mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 05:10:20 +00:00

Files

Gyorgy Sarvari d31f07340f monkey: patch CVEs

These patches are about a number of CVEs files against the application:
CVE-2025-63649, CVE-2025-63650, CVE-2025-63651, CVE-2025-63652, CVE-2025-63653, CVE-2025-63655,
CVE-2025-63656, CVE-2025-63657 and CVE-2025-63658.

These patches are taken from a pull request[1] that is referenced in the relevant bug report[2].
The patches don't target specific CVEs on separately, but they fix a number of CVEs altogether.

Based on upstream analysis (in the linked issue) a number of these CVEs are duplicates of each
other and/or not exploitable. The valid CVEs are fixed by these patches.

I haven't added specific CVE info to the patches, one hand because of the above, it is hard to
separate the patches by CVE, and secondarily because NVD tracks these CVEs with incorrect version
info: NVD considers 1.8.6 fully fixed, even though the patches are only in the master branch,
untagged at this time. After updating the recipe to 1.8.6+, the vulnerabilites will disappear
from the CVE report due to this.

[1]: https://github.com/monkey/monkey/pull/434
[2]: https://github.com/monkey/monkey/issues/426

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-04-20 07:35:36 -07:00

conf

layers: update for wrynose release series

2026-03-18 14:35:06 -07:00

files

static-id: add missing netdata group

2023-11-15 09:51:46 -08:00

licenses

…

recipes-core

cherokee: Remove obsolete recipe

2024-09-30 07:34:28 -07:00

recipes-devtools/swagger-ui

swagger-ui: upgrade 5.32.1 -> 5.32.2

2026-04-10 07:59:58 -07:00

recipes-httpd

monkey: patch CVEs

2026-04-20 07:35:36 -07:00

recipes-php

xdebug: upgrade 3.5.0 -> 3.5.1

2026-03-02 19:25:59 -08:00

recipes-support

spawn-fcgi: upgrade 1.6.5 -> 1.6.6

2026-03-18 14:33:26 -07:00

recipes-webadmin

webmin: upgrade 2.621 -> 2.630

2026-04-06 09:46:29 -07:00

COPYING.MIT

…

README.md

meta-webserver/README: add example git send-email line

2025-05-08 18:29:33 -07:00

SECURITY.md

meta: Add SECURITY.md file to all layers

2024-11-23 09:00:14 -08:00

README.md

meta-webserver

This layer provides support for building web servers, web-based applications and related software.

Dependencies

This layer depends on:

URI: git://git.openembedded.org/openembedded-core subdirectory: meta branch: master

For some recipes, the meta-oe layer is required:

URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-oe branch: master

Layout

recipes-httpd/ Web servers
recipes-php/ PHP applications
recipes-support/ Miscellaneous support recipes
recipes-webadmin/ Standalone web administration interfaces

Notes

This layer used to provide a modphp recipe that built mod_php, but this is now built as part of the php recipe in meta-oe. However, since apache2 is required to build mod_php, and apache2 recipe is in this layer and recipes in meta-oe can't depend on it, mod_php is not built by default. If you do wish to use mod_php, you need to add "apache2" to the PACKAGECONFIG value for the php recipe in order to enable it. See here for info on how to do that:

http://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#var-PACKAGECONFIG

Maintenance

Send patches / pull requests to openembedded-devel@lists.openembedded.org with '[meta-webserver]' in the subject.

When sending single patches, please use something like:

git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix="meta-webserver][PATCH"

Layer maintainer: Derek Straka derek@asterius.io

License

All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.