summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* libdigest-sha1-perl: Fix LICENSE stringSaul Wold2022-09-041-1/+1
| | | | | | | | | The create_spdx bbclass does not currently handle the lack of spaces around the op (| or &). For now fix the LICENSE string. Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libio-socket-ssl-perl: Fix LICENSE stringSaul Wold2022-09-041-1/+1
| | | | | | | | | The create_spdx bbclass does not currently handle the lack of spaces around the op (| or &). For now fix the LICENSE string. Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libdigest-hmac-perl: Fix LICENSE stringSaul Wold2022-09-041-1/+1
| | | | | | | | | The create_spdx bbclass does not currently handle the lack of spaces around the op (| or &). For now fix the LICENSE string. Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libipc-signal-perl: Fix LICENSE stringSaul Wold2022-09-041-1/+1
| | | | | | | | | The create_spdx bbclass does not currently handle the lack of spaces around the op (| or &). For now fix the LICENSE string. Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fuse3: fix ptest test_passthrough_hp failureChangqing Li2022-08-162-0/+46
| | | | | | | fix test_passthrough_hp failure with error: 21 unlinked testfile checks failed Signed-off-by: Changqing Li <changqing.li@windriver.com>
* fuse3: support ptestChangqing Li2022-08-161-4/+21
| | | | | | | | | | | | | fuse3 test is designed to run under source dir, there are many places like "progname = pjoin(basename, 'example', 'ioctl')" in the testcases, which will try to find compiled program. As our S != B, and the don't run test under source dir. Test will fail with following errors: No such file or directory: '/usr/lib64/fuse3/ptest/test/../example/printcap' Fix by install needed programs for the test Signed-off-by: Changqing Li <changqing.li@windriver.com>
* audit: Upgrade to 3.0.8 and fix build with linux 5.17+Khem Raj2022-08-092-11/+9
| | | | | | | | | | | | | | | | | | | | | | | | audit errors out due to swig munging it does with kernel headers | audit_wrap.c: In function '_wrap_audit_rule_data_buf_set': | audit_wrap.c:4701:17: error: cast specifies array type | 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); | | ^ | audit_wrap.c:4701:15: error: invalid use of flexible array member | 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); | | ^ | audit_wrap.c:4703:15: error: invalid use of flexible array member | 4703 | arg1->buf = 0; | | ^ These errors are due to VLAIS from kernel headers, so we copy linux/audit.h and make the needed change in local audit.h and make needed arrangements in build to use it when building audit package Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Bruce Ashfield <bruce.ashfield@gmail.com> (cherry picked from commit ee3c680c300237c49a3c70610aa5794185c4adac) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xrdp: Fix buildpaths warning.Lei Maohui2022-08-091-0/+1
| | | | | | | | | Don't print configure message. Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit abe35f5953af99da4bf6b8d023ee4516ec4710fa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptsetup: Add support for building without SSH tokenskirtstone-nextPeter Kjellerstedt2022-08-091-1/+10
| | | | | | | | Cryptsetup SSH tokens is the only feature that has a dependency on libssh. Add a packageconfig to control this dependency. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libwebsockets: Avoid absolute paths in *.cmake files in the sysrootPeter Kjellerstedt2022-08-091-0/+3
| | | | | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* yasm: fix buildpaths warningAnuj Mittal2022-08-071-0/+5
| | | | | | | | | | | | ax_create_stdint_h.m4 includes $CC as a comment in the generated header which leads to buildpaths warning: | WARNING: yasm-1.3.0+gitAUTOINC+ba463d3c26-r0 do_package_qa: QA Issue: File /usr/include/libyasm-stdint.h in package yasm-dev contains reference to TMPDIR [buildpaths] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a7346d2bb1a60289225cce78d760e4d264d1b2a2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: fix buildpaths issueMingli Yu2022-08-071-0/+5
