summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
...
* memcached: upgrade 1.6.17 -> 1.6.33Peter Marko2024-12-203-116/+10
| | | | | | | | | Solves CVE-2023-46852 and CVE-2023-46853. Upgrade done via "devtool upgrade". Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* memcached: add UPSTREAM_CHECK_URIPeter Marko2024-12-201-0/+2
| | | | | | | | Download URL is not listable so devtool upgrade fails. Using homepage works as it contains link to latest release, Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* memcached: ignore disputed CVE-2022-26635Peter Marko2024-12-191-0/+2
| | | | | | | | | | | | | | Per [1] this is a problem of applications using memcached inproperly. This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. php-memcached and libmemcached provide a VERIFY_KEY flag if they're too lazy to filter untrusted user input. [1] https://github.com/php-memcached-dev/php-memcached/issues/519 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice-gtk: mark CVE-2012-4425 as fixedPeter Marko2024-12-191-0/+2
| | | | | | | | | | It is fixed by [1] since 0.15.3. NVD tracks this CVE as version-less. [1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice: ignore CVE-2016-0749Peter Marko2024-12-191-0/+1
| | | | | | | | | | | NVD tracks this as version-less CVE for spice. It was fixed by [1] and [2] included in 0.13.2. [1] https://gitlab.freedesktop.org/spice/spice/-/commit/6b32af3e1746988bb5a5123263bcf61b65e5be7e [2] https://gitlab.freedesktop.org/spice/spice/-/commit/359ac42a7ac02dcd1013757559292006647cd5c4 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* stunnel: upgrade 5.73 -> 5.74Wang Mingyu2024-12-192-5/+5
| | | | | | | | | | | | | | | fix-openssl-no-des.patch refreshed for 5.74 * Bugfixes - Fixed a stapling cache deallocation crash. - Fixed "redirect" with protocol negotiation. * Features - "protocolHost" support for "socks" protocol clients. - More detailed logs in OpenSSL 3.0 or later. Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mctp: upgrade 2.0 -> 2.1Chanh Nguyen2024-12-161-1/+1
| | | | | Signed-off-by: Chanh Nguyen <chanh@os.amperecomputing.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bridge-utils: add CVE_PRODUCTBenjamin Bouvier2024-12-131-0/+2
| | | | | | | | Add exact CPE name (from NVD database) in CVE_PRODUCT in order to ensure CVE filtering and not be disturb by futur potential false-positive CVEs. Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* proftpd: set status of CVE-2001-0027Peter Marko2024-12-101-0/+2
| | | | | | | | | | | | | | | | | | | This ancient CVE [1] is unversioned ("*") in NVD DB. "mod_sqlpw module in ProFTPD does not reset a cached password..." Looking at history and changelog, the module was removed [2] around the time when this CVE was published, likely as reaction to this CVE. "mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the distribution. They are currently unmaintained and have numerous bugs." Note: It was later re-introduced as mod_sql when it got fixed under new maintainer. [1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027 [2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openhpi: explicitly disable ov-rest pluginMartin Jansa2024-12-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | * since elfutils upgrade to 0.192 in: https://git.openembedded.org/openembedded-core/commit/?id=1d6ac3c811798732e6addc798656bbe104661d77 json-c is detected in RSS and ov-rest plugin gets enabled, but fails to build: ../../../openhpi-3.8.0/plugins/ov_rest/ov_rest_event.c:78:10: fatal error: amqp_ssl_socket.h: No such file or directory    78 | #include <amqp_ssl_socket.h>       |          ^~~~~~~~~~~~~~~~~~~ compilation terminated. ../../../openhpi-3.8.0/plugins/ov_rest/ov_rest_re_discover.c:707:23: error: initialization of 'SaErrorT' {aka 'int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]   707 |         SaErrorT rv = NULL;       |                       ^~~~ * keep it explicitly disabled as it was disabled before * add rabbitmq-c dependency for the first issue, the 2nd issue could be worked around by: # openhpi-3.8.0/plugins/ov_rest/ov_rest_re_discover.c:707:23: error: initialization of 'SaErrorT' {aka 'int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion] CFLAGS += "-Wno-error=int-conversion" or better fixed properly by someone actually using this recipe Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ot-br-posix: Fix Musl build errordeepan.shivap2024-12-032-3/+28
