9795c85f02
memcached: patch CVE-2023-46852
...
Details https://nvd.nist.gov/vuln/detail/CVE-2023-46852
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:35 +08:00
bf656aa325
memcached: ignore disputed CVE-2022-26635
...
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 889ccce684anuj.mittal@intel.com >
2025-10-30 14:43:35 +08:00
3e72a5f33c
libconfuse: patch CVE-2022-40320
...
Pick patch per [1] poiting to [2] pointing to [3].
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-40320
[2] https://github.com/libconfuse/libconfuse/issues/163
[3] https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c048c04101ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
4bb1da31d5
frr: patch CVE-2024-44070
...
Details https://nvd.nist.gov/vuln/detail/CVE-2024-44070
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
393bb3e0a5
tinyproxy: patch CVE-2023-49606
...
Details https://nvd.nist.gov/vuln/detail/CVE-2023-49606
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit 7f8516d8dbankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
24b0040b4c
corosync: patch CVE-2025-30472
...
Pick commit from [1] mentioned in [2] from [3]
[1] https://github.com/corosync/corosync/issues/778
[2] https://github.com/corosync/corosync/pull/779
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-30472
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit eab04e4620ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
a1b17511ca
corosync: upgrade 3.1.6 -> 3.1.9
...
dbus dir was changed from sysconfdir to datadir
drop unused configure code
License-Update: copyright years refreshed
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit 950c603f21ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
64f9120014
corosync: fix upstream version check
...
github-releases is needed that it work at all:
ERROR: Automatic discovery of latest version/revision failed - you must provide a version using the --version/-V option, or for recipes that fetch from an SCM such as git, the --srcrev/-S option.
UPSTREAM_CHECK_GITTAGREGEX is needed to get correct version, otherwise:
$ devtool latest-version corosync
...
INFO: Current version: 3.1.6
INFO: Latest version: 414.336.75.75.75
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit 9aed476a90ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
68f8ea24d0
corosync: reproducibility issue
...
Corosync is not reproducible due to change of value
in NETSNMP_SYS_CONTACT which is set in net-snmp:
NETSNMP_SYS_CONTACT = "$ME@$LOC"
$ME = whoami
$LOC assigned domain name from /etc/resolv.conf
Use build in'--with-sys-contact' to overwrite it
https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/30/steps/28/logs/stdio
CC: Yoann Congal <yoann.congal@smile.fr >
CC: Randy MacLeod <randy.macleod@windriver.com >
Signed-off-by: Christos Gavros <gavrosc@yahoo.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bb138b9f6bankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
46091f4925
open-vm-tools: fix CVE-2025-41244
...
VMware Aria Operations and VMware Tools contain a local privilege
escalation vulnerability. A malicious local actor with non-administrative
privileges having access to a VM with VMware Tools installed and managed
by Aria Operations with SDMP enabled may exploit this vulnerability
to escalate privileges to root on the same VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-41244
Upstream-patch:
https://github.com/vmware/open-vm-tools/commit/7ed196cf01f8acd09011815a605b6733894b8aab
Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
065ff23049
dovecot: patch CVE-2022-30550
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-30550
Pick the commit referenced in https://www.openwall.com/lists/oss-security/2022/07/08/1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:10:53 +08:00
64981bc057
civetweb: patch CVE-2025-55763
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55763
Pick the relevant commit from https://github.com/civetweb/civetweb/pull/1347/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:10:34 +08:00
adcb6e9841
ssmping: Use debian mirror for SRC_URI
...
Original URI is not accessible anymore
Drop md5sum
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit ceb9160341anuj.mittal@intel.com >
2025-09-23 16:30:15 +08:00
9a3078e6fe
rp-pppoe: update SRC_URI
...
Upstream repository url changed.
Fixes unsuccessful fetch warning.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c400aca52aanuj.mittal@intel.com >
2025-09-23 16:30:15 +08:00
429e7401a2
nng: Rename default branch of github.com:nanomsg/nng.git
...
Default branch is renamed from `master` to `main`. Commitshas are the
same.
Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 58679b6a51anuj.mittal@intel.com >
2025-09-23 16:30:14 +08:00
371879bee7
geoip: fix do_fetch error
...
Change the SRC_URI to the correct value due to the following error:
ERROR: geoip-1.6.12-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'http://sources.openembedded.org/GeoIP.dat.20181205.gz;apply=no;name=GeoIP-dat ;')
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit aadc2ac9dcanuj.mittal@intel.com >
2025-09-23 16:30:14 +08:00
c29a18fa39
mbedtls: drop tag parameter from SRC_URI.
...
Signed-off-by: kjlau0112 <karn.jye.lau@intel.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-08-18 08:35:05 -07:00
ba84c52d55
libcoap: patch CVE-2024-31031
...
Pick commit [1] from [2] which fixes [3] as listed in [4].
