meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00

Author	SHA1	Message	Date
Gyorgy Sarvari	da6b309429	net-snmp: fix ptests Add missing dependencies. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-29 17:05:14 +01:00
Khem Raj	3f4f321d04	openl2tp: Fix ptests - Detect active network interface to use, instead of asking user, this needs to run in automation - Find the location of ppp_null.so with find instead of rpm, rpm is a distro choice it can be assumed to be always there. - Add missing runtime deps for ptests - Kill openl2tpd started by run-ptest script before exiting, otherwise ptest runner hangs forever. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `d30427f475`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-29 16:59:58 +01:00
Zhang Peng	50c69deb2c	frr: fix CVE-2024-31949 CVE-2024-31949: In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-31949] [https://salsa.debian.org/lts-team/packages/frr/-/blob/debian/7.5.1-1.1+deb10u4/debian/patches/CVE-2024-31949.patch?ref_type=tags] Upstream patches: [https://github.com/FRRouting/frr/pull/15640/commits/30a332dad86fafd2b0b6c61d23de59ed969a219b] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-29 16:59:21 +01:00
Gyorgy Sarvari	d2da8450c0	freediameter: fix run-ptest reporting Add PASS/FAIL printout at the end of the execution. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 21:13:20 +01:00
Gyorgy Sarvari	c71d61037e	python3-scapy: fix ptests 1. Enable network access during tests by setting a nameserver 2. Add missing tshark dependency 3. Install missing test files Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 21:13:18 +01:00
Gyorgy Sarvari	0d9619b1bc	keepalived: patch CVE-2021-44225 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44225 Pick patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 18:08:19 +01:00
Vijay Anusuri	d342d283b3	unbound: Fix CVE-2022-3204 Upstream-Status: Backport from https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:35 +01:00
Vijay Anusuri	0bf05b6de8	unbound: Fix for CVE-2022-30698 and CVE-2022-30699 Upstream-Status: Backport from https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:35 +01:00
Gyorgy Sarvari	88be6af76b	squid: fix esi PACKAGECONFIG libxml has derecated the "xmlSetFeature" call, and hid is behind a special config flag (--with-legacy), which is not used by default in oe-core. This makes compilation fail, when "esi" PACKAGECONFIG is enabled: Libxml2Parser.cc:94:5: error: 'xmlSetFeature' was not declared in this scope; did you mean 'xmlHasFeature'? This backported patch fixes this. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:33 +01:00
Gyorgy Sarvari	efbc247121	squid: patch CVE-2025-59362 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59362 Pick the PR content that's referenced in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:30 +01:00
Gyorgy Sarvari	bb7620585c	squid: patch CVE-2023-46724 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-46724 Pick the patch from the details of the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:28 +01:00
Gyorgy Sarvari	4c30475f5d	squid: patch CVE-2022-41318 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41318 Pick the v4 patch referenced in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:25 +01:00
Gyorgy Sarvari	3183e67999	squid: patch CVE-2022-41317 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41317 Pick the v4 patch referenced in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:22 +01:00
Gyorgy Sarvari	ccfa20cea9	squid: patch CVE-2021-46784 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-46784 Pick the backported patch from v4 branch, that referenced the same PR[1] that the patch[2] from the nvd report refers to. [1]: https://github.com/squid-cache/squid/pull/1022 [2]: https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:18 +01:00
Gyorgy Sarvari	c7a33c2d5a	netkit-telnet: patch CVE-2022-39028 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39028 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 11:17:13 +01:00
Vijay Anusuri	6c8ae54fc3	proftpd: Fix CVE-2023-48795 Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-20 11:59:36 +02:00
Peter Marko	5bb71a5f0f	squid: mark CVE-2025-54574 as patched Per [1] CVE-2025-54574 is fixed in patch for CVE-2023-5824. That was a composite patch from more commits. When checking it, it really contains also commit [2] which is mentioned as fix for CVE-2025-54574. [1] https://security-tracker.debian.org/tracker/CVE-2025-54574 [2] https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-17 10:51:27 +02:00
Rajeshkumar Ramasamy	7eadf76d76	open-vm-tools: fix CVE-2025-41244 VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-41244 Upstream-patch: https://github.com/vmware/open-vm-tools/commit/7ed196cf01f8acd09011815a605b6733894b8aab Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-17 10:51:26 +02:00
