Rewrite ebtables-legacy-save to avoid using bashisms.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 889ccce684)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
NVD tracks this as version-less CVE for spice.
It was fixed by [1] and [2] included in 0.13.2.
[1] 6b32af3e17
[2] 359ac42a7a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 073e845274)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add exact CPE name (from NVD database) in CVE_PRODUCT in order to ensure
CVE filtering and not be disturb by futur potential false-positive CVEs.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d03002f19c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conditionnal inherit may be missed when PACKAGECONFIG qt5 is activated
after this inherit, eg in .bbappend. see patch [0]
[0]: https://lists.openembedded.org/g/bitbake-devel/message/16815
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 97318e27eb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."
Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.
[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Default branch is renamed from `master` to `main`. Commitshas are the
same.
Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 58679b6a51)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Change the SRC_URI to the correct value due to the following error:
WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bc29ed7b10)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
includes the CFLAGS used to build the package in
the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the
absolute build path via (eg.) the -ffile-prefix-map flag.
Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 70c663b7ae)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ENABLE_STTD is a typo, correct option is ENABLE_ZSTD.
This patches the following CMake warning in do_configure:
Manually-specified variables were not used by the project: ENABLE_STTD
After, do_configure does not show the warning.
Github issue: https://github.com/openembedded/meta-openembedded/issues/845
Reported-by: Ludovic Jozeau <ludovic.jozeau@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 15758538ee)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
- Let getaddrinfo(3) select the default IPv4 or IPv6 protocol version
when it is not explicitly specified on the command line
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.73
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.3.2.
- OpenSSL FIPS Provider updated to version 3.0.9.
* Bugfixes
- Fixed a memory leak while reloading stunnel.conf
sections with "client=yes" and "delay=no".
- Fixed TIMEOUTocsp with values greater than 4.
- Fix the IPv6 test on a non-IPv6 machine.
* Features
- HELO replaced with EHLO in the post-STARTTLS SMTP
protocol negotiation (thx to Peter Pentchev).
- OCSP stapling fetches moved away from server threads.
- Improved client-side session resumption.
- Added support for the mimalloc allocator.
- Check for protocolHost moved to configuration file
processing for the client-side CONNECT protocol.
- Clarified some confusing OpenSSL's certificate
verification error messages.
- stunnel.nsi updated for Debian 13 and Fedora.
- Improved NetBSD compatibility.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The "status" function called by this script calls "pidof" to get the process id. "pidof" does not expect or operate with a full path.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This prepares for using libconfuse for the 'genimage' recipe which
should reside in meta-oe.
Also libftdi (which is in meta-oe already) optionally requires
libconfuse when PACKAGECONFIG option 'ftdi-eeprom' is enabled.
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://git.kernel.org/pub/scm/linux/storage/autofs/autofs.git/tree/CHANGELOG?h=release_5_1_9
* Drop backport patches:
0001-autofs-5.1.8-add-autofs_strerror_r-helper-for-musl.patch
0002-autofs-5.1.8-handle-innetgr-not-present-in-musl.patch
* Drop the following patches as the issues have been fixed upstream:
cross.patch
pkgconfig-libnsl.patch
fix_disable_ldap.patch
add-the-needed-stdarg.h.patch
autofs-5.0.7-fix-lib-deps.patch
0001-Define-__SWORD_TYPE-if-undefined.patch
0001-Define-__SWORD_TYPE-and-_PATH_NSSWITCH_CONF.patch
0001-Bug-fix-for-pid_t-not-found-on-musl.patch
0001-modules-lookup_multi.c-Replace-__S_IEXEC-with-S_IEXE.patch
0002-Replace-__S_IEXEC-with-S_IEXEC.patch
* Reresh the following patches:
no-bash.patch
remove-bashism.patch
mount_conflict.patch
force-STRIP-to-emtpy.patch
0001-include-libgen.h-for-basename.patch
0001-Do-not-hardcode-path-for-pkg.m4.patch
fix-the-YACC-rule-to-fix-a-building-failure.patch
using-pkg-config-to-detect-libxml-2.0-and-krb5.patch
* Add patch to fix build on musl:
0009-hash.h-include-sys-reg.h-instead-of-bits-reg.h.patch
* Backport patch to fix build with gcc14:
0010-autofs-5.1.9-Fix-incompatible-function-pointer-types.patch
* Add PACKAGECONFIG[openldap] and PACKAGECONFIG[sasl]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/snort3/snort3/releases/tag/3.3.4.0
* appid: notify binder on service change
* appid: replaced hsessions vector of raw pointers into vector of smart
pointers
* ftp_telnet: refactoring ftp-data
* latency, dce, stream_ip: fix max pegs incorrectly declared sum
* telnet: avoid flush when cr or lf is between commands
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nftables has a pyproject.toml file since v1.0.9, c.f.