[1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
[2] https://github.com/obgm/libcoap/pull/1352
[3] https://github.com/obgm/libcoap/issues/1351
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
21e370fd3c
open-vm-tools: fix CVE-2025-22247
...
VMware Tools contains an insecure file handling vulnerability.
\xa0A malicious actor with non-administrative privileges on a
guest VM may tamper the local files to trigger insecure file
operations within that VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-22247
Upstream patch: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1230-1250-VGAuth-updates.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
2c9126bd0d
mbedtls: upgrade 3.6.3.1 -> 3.6.4
...
Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087
The framework directory has been changed into a git submodule.[1][2]
The recipe now uses Git Submodule Fetcher (gitsm)
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
[1] https://github.com/Mbed-TLS/mbedtls/commit/8cf5666a174237998a7965e284d7ba8c1655d16d
[2] https://github.com/Mbed-TLS/mbedtls/commit/c90c6d8ff787ab8787d9373b0e662a95ed1f4dae
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
6dedea4262
mbedtls: upgrade 3.6.3 -> 3.6.3.1
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:34:07 -04:00
fb6424156a
postfix: fix rootfs file difference
...
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:14 -04:00
1e80bb4b03
proftpd: Fix CVE-2023-51713
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592
Link: https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone&id=730e44900a0a86265bad93a16b5a5ff344a07266
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:06 -04:00
4a58c21334
tcpreplay: fix CVE-2024-22654
...
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:13:26 -04:00
6885bcddd4
wireshark: upgrade 4.2.9 -> 4.2.12
...
releasenote:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.12.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.11.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.10.html
Includes security fix CVE-2025-5601
License-Update: Update GPL copies for FSF no longer having an address
Link: https://github.com/wireshark/wireshark/commit/18e4db97c424c11cb26fa7fef97b95dd3d001bb1
The 4.2.9 was not longer available at the original SRC_URI.
At the new SRC_URI all version of the wireshark releases are available.
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:05:56 -04:00
40c9f33ad2
chrony: use inherit_defer for conditional inherit of useradd
...
[ Upstream commit 63df976d8eafenkart@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-06-23 16:57:53 -04:00
491671faee
proftpd: Fix CVE-2024-57392
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-05-21 09:17:27 -04:00
1d4fbb2b77
openvpn: upgrade 2.6.12 -> 2.6.14
...
This includes CVE-fix for CVE-2025-2704
Changelog:
==========
https://github.com/OpenVPN/openvpn/releases
For full details, refer to:
https://github.com/OpenVPN/openvpn/compare/v2.6.12...v2.6.14
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-04-16 20:33:50 -04:00
2ae4880410
mbedtls: 3.6.2 -> 3.6.3
...
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3
Remove mbedtls-framework repository, as the framework is now added
as a flat directory rather than a submodule[1][2].
[1] https://github.com/Mbed-TLS/mbedtls/commit/b41194ce7f2fda63bf5959588631eba73c5c621e
[2] https://github.com/Mbed-TLS/mbedtls/commit/2c824b4fe5dab7e1526560be203bf705857e372a
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-04-16 20:33:47 -04:00
5675f4481b
mbedtls: upgrade 2.28.9 -> 2.28.10
...
ChangeLog
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-04-16 20:33:43 -04:00
95d57ab55b
fwknop: Specify target locations of gpg and wget
...
This fixes emitting buildpaths into binary and also
fixes the issue where these tools wont exist on
the paths they were found on build machine
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:24 -04:00
4b7999ed5d
fetchmail: disable rpath to fix buildpaths warning.
...
There was an error with the last modification to the buildpaths warning, which could cause segment error.
fix the following warning about buildpath:
WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:24 -04:00
c348e10438
fetchmail: Fix buildpaths warning.
...
WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:24 -04:00
a627269b8a
keepalived: Make build reproducible
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:23 -04:00
0242b8f2bd
rdist: Fix contains reference to TMPDIR [buildpaths] warning
...
Pass OE cflags to makefile
WARNING: rdist-6.1.5-r0 do_package_qa: QA Issue: File /usr/bin/.debug/rdistd in package rdist-dbg contains reference to TMPDIR
File /usr/bin/.debug/rdist in package rdist-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: alperak <alperyasinak1@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:23 -04:00
829fa434c3
blueman: Fix buildpathe issue with cython generated code
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Cc: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:23 -04:00
57b939762c
wolfssl: Add packageconfig for reproducible build
...
Make this option turned on by default
Fixes
WARNING: wolfssl-5.7.2-r0 do_package_qa: QA Issue: File /usr/lib/libwolfssl.so.42.2.0 in package wolfssl contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:02 -04:00
cd1aa14313
wireshark: upgrade 4.2.7 -> 4.2.9
...
