NVD tracks this CVE as version-less.
Per [1] this is fixed by following commits:
$ git tag --contains b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc
0.26.0
0.26.0-rc1
$ git tag --contains 02e847458369c08421fd2d5e9a16a5f272c2de9e
0.26.0
0.26.0-rc1
[1] https://github.com/OpenSC/OpenSC/wiki/CVE-2024-8443
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This will remove false-positive CVE-2024-50655 from reports.
There are different emlog components from other vendors around.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This CVE is officially disputed by Redhat with official statement in
https://nvd.nist.gov/vuln/detail/CVE-2007-0086
Red Hat does not consider this issue to be a security vulnerability.
The pottential attacker has to send acknowledgement packets periodically
to make server generate traffic. Exactly the same effect could be
achieved by simply downloading the file. The statement that setting the
TCP window size to arbitrarily high value would permit the attacker to
disconnect and stop sending ACKs is false, because Red Hat Enterprise
Linux limits the size of the TCP send buffer to 4MB by default.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These were not updated on recipe upgrade.
To make maintenance easier, remove exact versions.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade xfdesktop from 4.18.1 to 4.20.0:
* add dependency libxfce4windowing
* set variables from glib-2.0.pc in EXTRA_OECONF since paths have been
removed from the .pc file in oe-core
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for libxfce4windowing 4.20.0 which is required by other xfce4
components such as xfce4-session, xfdesktop etc.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-detect-correct-openssl-3.x.patch
removed since it's included in 0.4.13
Changelog:
=========
- Increased maximum PIN length
- Fixed several memory leaks
- Don't include libp11.rc VERSIONINFO into pkcs11
- Reimplement CI with GitHub Actions
- Improved tests
- Added static ENGINE (libpkcas11.a) build
- Added a workaround broken foreign key handling in OpenSSL
3.0.12-3.0.13, 3.1.4-3.1.5, 3.2.0-3.2.1
- Added a workaround for conflicting atexit() callbacks
- Always login with PIN If FORCE_LOGIN is specified in openssl config
- Added OAEP support to RSA_private_decrypt
- Added PKCS11_enumerate_*_ext functions
- Fixed non-null-terminated label padding
- Fixed several object management issues
- Deferred libp11 initialization until needed
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Use _stricmp() instead of strcasecmp() on Windows
- Accept --help & --version as aliases to -help & -version
- evargs.c: constify pointer arguments that aren't modified
- evargs.c: Use standard strchr() instead of deprecated index()
- Remove detectableRepeat variable
- Assume target platforms have strcasecmp now
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.74
* Bugfixes
- Fixed a stapling cache deallocation crash.
- Fixed "redirect" with protocol negotiation.
* Features
- "protocolHost" support for "socks" protocol clients.
- More detailed logs in OpenSSL 3.0 or later.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Avoid crash when converting dict with circular reference
- ci: use pixi in CI
- Mention nanobind's solution
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fix memory not released on error return from pb_decode_ex()
- Fix deprecated MakeClass() call in generator
- Fix compiler error with enums and --c-style
- Fix version conflict with bazel build rules
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fixed: If the ping statement did not explicitly specify an outgoing address
but a previous ping statement did, the same address was shared by both
statements.
- Fixed: Monit may crash upon stopping if the ping statement is used in
conjunction with the address option.
- Fixed: If a directory is set in the 'allow' option of the 'set httpd'
statement, instead of file or string, Monit hangs on start.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Peter Marko
Yogita Urade
Khem Raj
Hongxu Jia
Kai Kang
Wang Mingyu
Bartosz Golaszewski
Markus Volk
Wang Mingyu