summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
* wireshark: Fix CVE-2023-2906Hitendra Prajapati2023-12-042-0/+39
| | | | | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> (cherry picked from commit 919a2074586ff957362ae2dbd3438fa648bb9bee) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* traceroute: upgrade 2.1.2 -> 2.1.3Narpat Mali2023-11-161-1/+1
| | | | | | | | | | | | | | | This upgrade incorporates the CVE-2023-46316 fix. Changelog: ---------- - Fix command line parsing in wrappers. References: https://security-tracker.debian.org/tracker/CVE-2023-46316 https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/ Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* open-vm-tools: fix CVE-2023-34058Archana Polampalli2023-11-162-0/+242
| | | | | | | | | | | | | A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-34058 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 2.28.3 -> 2.28.5Yi Zhao2023-11-161-1/+1
| | | | | | | | | | This release includes security fix for CVE-2023-43615. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: Security fix CVE-2023-38802Yi Zhao2023-10-152-0/+140
| | | | | | | | | | | | | | | | CVE-2023-38802: FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-38802 Patch from: https://github.com/FRRouting/frr/commit/46817adab03802355c3cce7b753c7a735bdcc5ae Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: Fix CVE-2023-41358 and CVE-2023-41360Robert Yang2023-10-153-0/+143
| | | | | | | | | | | | Backport patches to fix CVE-2023-41358 and CVE-2023-41360. References: https://nvd.nist.gov/vuln/detail/CVE-2023-41358 https://nvd.nist.gov/vuln/detail/CVE-2023-41360 Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lldpd: upgrade 1.0.16 -> 1.0.17Meenali Gupta2023-10-151-1/+1
| | | | | | | | | | | | | | | | This release only contains bugfixes and security fixes. Highlighted bugfixes in 1.0.17:       Read overflow when parsing CDP addresses. Thanks to Matteo Memelli.       Don't output empty lines on configure commands. Changelog:       https://github.com/lldpd/lldpd/releases/tag/1.0.17 References:       https://nvd.nist.gov/vuln/detail/CVE-2023-41910 Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* netkit-telnet: Fix CVE-2022-39028Sanjay Chitroda2023-09-272-0/+54
| | | | | | | | | | | | | | | | | References: https://nvd.nist.gov/vuln/detail/CVE-2022-39028 https://security-tracker.debian.org/tracker/CVE-2022-39028 Upstream Patch: https://cgit.freebsd.org/src/commit/?id=6914ffef4e23 - Patch is adopted from FreeBSD, as same vulnerability of telnetd is applicable to FreeBSD and netkit-telnet packages. Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d629fe71e4242fc0557f5668d9f223777eb60a0f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpreplay: fix pcap detection with /usr/lib32 multilibMartin Jansa2023-09-062-4/+87
| | | | | | | | | | | | * use BPN, BP where useful * use prefix instead of hardcoding /usr * add patch to search also in lib32 subdir of --with-libpcap value to fix: checking for libpcap... configure: error: "Unable to find matching library for header file in TOPDIR/BUILD/work/raspberrypi4_64-oemllib32-linux-gnueabi/lib32-tcpreplay/4.4.4-r0/lib32-recipe-sysroot/usr" Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: upgrade 4.99.3 -> 4.99.4Wang Mingyu2023-09-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== Source code: ---------------- Fix spaces before tabs in indentation. Updated printers: ----------------- LSP ping: Fix "Unused value" warnings from Coverity. CVE-2023-1801: Fix an out-of-bounds write in the SMB printer. DNS: sync resource types with IANA. ICMPv6: Update the output to show a RPL DAO field name. Geneve: Fix the Geneve UDP port test. Building and testing: ---------------------- Require at least autoconf 2.69. Don't check for strftime(), as it's in C90 and beyond. Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21. Documentation: ------------- man: Document TCP flag names better. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2e782260d0b6018614dbdea95899a4a0921915e0) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: Security fix CVE-2023-3748Yi Zhao2023-08-312-0/+55
