| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=============
- feat: add support for OpenAPI 3.0.4 (#10247)
- feat: apply cumulative update to address various issues (#10324)
- fix(docker): fix security issues CVE-2024-56171, CVE-2025-24928 (#10351)
- fix: fix definition resolving being affected by the order of schemas (#10386)
- fix(json-schema-2020-12): avoid accessing properties of null schemas (#10397)
- fix(json-schema-2020-12-samples): fix examples for nullable primitive types defined as list of types (#10390)
- fix(utils): fix error messages for range validation of number parameters (#10344)
- fix(json-schema-2020-12): use consistent comparison operators for displaying min/max constraints (#10159)
- fix(json-schema-2020-12-samples): use zero as default example value for int32 and int64 (#10230)
- fix(style): prevent operationId from wrapping when space is available (#10259)
- fix(docker): address multiple HIGH security vulnerabilities (#10410)
- fix(json-schema-2020-12): infer type string when contentEncoding or contentMediaType is present (#10411)
- fix: align OpenAPI 3.x.y file uploads with specification (#10409)
- feat(oas31): display file upload input when contentMediaType or contentEncoding is present (#10412)
- fix: avoid accessing properties of empty Example Objects (#10453)
- fix(oauth2): avoid processing authorizationUrl when it is not a string (#10452)
- fix: use spec compliant JSON Pointer implementation (#10455)
- fix(spec): assure operation is an immutable map in operations selectors (#10454)
- fix: assure parameter is an immutable map when grouping parameters (#10457)
- fix(spec): avoid accessing $ref when path item is not an object (#10456)
- fix(json-schema-2020-12-samples): generate proper samples for XML atttributes (#10459)
- fix(security): update Axios to non-vulnerable 1.9.0 version (#10460)
- fix(docker): address CVE-2025-32414/CVE-2025-32415 (#10461)
- feat(observability): allow defining custom uncaught exception handler (#10462)
- feat(json-schema-5-samples): add support for time format example generation (#10420) (#10421)
- refactor: introduce function for getting Schema Object type (#10330)
- fix: mitigate ReDoS when generating examples from pattern (#10477)
- fix(release): fix failed v5.23.0 release
- fix(packagist): exclude large obsolete directories from publishing to Packagist (#10329)
- ft(oas3): show the schema tab in the Try it Out mode (#10488)
- fix: align expanded content inside expand collapse button (#10497)
- feat: release SwaggerUI via GitHub Actions
- fix(CD): provide correct npm token
- fix(dist): provide correct npm token for swagger-ui-dist release
- fix: fix opened model schema resolving issue on spec change (#10509)
- fix(docker): bump nginx image to version 1.29.0-alpine to fix CVE-2025-48174 (#10508)
- feat: release Swagger UI to Packagist (#10513)
- fix(oas3): reset request body values in try it out (#9717)
- fix(style): restore paragraph spacing in parameter and response descriptions (#10514)
- feat(json-schema): support x-additionalPropertiesName (#10006)
- fix: permissions of files to allow running as non-root (#10515)
- fix: sanitization of relative OpenAPI JSON paths (#10528)
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Enable TLS support
Fix build with cmake4+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Use default cmake backend ( ninja )
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Please see
https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265
for what changes are needed, and sed commands that can be used to make them en masse.
I've verified that bitbake -c patch world works with these, but did not run a world
build; the majority of recipes shouldn't need further fixups, but if there are
some that still fall out, they can be fixed in followups.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current include file that stores the known non-reproducible packages
is layer dependent and that forces the user of the layers to maintain
the list of the files (for example, see AB config[0]).
By moving the exclude list to each layer.conf and extending the common
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES variable, the known non-reproducible
packages will be automatically excluded for each layer used in the
reproducibility test without any special knowledge in the test
environment.
NB: the empty list for meta-initramfs was just removed not moved.