Archana Polampalli	b6c9eb2ce5	tcpreplay: fix CVE-2025-51006 Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-17 10:51:26 +02:00
Archana Polampalli	0538af085a	tcpreplay: fix CVE-2025-9157 A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-17 10:51:26 +02:00
Gyorgy Sarvari	bf9fc50ccc	dovecot: patch CVE-2021-33515 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33515 Backport the relevant patch. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-12 13:08:38 +02:00
Gyorgy Sarvari	91a9a3d61f	dovecot: patch CVE-2022-30550 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-30550 Pick the commit referenced in https://www.openwall.com/lists/oss-security/2022/07/08/1 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-12 13:08:33 +02:00
Gyorgy Sarvari	b157fa0412	civetweb: patch CVE-2020-27304 Details: https://nvd.nist.gov/vuln/detail/CVE-2020-27304 Take the patches referenced in https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/ (which URL is also referenced by NIST) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-12 13:08:29 +02:00
Peter Kjellerstedt	e8be179802	recipes: Remove double protocol= from SRC_URIs With the exception of paho-mqtt-cpp, the double protocol= attributes were added to the SRC_URIs when protocol=https was added to all SRC_URIs fetching from github.com in commit `b402a3076f` (recipes: Update SRC_URI branch and protocols). Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `2e0a581bee`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:32 +02:00
Wang Mingyu	23d9cf882f	uftp: upgrade 5.0.2 -> 5.0.3 Changelog: =========== -A memory leak fix in the prior version wasn't applied correctly, resulting in an invalid memory access causing a crash. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `5d050f078a`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Wang Mingyu	975368a20e	uftp: upgrade 5.0.1 -> 5.0.2 Changelog: ========= -Fixed bug that caused crash when a CLIENT_KEY arrived out of order -Fixed option handling on Windows when an argument is missing Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `93a5628ae6`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Wang Mingyu	76de61ab0a	uftp: upgrade 5.0 -> 5.0.1 Changelog: ========== -On very low speed transfers (<10Kbps) sessions would time out due to a very large interpacket transmission interval. Fixed by putting a lower limit on the advertised GRTT of of the interpacket transmission interval. -Sending of ABORT messages on early shutdown would sometimes fail due to OpenSSL cleanup functions running before application cleanup. Changed the ordering of atexit() handlers to ensure OpenSSL cleanup happens last. -Fixed missing timestamp update when clients read CONG_CTRL messages -Fix to GRTT handling on server to ensure it doesn't fall below minumim. -Fixed bypassed checking of existing files on client for backup -Various logging fixes Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `0a58426ed0`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Yi Zhao	68c66db375	libtdb: upgrade 1.4.3 -> 1.4.7 * Refresh patches * Add a patch to skip checking PYTHONHASHSEED Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `cf53340f00`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
wangmy	8426871255	cifs-utils: upgrade 6.14 -> 6.15 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `88ea7fc012`) Adapted to Kirkstone. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Randy MacLeod	d42bb883dd	tnftp: switch the SRC_URI to https Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `8f4dc754cf`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Khem Raj	bb12695af8	ssmping: Use debian mirror for SRC_URI Original URI is not accessible anymore Drop md5sum Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `ceb9160341`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Randy MacLeod	790b431538	pimd: switch SRC_URI to https Switch SRC_URI to https (yes, the URI still has ftp in the path!). Also drop the obsolete SRC_URI[md5sum]. Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `9221eaa8d6`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Wang Mingyu	a88c4f592f	ndisc6: upgrade 1.0.7 -> 1.0.8 Changelog ============ Fix potential garbage whilst prining an advertised prefix. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `3fe7c5fae8`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Wang Mingyu	b2dbbd49ca	ndisc6: upgrade 1.0.6 -> 1.0.7 Changelog: ========= # Do not ignore multicast advertisements when discovery was sent as unicast (fix regression from 1.0.5). Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `a014528ede`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Yi Zhao	515b34d850	lksctp-tools: upgrade 1.0.20 -> 1.0.21 ChangeLog: https://github.com/sctp/lksctp-tools/blob/v1.0.21/ChangeLog Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `4c3e3638b9`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Yi Zhao	bc1a12e9c5	lksctp-tools: upgrade 1.0.19 -> 1.0.20 ChangeLog: https://github.com/sctp/lksctp-tools/blob/v1.0.20/ChangeLog Drop redundant variables LK_REL, SOLIBVERSION and SOLIBMAJORVERSION in recipe. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `162039c327`) Adapted to Kirkstone. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-29 20:15:31 +02:00