| | | | | | | | | | | | | Mistakenly removed musl-fixes.patch in previous commit. update & Include 0001-Musl-build-fix.patch based on latest upstream of ot-br-posix Remove CXXFLAGS:append:libc-musl:toolchain-clang = " -Wno-error=sign-compare -Wno-error=unused-but-set-variable", as issue is not reproducible with current SRCREV of ot-br-posix. Signed-off-by: deepan.shivap <deepan.shivap@lge.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireshark: use inherit_defer for conditional casesGhislain Mangé2024-12-031-1/+1
| | | | | | | | | | | Conditionnal inherit may be missed when PACKAGECONFIG qt5 is activated after this inherit, eg in .bbappend. see patch [0] [0]: https://lists.openembedded.org/g/bitbake-devel/message/16815 Reviewed-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireshark: fix Qt5/6 configurationGhislain Mangé2024-12-031-1/+1
| | | | | | | | | | | | Wireshark is built with Qt6 by default when Qt is enabled. Forcibly disable Qt6 in our Qt5 PACKAGECONFIG Github issue: https://github.com/openembedded/meta-openembedded/issues/844 Reported-by: Ludovic Jozeau <ludovic.jozeau@smile.fr> Reviewed-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ot-br-posix: Fix GCC-14 build errordeepan.shivap2024-11-293-32/+295
| | | | | | | | | | | | | | GCC 14 compiler uses -fvisibility-inlines-hidden by default and it creates visibility conflicts. Add 0001-fix-build-on-GCC-14-for-yocto.patch file to resolve build error. Remove musl-fixes.patch, not applicable for latest Upstream. Update SRCREV to latest Upstream. Signed-off-by: deepan.shivap <deepan.shivap@lge.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: Bump to the newest stable repoMarcin Nowakowski2024-11-272-0/+71
| | | | | | | | | | | | | | | | Recently, the official nbdkit repo has been changed: from https://github.com/libguestfs/nbdkit into https://gitlab.com/nbdkit/nbdkit Additionally, the newest stable tag version is v1.40.4. The patch used with version 1.33.11 is also copied and modified to support the latest changes. The version 1.33.11 is not removed for reference purposes. It was tested with one of openbmc images. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mdns: Upgrade 2559.1.1 -> 2559.40.32Alex Kiernan2024-11-271-2/+2
| | | | | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta: Add SECURITY.md file to all layersKhem Raj2024-11-231-0/+20
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dovecot: Upgrade to 2.3.21.1Khem Raj2024-11-232-1/+26
| | | | | | Fix build with icu-76.x while here Signed-off-by: Khem Raj <raj.khem@gmail.com>
* keepalived: Backport fix to build with muslKhem Raj2024-11-222-0/+35
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpdump: add CVE_PRODUCTBenjamin Bouvier2024-11-211-0/+2
| | | | | | | Add exact CPE name in CVE_PRODUCT. Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* net-snmp: add CVE_PRODUCTBenjamin Bouvier2024-11-211-0/+2
| | | | | | | Add exact CPE name in CVE_PRODUCT. Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* keepalived: Upgrade to 2.3.2Khem Raj2024-11-192-5/+3
| | | | | | | | | Changes are https://www.keepalived.org/release-notes/Release-2.3.0.html https://www.keepalived.org/release-notes/Release-2.3.1.html https://www.keepalived.org/release-notes/Release-2.3.2.html Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openvpn: add ptest supportJiaying Song2024-11-193-2/+52
| | | | | | | | | | | | | | | | | | | | | | | | | All test cases PASS. Add openvpn to PTESTS_SLOW because test duration longer than 30s Below is parts of the run log: [==========] xkey provider tests: Running 3 test(s). [ RUN ] xkey_provider_test_fetch [ OK ] xkey_provider_test_fetch [ RUN ] xkey_provider_test_mgmt_sign_cb [ OK ] xkey_provider_test_mgmt_sign_cb [ RUN ] xkey_provider_test_generic_sign_cb [ OK ] xkey_provider_test_generic_sign_cb [==========] xkey provider tests: 3 test(s) run. [ PASSED ] 3 test(s). PASS: provider_testdriver The files t_client.sh.in and t_cltsrv.sh were not added because they require specific environment configuration files. It is recommended that users configure these based on their environment before testing. Since the recipe enables iproute2, the condition for t_net.sh based on HAVE_SITNL is not met, so t_net.sh will not be included in the build. Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* blueman: inherit cython classRoss Burton2024-11-191-2/+2