| | | | | | | | | | | | | | | | | | | | | CVE-2023-3748: A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-3748 Patch from: https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ee1026ab77dcb31b0f5cb723b4d998aab4c00382) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* open-vm-tools: Security fix CVE-2023-20867Yi Zhao2023-07-022-0/+164
| | | | | | | | | | | | | | | | CVE-2023-20867: A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-20867 Patch from: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: upgrade 2.28.2 -> 2.28.3Yi Zhao2023-06-281-1/+7
| | | | | | | | | | | Mbed TLS 2.28 is a long-time support branch. It will be supported with bug-fixes and security fixes until end of 2024. ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: upgrade 8.4.2 -> 8.4.4Yi Zhao2023-06-281-1/+1
| | | | | | | | | ChangeLog: https://github.com/FRRouting/frr/releases/tag/frr-8.4.4 https://github.com/FRRouting/frr/commit/45e36c0c00a517ad1606135b18c5753e210cfc0d Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpreplay: upgrade 4.4.3 -> 4.4.4Polampalli, Archana2023-06-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This release contains bug fixes only. The following CVEs have been addressed: CVE-2023-27783 CVE-2023-27784 CVE-2023-27785 CVE-2023-27786 CVE-2023-27787 CVE-2023-27788 CVE-2023-27789 Changelog: ========= dlt_jnpr_ether_cleanup: check subctx before cleanup by @Marsman1996 in #781 Bug #780 assert tcpedit dlt cleanup by @fklassen in #800 Fix bugs caused by strtok_r by @Marsman1996 in #783 Bug #782 #784 #785 #786 #787 #788 strtok r isuses by @fklassen in #801 Update en10mb.c by @david-guti in #793 PR #793 ip6 unicast flood by @fklassen in #802 Bug #719 fix overflow check for parse_mpls() by @fklassen in #804 PR #793 - update tests for corrected IPv6 MAC by @fklassen in #805 PR #793 - update tests for vlandel by @fklassen in #806 Feature #773 gh actions ci by @fklassen in #807 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix Multiple CVEsHitendra Prajapati2023-06-274-0/+224
| | | | | | | | | | Backport fixes for: * CVE-2023-0666 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/265cbf15a418b629c3c8f02c0ba901913b1c8fd2 * CVE-2023-0667 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a * CVE-2023-0668 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: CVE-2023-2952 XRA dissector infinite loopHitendra Prajapati2023-06-172-0/+99
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* system-config-printer: Delete __pycache__ filesKhem Raj2023-06-171-0/+9
| | | | | | | | | These pyc files include references to buildtime TMPDIR, therefore delete them and let them be regerated during runtime if needed. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b1b7ee87ac55fced4bcf88b0e374025d7f908731) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* system-config-printer: clean up DEPENDSRoss Burton2023-06-171-2/+2
| | | | | | | | | | | | Remove intltool-native as it is not used, and add autoconf-archive-native. Also explicitly disable systemd when not selected to be sure it doesn't automatically enable. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0713297ae90cdf6fc7339ebdcaf5f6f839bcd028) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix CVE-2023-2858 & CVE-2023-2879Hitendra Prajapati2023-06-153-0/+134
| | | | | | | | | Backport fixes for: * CVE-2023-2858 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/cb190d6839ddcd4596b0205844f45553f1e77105 * CVE-2023-2879 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Fix CVE-2023-2855 & CVE-2023-2856Hitendra Prajapati2023-06-073-0/+179
| | | | | | | | | Backport fixes for: * CVE-2023-2855 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/0181fafb2134a177328443a60b5e29c4ee1041cb * CVE-2023-2856 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/db5135826de3a5fdb3618225c2ff02f4207012ca Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vlan: Pass CFLAGS via CCFLAGSKhem Raj2023-05-281-1/+1
| | | | | | | | | | | | CCFLAGS is used in Make rules which will ensure file remapping options are used when compiling Fixes WARNING: vlan-1.9-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/vconfig.vlan in package vlan-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 26842ecc3b4811fd39a65c55af0711777f41fdbb) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* unbound: Remove references to buildpathsKhem Raj2023-05-281-0/+4
