CPE.
Set CVE_PRODUCT to the correct value.
See CVE db query:
sqlite> select * from products where product like '%scapy%';
CVE-2019-1010142|scapy|scapy|2.4.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6f68f5fce7ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:23 +05:30
8c482ca886
tinyproxy: patch CVE-2025-63938
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938
Pick the patch referenced by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7981f52062ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:23 +05:30
3c515557c4
dante: Add _GNU_SOURCE for musl builds
...
This helps build fixes e.g. cpuset_t definitions etc.
glibc builds have _GNU_SOURCE defined inherently.
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 848bac20eaankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:22 +05:30
b42c7fbb73
dante: upgrade 1.4.3 -> 1.4.4
...
License-Update: copyright year bump
Changelog:
- Fix potential security issue CVE-2024-54662, related to "socksmethod"
use in client/hostid-rules.
- Add a missing call to setgroups(2).
- Patch to fix compilation with libminiupnp 2.2.8.
- Client connectchild optimizations.
- Client SIGIO handling improvements.
- Various configure/build fixes.
- Updated to support TCP_EXP1 version of TCP hostid format.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 9f12c5fbc6ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:22 +05:30
d11b64e25e
frr: upgrade 10.4.1 -> 10.4.2
...
Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-10.4.2
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:21 +05:30
c870a26c00
libcoap: set CVE version suffix
...
CVE metrics currently report CVE-2025-34468 as open.
CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher
version, however by default cve-check only compares numbers.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:11 +05:30
0d737e1419
net-snmp: patch CVE-2025-68615
...
Pick patch per [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-68615
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:07 +05:30
303f5afacf
openvpn: upgrade 2.6.16 -> 2.6.17
...
Contains fix for CVE-2025-13751
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:56 +05:30
94e21ed9b5
libcoap: ignore CVE-2025-50518
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518
The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 598176e1cbskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:55 +05:30
22b7851cde
fetchmail: patch CVE-2025-61962
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 0d9da11052skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:52 +05:30
0827d22e4c
civetweb: ignore CVE-2025-9648
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9648
It is already fixed in the currently used version.
Also, update CVE-2025-55763's status to "fixed-version" (so it will be
marked as "Patched" in the CVE report instead of "Ignored")
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bfb76da63bskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:51 +05:30
c0a63f5222
dovecot: patch CVE-2025-30189
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189
Pick the patches referenced by the advisory[1] from the Full Disclosure list.
[1]: https://seclists.org/fulldisclosure/2025/Oct/29
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:48 +05:30
6a2e51e989
cifs-utils: patch CVE-2025-2312
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312
Pick the patch that is referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:47 +05:30
7301de982a
openipmi: Pass BUILD_CFLAGS to BUILD_CC
...
* The option -fcanon-prefix-map is added to CFLAGS after the commit [1]
introduced and result in the below build error.
Making all in sdrcomp
make[3]: Entering directory '/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37/lanserv/sdrcomp'
aarch64-wrs-linux-gcc -mcpu=cortex-a57+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot -DHAVE_CONFIG_H -I. -I../.. -DSTATEDIR='"/var"' -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o sdrcomp.o sdrcomp.c
gcc -o sdrcomp_build ../../lanserv/sdrcomp/sdrcomp.c -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -lm
gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’?
* Pass BUILD_CFLAGS for BUILD_CC to fix the above build issue.
[1] https://git.openembedded.org/openembedded-core/commit/?id=3dbc4a79f01ebfc54da024c1460c06772659088d
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c41fb791faankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:19 +05:30
d80916b4dc
libcoap: upgrade 4.3.5 -> 4.3.5a
...
Changelog [1]:
* Fixes the following CVEs
CVE-2025-59391
CVE-2025-65494
CVE-2025-65495
CVE-2025-65496
CVE-2025-65497
CVE-2025-65498
CVE-2025-65499
CVE-2025-65500
CVE-2025-65501
* CVE-2025-50518 not fixed as user application error.