| | | | | | | | Use the new cython class to avoid duplicated fixup code to remove build paths. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ebtables: Remove the dependecy on bashPeter Kjellerstedt2024-11-192-12/+9
| | | | | | | Rewrite ebtables-legacy-save to avoid using bashisms. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: handle CVE-2024-45802Peter Marko2024-11-191-2/+3
| | | | | | | | | | | | | | | | | | | | | According to [1] the ESI implementation in squid feature is vulnerable without any fix available. NVD says it's fixed in 6.10, however the change in this release only disables ESI by default (which we always did via PACKAGECONFIG). This means CVE report would say Patched even if the vulnerability is still present if someone adapts squid PACKAGECONFIG. Commit in master branch related to this CVE is [2]. Title is "Remove Edge Side Include (ESI) protocol" and it's also what it does. So there will never be a fix for these ESI vulnerabilities. Based on this, remove vulnerable ESI PACKAGECONFIG already now. [1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj [2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 6.10 -> 6.12Peter Marko2024-11-192-2/+58
| | | | | | | | | License-Update: copyright year updated Add patch to fix new build failure from release tarball. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mosquitto: upgrade 2.0.19 -> 2.0.20Wang Mingyu2024-11-051-1/+1
| | | | | | | | | | | | | | | | | | | | Changelog: ========== Broker: - Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers". Closes #3128. - Open files with appropriate access on Windows. - Don't allow invalid response topic values. - Fix some strict protocol compliance issues. Client library: - Fix cmake build on OS X. Build: - Fix build on NetBSD Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libdaq: upgrade 3.0.16 -> 3.0.17Wang Mingyu2024-11-051-1/+1
| | | | | | | | | | Changelog: ========== - daq_netmap: Fix build on Linux with non-system headers - example: support snap encapsulation Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* unbound: update to latest to fix occasional build failureMartin Jansa2024-11-051-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | buildhistory-diff shows few new files in testdata: packages/core2-64-oe-linux/unbound/unbound-ptest: FILELIST: added " /usr/lib/unbound/ptest/tests/testdata/rpz_val_block.rpl /usr/lib/unbound/ptest/tests/testdata/serve_expired_ttl_reset.rpl /usr/lib/unbound/ptest/tests/testdata/val_negcache_ttl_prefetch.rpl /usr/lib/unbound/ptest/tests/testdata/val_negcache_ttl.rpl /usr/lib/unbound/ptest/tests/testdata/iter_max_global_quota.rpl /usr/lib/unbound/ptest/tests/testdata/iter_unverified_glue.rpl /usr/lib/unbound/ptest/tests/testdata/serve_expired_val_bogus.rpl /usr/lib/unbound/ptest/tests/testdata/iter_unverified_glue_fallback.rpl /usr/lib/unbound/ptest/tests/testdata/serve_expired_client_timeout_val_bogus.rpl /usr/lib/unbound/ptest/tests/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl /usr/lib/unbound/ptest/tests/testdata/dns64_prefetch_cache.rpl" wasn't tested in runtime, I don't use it, I just wanted to get rid of random build failure from world builds (happens at least since kirkstone which has 1.15.0). Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mdns: Upgrade 2200.140.11 -> 2559.1.1Alex Kiernan2024-10-306-12/+87
| | | | | | | | | | Add local fixes for: * definition for MAX() * missing `limit` declarations Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mctp: Fix build errors with clang19 + muslChanh Nguyen2024-10-281-1/+1
| | | | | Signed-off-by: Chanh Nguyen <chanh@os.amperecomputing.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: upgrade 3.6.1 -> 3.6.2Yi Zhao2024-10-211-1/+1
| | | | | | | | | | | ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2 Security Fix: CVE-2024-49195 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mctp: upgrade 1.1 -> 2.0Chanh Nguyen2024-10-181-1/+5
| | | | | Signed-off-by: Chanh Nguyen <chanh@os.amperecomputing.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireguard-tools: fix do_fetch errorJiaying Song2024-10-181-1/+1
| | | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mosquitto: upgrade 2.0.18 -> 2.0.19Fabrice Aeschbacher2024-10-173-50/+1
