aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
* geoip: Switch to use the main branchMingli Yu2022-04-181-1/+1
| | | | | | | | | | | Fix the below do_fetch warning: WARNING: geoip-1.6.12-r0 do_fetch: Failed to fetch URL git://github.com/maxmind/geoip-api-c.git, attempting MIRRORS if available Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit df3ef158347072a409b4e276a9dab8c2e89350ec) [Fix up for dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266Akash Hadke2022-03-272-1/+39
| | | | | | | | | | Add below patch to fix CVE-2020-24265 and CVE-2020-24266 CVE-2020-24265-and-CVE-2020-24266.patch Link: https://github.com/appneta/tcpreplay/commit/d3110859064b15408dbca1294dc7e31c2208504d Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Add fix of CVE-2021-45079Ranjitsinh Rathod2022-02-132-0/+157
| | | | | | | | Add a patch to fix CVE-2021-45079 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Update to 3.2.18Armin Kuster2022-01-262-2/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: wireshark.org MR: 114425, 114409, 114441, 114269, 114417, 114311, 114449 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 8663cdebb2f10ee84817e5199fa3be0acb715af9 Description: This is a bugfix only update. Addresses these CVES: wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929. wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925. wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924. wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684. CVE-2021-39920, CVE-2021-39923. wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922. wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928. wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921. Signed-off-by: Armin Kuster <akuster@mvista.com> --- V2] Fixes: /build/run/lemon: Exec format error revert "cmake: lemon: fix path to internal lemon tool" so the wireshark-native version is instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Fix for CVE-2021-41990 and CVE-2021-41991Virendra Thakur2022-01-223-0/+105
| | | | | | | Add patch to fix CVE-2021-41990 and CVE-2021-41991 Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* netcat: Set CVE_PRODUCTAndre Carvalho2022-01-111-0/+2
| | | | | | | | | | | | | | | | | | | | | | | This way yocto cve-check can find open CVE's. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html "Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/products/cpe/search/results?keyword=netcat&status=FINAL&orderBy=CPEURI&namingFormat=2.3 Signed-off-by: Andre Carvalho <andrestc@fb.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dovecot: refresh patchesstable/dufell-nutArmin kuster2021-12-273-22/+18
| | | | Signed-off-by: Armin kuster <akuster808@gamil.com>
* dovecot: Fix CVE-2020-12674sana kazi2021-12-032-0/+31
| | | | | | | | | | Added patch for CVE-2020-12674 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dovecot: Fix CVE-2020-12673sana kazi2021-12-032-0/+38
| | | | | | | | | | Added patch for CVE-2020-12673 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dovecot: Fix CVE-2020-12100sana kazi2021-12-0315-0/+1264
| | | | | | | | | | Added patches to fix CVE-2020-12100 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update SRC_URI branch and protocolsArmin Kuster2021-11-1727-29/+29
| | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* drdb-utils: Define SRCREV_FORMATAndreas Weger2021-11-021-0/+1
| | | | | | | | | Since it uses multiple fetch URIs make it explicit to define SRCREV_FORMAT Signed-off-by: Andreas Weger <weger@hs-mittweida.de> Change-Id: Id1d0a1062d09f690123b2a1c06137ae5c04d7b20 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Update CVE-2020-8037 tagPurushottam Choudhary2021-10-011-0/+1
| | | | | | | | | | CVE tag was missing inside the patch file which is the remedy for CVE-2020-8037 and tracked by cve-check. Signed-off-by: Purushottam Choudhary <purushottam.Choudhary@kpit.com> Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: Security fix CVE-2021-3448Armin Kuster2021-09-102-0/+1041
| | | | | | | | | | | | | Source: https://thekelleys.org.uk/dnsmasq.git MR: 110238 Type: Security Fix Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2 ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818 Description: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. Signed-off-by: Armin Kuster <akuster@mvista.com>
* stunnel: upgrade 5.56 -> 5.57Pierre-Jean Texier2021-09-101-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded MR: 109039 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/stunnel?h=gatesgarth&id=b76712700c79e4627028787ae65ab306c21eed02 ChangeID: 2543a2516b0f00024ed117a1fe33d1157b3d725f Description: Affects < 5.57 License-Update: copyright years updated. This is a bug fix release: - X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed tests on the WSL2 platform. Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b76712700c79e4627028787ae65ab306c21eed02) [Includes CVE-2021-20230 per changelog Full commit https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 ] Signed-off-by: Armin Kuster <akuster@mvista.com>
* tcpdump: Exclude CVE-2020-8036 from checkArmin Kuster2021-08-241-0/+5
| | | | | | | This issue was introduce in 4.9 by 246ca110 Autosar SOME/IP protocol support which is after 4.9.3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: update to 3.2.15Armin Kuster2021-07-251-1/+1
