mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
30,509 Commits 64 Branches 0 Tags
7053ee82cb1cd4f56c81caaa3bfc9ace180e1b24
Commit Graph

3695 Commits

Author SHA1 Message Date
Yi Zhao 7053ee82cb libldb: upgrade 2.8.1 -> 2.8.2 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e48e7e48a2)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-12 11:14:57 +05:30
Martin Schwan 45a60884b8 kronosnet: Fetch version tag with BB_GIT_SHALLOW_EXTRA_REFS 
Fetch the needed Git tag by using BB_GIT_SHALLOW_EXTRA_REFS. This fixes
the following autotools configuration error:

| build-aux/git-version-gen: WARNING: .gitarchivever doesn't contain valid version tag
| build-aux/git-version-gen: ERROR: Can't find valid version. Please use valid git repository, released tarball or version tagged archive
| configure.ac:22: error: AC_INIT should be called with package and version arguments

Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-12 11:14:57 +05:30
Vijay Anusuri f5deba31bf wireshark: Fix CVE-2025-9817 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/39daba5e247ea495f88b0be82f0b7ebbdbf50fba

Link: https://gitlab.com/wireshark/wireshark/-/issues/20642
      https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-9817
      https://ftp.lysator.liu.se/pub/opensuse/update/leap/15.6/sle/src/wireshark-4.2.13-150600.18.26.1.src.rpm

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-12 11:14:57 +05:30
Vijay Anusuri 763886c7d1 wireshark: Upgrade 4.2.12 -> 4.2.14 
releasenote:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.13.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.14.html

Includes security fix CVE-2025-11626

Link: https://gitlab.com/wireshark/wireshark/-/issues/20724

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-12 11:14:56 +05:30
Patrick Vogelaar d9c8972cb7 unbound: patch CVE-2024-33655 and CVE-2025-11411 
For CVE-2024-33655 applied patch [1] mentioned in [2].
For CVE-2025-11411 applied minimal patch [3] mentioned in [4]. (Slightly
adjustments were required to apply properly)

[1] https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-33655.diff
[2] https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
[3] https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411.diff
[4] https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt

Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-12 11:14:56 +05:30
Gianfranco Costamagna 4084b10111 mosquitto: bump to 2.0.22 
Refresh patches, drop patch 3238, now part of upstream codebase

Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-12 10:44:37 +05:30
Louis Rannou d6c4331e25 mosquitto: bump to 2.0.21 
Upgrade to mosquitto 2.0.21. Update the patch status for issue 2895 and create a
new patch for an issue introduced in 2.0.19 which causes connections to get down
when the clock is changed.

Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-12 10:44:37 +05:30
Peter Marko 08ee2e37ba squid: patch CVE-2025-59362 
Pick commit from PR mentioned in NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 15:13:15 +08:00
Ankur Tyagi 5657774a70 mbedtls: upgrade 3.6.4 -> 3.6.5 
Fixes security vulnerabilities CVE-2025-59438, CVE-2025-54764

Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 15:08:13 +08:00
Ankur Tyagi ea3f4567b5 libiec61850: patch CVE-2024-45971 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-45971

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 15:02:20 +08:00
Ankur Tyagi 53b229b25b libiec61850: patch CVE-2024-45970 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-45970

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 15:02:08 +08:00
Ankur Tyagi 1c8594a797 libiec61850: patch CVE-2024-26529 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-26529