| | | | | | | | | | | - Solves CVE-2024-8376 - removed 1571.patch and 2894.patch, already applied in v2.0.19 https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nng: Rename default branch of github.com:nanomsg/nng.gitJeroen Knoops2024-10-171-1/+1
| | | | | | | | Default branch is renamed from `master` to `main`. Commitshas are the same. Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mdio-tools: RRECOMMENDS the kernel moduleAlban Bedel2024-10-161-1/+1
| | | | | | | | | The mdio-tools package RDEPENDS on `kernel-module-mdio-netlink` but this package doesn't exists if the module is built into the kernel. Use RRECOMMENDS instead as is usually done with kernel modules. Signed-off-by: Alban Bedel <alban.bedel@aerq.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* open-vm-tools: upgrade 12.4.5 -> 12.5.0Yi Zhao2024-10-131-2/+2
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* unbound: Upgrade to 1.21.1Khem Raj2024-10-131-2/+2
| | | | | | | Disable rpaths we are cross building and paths on target will be the usual locations e.g. /usr/lib Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ndisc6: Fix reproducible buildKhem Raj2024-10-102-0/+86
| | | | | | | | | | includes the CFLAGS used to build the package in the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the absolute build path via (eg.) the -ffile-prefix-map flag. Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nftables: upgrade 1.1.0 -> 1.1.1Yi Zhao2024-10-071-1/+1
| | | | | | | | ChangeLog: https://www.netfilter.org/projects/nftables/files/changes-nftables-1.1.1.txt Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libnftnl: upgrade 1.2.7 -> 1.2.8Yi Zhao2024-10-071-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* firewalld: upgrade 1.3.2 -> 2.2.1Richard Tollerton2024-10-071-3/+4
| | | | | | | | | | | | | | | | | Major/minor release changelogs: - https://firewalld.org/2023/06/firewalld-2-0-0-release - https://firewalld.org/2024/01/firewalld-2-1-0-release - https://github.com/firewalld/firewalld/releases/tag/v2.2.0 (dunno why the website wasn't updated) Stop trying to rewrite /etc/firewalld/*.xml. It appears to be for the sake of /etc/firewalld/lockdown-whitelist.xml, which is not being installed anymore. Add RDEPENDS+=bash. Used by /usr/lib/firewalld/xmlschema/check.sh; adding to avoid a QA failure. Signed-off-by: Rich Tollerton <rich.tollerton@ni.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* non-repro-meta-networking: update known non-reproducible listYoann Congal2024-10-071-0/+2
| | | | | | | | | Add ncp, ncp-dbg: symbols are not sorted the same way from: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/46/steps/28/logs/stdio Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* non-repro-meta-networking: update known non-reproducible listYoann Congal2024-10-021-0/+3
| | | | | | | | | | | Add: * ntopng: date in version * opensaf: build host hostname in /etc/ files from: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/45/steps/28/logs/stdio Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wireshark: fix typo in PACKAGECONFIG[zstd]Ghislain Mangé2024-10-021-1/+1
| | | | | | | | | | | | | | | ENABLE_STTD is a typo, correct option is ENABLE_ZSTD. This patches the following CMake warning in do_configure: Manually-specified variables were not used by the project: ENABLE_STTD After, do_configure does not show the warning. Github issue: https://github.com/openembedded/meta-openembedded/issues/845 Reported-by: Ludovic Jozeau <ludovic.jozeau@smile.fr> Reviewed-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* curlpp: Fix build issuealperak2024-10-012-1/+38
| | | | | Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Update to walnascar (5.2) layer/release seriesKhem Raj2024-10-011-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openl2tp: Fix ptestsKhem Raj2024-09-302-4/+4
| | | | | | | | | | | | - Detect active network interface to use, instead of asking user, this needs to run in automation - Find the location of ppp_null.so with find instead of rpm, rpm is a distro choice it can be assumed to be always there. - Add missing runtime deps for ptests - Kill openl2tpd started by run-ptest script before exiting, otherwise ptest runner hangs forever. Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 18:36:25 +0000