| | | | | | | | | | | | | | Fixes: WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/lib/libfrr.a in package frr-staticdev contains reference to TMPDIR [buildpaths] WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/src/debug/frr/8.2.2-r0/git/lib/version.h in package frr-src contains reference to TMPDIR [buildpaths] WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/include/frr/version.h in package frr-dev contains reference to TMPDIR [buildpaths] WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/bin/vtysh in package frr contains reference to TMPDIR File /usr/lib/libfrr.so.0.0.0 in package frr contains reference to TMPDIR [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8b76b6c8e3ffdb30da839408084289c57e292752) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: Fix the buildpaths issueMingli Yu2022-08-072-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: WARNING: apache2-2.4.54-r0 do_package_qa: QA Issue: File /usr/src/debug/apache2/2.4.54-r0/build/server/exports.c in package apache2-src contains reference to TMPDIR [buildpaths] Before the patch: # cat ./build/server/exports.c [snip] #include "mpm_fdqueue.h" const void *ap_ugly_hack = NULL; /* * /buildarea/build/tmp-glibc/work/core2-32-wrs-linux/apache2/2.4.54-r0/httpd-2.4.54/include/ap_expr.h */ const void *ap_hack_ap_expr_exec = (const void *)ap_expr_exec; [snip] After the patch: # cat ./build/server/exports.c [snip] #include "mpm_fdqueue.h" const void *ap_ugly_hack = NULL; /* * ap_expr.h */ const void *ap_hack_ap_expr_exec = (const void *)ap_expr_exec; [snip] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 4f2025e8d2f1626e97f7e9e675ce3c7d45477807) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openipmi: Fix buildpaths issueMingli Yu2022-08-071-0/+4
| | | | | | | | | | Fixes: WARNING: openipmi-2.0.32-r0 do_package_qa: QA Issue: File /usr/src/debug/openipmi/2.0.32-r0/OpenIPMI-2.0.32/swig/perl/OpenIPMI_wrap.c in package openipmi-src contains reference to TMPDIR [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5abd81567d5ed091ed870abf24e51f260747d593) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* freeradius: Fix buildpaths issueMingli Yu2022-08-072-0/+42
| | | | | | | | | | | Fixes: WARNING: freeradius-3.0.21-r0 do_package_qa: QA Issue: File /usr/bin/radeapclient in package freeradius-utils contains reference to TMPDIR [buildpaths] WARNING: freeradius-3.0.21-r0 do_package_qa: QA Issue: File /usr/lib/libfreeradius-server.so.0.0.0 in package freeradius contains reference to TMPDIR [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1c91de67b4981f62ddc7308bf88c1a6f4a844fdb) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: Fix the buildpaths issueMingli Yu2022-08-073-0/+119
| | | | | | | | | | | | | | | | Fixes: WARNING: postgresql-14.4-r0 do_package_qa: QA Issue: File /usr/bin/postgres in package postgresql contains reference to TMPDIR File /usr/bin/pg_config in package postgresql contains reference to TMPDIR [buildpaths] WARNING: postgresql-14.4-r0 do_package_qa: QA Issue: File /usr/include/pg_config.h in package libpq-dev contains reference to TMPDIR [buildpaths] WARNING: postgresql-14.4-r0 do_package_qa: QA Issue: File /usr/include/postgresql/server/pg_config.h in package postgresql-server-dev contains reference to TMPDIR File /usr/lib/postgresql/pgxs/src/Makefile.global in package postgresql-server-dev contains reference to TMPDIR [buildpaths] WARNING: postgresql-14.4-r0 do_package_qa: QA Issue: File /usr/lib/libpgcommon.a in package postgresql-staticdev contains reference to TMPDIR File /usr/lib/libpgcommon_shlib.a in package postgresql-staticdev contains reference to TMPDIR [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 59eff6269c4f4c150d976054d585872c92f20207) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: set ac_cv_path_PSPROGMingli Yu2022-08-071-0/+1
| | | | | | | | | | | | Fixes: WARNING: net-snmp-5.9.1-r0 do_package_qa: QA Issue: File /usr/include/net-snmp/net-snmp-config-64.h in package net-snmp-dev contains reference to TMPDIR File /usr/bin/net-snmp-create-v3-user in package net-snmp-dev contains reference to TMPDIR [buildpaths] WARNING: net-snmp-5.9.1-r0 do_package_qa: QA Issue: File /usr/lib/net-snmp/ptest/include/net-snmp/net-snmp-config.h in package net-snmp-ptest contains reference to TMPDIR [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1bf83255aee9850bf5ce5138c4bdefbe9eeb120c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibus: Swith to use main branch instead of masterKhem Raj2022-08-071-1/+1