| | | | | | | | | | | | | | | | | | | | | Source: Wireshark.org MR: 109612, 110462, 112069 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 40f9f8ac2431f32680d4817607badbbe44875260 Description: Bug fix only update: see: https://www.wireshark.org/docs/relnotes/wireshark-3.2.15.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.14.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.13.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.12.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.11.html includes: CVE-2021-22191, CVE-2021-22207, CVE-2021-22235 Signed-off-by: Armin Kuster <akuster@mvista.com>
* ntp: fix ntpdate to wait for subprocessesAdrian Zaharia2021-07-101-0/+5
| | | | | | | | | | | | | | | | | | | When using systemd, ntpdate-sync script will start in background triggering the start of ntpd without actually exiting. This results in an bind error in ntpd startup. Add wait at the end of ntpdate script to ensure that when the ntpdate.service is marked as finished the oneshot script ntpdate-sync finished and unbind the ntp port Fixes #386 Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 73d5cd5e8d9d8a922b6a8a9d90adf0470a99314e) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit f52ce99b468eff95b6e36caf41fb50808a26f8d5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dovecot: add CVE-2016-4983 to allowlistkraj/dunfellArmin Kuster2021-07-061-0/+3
| | | | | | | | | | | | CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist. Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3613b50a84559ce771866cd1eef1141fa3e6d238) [mkcert.sh does mask 077 first] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit d1fb027f894921ea02c984eb581ee1500c613470) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: Add fixes for CVEs reported for dnsmasqSana Kazi2021-05-297-1/+1631
| | | | | | | | | | | | | | | | | | | | | | | | Applied single patch for below listed CVEs: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25687 as they are fixed by single commit http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a Link: https://www.openwall.com/lists/oss-security/2021/01/19/1 Also, applied patch for below listed CVEs: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 all CVEs applicable to v2.81 Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com> [Refreshed patches] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nghttp2: Add fix for CVE-2020-11080Rahul Taya2021-03-163-0/+341
| | | | | | | | | | | Added below two patches to fix CVE-2020-11080: 1. CVE-2020-11080-1.patch 2. CVE-2020-11080-2.patch Signed-off-by: Rahul Taya <Rahul.Taya@kpit.com> [Refreshed patches to apply] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openipmi: Inherit python3targetconfigKhem Raj2021-02-191-1/+1
| | | | | | | | | | | | | | | | Fixes configure: error: Could not link test program to Python. Maybe the main Python library has been installed in some non-standard library path. If so, pass it to configure, via the LIBS environment variable. Example: ./configure LIBS="-L/usr/non-standard-path/python/lib" Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 59f817bbe374799e4398766c2a444692d932d979) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 59d3d64e902d4d2e7ea9c3d2e1fec442912bcdd5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: Fix systemd serviceMario Schuknecht2021-02-151-1/+1
| | | | | | | | | | | | | | Systemd service file option 'ExecStopPre' is warned and ignored by systemd. By replacing 'ExecStopPre' with 'ExecStop', the intended behavior is realized. The 'ExecStop' commands are executed one after the other. Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 55c94cb3196f53d0c1c76bbd74136d1b5d51802d) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 83842c9150fdead52dc7b0913ffac32677720f98) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* celt051: update SRC_URIchangqing.li@windriver.com2021-02-151-1/+1
| | | | | | | | | | | | original SRC_URI is not valid now, offical CELT repository moved to gitlab Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5450c958bf66afd560fd8dff5b432ea71f10165c) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 1de0f4c33b92b9bbd885044df505154c177db59e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Several securtiy fixesArmin Kuster2021-01-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Source: Wireshark.org MR: 106181, 106696, 107655, 107673, 107682 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 57df6ac3b11aabd96e6aec728501ce7988bc176a Description: Bugfix only update including these cves: 3.2.8 CVE-2020-26575 CVE-2020-28030 3.2.9 CVE-2020-26418 CVE-2020-26421 CVE-2020-26420 Signed-off-by: Armin Kuster <akuster@mvista.com> (cherry picked from commit a10ea62a1c9c7b0c4810f2e4ef0dcc6f75b0ca6b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Patch for CVE-2020-8037viatsk2020-12-102-0/+71
| | | | | | Signed-off-by: Stacy Gaikovaia <stacy.gaikovaia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chrony: Patch CVE-2020-14367Anatol Belski2020-11-092-0/+205
| | | | | | | Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b4d7b1ee421d9ae75548ac0c0dd0ea9405a0571e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: upgrade 3.2.6 -> 3.2.7Zang Ruochen2020-11-091-1/+1
| | | | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 47821db8ed0dc81e84d5ba6b873dc14d50f85e07) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: upgrade 3.2.5 -> 3.2.6Zang Ruochen2020-11-091-1/+1
| | | | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 88df26ab74a5d1274127f83b854da2d5747b9952) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Remove obsolete setting regarding the Standard OutputMingli Yu2020-10-042-0/+35
| | | | | | | | | | | | | | The Standard output type "syslog" is obsolete, causing a warning since systemd version 246 [1]. Please consider using "journal" or "journal+console" [1] https://github.com/systemd/systemd/blob/master/NEWS#L202 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e61b73e6d388006375c6fe84cc194299c094a526) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ssmtp: adjust u-aMartin Jansa2020-10-041-8/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * it's newaliases not newalias in sbindir * drop u-a for man pages, because only ssmtp.8 was created which shouldn't conflict with esmpt In my build I don't have mailq, sendmail, newaliases as man pages, but binaries in sbindir (and the sbinbinary is called newaliases, not newalias) tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/ tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man/man8 tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/share/man/man8/ssmtp.8 tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/mailq tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/sendmail tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/newaliases tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/usr/sbin/ssmtp tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc/ssmtp tmp-glibc/work/core2-64-oe-linux/ssmtp/2.64-r0/image/etc/ssmtp/revaliases this added u-a is causing following warnings: WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/mailq.1 or /usr/share/man/man1/mailq.1.ssmtp) does not exist, skipping... WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/newaliases.1 or /usr/share/man/man1/newaliases.1.ssmtp) does not exist, skipping... WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/share/man/man1/sendmail.1 or /usr/share/man/man1/sendmail.1.ssmtp) does not exist, skipping... WARNING: ssmtp-2.64-r0 do_package: ssmtp: alternative target (/usr/sbin/newalias or /usr/sbin/newalias.ssmtp) does not exist, skipping... WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/mailq.1: /usr/share/man/man1/mailq.1.ssmtp does not exist WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/newaliases.1: /usr/share/man/man1/newaliases.1.ssmtp does not exist WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/share/man/man1/sendmail.1: /usr/share/man/man1/sendmail.1.ssmtp does not exist WARNING: ssmtp-2.64-r0 do_package: ssmtp: NOT adding alternative provide /usr/sbin/newalias: /usr/sbin/newalias.ssmtp does not exist WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/mailq.1 == /usr/share/man/man1/mailq.1 WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/newaliases.1 == /usr/share/man/man1/newaliases.1 WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/share/man/man1/sendmail.1 == /usr/share/man/man1/sendmail.1 WARNING: ssmtp-2.64-r0 do_package: ssmtp: alt_link == alt_target: /usr/sbin/newalias == /usr/sbin/newalias Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bdb964c907bd7d6972e09992505a0c4bbbda8fa4) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ssmtp: Use update alternatives for conflicts with esmtpKhem Raj2020-10-041-1/+14
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 916b6f15efe924dc66d7908ac0bea554eaf7ac92) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libldb: upgrade 1.5.7 -> 1.5.8Yi Zhao2020-09-191-2/+2
| | | | | | | | | | Samba version 4.10.17 which has been already available in Dunfell depends on version 1.5.8 of libldb. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: Update to 3.2.5Armin Kuster2020-07-121-2/+1
| | | | | | | | | | | | | | | | | | | | | Source: wireshark.org MR: 104620 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: 64e3701e4d6bd53972c22c49d655556e6f37e461 Description: Affects: 3.2.0 to 3.2.4 Includes: CVE-2020-15466 For more info see: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9019ceb2ccfd32789b7bc680269b3af234ebd397) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* drbd-utils: Add CLEANBROKEN to fix rebuild errorsRobert Yang2020-07-121-0/+2
| | | | | | | | | | | | | | | | | | Fixed when rebuild: DEBUG: Executing shell function autotools_preconfigure NOTE: make clean aclocal autoheader autoconf You need to call ./configure with appropriate arguments (again). make: *** [Makefile:287: config.status] Error 1 Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 922e061fdbbc80c44f49866c7b08b2e09e4a3d0a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ntp: update 4.2.8p15Armin Kuster2020-07-011-2/+1
