summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
* wireshark: fix CVE-2023-6175dunfell-nextdunfellHitendra Prajapati2024-04-252-0/+247
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Backport fix for CVE-2024-2955Ashish Sharma2024-04-252-0/+53
| | | | | | | Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/6fd3af5e999c71df67c2cdcefb96d0dc4afa5341] Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix for CVE-2023-4511Vijay Anusuri2024-04-252-0/+82
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/ef9c79ae81b00a63aa8638076ec81dc9482972e9 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: Backport fix for CVE-2023-50269Vijay Anusuri2024-03-032-0/+63
| | | | | | | | | | | | import patch from ubuntu to fix CVE-2023-50269 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa Upstream commit https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: Fix for CVE-2023-49285 and CVE-2023-49286Vijay Anusuri2024-03-033-0/+124
| | | | | | | | | | Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b & https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: backport Debian patch for CVE-2023-46728 and CVE-2023-46846Vijay Anusuri2024-03-034-0/+1934
| | | | | | | | | | | | | | | | | import patches from ubuntu to fix CVE-2023-46728 CVE-2023-46846 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa Upstream commit https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 & https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270 & https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Backport fix for CVE-2023-1992Ashish Sharma2024-03-032-0/+63
| | | | | | | | RPCoRDMA: Frame end cleanup for global write offsets Upstream-Status: Backport from [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff57413] Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: fix CVE-2024-0208 GVCP dissector crashHitendra Prajapati2024-03-032-0/+43
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* proftpd: Fix CVE-2023-51713 Out-of-bounds buffer readHitendra Prajapati2024-01-162-0/+279
| | | | | | | Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Backport fix for CVE-2023-41913Vijay Anusuri2024-01-162-0/+47
| | | | | | | | | Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.3.0-5.9.6_charon_tkm_dh_len.patch] Reference: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) ↵vkumbhar2023-12-172-0/+53
| | | | | | | | | dissector infinite loops Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authenticationvkumbhar2023-12-172-0/+48
| | | | | | | Upstream-Status: Backport from https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3 Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samba: fix CVE-2023-42669 denial of serviceHitendra Prajapati2023-12-172-0/+94
| | | | | | | Upstream-Status: Backport from https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* traceroute: upgrade 2.1.0 -> 2.1.3Vijay Anusuri2023-12-171-2/+1
| | | | | | | | | | | | | | | | | | This upgrade incorporates the CVE-2023-46316 fix and other bug fixes. Changelog: ---------- - Interpret ipv4-mapped ipv6 addresses (::ffff:A.B.C.D) as true ipv4. - Return back more robast poll(2) loop handling. - Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1 (Eric Dumazet, SF bug #14) - Fix command line parsing in wrappers. References: https://security-tracker.debian.org/tracker/CVE-2023-46316 https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/ Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openflow: ignore CVE-2018-1078Davide Gardenal2023-12-171-0/+4
| | | | | | | | | | | | CVE-2018-1078 is not for openflow but in the NVD database the CVE is for a specific implementation that we don't have so we can ignore it. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> (cherry picked from commit c1e7b0b993c294d52737e8e631badb5aaaefd2e3) Backported: Changed CVE_CHECK_IGNORE to CVE_CHECK_WHITELIST Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* usrsctp: add CVE_VERSION to correctly check for CVEsDavide Gardenal2023-12-171-0/+2
| | | | | | | | | | | | | | The current version of usrsctp is not a release so cve-check is not able to find the product version. CVE_VERSION is now set to 0.9.3.0 that is the nearest version in the past starting from the revision we have. This is done because we don't have the complete 0.9.4.0 release. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 279fce2c87c990c942bcb2b72ea83a67e0d74170) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix CVE-2022-0585-CVE-2023-2879Hitendra Prajapati2023-12-172-0/+94
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/8d3c2177793e900cfc7cfaac776a2807e4ea289f && https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix CVE-2023-3649Hitendra Prajapati2023-11-122-0/+232
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/75e0ffcb42f3816e5f2fdef12f3c9ae906130b0c Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix CVE-2023-2906Hitendra Prajapati2023-09-192-0/+39
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* quagga: CVE-2021-44038 unsafe chown/chmod operations may lead to privileges ↵Hitendra Prajapati2023-07-142-1/+118