| | | | | | | | | | | Upstream has switched to using main for tip of trunk, therefore follow it here in SRC_URI as well. Signed-off-by: Khem Raj <raj.khem@gmail.com> Suggested-by: Fabio Estevam <festevam@gmail.com> Reported-by: Markus Volk <f_l_k@t-online.de> (cherry picked from commit ca5f1dde541689f6a479a914ec742a3bf46dfbe1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: update patches for musl compilationMarta Rybczynska2022-08-074-63/+96
| | | | | | | | | | | | | | | | | | | | | | | Update the patch to make netgroup support optional to fit the commit merged upstream [1], update the other patch depending on one of the changes. Without this update, a compilation using duktape with musl fails with: | ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c: In function 'js_polkit_user_is_in_netgroup': | ../../../polkit-0.119/src/polkitbackend/polkitbackendduktapeauthority.c:1039:7: warning: implicit declaration of function 'innetgr' [-Wimplicit-function-declaration] | 1039 | if (innetgr (netgroup, | | ^~~~~~~ The main patch has been split in two, to apply the duktape part only when duktape is applied. [1] https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66 Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 271282b1a5579179241748d5f0bdb8d2ea013dd6) {Fixup for kirkstone content; exlude Ducktape chages] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: Add --shell /bin/nologin to polkitd userAkash Hadke2022-08-071-1/+1
| | | | | | | | | | polkitd user has default access to /bin/sh, add --shell /bin/nologin to remove default access to /bin/sh and avoid login through it. Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7ca63e5454bd7cbdb5ac58f6b5913e3387b64201) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit-group-rule-udisks2: fix override syntax in RDEPENDSYi Zhao2022-08-071-1/+1
| | | | | | | | | RDEPENDS_${PN} -> RDEPENDS:${PN} Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 10b508deacd8ff588b1511d077fcdd708deb653a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: add udisks2 ruleVyacheslav Yurkov2022-08-072-0/+41
| | | | | | | | | | The rule allows non-priviledged users from plugdev group to mount/unmount block devices Signed-off-by: Vyacheslav Yurkov <v.yurkov@precitec.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d7ff4a77241fc79fc704a0d9d6b414b52f025531) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* glmark2: fix compatibility with python-3.11Martin Jansa2022-08-052-1/+78
| | | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tracker: upgrade 3.3.1 -> 3.3.2wangmy2022-07-261-1/+1
| | | | | | | | | | | | | | | | | | | Changelog: ========== * Avoid redundant queries in TrackerNotifiers proxied through an D-Bus connection * Do not attempt to rebuild non-existing FTS tables on parser updates * Convert values to the right type when propagating insertions over superproperties * Fix test to handle SQLite >= 3.39.0 * Fix handling of nrl:modified after opening existing databases * Linking fixes to CLI executables Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a7f5d549e6152292e73e0039f4b7b0a2936a395c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tracker: upgrade 3.3.0 -> 3.3.1Wang Mingyu2022-07-261-1/+1
| | | | | | | | | | | | | | | | | | | Changelog: ========= * Fixed blank nodes to return the correct identifier in certain queries. * Fixes to FTS consistency after updates * Fixes to HTTP module linking * Fix handling of STRING_LITERAL_LONG1/2 terminals * Fix handling of negated property paths * Use .so suffix for modules on all platforms * Added code examples in JS/Python * Developer documentation improvements Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 91d468a051f90d4df3550b911a4604db490d8d50) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: upgrade 7.0.2 -> 7.0.4wangmy2022-07-261-1/+1