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9a06629463ebe8217a30011f9e94127a324d895c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curlpp: Remove references to buildpaths e.g. TMPDIRKhem Raj2023-05-282-1/+42
| | | | | | | | | Fixes WARNING: curlpp-0.8.1-r0 do_package_qa: QA Issue: File /usr/bin/curlpp-config in package curlpp-dev contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8257604b8ab05f7f6e5d0414a12a4aae84e99aaa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nbdkit: Remove buildpaths from binariesKhem Raj2023-05-283-40/+39
| | | | | | | | | | | Drop unused patch 0001-server-Fix-build-when-printf-is-a-macro.patch Fixes WARNING: nbdkit-1.33.11-r0 do_package_qa: QA Issue: File /usr/lib/nbdkit/plugins/nbdkit-cc-plugin.so in package nbdkit contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit da331ae8f1fccf3b542526f1caaa3834261434fa) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* frr: add CVE_PRODUCTChen Qi2023-05-281-0/+2
| | | | | | | | | The CVE_PRODUCT is frrouting in NVD database. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 10c7793832ec492da50c89889c5cdd114962b7a5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* spice-gtk: respect gobject-introspection-dataMartin Jansa2023-05-161-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * without gobject-introspection-data in DISTRO_FEATURES the bbclass correctly disables it: $ bitbake-getvar -r spice-gtk EXTRA_OEMESON # # $EXTRA_OEMESON [6 operations] # :append /OE/build/oe-core/openembedded-core/meta/classes-recipe/meson.bbclass:44 # " ${PACKAGECONFIG_CONFARGS}" # :prepend[class-target] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:28 # "${@['', '${GIRMESONTARGET}'][d.getVar('GIR_MESON_OPTION') != '']}" # :prepend[class-native] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:33 # "${@['', '${GIRMESONBUILD}'][d.getVar('GIR_MESON_OPTION') != '']}" # :prepend[class-nativesdk] /OE/build/oe-core/openembedded-core/meta/classes-recipe/gobject-introspection.bbclass:34 # "${@['', '${GIRMESONBUILD}'][d.getVar('GIR_MESON_OPTION') != '']}" # set /OE/build/oe-core/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb:49 # "-Dpie=true -Dvapi=enabled" # :append[libc-musl] /OE/build/oe-core/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb:50 # " -Dcoroutine=libucontext" # pre-expansion value: # "${@['', '${GIRMESONTARGET}'][d.getVar('GIR_MESON_OPTION') != '']}-Dpie=true -Dvapi=enabled ${PACKAGECONFIG_CONFARGS}" EXTRA_OEMESON="-Dintrospection=false -Dpie=true -Dvapi=enabled " and prevents build failure: http://errors.yoctoproject.org/Errors/Details/702789/ Run-time dependency gobject-introspection-1.0 found: NO (tried pkgconfig) ../git/meson.build:346:0: ERROR: Dependency "gobject-introspection-1.0" not found, tried pkgconfig * it just needs GIR_MESON_*_FLAG to be set to avoid: meson.build:4:0: ERROR: Value "false" (of type "string") for combo option "Check for GObject instrospection requirements" is not one of the choices. Possible choices are (as string): "enabled", "disabled", "auto". * and enable vapi only when introspection is enabled, use PACKAGECONFIG for that to avoid: meson.build:358:4: ERROR: Problem encountered: VAPI support requested without introspection Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-networking/licenses/netperf: remove unused licenseArsalan H. Awan2023-05-081-43/+0
| | | | | | | | | | | | This removes the old unused license for netperf as upstream moved to using the MIT license for netperf. See: meta-openembedded commit 587fe5877790b6c2e1d337c351b8f50603ad4db9 Signed-off-by: Arsalan H. Awan <arsalan.awan@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 27bdecd1bcf1fa86bf4ebbc527fceb455efe2970) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* freediameter: fix typo and old overide syntaxBergin, Peter2023-05-071-1/+1