| | | | | | | | | escalation Upstream-Status: Backport from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ntp: backport patch for 5 CVEs CVE-2023-26551/2/3/4/5Hitendra Prajapati2023-07-142-1/+349
| | | | | | | | | | | | | | | | | | | | | Upstream-Status: Backport from https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch Patch taken from https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch It is linked as official patch for p15 in: - https://www.ntp.org/support/securitynotice/ntpbug3807/ - https://www.ntp.org/support/securitynotice/ntpbug3806/ Small adaptation to build is needed because of how tests are built. Backport fixes for: CVE: CVE-2023-26551 CVE: CVE-2023-26552 CVE: CVE-2023-26553 CVE: CVE-2023-26554 CVE: CVE-2023-26555 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix CVE-2023-0667 & CVE-2023-0668Hitendra Prajapati2023-07-144-0/+255
| | | | | | | | | Backport fixes for: * CVE-2023-0667 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/35418a73f7c9cefebe392b1ea0f012fccaf89801 && https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a * CVE-2023-0668 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix Multiple CVEsHitendra Prajapati2023-07-145-2/+382
| | | | | | | | | | | Backport fixes for: * CVE-2023-2855 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/0181fafb2134a177328443a60b5e29c4ee1041cb * CVE-2023-2856 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/db5135826de3a5fdb3618225c2ff02f4207012ca * CVE-2023-2858 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/cb190d6839ddcd4596b0205844f45553f1e77105 * CVE-2023-2952 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: upgrade 2.4.9 -> 2.4.12Hugo SIMELIERE2023-05-031-2/+2
| | | | | | | | | Fixes below CVEs: * CVE-2022-0547 * CVE-2020-15078 Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlistHugo SIMELIERE2023-05-031-0/+3
| | | | | | | | | | | CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (upstream from commit d49e96aac4616c439a2d778b95a793037dac884e) Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: fix CVE-2023-28450 default maximum EDNS.0 UDP packet size was set ↵vkumbhar2023-04-062-0/+64
| | | | | | | | | | | to 4096 but should be 1232 Set the default maximum DNS UDP packet size to 1232. http://www.dnsflagday.net/2020/ refers. Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer ExceptionHitendra Prajapati2023-02-222-0/+117
| | | | | | | Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postfix: upgrade 3.4.23 -> 3.4.27Yi Zhao2023-01-191-1/+1
| | | | | | | | Changelog: http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.4.27.HISTORY Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* proftpd: CVE-2021-46854 memory disclosure to radius serverHitendra Prajapati2023-01-192-0/+52
| | | | | | Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
* strongswan: Fix CVE-2022-40617Ranjitsinh Rathod2022-11-252-0/+211
| | | | | | | | | | | | | Add a patch to fix CVE-2022-40617 issue which allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. Link: https://nvd.nist.gov/vuln/detail/CVE-2022-40617 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* [dunfell] wireguard: Upgrade to 1.0.20220627 (module) and 1.0.20210914 (tools)Colin Finck2022-10-305-93/+25
| | | | | | | | | | | | Quoting Jason A. Donenfeld on IRC: <zx2c4> Colin_Finck: you should never, ever use old versions <zx2c4> Notice that neither the major nor minor version numbers change <zx2c4> Use the latest versions on your LTS With that definite answer, I'd like to fix the problem described in https://lore.kernel.org/yocto/CswA.1659543156268567471.pbrp@lists.yoctoproject.org/ by importing the latest versions instead of maintaining our own fork of wireguard 1.0.20200401. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* networkmanager: Update to 1.22.16Mathieu Dubois-Briand2022-10-301-1/+2
| | | | | | | | Update network manager stable branch to last version, allowing to fix CVE-2020-10754. Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: CVE-2022-0934 Heap use after free in dhcp6_no_relayHitendra Prajapati2022-10-302-0/+189
| | | | | | | | | | | | Source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git MR: 121726 Type: Security Fix Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39 ChangeID: be554ef6ebedd7148404ea3cc280f2e42e17dc8c Description: CVE-2022-0934 dnsmasq: Heap use after free in dhcp6_no_relay. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
* cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an ↵Hitendra Prajapati2022-07-162-0/+84
| | | | | | | | | | | | | | | attacker to execute arbitrary SQL commands Source: https://github.com/cyrusimap/cyrus-sasl MR: 118501 Type: Security Fix Disposition: Backport from https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc ChangeID: 5e0fc4c28d97b498128e4aa5d3e7c012e914ef51 Description: CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bridge-utils: Switch to use the main branchMingli Yu2022-06-151-1/+1