| | | | | | | | | | | | | | | | | Changelog: ========== Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: ---------------- (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. The problem affects Redis versions 7.0.0 or newer. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d9f8d015a45188c3cf2d6841ea05319032930dbc) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* stunnel: upgrade 5.64 -> 5.65wangmy2022-07-262-8/+18
| | | | | | | | | | | | | | | | | | | fix-openssl-no-des.patch refreshed for version 5.65 Changelog: ========== Security bugfixes OpenSSL DLLs updated to version 3.0.5. Bugfixes Fixed handling globally enabled FIPS. Fixed the default openssl.cnf path in stunnel.exe. Fixed a number of MSVC warnings. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 72f84335cb372dbf00d2d07429a595fced0c4f4f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* stunnel: upgrade 5.63 -> 5.64wangmy2022-07-261-1/+1
| | | | | | | | | | | | | | | | | | Changelog: ========== Security bugfixes OpenSSL DLLs updated to version 3.0.3. New features Updated the pkcs11 engine for Windows. Bugfixes Removed the SERVICE_INTERACTIVE_PROCESS flag in "stunnel -install". Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6f3b52f4589bfa942e473488f91ecef85d339e78) [New feature does not affect linux] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-lxml: Security fix CVE-2022-2309Yue Tao2022-07-262-1/+101
| | | | | | | | | | | | | CVE-2022-0934: lxml: NULL Pointer Dereference in lxml Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-2309 Patch from: https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
* openjpeg: ignore CVE-2015-1239Davide Gardenal2022-07-261-0/+4
| | | | | | | This CVE is patched in our version of openjpeg. The NVD database doesn't include a version range this is why it's still reported. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* bigbuckbunny-1080p: update SRC_URIArmin Kuster2022-07-241-1/+1
| | | | | | | fixes: ERROR: bigbuckbunny-1080p-1.0-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'https://www.mediaspip.net/IMG/avi/big_buck_bunny_1080p_surround.avi') Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ndisc6: upgrade 1.0.5 -> 1.0.6Wang Mingyu2022-07-211-2/+1
| | | | | | | | | | | | Changelog: ========== # ndisc6: print NAT64 prefix if present. # rdnssd: fix timeout calculation. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c77bc200813dec8a1317ea6651d0f398a3fa5d65) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.7 -> 8.1.8Wang Mingyu2022-07-211-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8d7b56ff235ea3b6da8e2b8a391176a99ca07327) [Bug fix only update] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* rsyslog: update 8.2202->8.2206Aryaman Gupta2022-07-211-1/+1
| | | | | | | | | | | | | | | | | | Package changes mainly include performance improvements to tcpsrv/imtcp, bug fixes and additional/updated tests: https://github.com/rsyslog/rsyslog/blob/master/ChangeLog ptest results for qemux86-64 with kvm and increasing filesystem space to 4GB using IMAGE_ROOTFS_EXTRA_SPACE : Version | Passed | Failed | Skipped 8.2202 | 456 | 0 | 5 8.2206 | 465 | 0 | 5 Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0f048c4c46fd4b377b7aacc236a23249ae05fdaa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* catfish: fix buildpaths issueChen Qi2022-07-211-0/+9
| | | | | | | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c2fb0bd1ebe04f91e97913e1e15405af0e127078) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: ignore unrelated CVEDavide Gardenal2022-07-211-0/+4
| | | | | | | | | | CVE-2017-8806 doesn't apply to out configuration of postgresql so we can safely ignore it. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit de4097f2304b2031265173c7d09aa1a2e983b81c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: ignore patched CVEsDavide Gardenal2022-07-211-0/+6
| | | | | | | | | | | CVE-2007-2728, CVE-2007-3205 and CVE-2007-4596 are patched in our version of php but they don't have a vulnerable version range in the NVD database, that's why they need to be ignored. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1642bfcb071aadb542c488bf79922842e32f1db5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mongodb: ignore unrelated CVEsDavide Gardenal2022-07-211-0/+6