| | | | | | | | | | | | A typo that probably caused a left over from override syntax conversion. INITSCRIPT_PARAMS$_${PN} --> INITSCRIPT_PARAMS:${PN} Signed-off-by: Peter Bergin <peter.bergin@windriver.com> Signed-off-by: Peter Bergin <peter@berginkonsult.se> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 77f031776ec9c9edb18e7323b17b697f5c52d5f5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nfacct: Update SRC_URI to point to valid URLKhem Raj2023-05-071-5/+3
| | | | | | | | Update UPSTREAM_CHECK_URI accordingly Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 88b295625df710014b67cd2a6bfbf2cbff8838a2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* radiusclient-ng: Point SRC_URI to archive.ubuntu.comKhem Raj2023-05-071-2/+1
| | | | | | | | This tarball is not available on debian ftp archive anymore Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fe62e64c973730da0e385ddbbab8cdc3217e0e69) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* rp-pppoe: Point SRC_URI to valid locationKhem Raj2023-05-071-1/+1
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2b2cc606ecc795e65d5b551ae30c8e0cef429bf9) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* netkit-ftp: Update to debian patch 34Khem Raj2023-05-071-5/+2
| | | | | | | | drop md5 SRC_URI checksums while here Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 29c80a7350a56b6f7c4e27ed5aa0747ca570d2fd) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ntp: whitelist CVE-2019-11331Peter Marko2023-05-071-0/+2
| | | | | | | | | | | | | | Links from https://nvd.nist.gov/vuln/detail/CVE-2019-11331 lead to conclusion that this is how icurrent ntp protocol is designed. New RFC is propsed for future but it will not be compatible with current one. See https://support.f5.com/csp/article/K09940637 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 648912f72d3d85ef43ba5114953794faa1572bdf) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-openemnedded: Add myself as mickledore maintainerArmin Kuster2023-04-092-17/+7
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* restinio: fix S variable in multilib buildsMartin Jansa2023-04-071-2/+2
| | | | | | | | * do_populate_lic as well as do_configure fails in multilib builds, because S points to empty: lib32-restinio/0.6.13-r0/lib32-restinio-0.6.13/dev Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libdnet: Upgrade to 1.16.3Khem Raj2023-04-064-20/+89
| | | | | | Fix build with upcoming autoconf 1.16.3 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Remove double protocol= from SRC_URIsPeter Kjellerstedt2023-04-051-1/+1
| | | | | | | | | | With the exception of paho-mqtt-cpp, the double protocol= attributes were added to the SRC_URIs when protocol=https was added to all SRC_URIs fetching from github.com in commit b402a3076f (recipes: Update SRC_URI branch and protocols). Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* autossh: Correct the license informationPeter Kjellerstedt2023-04-051-3/+2
| | | | | | | | | | Correct "startline=" to "beginline=" in LIC_FILES_CHKSUM so that the correct lines from autossh.c and daemon.h are used. Also remove autossh.spec from LIC_FILES_CHKSUM as it doesn't really contain any license information. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* samba: upgrade 4.18.0 -> 4.18.1Yi Zhao2023-04-041-1/+1
| | | | | | | | | | | | | Release Notes: https://www.samba.org/samba/history/samba-4.18.1.html This is a security release in order to address the following defects: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: upgrade 2.6.1 -> 2.6.2Wang Mingyu2023-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== dco: don't use NetLink to exchange control packets dco: print version to log if available dco-linux: remove M_ERRNO flag when printing netlink error message multi: don't call DCO APIs if DCO is disabled dco-freebsd: use m->instances[] instead of m->hash dco-linux: implement dco_get_peer_stats{, multi} API Set netlink socket to be non-blocking Ensure n = 2 is set in key2 struct in tls_crypt_v2_unwrap_client_key Fix memory leaks in open_tun_dco() Fix memory leaks in HMAC initial packet generation Use key_state instead of multi for tls_send_payload parameter Make sending plain text control message session aware Only update frame calculation if we have a valid