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 15:01:56 +08:00
Wang Mingyu ab31e7fd40 libiec61850: upgrade 1.5.1 -> 1.5.3 
Changelog:
=============
- config file parser dynamically allocates linebuffer to allow multithreaded applications
- parse time values in model configuration file
- config file generator: added missing code for GSEControl
- Config file generator: support multiple access points for GOOSE and SMV control blocks
- config file generator: added code to add SMVCBs to config files
- IED server: added code to create SMVCBs with the dynamic model API
- MMS server: added support for write access with component alternate access
- MMS client: added function MmsConnection_writeVariableComponent to write to variables with alternate component access
- make write access to RCB elements configurable according to ReportSettings
- Added function IedConnection_setLocalAddress to define local IP address and optionally local port of a client connection
- IED server: added ControlAction_getSynchroCheck and ControlAction_getInterlockCheck functions
- fixed - IEC 61580 server: dataset is not released when RCB.Datset is set to empty string by client
- PAL: fixed wrong order of function arguments for fread and fwrite functions
- MMS client: parsing of servicecsSupported in MMS init response is off by one
- fixed - potential memory leaks in goose publisher code
- fixed - server sends dchg report when only dupd is enabled in RCB
- GOOSE subscriber: fixed - possible heap corruption in parseAllData due to missing validity check in bit-string handling
- IED server: fixed problem with implicit ResvTms setting when reserved with RptEna
- IED server: fixed - segmentation fault when compiled with CONFIG_MMS_THREADLESS_STACK
- fixed - MMS server: messages can be corrupted when TCP buffer is full
- fixed - .NET: IedConenction.WriteDataSetValues throws a NullReferenceException
- fixed - server send invalid response- when client uses wrong ctlModel
- fixed - IedConnection_setRCBValuesAsync crashes when RCB is already reserved by other client
- fixed - outstanding call not released in IedConnection_getDataSetDirectoryAsync

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1b0f933f5b)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 15:01:36 +08:00
Ankur Tyagi 1c65291a77 ndpi: ignore CVE-2025-25066 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-25066

CVE was fixed by [1] but the change [2] which introduced CVE was not present this version (4.2).

$ git tag --no-contains b9348e9 | grep 4.2
4.2

[1] https://github.com/ntop/nDPI/commit/678697b5eb6c3caa5dd5f8cccfe9eed8d13b94bb
[2] https://github.com/ntop/nDPI/commit/b9348e9d6e0e754c4b17661c643ca258f1540ca1

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:36 +08:00
Ankur Tyagi b067a34198 memcached: patch CVE-2023-46853 
Details https://nvd.nist.gov/vuln/detail/CVE-2023-46853

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:35 +08:00
Ankur Tyagi 9795c85f02 memcached: patch CVE-2023-46852 
Details https://nvd.nist.gov/vuln/detail/CVE-2023-46852

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:35 +08:00
Peter Marko bf656aa325 memcached: ignore disputed CVE-2022-26635 
Per [1] this is a problem of applications using memcached inproperly.

This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.

[1] https://github.com/php-memcached-dev/php-memcached/issues/519

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 889ccce684)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:35 +08:00
Ankur Tyagi 3e72a5f33c libconfuse: patch CVE-2022-40320 
Pick patch per [1] poiting to [2] pointing to [3].

[1] https://nvd.nist.gov/vuln/detail/CVE-2022-40320
[2] https://github.com/libconfuse/libconfuse/issues/163
[3] https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c048c04101)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:33 +08:00
Ankur Tyagi 4bb1da31d5 frr: patch CVE-2024-44070 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-44070

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:33 +08:00
Ankur Tyagi 393bb3e0a5 tinyproxy: patch CVE-2023-49606 
Details https://nvd.nist.gov/vuln/detail/CVE-2023-49606

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 7f8516d8db)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:33 +08:00
Peter Marko 24b0040b4c corosync: patch CVE-2025-30472 
Pick commit from [1] mentioned in [2] from [3]

[1] https://github.com/corosync/corosync/issues/778
[2] https://github.com/corosync/corosync/pull/779
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-30472

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit eab04e4620)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:33 +08:00
Peter Marko a1b17511ca corosync: upgrade 3.1.6 -> 3.1.9 
dbus dir was changed from sysconfdir to datadir

drop unused configure code

License-Update: copyright years refreshed

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 950c603f21)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:33 +08:00
Peter Marko 64f9120014 corosync: fix upstream version check 
github-releases is needed that it work at all:
ERROR: Automatic discovery of latest version/revision failed - you must provide a version using the --version/-V option, or for recipes that fetch from an SCM such as git, the --srcrev/-S option.