| | | | | | | | | | CVE-2014-8180, CVE-2017-18381 and CVE-2017-2665 are not affecting our configuration so they can be safely ignored. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ed904e65418416a96ec199b2ed4b9c82f11f5b64) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-oe: ignore patched CVEsDavide Gardenal2022-07-219-0/+37
| | | | | | | | | | | Some old CVEs don't have a vulnerable version range in the NVD database, this causes come mismatch with cve-check. Ignore many CVEs that are picked up by the class but are patched in our products. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit efa12676dd0676fd0aa63457d7ba360fe8a6fae2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libplist: ignore patched CVEsDavide Gardenal2022-07-211-0/+6
| | | | | | | | | | | CVE-2017-5834, CVE-2017-5835 and CVE-2017-5836 are patched in our version of libplist but they don't have a vulnerable version range in the NVD database, that's why they need to be ignored. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 261465eb6e2bd8f83e6841f8e42e1fb1be6d1499) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openflow: ignore unrelated CVEsDavide Gardenal2022-07-181-0/+5
| | | | | | | CVE-2015-1611 and CVE-2015-1612 are not referred to our implementation of openflow as specified by the NVD database, ignore them. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* freeradius: ignore patched CVEsDavide Gardenal2022-07-181-0/+5
| | | | | | | | CVE-2002-0318 and CVE-2011-4966 are both patched in our version of freeradius. The CPE in the NVD database doesn't reflect correctly the vulnerable versions that's why they are incorrectly picked up. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* quagga: ignore CVE-2016-4049Davide Gardenal2022-07-181-0/+4
| | | | | | | | CVE-2016-4049 is not affecting our version, so we can ignore it. This is caused because the CPE in the NVD database doesn't specify a vulnerable version range. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* spice: ignore patched CVEsDavide Gardenal2022-07-181-0/+6
| | | | | | | | | | | The following CVEs are already patched so we can ignore them: - CVE-2016-0749 - CVE-2016-2150 - CVE-2018-10893 This is caused by inaccurate CPE in the NVD database. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* thrift: add CVE_PRODUCT to fix CVE reportingDavide Gardenal2022-07-181-0/+2
| | | | | | | | Without CVE_PRODUCT set to apache:thrift cve-check was catching CVEs form facebook:thrift that are not related with this product. Now the report is correct. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* wireshark: upgrade 3.4.11 -> 3.4.12Davide Gardenal2022-07-181-1/+1
| | | | | | | | | | | | This upgrade includes the following CVE fixes: - CVE-2021-4190 - CVE-2022-0581 - CVE-2022-0582 - CVE-2022-0583 - CVE-2022-0585 - CVE-2022-0586 Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* ntp: ignore many CVEsDavide Gardenal2022-07-181-1/+25
| | | | | | | | | cve-check is not able to correctly identify many of the patched CVEs because of the non standard version number. All the ignored CVEs were manually checked with the NVD database and deemed not applicable to the current version. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* openflow: ignore CVE-2018-1078Davide Gardenal2022-07-181-0/+4
| | | | | | | | CVE-2018-1078 is not for openflow but in the NVD database the CVE is for a specific implementation that we don't have so we can ignore it. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* usrsctp: add CVE_VERSION to correctly check for CVEsDavide Gardenal2022-07-181-0/+2
| | | | | | | | | | The current version of usrsctp is not a release so cve-check is not able to find the product version. CVE_VERSION is now set to 0.9.3.0 that is the nearest version in the past starting from the revision we have. This is done because we don't have the complete 0.9.4.0 release. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* zabbix: upgrade 5.2.6 -> 5.4.12Changqing Li2022-07-181-3/+3
| | | | | | | | | | This upgrade CVE fix: CVE-2022-24349 CVE-2022-24917 CVE-2022-24918 CVE-2022-24919 Signed-off-by: Changqing Li <changqing.li@windriver.com>