* Support for Mbed TLS 3.6.3.
* Support for RIOT update changes.
* Fixes for later CI environment builds.
* Critical reported bugs fixed.
Add tag to SRC_URI for hash verification.
License-Update: copyright years refreshed [2]
[1] https://github.com/obgm/libcoap/blob/v4.3.5a/ChangeLog
[2] https://github.com/obgm/libcoap/commit/993c12ac92ce6a24a409924fe78a5c0fe7246699
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6a9cc44a92ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:21 +05:30
3cadf1e0c7
postfix: upgrade 3.10.5 -> 3.10.6
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cde1da5ec1ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:20 +05:30
10c0a22f9a
libdaq: upgrade 3.0.22 -> 3.0.23
...
Changelog:
api: add tcp flag in DAQ flow stats
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8c3baf61d0ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:20 +05:30
2e4f464335
pgpool2: 4.6.3 -> 4.6.4
...
Drop 0001-snprintf-Add-math.h-to-ensure-isnan-and-isinf-are-de.patch and
v1-0001-Make-time-calculations-always-long-long.patch as those were merged upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7fb4910ccbankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:19 +05:30
394b23d027
openvpn: upgrade 2.6.15 -> 2.6.16
...
Code maintenance / Compat changes
---------------------------------
- adapt to new "encrypt-then-mac" cipher suites in OpenSSL 3.6.0 - these
need special handling which we don't do, so the t_lpback self-test
failed on them. Exclude from list of allowed ciphers, as there is no
strong reason today to make OpenVPN use these.
- fix various compile-time warnings
Documentation updates
---------------------
- fix outdated and non-HTTPS URLs throughout the tree (doxygen, warnings,
manpage, ...)
Bugfixes
--------
- Fix memcmp check for the hmac verification in the 3way handshake.
This bug renders the HMAC based protection against state exhaustion on
receiving spoofed TLS handshake packets in the OpenVPN server inefficient.
CVE: 2025-13086
- fix invalid pointer creation in tls_pre_decrypt() - technically this is
a memory over-read issue, in practice, the compilers optimize it away
so no negative effects could be observed.
- Windows: in the interactive service, fix the "undo DNS config" handling.
- Windows: in the interactive service, disallow using of "stdin" for the
config file, unless the caller is authorized OpenVPN Administrator
- Windows: in the interactive service, change all netsh calls to use
interface index and not interface name - sidesteps all possible attack
avenues with special characters in interface names.
- Windows: in the interactive service, improve error handling in
some "unlikely to happen" paths.
- auth plugin/script handling: properly check for errors in creation on
$auth_failed_reason_file (arf).
- for incoming TCP connections, close-on-exec option was applied to
the wrong socket fd, leaking socket FDs to child processes.
- sitnl: set close-on-exec flag on netlink socket
- ssl_mbedtls: fix missing perf_pop() call (optional performance profiling)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 351ac66213ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:19 +05:30
2d33949443
open-vm-tools: Avoid GLib g_free macro redefinition error
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-11-21 00:39:01 -08:00
2fa9680861
vsomeip: upgrade 3.5.10 -> 3.5.11
...
ChangeLog:
https://github.com/COVESA/vsomeip/releases/tag/3.5.11
* Refresh local patches
* Fix build with boost 1.89
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-11-20 08:37:05 -08:00
3e44699820
python-scapy: Ignore failing ptests
...
These tests fail in OE qemu environment and is sensitive to ISP provider
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-11-20 00:34:05 -08:00
7a25981202
lkcp-tools: Fix test_1_to_1_recvfrom ptest failure
...
Build it with fortify disabled to get the intended behavior
of the test
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-11-19 12:00:45 -08:00
5d82ef30be
python3-scapy: Upgrade to 2.6.1
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-11-19 07:45:40 -08:00
Ankur Tyagi
Aviv Daum
Gyorgy Sarvari
Wang Mingyu
Liu Yiding
Jason Schonberg
Khem Raj
Peter Marko
Mingli Yu
Yi Zhao