| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
(cherry picked from commit c1e7b0b993c294d52737e8e631badb5aaaefd2e3)
Backported: Changed CVE_CHECK_IGNORE to CVE_CHECK_WHITELIST
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0 that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 279fce2c87c990c942bcb2b72ea83a67e0d74170)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
escalation
Upstream-Status: Backport from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f37e5423da984b7dc721d52f04673d3afc0879a1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic
link (symlink) following.
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE
access to the EXTEND MIB provides the ability to run arbitrary commands as
root.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-15861
https://nvd.nist.gov/vuln/detail/CVE-2020-15862
Upstream patches:
https://github.com/net-snmp/net-snmp/commit/2b3e300ade4add03b889e61d610b0db77d300fc3
https://github.com/net-snmp/net-snmp/commit/9cfb38b0aa95363da1466ca81dd929989ba27c1f
https://github.com/net-snmp/net-snmp/commit/114e4c2cec2601ca56e8afb1f441520f75a9a312
https://github.com/net-snmp/net-snmp/commit/2968b455e6f182f329746e2bca1043f368618c73
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205
CVE-2020-15861-0005.patch is the actual fix for CVE-2020-15861 and
CVE-2020-15861-0001.patch through CVE-2020-15861-0004.patch are context
patches needed by the fix to apply cleanly.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: net-snmp.org
MR: 104509
Type: Security Fix
Disposition: Backport from https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
ChangeID: 206d822029d48d904864f23fd1b1af69dffc26c8
Description:
Fixes CVE-2019-20892 which affect net-snmp <= 5.8pre1
Had to fix up some file do to later code restructioning.
"int refcnt;" addition was done in include/net-snmp/library/snmpusm.h
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 96a63b1ecf321c9a63880a963ed257086998133b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, testcnx ptest fails due to expired CA certificates:
Test project /usr/lib64/freeDiameter/ptest
...
Start 10: testcnx
10/11 Test #10: testcnx ..........................***Failed 0.12 sec
...
<snip>
Command: "/usr/lib64/freeDiameter/ptest/testcnx"
Directory: /usr/lib64/freeDiameter/ptest
"testcnx" start time: Jun 17 10:52 UTC
Output:
----------------------------------------------------------
10:52:43 ERROR ERROR: Invalid parameter '(conn->cc_rcvthr != (pthread_t)((voidd
*)0))', 22
10:52:43 ERROR TLS: Remote certificate invalid on socket 6 (Remote: 'localhostt
.localdomain')(Connection: '{---T} TCP from [127.0.0.1]:57898 (4<-6)') :
10:52:43 ERROR - The certificate has expired.
10:52:43 ERROR TLS ERROR: in 'ret = gnutls_handshake(conn->cc_tls_para.sessionn
)' : Error in the certificate.
10:52:43 FATAL! testcnx.c:867: CHECK FAILED : fd_cnx_handshake(server_side, GNUU
TLS_SERVER, ALGO_HANDSHAKE_DEFAULT , NULL, NULL) == 16 != 0
10:52:43 FATAL! FAILED: testcnx.c
<end of output>
Test time = 0.02 sec
<snip>
Backport upstream patch [1] to fix this issue.
[1] http://www.freediameter.net/hg/freeDiameter/rev/eff5bb332b5a
This patch is present in version 1.4.0, so master is not affected.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed patches for 5.8 due to the following:
ERROR: net-snmp-5.8-r0 do_patch: Command Error: 'quilt --quiltrc .../net-snmp/5.8-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output:
Applying patch 0001-Add-pkg-config-support-for-building-applications-and.patch
patching file configure
...
Hunk #1 succeeded at 32248 with fuzz 2 (offset 1826 lines).
Hunk #2 FAILED at 31447.
1 out of 2 hunks FAILED -- rejects in file configure
...
Patch 0001-Add-pkg-config-support-for-building-applications-and.patch does not apply (enforce with -f)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9c3b872f846e0a2491fe8bf16ae38db82609938c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
$: devtool check-upgrade-status usrsctp
<...>
INFO: usrsctp git UNKNOWN_BROKEN None f4e14ab5e12187cb2cf1ddbdc0ee5555aead3f72
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Both STAGING_HOST_DIR and -fmacro-prefix-map path to WORKDIR were
encoded in the config.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
net-snmp/net-snmp-config.h:
- encodes type sizes
- encodes pathing into the libdir
net-snmp-config:
- encodes build configuration data and lib pathing.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
INFO: babeld, 1.9.1, 20110804, None, 794863e90f81ee38b9dddd72dfabcba634b2fc07
After this commit:
INFO: Skip package babeld (status = MATCH, current version = 1.9.1, next version = 1.9.1)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
version.h contains the configure options passed during the build
which differs between multilibs
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
version.h contains the options passed to configure, which includes
the path to the recipe-sysroot on the build host.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Open-LLDP provides a Link Layer Discovery Protocol agent that supports
DCB (Data Center Bridging). The tc utility from iproute is needed to
manipulate traffic control settings in the kernel.
Signed-off-by: Jonathan Richardson <jonathan.richardson@broadcom.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Package-owned tmpfiles snippets belong in /usr/lib/tmpfiles.d,
/etc/tmpfiles.d is for administrator customisations.
Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes a complaint from systemd on boot:
systemd-tmpfiles[393]: [/etc/tmpfiles.d/quagga.conf:1] Line
references path below legacy directory /var/run/, updating
/var/run/quagga → /run/quagga; please update the tmpfiles.d/ drop-in
file accordingly.
Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apple's default implementation of the Posix backend for mDNSResponder
has a number of weaknesses. Address several of them, most notably:
* Improve interface tracking, preventing confusion to mdns's state
machine. Prevents spurious removal/republication cycles whenever
network interfaces are added or removed.
* Support network interfaces whose indeces are great than 31. Indices
grow past that range surprisingly quickly, especially with multi-
homed, mobile, wifi, Bluetooth, VPN, VLANs, or other interfaces
present.
* Correctly handle edge cases during removal of a network interface.
The fixes are kept as a patch series for clarity.
Signed-off-by: Matt Hoosier <matt.hoosier@garmin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
replace host version of pod2man perl-native provides, helps in
improving reproducability
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It shows an warning of openl2tp in systemd log:
| /lib/systemd/system/openl2tpd.service:8: PIDFile= references a path
| below legacy directory /var/run/, updating /var/run/openl2tpd.pid →
| /run/openl2tpd.pid; please update the unit file accordingly.
Update the systemd service file to fix the warning.
Update SRC_URI as well that the homepage openl2tp.org has been closed.
Use archived file on sourceforge instead.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Avoid warning due to the class rename in OE-Core.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
musl does not support mDNS or NSS plugins.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Patch applied upstream removed.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The License of radiusclient is BSD-3-Clause and
BSD-2-Clause and HPND.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
The License of freediameter is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple quagga service files are causing the following type of message to
appear during boot:
/lib/systemd/system/zebra.service:10: PIDFile= references a path below legacy
directory /var/run/, updating /var/run/quagga/zebra.pid → /run/quagga/zebra.pid;
please update the unit file accordingly.
Update the service files included as part of the recipe to use /run instead of
/var/run as the PIDFile path.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove perl-lib since it had been removed by oe-core:
commit 68552c353255188de3d5b42135360a30e7eac535
Author: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Sun Dec 2 12:46:37 2018 +0100
perl: remove the previous version of the recipe
Now the files are in perl pacakge.
* Fix perl paths when perl is enabled.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Replace source zip ball with tarball for net-snmp to avoid zip bomb issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License checksum changed due to modified copyright years.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
It started as one recipe for the latest stable release and one
for the latest git, but after these became ancient release and
latest release it no longer made sense to have two recipees.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move net-snmp-config in which contains build path from
package net-snmp to net-snmp-dev.
It refers ubuntu, here are we got from Ubuntu 18.04
$ dpkg -c /var/cache/apt/archives/libsnmp-dev_5.7.3+dfsg-1.8ubuntu3.1_amd64.deb
drwxr-xr-x root/root 0 2018-10-15 22:16 ./usr/bin/
-rwxr-xr-x root/root 43797 2018-10-15 22:16 ./usr/bin/mib2c
-rwxr-xr-x root/root 8780 2018-10-15 22:16 ./usr/bin/mib2c-update
-rwxr-xr-x root/root 29427 2018-10-15 22:16 ./usr/bin/net-snmp-config
-rwxr-xr-x root/root 3688 2018-10-15 22:16 ./usr/bin/net-snmp-create-v3-user
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Removed patch was upstreamed.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Remove patch for issue fixed upstream.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A bit of an unholy mixture of MIT, BSD 3-clause,
and too old to really know BSD-style,
with a wide variety of copyright holders.
I'm open to better suggestions on how to handle this.
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| scapi.c: In function 'sc_encrypt':
| scapi.c:1256:5: error: 'pad_size' undeclared (first use in this function); did you mean 'dysize'?
| pad_size = pai->pad_size;
| ^~~~~~~~
| dysize
pad_size is defined only without --disable-des
[snip]
int pad, plast, pad_size = 0;
but used when disable-des
[snip]
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
pad_size = pai->pad_size;
memset(my_iv, 0, sizeof(my_iv));
if (USM_CREATE_USER_PRIV_DES == (pai->type & USM_PRIV_MASK_ALG)) {
/*
fix by move it into #ifndef NETSNMP_DISABLE_DES
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
net-snmp also installs net-snmp-config and gen-variables files
that need to have host paths stripped.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Inherit ptest for net-snmp to create ${PN}-ptest. Update run-ptest as
well to avoid only could be run in the same directory.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Readability.
The existing patterns allowed each pattern to be matched multiple times (with no
intevening spaces), but the "g" modifier achieves this anyway.
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
To avoid build host paths being written into binaries,
accept a null NETSNMP_CONFIGURE_OPTIONS from the environment.
Upstream-Status: Submitted https://sourceforge.net/p/net-snmp/patches/1384/
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't check for /etc/printcap on the build machine when cross-compiling.
Use AC_CHECK_FILE to set the cached variable ac_cv_file__etc_printcap instead.
When cross-compiling, this variable should be set in the environment to "yes" or
"no" as appropriate for the target platform.
I have taken the simple expedient of setting ac_cv_file__etc_printcap=no.
If this proves to be a problem, we can easily add a new variable, HAS_PRINTCAP.
Upstream-Status: Submitted https://sourceforge.net/p/net-snmp/patches/1385/
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