| | | | | | | | | | | | | | | | | | Source: ntp.org MR: 104487 Type: Security Fix Disposition: Backport from http://archive.ntp.org/ntp4/ntp-4.2/ ChangeID: 65b220646dc29168c45b051a6ea2a651b9e669d1 Description: Bugfix only update including a security fix: CVE-2020-15025 changelog: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c9384d7fc40acdf8b5ed668ac3f5fa0e2ad4dbd1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpreplay: upgrade 4.3.2 -> 4.3.3Andreas Müller2020-07-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | >From [1] * Increase cache buffers size to accomodate VLAN edits (#594) * Correct L2 header length to correct IP header offset (#583) * Fix warnings from gcc version 10 (#580) * Heap Buffer Overflow in randomize_iparp (#579) * Use after free in get_ipv6_next (#578) * Heap Buffer Overflow in git_ipv6_next (#576) * Call pcap_freecode() on pcap_compile() (#572) * Increase max snaplen to 262144 (#571) * Fix divide by zero in fuzzing (#570) * Unique IP repeats at very high iteration counts (#566) * Fails to compile on FreeBSD amd64 13.0 (#558) * Heap Buffer Overflow in do_checksum (#556) (#577) * Attempt to correct corrupt pcap files, if possible (#557) * Fix GCC v10 warnings (#555) * Remove some duplicated SOURCES entries (#551) * Expand /dev/bpfX hard limit to fix macOS Mojave (#550) * Implement --loopdelay-ms when using --loop=0 (#546) * Heap overflow packet2tree and get_l2len (#530) [1] https://github.com/appneta/tcpreplay/releases Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 822963c6cba8edde6d91fc56e2f0ae9e7a730551) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtalloc: fix upstream urlKonrad Weihmann2020-07-011-1/+1
| | | | | | | | https://samba.org seems to be gone, switch to https://www.samba.org Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9a85b925c51308f93475d7cc8e2ddda90dff30fd) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openipmi: upgrade 2.0.28 -> 2.0.29Wang Mingyu2020-07-011-2/+2
| | | | | | | | ???Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0b0c102d8c6daae12894f47f9523fe27fca5b15f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: upgrade 3.2.2 -> 3.2.4Zang Ruochen2020-06-121-2/+2
| | | | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8a4039c61296801dc7f9d6f1badd9310acadf2b8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fetchmail: upgrade 6.4.3 -> 6.4.4Zang Ruochen2020-05-281-2/+2
| | | | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e8a43da0cb4631d4302ec84a0dd54ea1b74ddc92) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dnsmasq: upgrade 2.80 -> 2.81Zang Ruochen2020-05-284-90/+8
| | | | | | | | | | | -dnsmasq/0001-dnsmasq-fix-build-against-5.2-headers.patch -dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch Removed since these are included in 2.81 Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 36ece5c83f20f4fc923f1606979ea911ecb93da8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libldb: upgrade 1.5.6 -> 1.5.7Yi Zhao2020-05-201-2/+2
| | | | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6bc961cbff095498d5092f57f17be82c565d01a9) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Fix PACKAGECONFIG for OpenSSLAlexander Vickberg2020-05-171-1/+1
| | | | | | | | | | This fixes building TCPDump without OpenSSL. Current version does not recognize the option --without-openssl. Signed-off-by: Alexander Vickberg <wickbergster@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5b7ed1a8730a6e2c17d4650ee140b306483a3d9c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openvpn: upgrade 2.4.8 -> 2.4.9Andreas Müller2020-05-031-2/+2
| | | | | Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* memcached: Add aarch64 to COMPATIBLE_HOST.Drew Moseley2020-04-161-1/+1
| | | | | | | | This gets it in sync with libhugetlbfs which according to the comment, is supposed to be correct. Signed-off-by: Drew Moseley <drew.moseley@northern.tech> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* uftp: upgrade 4.10.1 -> 4.10.2Pierre-Jean Texier2020-04-121-2/+2
| | | | | | | | | | | | | | | | | | This includes: Version 4.10.2 Fixed security issue where using sha384 or sha512 would set encryption keys to all bytes 0 When using ECDH key exchange with closed group membership, an incorrect signature would be applied to the ANNOUCE message, causing the session to fail. Bug fixes. Relaxed server side checks on the type of key supplied by a client when not using public key signatures on all messages. This will assist in the upgrade process to the upcoming version 5.0. Fixed various small memory leaks Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nbdkit: Add recipe to extend backend possibilities of nbd.Przemyslaw Czarnowski2020-04-112-0/+75
| | | | | | | | | | | | | | | | Nbdkit uses plugins to add more sources of data for nbd client. Nbdkit can also spawn nbd-client, uses unix or network socket to communicate with client, uses different plugins to serve data for nbd device eg. curl, file, custom plugins in many languages (perl, python) and some others. Fix build when printf is a macro instead of function Use BSD-3-Clause for license inherit bash-completion so these are packaged correctly Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fetchmail: upgrade 6.4.2 -> 6.4.3Zheng Ruoqin2020-04-091-2/+2
| | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ntp: upgrade 4.2.8p13 -> 4.2.8p14zhangxiao2020-04-092-20/+3
| | | | | | | | | | License has been changed due to date time, no new stuff added. delete source patch reproducibility-respect-source-date-epoch.patch for new version source tree contains it. Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>