Age | Commit message (Collapse) | Author |
|
fix CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes in OE-Core added some pkgconfig dependencies back and this flagged
that the .pc file was in ${PN}, not ${PN}-dev. Fix that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit ea4afdb6a846aecd1be5f81f989aee3dfc08cc60)
[fixup for hardknott context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2021-36222:
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC)
in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2
allows remote attackers to cause a NULL pointer dereference and daemon
crash. This occurs because a return value is not properly managed in a
certain situation.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
Patches from:
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* fix WARNING: linuxptp-3.1-r0 do_fetch: Failed to fetch URL
http://sourceforge.net/projects/linuxptp/files/v3.1/linuxptp-3.1.tgz,
attempting MIRRORS if available
linuxptp-3.1.tgz replace by linuxptp-3.1.1.tgz
* 3.1.1 release note
Version 3.1.1
Fixes:
CVE-2021-3570 linuxptp: missing length check of forwarded messages
CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The patch recently added for CVE-2021-30004 broke compilation with
CONFIG_TLS=internal. This adds the necessary function to let it
compile again.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d6ef4170747d6668fa940328334055eef3e1e1d6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 71926e8f12d5c72b9ae58fd9f28cbad9d9945cec)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30004
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e2bd6a52bf689b77b237eaee3067d2b0b6eee3d5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fbd0b60a277911a03fc8ef08ee49142781627670)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4174e40a9833fe1a59ffe774d472073f96b1cc40)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1185b272a48e8b797bc7c4e96645cc2fce3d298)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport 2 patches to fix two CVEs.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5a085c588adaf79bb2bca7921c82d893877b28a1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e721f6d9444779cfd5f5de54c0cf4fe2f15fc74d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* no update other than occassional build fix since 2011 when I've imported this
* it's also failing with usrmerge:
ERROR: phonet-utils-0.0.0+gitrAUTOINC+4acfa720fd-r2 do_package_qa: QA Issue: phonet-utils package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge]
ERROR: phonet-utils-0.0.0+gitrAUTOINC+4acfa720fd-r2 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 976c8d3f69c847aee33bc53663dcc2fdca7fb556)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5f3159f6349e5e1a1b134b2997d7dc62daaf2ef7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch to fix CVE-2019-5061.
Reference: https://security-tracker.debian.org/tracker/CVE-2019-5061
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
libmd(oe-core) also uses the doc 'sha1.h', so package it in own subdirs of czmq.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Drop CVE patch that is not needed for 5.2.5. Add Upstream-Status: tag
for the configure patch which specifies the kernel version.
Specify the recipe specific sysroot path to avoid:
QA Issue: ... [configure-unsafe]
for libpcre and iconv.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
0001-crypto-Update-l_pkcs5_pbkdf2-call-after-rename.patch
Removed since this is included in 1.12.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
|
|
Eventually when 3.1 is released autotools is replaced with cmake as per
[1], so we will have to migrate to cmake
[1] https://github.com/transmission/transmission/issues/1573
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
0001-Modify-parameter-of-function-sctp_gensio_alloc.patch
Removed since this is included in 2.2.3
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
- Add support for ACD client for static configuration
- Add support for intelligent scan of all frequencies
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Bump version number to 4.7.1 for bugfix release.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15803
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Event lib support is now built into dynamically loaded plugins so
package them separately and include them in RDEPENDS if enabled.
Building minimal-examples with generated SDK failed due to cmake
configuration had static enabled but not included into SDK. Solve
this by adding static as PACKAGECONFIG option and adding
${PN}-staticdev to RDEPENDS_${PN}-dev if enabled.
Remove CFLAGS_append with -Wno-error added for fixing building with
Os. This looks like it's fixed in upstream.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
|
|
0001-Modify-parameter-of-function-sctp_gensio_alloc.patch
added to resolve compile error.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
License-Update: Update copyright year to 2020.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Depends on meta-python therefore move it here so it does not impact non
meta-python users
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
instrumentation code uses atomic ops on 64bit variables, which leads to build
failures on 32bit targets using libtorrent because of missing builtins on
riscv32/gcc
/usr/lib/libtorrent.so: undefined reference to `__sync_add_and_fetch_8'
/usr/lib/libtorrent.so: undefined reference to `__sync_fetch_and_and_8'
The developer added a "--disable-instrumentation" switch which skips the build
of the offending codepaths in libtorrent.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Upgrade to release 3.00:
- Allow the RPC server to listen on an IPv6 address
- Change TR_CURL_SSL_VERIFY to TR_CURL_SSL_NO_VERIFY and enable
verification by default
- Go back to using hash as base name for resume and torrent files
(those stored in configuration directory)
- Handle "fields" argument in "session-get" RPC request; if
"fields" array is present in arguments, only return session
fields specified; otherwise return all the fields as before
- Limit the number of incorrect authentication attempts in
embedded web server to 100 to prevent brute-force attacks
- Set idle seed limit range to 1..40320 (4 weeks tops) in all
clients
- Add Peer ID for Xfplay, PicoTorrent, Free Download Manager,
Folx, Baidu Netdisk torrent clients
- Announce INT64_MAX as size left if the value is unknown
(helps with e.g. Amazon S3 trackers)
- Add TCP_FASTOPEN support (should result in slight speedup)
- Improve ToS handling on IPv6 connections
- Abort handshake if establishing DH shared secret fails (leads
to crash)
- Don't switch trackers while announcing (leads to crash)
- Improve completion scripts execution and error handling; add
support for .cmd and .bat files on Windows
- Maintain a "session ID" file (in temporary directory) to better
detect whether session is local or remote; return the ID as
part of "session-get" response
- Change torrent location even if no data move is needed
- Support CIDR-notated blocklists
- Update the resume file before running scripts
- Make multiscrape limits adaptive
- Add labels support to libtransmission and transmission-remote
- Parse session-id header case-insensitively
- Sanitize suspicious path components instead of rejecting them
- Load CA certs from system store on Windows / OpenSSL
- Add support for mbedtls (formely polarssl) and wolfssl (formely
cyassl), LibreSSL
- Fix building against OpenSSL 1.1.0+
- Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD
- Fix a number of memory leaks (magnet loading, session shutdown,
bencoded data parsing)
- Bump miniupnpc version to 2.0.20170509
- CMake-related improvements (Ninja generator, libappindicator,
systemd, Solaris and macOS)
- Switch to submodules to manage (most of) third-party
dependencies
- Fail installation on Windows if UCRT is not installed
License-Update: Bump copyright to 2020
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|