link sockets Improve description of compat-mode Simplify --compress parsing in options.c Refuse connection if server pushes an option contradicting allow-compress Add 'allow-compression stub-only' internally for DCO Parse compression options and bail out when compression is disabled tests/unit_tests: Fix 'make distcheck' with subdir-objects enabled preparing release 2.6.2 dns option: allow up to eight addresses per server dco: print FreeBSD version Support --inactive option for DCO Fix '--inactive <time> 0' behavior for DCO Print DCO client stats on SIGUSR2 Don't overwrite socket flags when using DCO on Windows using OpenSSL3 API for EVP PKEY type name reporting Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded form Import some sample certificates into Windows store for testing Add tests for finding certificates in Windows cert store Refactor SSL_CTX_use_CryptoAPI_certificate() Add a test for signing with certificates in Windows store Unit tests: add test for SSL_CTX_use_Cryptoapi_certificate() Improve error message on short read from socks proxy Make error in setting metric for IPv6 interface non-fatal Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ndisc6: upgrade 1.0.6 -> 1.0.7Wang Mingyu2023-04-041-1/+1
| | | | | | | | | | Changelog: ========= # Do not ignore multicast advertisements when discovery was sent as unicast (fix regression from 1.0.5). Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libldb: upgrade 2.7.1 -> 2.7.2Wang Mingyu2023-04-041-2/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fwknop: Fix AS_IF configure syntaxKhem Raj2023-04-022-11/+32
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fwknop: Use pkg-config instead of gpgme-configKhem Raj2023-04-022-1/+29
| | | | | | pkg-config is sysroot aware which is needed for cross-builds Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dnsmasq: fix CVE-2023-28450Peter Marko2023-03-252-0/+49
| | | | | | | | The patch is modified by removing irrelevant and conflicting CHANGELOG entry. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* adcli: upgrade 0.9.0 -> 0.9.2Wang Mingyu2023-03-233-70/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 0001-configure-check-for-ns_get16-and-ns_get32-as-well.patch Fixed-build-error-on-musl.patch removed since they're included in 0.9.2. Changelog: ========== - adenroll: set password via LDAP instead Kerberos [#27] - disco: fall back to LDAPS if CLDAP ping was not successful [#31] - tools: replace getpass() [#10] - adenroll: write SID before secret to Samba's db [rhbz#1991619] - doc: add clarification to add-member command on doc/adcli.xml - tools: Set umask before calling mkdtemp() - Avoid undefined behaviour in short option parsing - library: include endian.h for le32toh - man: Fix typos and use consistent upper case for some keywords - doc: avoid gnu-make specific usage of $< [#26] - configure: check for ns_get16 and ns_get32 as well [rhbz#1984891] - Add setattr and delattr options [rhbz#1690920] - entry: add passwd-user sub-command [rhbz#1952828] - Add dont-expire-password option [rhbz#1769644] - build: add --with-vendor-error-message configure option [rhbz#1889386] - tools: add show-computer command [rhbz#1737342] - add description option to join and update [rhbz#1737342] - Use GSS-SPNEGO if available [rhbz#1762420] - add option use-ldaps [rhbz#1762420] - tools: disable SSSD's locator plugin [rhbz#1762633] - doc: explain required AD permissions [gfo#20] - computer: add create-msa sub-command [rhbz#1854112} - Add account-disable option [gfo#21] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: upgrade 1.33.10 -> 1.33.11Wang Mingyu2023-03-231-2/+2
| | | | | | | | License-Update: "Copyright (C) 2013-2020 Red Hat Inc." changed to "Copyright Red Hat" Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ettercap: Update Upstream-StatusFabio Estevam2023-03-231-1/+1
| | | | | | | | The patch has been applied upstream, so update the Upstream-Status line accordingly. Signed-off-by: Fabio Estevam <festevam@denx.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ettercap: Fix build with libcurl >= 8Khem Raj2023-03-232-1/+40
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>