[0]: https://git.yoctoproject.org/yocto-autobuilder-helper/tree/config.json?id=7d8933e75bdf7fb821a25617cb2dcabf1f3f8700#n322
Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Co-Developed-by: Guillaume Swaenepoel <guillaume.swaenepoel@smile.fr>
Signed-off-by: Guillaume Swaenepoel <guillaume.swaenepoel@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Makes the hammer a bit smaller, since we do not enable go by default
in packageconfig's it helps with yocto check layer with default config.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Get rid of remoeved configure options
ERROR: QA Issue: cockpit: configure was passed unrecognised options: --disable-pcp --enable-old-bridge --with-cockpit-ws-instance-user --disable-ssh --disable-polkit --with-cockpit-ws-instance-group --with-cockpit-group --with-cockpit-user [unknown-configure-option]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hiawatha does not build under -std=gnu23 which is the default of
gcc15. Forcing -std=gnu17 fixes these build errors:
| .../tmp/work/core2-64-poky-linux/hiawatha/11.2/hiawatha-11.2/src/hiawatha.c:814:25: error: passing argument 2 of 'signal' from incompatible pointer type [-Wincompatible-pointer-types]
| 814 | signal(SIGHUP, HUP_handler);
| | ^~~~~~~~~~~
| | |
| | void (*)(void)
| .../tmp/work/core2-64-poky-linux/hiawatha/11.2/recipe-sysroot/usr/include/signal.h:88:57: note: expected '__sighandler_t' {aka 'void (*)(int)'} but argument is of type 'void (*)(void)'
| 88 | extern __sighandler_t signal (int __sig, __sighandler_t __handler)
| | ~~~~~~~~~~~~~~~^~~~~~~~~
| .../tmp/work/core2-64-poky-linux/hiawatha/11.2/hiawatha-11.2/src/hiawatha.c:294:6: note: 'HUP_handler' declared here
| 294 | void HUP_handler() {
| | ^~~~~~~~~~~
| .../tmp/work/core2-64-poky-linux/hiawatha/11.2/recipe-sysroot/usr/include/signal.h:72:16: note: '__sighandler_t' declared here
| 72 | typedef void (*__sighandler_t) (int);
| | ^~~~~~~~~~~~~~
Note: Upstream project has no published way to upstream patches.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
As noted in 11.7 changelog: https://hiawatha.leisink.net/changelog
> All references to http://www.hiawatha-webserver.org/ changed to
> https://hiawatha.leisink.net/.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
As the other layers of meta-openembedded, this line makes it easy to
send a patch by copy-pasting and reduce slightly the probability of
error.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Fixes
QA Issue: File /usr/libexec/apache2/build/config.nice in package apache2-dev contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog: https://hiawatha.leisink.net/changelog
mbed TLS updated to 3.2.1.
Small improvements.
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog: https://hiawatha.leisink.net/changelog
mbed TLS updated to 3.1.0.
Small bugfixes.
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: Update license to match the PHP 3.01 license [1]
[1] https://github.com/xdebug/xdebug/commit/5fc2d818067d05503226ee8c6442985cb2fe069d
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update PID file path from /var/run to /run to avoid systemd warning:
PIDFile= references a path below legacy directory /var/run/,
updating /var/run/thttpd.pid → /run/thttpd.pid; please update
the unit file accordingly.
Cc: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Alexis Cellier <alexis.cellier@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit removes from the recipe the following deprecated packages:
- `cockpit-docker`: cockpit project no longer supports Docker since version 228
[1]
- `cockpit-machines`: cockpit-machines is now provided in a dedicated
repository [2], and code base has been removed since version 242 [3]
[1]: https://cockpit-project.org/blog/cockpit-228.html
[2]: https://github.com/cockpit-project/cockpit-machines
[3]: https://cockpit-project.org/blog/cockpit-242.html
Signed-off-by: Paul Le Guen de Kerneizon <paul.leguendekerneizon@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: copyright year refreshed
Resolves:
* CVE-2025-23419
CHANGES:
https://nginx.org/en/CHANGES
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Solves:
* CVE-2025-23419
CHANGES:
https://nginx.org/en/CHANGES-1.26
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: License year updated
This upgrade include security fix for:
CVE-2025-24529
CVE-2025-24530
Release note:
https://www.phpmyadmin.net/news/2025/1/21/phpMyAdmin-522-is-released/
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream repository url changed.
Fixes unsuccessful fetch warning.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The https://www.hiawatha-webserver.org/ site is defunct. So move SRC_URI to use
https://hiawatha.leisink.net/ instead. Update to 11.0 while we are here.
Changelog: https://hiawatha.leisink.net/changelog
mbed TLS updated to 3.0.0.
Dropped support for TLSv1.0 and TLSv1.1. Configuration option MinTLSversion removed.
Dropped support for HTTP Public Key Pinning (HPKP). Configuration option PublicKeyPins removed.
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Set pam module path to ${base_libdir}/security as this is the default
path in libpam.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This vulnerability is for Apache-AuthenSmb module.
Fixed in 0.9, current version is 0.72.
In any case, not part of Apache2 sources.