UPSTREAM_CHECK_GITTAGREGEX is needed to get correct version, otherwise:
$ devtool latest-version corosync
...
INFO: Current version: 3.1.6
INFO: Latest version: 414.336.75.75.75

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 9aed476a90)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:33 +08:00
Christos Gavros 68f8ea24d0 corosync: reproducibility issue 
Corosync is not reproducible due to change of value
in NETSNMP_SYS_CONTACT which is set in net-snmp:
NETSNMP_SYS_CONTACT = "$ME@$LOC"
$ME = whoami
$LOC assigned domain name from /etc/resolv.conf

Use build in'--with-sys-contact' to overwrite it

https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/30/steps/28/logs/stdio

CC: Yoann Congal <yoann.congal@smile.fr>
CC: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Christos Gavros <gavrosc@yahoo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb138b9f6b)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:33 +08:00
Rajeshkumar Ramasamy 46091f4925 open-vm-tools: fix CVE-2025-41244 
VMware Aria Operations and VMware Tools contain a local privilege
escalation vulnerability. A malicious local actor with non-administrative
privileges having access to a VM with VMware Tools installed and managed
by Aria Operations with SDMP enabled may exploit this vulnerability
to escalate privileges to root on the same VM.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-41244

Upstream-patch:
https://github.com/vmware/open-vm-tools/commit/7ed196cf01f8acd09011815a605b6733894b8aab

Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-30 14:43:30 +08:00
Gyorgy Sarvari 065ff23049 dovecot: patch CVE-2022-30550 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-30550

Pick the commit referenced in https://www.openwall.com/lists/oss-security/2022/07/08/1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-06 16:10:53 +08:00
Gyorgy Sarvari 64981bc057 civetweb: patch CVE-2025-55763 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55763

Pick the relevant commit from https://github.com/civetweb/civetweb/pull/1347/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-10-06 16:10:34 +08:00
Khem Raj adcb6e9841 ssmping: Use debian mirror for SRC_URI 
Original URI is not accessible anymore
Drop md5sum

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ceb9160341)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-09-23 16:30:15 +08:00
Wang Mingyu 9a3078e6fe rp-pppoe: update SRC_URI 
Upstream repository url changed.

Fixes unsuccessful fetch warning.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c400aca52a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-09-23 16:30:15 +08:00
Jeroen Knoops 429e7401a2 nng: Rename default branch of github.com:nanomsg/nng.git 
Default branch is renamed from `master` to `main`. Commitshas are the
same.

Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 58679b6a51)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-09-23 16:30:14 +08:00
Wang Mingyu 371879bee7 geoip: fix do_fetch error 
Change the SRC_URI to the correct value due to the following error:
ERROR: geoip-1.6.12-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'http://sources.openembedded.org/GeoIP.dat.20181205.gz;apply=no;name=GeoIP-dat;')

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aadc2ac9dc)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 2025-09-23 16:30:14 +08:00
kjlau0112 c29a18fa39 mbedtls: drop tag parameter from SRC_URI. 
Signed-off-by: kjlau0112 <karn.jye.lau@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2025-08-18 08:35:05 -07:00
Peter Marko ba84c52d55 libcoap: patch CVE-2024-31031 
Pick commit [1] from [2] which fixes [3] as listed in [4].

[1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
[2] https://github.com/obgm/libcoap/pull/1352
[3] https://github.com/obgm/libcoap/issues/1351
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-08-02 13:37:04 -04:00
Hitendra Prajapati 21e370fd3c open-vm-tools: fix CVE-2025-22247 
VMware Tools contains an insecure file handling vulnerability.
\xa0A malicious actor with non-administrative privileges on a
guest VM may tamper the local files to trigger insecure file
operations within that VM.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-22247

Upstream patch: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1230-1250-VGAuth-updates.patch

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-08-02 13:37:04 -04:00
Guðni Már Gilbert 2c9126bd0d mbedtls: upgrade 3.6.3.1 -> 3.6.4 
Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087

The framework directory has been changed into a git submodule.[1][2]
The recipe now uses Git Submodule Fetcher (gitsm)

Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4

[1] https://github.com/Mbed-TLS/mbedtls/commit/8cf5666a174237998a7965e284d7ba8c1655d16d
[2] https://github.com/Mbed-TLS/mbedtls/commit/c90c6d8ff787ab8787d9373b0e662a95ed1f4dae

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-08-02 13:37:04 -04:00
Wang Mingyu 6dedea4262 mbedtls: upgrade 3.6.3 -> 3.6.3.1 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-08-02 13:34:07 -04:00
Jinfeng Wang fb6424156a postfix: fix rootfs file difference 
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.

Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-08-02 13:13:14 -04:00
Vijay Anusuri 1e80bb4b03 proftpd: Fix CVE-2023-51713 
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592

Link: https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone&id=730e44900a0a86265bad93a16b5a5ff344a07266

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-08-02 13:13:06 -04:00
Archana Polampalli 4a58c21334 tcpreplay: fix CVE-2024-22654 
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-07-10 20:13:26 -04:00
Vijay Anusuri 6885bcddd4 wireshark: upgrade 4.2.9 -> 4.2.12 
releasenote:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.12.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.11.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.10.html

Includes security fix CVE-2025-5601

License-Update: Update GPL copies for FSF no longer having an address
Link: https://github.com/wireshark/wireshark/commit/18e4db97c424c11cb26fa7fef97b95dd3d001bb1

The 4.2.9 was not longer available at the original SRC_URI.
At the new SRC_URI all version of the wireshark releases are available.

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-07-10 20:05:56 -04:00
Clayton Casciato 40c9f33ad2 chrony: use inherit_defer for conditional inherit of useradd 
[ Upstream commit 63df976d8e ]

conditionnal inherit is missed when PACKAGECONFIG privdrop is
activated after this inherit, eg in .bbappend.

Signed-off-by: Andreas Fenkart <afenkart@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-06-23 16:57:53 -04:00
Vijay Anusuri 491671faee proftpd: Fix CVE-2024-57392 
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-05-21 09:17:27 -04:00
Divya Chellam 1d4fbb2b77 openvpn: upgrade 2.6.12 -> 2.6.14 
This includes CVE-fix for CVE-2025-2704

Changelog:
==========
https://github.com/OpenVPN/openvpn/releases

For full details, refer to:
https://github.com/OpenVPN/openvpn/compare/v2.6.12...v2.6.14

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-04-16 20:33:50 -04:00
Yi Zhao 2ae4880410 mbedtls: 3.6.2 -> 3.6.3 
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3

Remove mbedtls-framework repository, as the framework is now added
as a flat directory rather than a submodule[1][2].

[1] https://github.com/Mbed-TLS/mbedtls/commit/b41194ce7f2fda63bf5959588631eba73c5c621e
[2] https://github.com/Mbed-TLS/mbedtls/commit/2c824b4fe5dab7e1526560be203bf705857e372a

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-04-16 20:33:47 -04:00
Yi Zhao 5675f4481b mbedtls: upgrade 2.28.9 -> 2.28.10 
ChangeLog
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-04-16 20:33:43 -04:00
Khem Raj 95d57ab55b fwknop: Specify target locations of gpg and wget 
This fixes emitting buildpaths into binary and also
fixes the issue where these tools wont exist on
the paths they were found on build machine

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
 2025-04-16 20:30:24 -04:00
Wang Mingyu 4b7999ed5d fetchmail: disable rpath to fix buildpaths warning. 
There was an error with the last modification to the buildpaths warning, which could cause segment error.

fix the following warning about buildpath:
  WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
 2025-04-16 20:30:24 -04:00
Wang Mingyu c348e10438 fetchmail: Fix buildpaths warning. 
WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
 2025-04-16 20:30:24 -04:00
Khem Raj a627269b8a keepalived: Make build reproducible 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
 2025-04-16 20:30:23 -04:00
alperak 0242b8f2bd rdist: Fix contains reference to TMPDIR [buildpaths] warning 
Pass OE cflags to makefile

WARNING: rdist-6.1.5-r0 do_package_qa: QA Issue: File /usr/bin/.debug/rdistd in package rdist-dbg contains reference to TMPDIR
File /usr/bin/.debug/rdist in package rdist-dbg contains reference to TMPDIR [buildpaths]

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
 2025-04-16 20:30:23 -04:00