Fixes CVE-2024-11595 CVE-2024-11596
Removed CVE-2024-9781.patch which is already fixed in 4.2.8 version
Release notes:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.8.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.9.html
Reference:
https://www.wireshark.org/security/wnpa-sec-2024-15.html
https://www.wireshark.org/security/wnpa-sec-2024-14.html
https://www.wireshark.org/security/wnpa-sec-2024-13.html
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-23 15:29:23 -04:00
3e3de7632e
wolfssl: Upgrade 5.7.0 -> 5.7.2
...
The upgrade includes many vulnerability fixes, new features and
inhancements, refer to:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-23 15:27:16 -04:00
7bc1db1659
Wolfssl: add ptest
...
Add ptest for Wolfssl package.
Set IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-wolfssl to 700M
enough to avoid a "No space left on device".
BEGIN: /usr/lib/wolfssl/ptest
Wolfssl ptest logs are stored in /tmp/wolfss_temp.qvuQ9h/ptest.log
Test script returned: 0
unit_test: Success for all configured tests.
PASS: Wolfssl
DURATION: 7
END: /usr/lib/wolfssl/ptest
Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-23 15:27:08 -04:00
454cc11317
unbound: Fix CVE-2024-8508
...
Malicious upstreams responses with very large RRsets can cause Unbound
to spend a considerable time applying name compression to downstream
replies. This can lead to degraded performance and eventually denial of
service in well orchestrated attacks.
Reference: https://nvd.nist.gov/vuln/detail/cve-2024-8508
Signed-off-by: Virendra Thakur <virendrak@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-07 19:40:44 -05:00
dd3dca0d01
ebtables: Remove the dependecy on bash
...
Rewrite ebtables-legacy-save to avoid using bashisms.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-03 08:03:37 -05:00
d7e5d4796c
mdio-tools: fix mdio-netlink kernel module reproducibility
...
mdio-netlink source make reference to ${S}/.. which breaks
-fdebug-prefix-map and results in the full TMPDIR path being present in
the -dbg package and, also, change a related CRC in the main package.
This changes ${S} to enclose the whole SRC_URI repo and adapt relative paths to
build (MODULES_MODULE_SYMVERS_LOCATION)
This make mdio-netlink reproducible and fixes this warning:
WARNING: mdio-netlink-1.3.1-r0 do_package_qa: QA Issue: File /lib/modules/6.6.29-yocto-standard/updates/.debug/mdio-netlink.ko in package mdio-netlink-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr >
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit d161de0b00akuster808@gmail.com >
2025-02-04 14:41:20 -08:00
19bb449400
wireshark 4.2.7: Fix CVE-2024-9781
...
Upstream Repository: https://gitlab.com/wireshark/wireshark.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-9781
Type: Security Fix
CVE: CVE-2024-9781
Score: 7.8
Patch: https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5
Signed-off-by: Shubham Pushpkar <spushpka@cisco.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-20 19:26:03 -05:00
a000fcb1b5
chrony: fix do_fetch error
...
Change the SRC_URI to the correct value due to the following error:
WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz , attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-20 19:25:07 -05:00
c04b722e9b
ndisc6: Fix reproducible build
...
includes the CFLAGS used to build the package in
the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the
absolute build path via (eg.) the -ffile-prefix-map flag.
Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 14:14:43 -05:00
6d4f8294b4
ndisc: Remove buildpaths from binaries
...
configure emits its arguments into binaries via PACKAGE_CONFIGURE_INVOCATION
therefore edit the paths from this in generated config.h before it gets into
binaries.
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 14:14:39 -05:00
3b0f220870
mosquitto: upgrade 2.0.19 -> 2.0.20
...
Changelog:
==========
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
Closes #3128 .
- Open files with appropriate access on Windows.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.
Client library:
- Fix cmake build on OS X.
Build:
- Fix build on NetBSD
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Bruno VERNAY <bruno.vernay@se.com >
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 14:05:30 -05:00
2d019956a6
mosquitto: upgrade 2.0.18 -> 2.0.19
...
- Solves CVE-2024-8376
- removed 1571.patch and 2894.patch, already applied in v2.0.19
https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt
Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com >
Reviewed-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Bruno VERNAY <bruno.vernay@se.com >
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 14:05:20 -05:00
df0a87ca52
frr: fix CVE-2024-31949
...
CVE-2024-31949:
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR
capability as a dynamic capability because malformed data results in a pointer not advancing.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31949 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:40 -05:00
Ankur Tyagi
Peter Marko
Christos Gavros
Rajeshkumar Ramasamy
Gyorgy Sarvari
Khem Raj
Wang Mingyu
Jeroen Knoops
kjlau0112
Hitendra Prajapati
Guðni Már Gilbert
Jinfeng Wang
Vijay Anusuri
Archana Polampalli
Clayton Casciato
Divya Chellam
Yi Zhao
alperak
Sofiane HAMAM
Virendra Thakur
Peter Kjellerstedt
Yoann Congal
Shubham Pushpkar
Jiaying Song
Fabrice Aeschbacher
Zhang Peng