[1] points to [2], which is archived under [3]
[1] https://nvd.nist.gov/vuln/detail/CVE-1999-1237
[2] http://www.securityfocus.com/archive/1/14384
[3] https://web.archive.org/web/20020618143426/http://online.securityfocus.com/archive/1/14384
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
as per https://github.com/swagger-api/swagger-ui/issues/1865
NVD tracks this CVE as version-less.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is officially disputed by Redhat with official statement in
https://nvd.nist.gov/vuln/detail/CVE-2007-0086
Red Hat does not consider this issue to be a security vulnerability.
The pottential attacker has to send acknowledgement packets periodically
to make server generate traffic. Exactly the same effect could be
achieved by simply downloading the file. The statement that setting the
TCP window size to arbitrarily high value would permit the attacker to
disconnect and stop sending ACKs is false, because Red Hat Enterprise
Linux limits the size of the TCP send buffer to 4MB by default.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
This is gentoo specific CVE.
NVD tracks this as version-less CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
These were not updated on recipe upgrade.
To make maintenance easier, remove exact versions.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
These CVEs are specific to Debian and MAC OS X respectively.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: License file negative and empty space changes
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
=============
- update Scarf.js to v1.4.0 to avoid breaking Vitest
- docker: return explicit Node.js installation
- analytics: use Scarf.js to provide anonymized installation analytics
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added a PACKAGECONFIG to select the version of the WebUI to be installed.
When not set, all versions (v0, v1 and v2) will be installed. What is the
default of Netdata.
Enabling only the v1 version makes the package 25% smaller.
More info: https://github.com/netdata/netdata/issues/15640#issuecomment-1946041083
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* 0001-Add-check-for-64bit-builtin-atomics.patch applied upstream
* removed not longer used systemd service file
The service of the netdata is used in previous commit(s)
* oelint_adv issues solved
Changlog: https://github.com/netdata/netdata/blob/master/CHANGELOG.md#v1475-2024-10-24
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New recipe with the static version of the Swagger UI.
This is *not* a NPM version of the website (swagger-ui, swagger-ui-dist, swagger-ui-react).
But the static release.
Plain old HTML/CSS/JS (Standalone)
The folder /dist includes all the HTML, CSS and JS files needed to run SwaggerUI on a static website or CMS, without requiring NPM.
Download the latest release.
Copy the contents of the /dist folder to your server.
Open swagger-initializer.js in your text editor and replace "https://petstore.swagger.io/v2/swagger.json" with the URL for your OpenAPI 3.0 spec.
-- https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/installation.md#plain-old-htmlcssjs-standalone
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add the runtime dependency Virtual/docker need when the package config
Docker is enabled. This avoids do_rootfs installs issues.
Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As mentioned in the Netdata documentation [1], The xenstat plugin
requires elevated privileges to be executed. The xenstat.plugin
permissions are modified to only allow users belonging to the netdata
group to execute the plugin with root privileges.
[1] https://learn.netdata.cloud/docs/collecting-metrics/containers-and-vms/xen-xcp-ng
Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Modification of the group for the apps.plugin file (from root to
netdata) and removal of execution authorization for the “others”.
This modification improves security by limiting the netdata group to
execute the plugin as root.
Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit modifies the PACKAGECONFIG entry for zlib to ensure that the
mod_deflate module is enabled with the appropriate zlib configuration.
By adding the --with-zlib=${STAGING_LIBDIR}/../ option, we direct the
configure script to use the zlib library from the staging directory
instead of relying on the host system's zlib installation.
Without that configure will search the host for zlib headers and lib.
This change resolves build failures related to zlib dependency when
mod_deflate is enabled and ensures a consistent build environment across
different host configurations.
Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Update the atomics patch to v2 of upstream submission
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Many netdata plugins are written in go, add a PACKAGECONFIG to enable
them.
Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Our provided netdata.conf contained a lot of keys which are no longer
supported by netdata. Netdata allows to regenerate the configuration
file and present all possible keys with their default values. This
refreshed file will be more easy to configure by our users.
To generate this file, I basically ran the documented command and
replaced the file paths with our variables when applicable.
Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Netdata now provides its own systemd service files. They provide better
hardening than the one we were defining in the recipe.
Unfortunately, the CMakeLists.txt file wants to install them into /lib
rather than /usr/lib. I added mv commands to put them in the expected
location depending on usrmerge.
Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Some netdata plugins like cgroups or docker require permissions to
access the docker socket in order to label data properly.
Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