Randy MacLeod	3420cb0739	ncftp: Upgrade to 3.2.7 Switch the SRC_URI from "ftp:" to "https:". Drop the obsolete SRC_URI[md5sum]. Drop ncftp-3.2.5-gcc10.patch since we're using gcc13 and upstream has fixed the build to work by adding an extern to sh_util/gpshare.c for example. Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `9dbf1b42bb`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Yi Zhao	efc78dfed0	devecot: set dovecot.conf file mode with chmod The touch command doesn't support file mode setting. Set it with chmod. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `4b306f382f`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Khem Raj	acdeeb0a4a	radiusclient-ng: Point SRC_URI to archive.ubuntu.com This tarball is not available on debian ftp archive anymore Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `fe62e64c97`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Khem Raj	23b345c5a1	openflow: Switch SRC_URI to github mirror Original repo seems to be not accessible. Fix build with clang-18 Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `59bffb6844`) Adapted for Kirkstone. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Khem Raj	86b1d92dcc	openflow: Include sys/stat.h for fchmod Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `e2b1b060b0`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Bergin, Peter	80968e146f	freediameter: fix typo and old overide syntax A typo that probably caused a left over from override syntax conversion. INITSCRIPT_PARAMS$_${PN} --> INITSCRIPT_PARAMS:${PN} Signed-off-by: Peter Bergin <peter.bergin@windriver.com> Signed-off-by: Peter Bergin <peter@berginkonsult.se> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `77f031776e`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Gyorgy Sarvari	1de3289aa2	znc: fix LICENSE value, clean up SRC_URI 1. Set the correct LICENSE value 2. Csocket is a submodule of the main znc project. Instead of cloning it separately in a subfolder, just let the gitsm fetcher to fetch the correct revisions, at the correct place. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `6a8d205e5c`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Khem Raj	e93f4a53c9	nfacct: Update SRC_URI to point to valid URL Update UPSTREAM_CHECK_URI accordingly Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `88b295625d`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Wang Mingyu	71a07ae386	libnftnl: upgrade 1.2.5 -> 1.2.6 Changelog: ========= tests: nft-rule-test: Add test cases to improve code coverage tests: nft-table-test: fix typo shixuantong expr: meta: introduce broute meta expression Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `d358507597`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Yi Zhao	a1460941fc	libnftnl: upgrade 1.2.4 -> 1.2.5 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `e9df01df3d`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Wang Mingyu	4f2e3d6e39	libnftnl: upgrade 1.2.3 -> 1.2.4 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `9afefefac5`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Yi Zhao	5d465fed15	libnftnl: upgrade 1.2.2 -> 1.2.3 Drop 0001-avoid-naming-local-function-as-one-of-printf-family.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `333cdd80c6`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
wangmy	b9e3ddaefd	libnftnl: upgrade 1.2.1 -> 1.2.2 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `6d997c52c5`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00
Wang Mingyu	8b4a5ad2c6	pure-ftpd: upgrade 1.0.51 -> 1.0.52 nostrip.patch refreshed for 1.0.52 License-Update: Copyright year updated to 2024 Changelog: ========== - The QUIT command is now accepted during a transfer. - The server can be built with --with-minimal again. - Fixed an out of bounds read in the MLSD command. - Larger mmap()ed pages are used on aarch64. - Improved compatibility with HPUX - Improved OpenSSL API compatibility - Improved compatibility with OpenWall Linux - Improved compatibility with Netfilter Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `fac6357f60`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:13:03 +02:00

1 2 3 4 5 ...

3083 Commits