| | | | | | | | | Fix the below do_fetch warning: WARNING: bridge-utils-1.7-r0 do_fetch: Failed to fetch URL git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/bridge-utils.git, attempting MIRRORS if available Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Add fix for CVE-2018-16301Riyaz Ahmed Khan2022-05-252-0/+112
| | | | | | | | | | | | | Add patch for CVE issue: CVE-2018-16301 Link: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Upstream-Status: Pending Issue: MGUBSYS-5370 Change-Id: I2aac084e61ba9d71ae614a97b4924eaa60328b79 Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* atftp: Add fix for CVE-2021-41054 and CVE-2021-46671Ranjitsinh Rathod2022-05-253-0/+161
| | | | | | | | | | Add patches to fix CVE-2021-41054 and CVE-2021-46671 issues Link: https://nvd.nist.gov/vuln/detail/CVE-2021-41054 Link: https://nvd.nist.gov/vuln/detail/CVE-2021-46671 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* geoip: Switch to use the main branchMingli Yu2022-04-181-1/+1
| | | | | | | | | | | Fix the below do_fetch warning: WARNING: geoip-1.6.12-r0 do_fetch: Failed to fetch URL git://github.com/maxmind/geoip-api-c.git, attempting MIRRORS if available Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit df3ef158347072a409b4e276a9dab8c2e89350ec) [Fix up for dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266Akash Hadke2022-03-272-1/+39
| | | | | | | | | | Add below patch to fix CVE-2020-24265 and CVE-2020-24266 CVE-2020-24265-and-CVE-2020-24266.patch Link: https://github.com/appneta/tcpreplay/commit/d3110859064b15408dbca1294dc7e31c2208504d Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Add fix of CVE-2021-45079Ranjitsinh Rathod2022-02-132-0/+157
| | | | | | | | Add a patch to fix CVE-2021-45079 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Update to 3.2.18Armin Kuster2022-01-262-2/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: wireshark.org MR: 114425, 114409, 114441, 114269, 114417, 114311, 114449 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 8663cdebb2f10ee84817e5199fa3be0acb715af9 Description: This is a bugfix only update. Addresses these CVES: wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929. wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925. wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924. wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684. CVE-2021-39920, CVE-2021-39923. wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922. wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928. wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921. Signed-off-by: Armin Kuster <akuster@mvista.com> --- V2] Fixes: /build/run/lemon: Exec format error revert "cmake: lemon: fix path to internal lemon tool" so the wireshark-native version is instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Fix for CVE-2021-41990 and CVE-2021-41991Virendra Thakur2022-01-223-0/+105
| | | | | | | Add patch to fix CVE-2021-41990 and CVE-2021-41991 Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* netcat: Set CVE_PRODUCTAndre Carvalho2022-01-111-0/+2
| | | | | | | | | | | | | | | | | | | | | | | This way yocto cve-check can find open CVE's. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html "Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/products/cpe/search/results?keyword=netcat&status=FINAL&orderBy=CPEURI&namingFormat=2.3 Signed-off-by: Andre Carvalho <andrestc@fb.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postfix: upgrade 3.4.12 -> 3.4.23Yi Zhao2021-12-311-2/+2
| | | | | | | Changelog: http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.20.HISTORY Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* postfix: fix build with glibc 2.34Yi Zhao2021-12-312-0/+47
| | | | | | | | | | | | | | | | | | Backport a patch to fix build against glibc 2.34 (e.g. on Fedora 35) Fixes: | In file included from attr_clnt.c:88: | /usr/include/unistd.h:363:13: error: conflicting types for ‘closefrom’; have ‘void(int)’ | 363 | extern void closefrom (int __lowfd) __THROW; | | ^~~~~~~~~ | In file included from attr_clnt.c:87: | ./sys_defs.h:1506:12: note: previous declaration of ‘closefrom’ with type ‘int(int)’ | 1506 | extern int closefrom(int); | | ^~~~~~~~~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* dovecot: refresh patchesstable/dufell-nutArmin kuster2021-12-273-22/+18
| | | | Signed-off-by: Armin kuster <akuster808@gamil.com>
* dovecot: Fix CVE-2020-12674sana kazi2021-12-032-0/+31
| | | | | | | | | | Added patch for CVE-2020-12674 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dovecot: Fix CVE-2020-12673sana kazi2021-12-032-0/+38
| | | | | | | | | | Added patch for CVE-2020-12673 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dovecot: Fix CVE-2020-12100sana kazi2021-12-0315-0/+1264
| | | | | | | | | | Added patches to fix CVE-2020-12100 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update SRC_URI branch and protocolsArmin Kuster2021-11-1753-56/+56
| | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-21 20:51:57 +0000