https://git.netfilter.org/nftables/commit/?id=8e603e0f7eec7c0000344a004228a30fbf0ece5c
Styhead has started to complain when a recipe inherits setuptools3 and a
proper pyproject.toml is provided in sources.
This uses python_pep517 functions instead of the setuptools3 ones,
inherits the proper class (still using setuptools3 but through pep517
process).
Notably, the python PACKAGECONFIG has its build dependency on
python3-setuptools-native removed as it's brought in by
python_setuptools_build_meta inherit, which is performed whenever the
python PACKAGECONFIG is selected. This avoids a "duplicate" but no
change in behavior is expected.
This was only build tested.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pass systemdsystemunitdir and systemduserunitdir to set correct directories
instead of using libdir from:
meson.build:systemd_base_path = join_paths(libdir, 'systemd')
which is wrong e.g. with multilib where libdir might be /usr/lib64 instead of
usr/lib used in ${nonarch_base_libdir} which is used by systemd_* variables:
export systemd_system_unitdir="/usr/lib/systemd/system"
export systemd_user_unitdir="/usr/lib/systemd/user"
fixes:
ERROR: Didn't find service unit 'blueman-mechanism.service', specified in SYSTEMD_SERVICE:blueman.
* inherit python3targetconfig to install into right python site-packages
without this it installs into
/usr/lib/python3.12/site-packages/
instead of /usr/lib64/python3.12/site-packages set in PYTHON_SITEPACKAGES_DIR
variable used in FILES, causing
blueman: 295 installed and not shipped files. [installed-vs-shipped]
# $PYTHON_SITEPACKAGES_DIR
# set oe-core/meta/classes-recipe/python3-dir.bbclass:11
# "${libdir}/${PYTHON_DIR}/site-packages"
PYTHON_SITEPACKAGES_DIR="/usr/lib64/python3.12/site-packages"
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts commit: 5edb8335dc
The Networkmanager package must not depend on ModemManager. Only the
Networkmanager-wwan package should depend on the ModemManager package.
The mobile-broadband-provider-info is fully optional and it is often not
required for embedded devices. Let the user choose if it gets installed
or not. Adding it explicitely to IMAGE_INSTALL is simple. Adding an
RRECOMMENS would work as well. But adding an RDEPENDS is bad.
In general, NetworkManager packaging is intended to provide a set of
binary packages suitable for building many different images.
NetworkManager is designed to be used for binary packages distributions
where it is not possible to rebuild NetworkManager just to install
Modemmanager. Also for OE, where a rebuilding is possible, a rebuild is
a disadvantage. So please do not destroy this flexibility by adding
RDEPENDS, which are firstly wrong and secondly only suitable for your
specific needs.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Pass OE's CFLAGS via CC since the Makefile disregards these flags from
environment and has it own notion of it. This ensures that flags to
rewrite debug flags are passed down correctly to compiler.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes emitting buildpaths into binary and also
fixes the issue where these tools wont exist on
the paths they were found on build machine
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/snort3/snort3/releases/tag/3.3.3.0
* control: code cleanup
* control: handle control commands after packet threads are fully
initialised
* daq: add outstanding packets counter
* extractor: add flow hash key
* file_api: max depth is set as part of initial config
* file: remove unused variable in FileFlows destructor
* filters: update dev_notes.txt with details for event_filter
* flow: optimize timeout handling for different packet type
* http_inspect: add peg counts for gzip, known-not-supported, and
unknown
* http_inspect: log normalized URI in extra data
* ips_options: separate main thread pcre counts from packet threads
stats
* memory: account memory for profiler only when packet thread is
involved
* src: resolve various warnings
* stream_tcp: make sure ports are correctly swapped when filling a
meta-ACK packet
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
