Submitted fix: https://github.com/HewlettPackard/netperf/pull/94
Fix for multiple definition error:
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:233: multiple definition of `signal_set'; nettest_bsd.o:<snip>/src/nettest_bsd.c:302: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:191: multiple definition of `interval_count'; nettest_bsd.o:<snip>/src/nettest_bsd.c:289: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:233: multiple definition of `signal_set'; nettest_bsd.o:<snip>/src/nettest_bsd.c:302: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:191: multiple definition of `interval_count'; nettest_bsd.o:<snip>/src/nettest_bsd.c:289: first defined here
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If there is no mate_grammar.c, it will cause exit code 1 by "test -e" as following:
WARNING: exit code 1 from a shell command.
So use "if" instead of "test"
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog
https://github.com/Ettercap/ettercap/releases/tag/v0.8.4
2. Remove following patches as they were merged upstream
0001-sslstrip-Enhance-the-libcurl-version-check-to-consid.patch
0002-allow-build-with-cmake-4.patch
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Sort certificates by underlying objects CKA_ID to provide deterministic
object order
- Avoid using uninitialized memory
- Improve test coverage and build scripts
- Improve compatibility with modern compilers (avoid strict warnings)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
It seems that it won't be fixed, because there is nothing to fix.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066
The vulnerable code was introduced in version 4.12[1], and
the recipe version is not vulnerable yet. Due to this,
ignore this CVE for now, until the recipe is upgraded.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887
The vulnerability is about the default (example) configurations,
which place cache files into the /tmp folder, that is world-writeable.
The recommendation would be to place them to a more secure folder.
The recipe however does not install these example configurations,
and as such it is not vulnerable either.
Just to make sure, patch these folders to a non-tmp folder
(and also install that folder, empty).
Some more discussion about the vulnerability:
https://bugzilla.suse.com/show_bug.cgi?id=48161
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix following issue when using customized kernel without kernel-module-l2tp-ppp enabled.
ERROR: openl2tp-1.8-r0 do_package_qa: QA Issue: openl2tp-ptest rdepends on kernel-module-l2tp-ppp, but it isn't a build dependency? [build-deps]
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable snmp_bc plugin build by default as net-snmp no longer supports
DES by default.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Allows for net-snmp to be build with support for AES-192 and AES-256
Signed-off-by: Benjamin B. Frost <benjamin@geanix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The original SRC_URI's certificate has expired - change it to a working URL.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The DES algorithm is considered weak and outdated. Remove des from
default PACKAGECONFIG to disable it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Add pkgconfig to solve following configure error:
../sources/adcli-0.9.3.1/configure: line 15340: syntax error near unexpected token `LIBSELINUX,'
../sources/adcli-0.9.3.1/configure: line 15340: `PKG_CHECK_MODULES(LIBSELINUX, libselinux, found_libselinux=yes, found_libselinux=no)'
2. Add PACKAGECONFIG[selinux] for new selinux support in 0.9.3.1.
3. Add 0001-configure.ac-Fix-selinux-error-for-cross_compiling.patch to fix SELINUX_MAKEFILE file check in 0.9.3.1.
4. Add --disable-offline-join-support to solve following configure error
configure: error: Couldn't build offline join support, Samba version too old or libnatapi devel package is missing
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE metrics currently report CVE-2025-34468 as open.
CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher
version, however by default cve-check only compares numbers.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use the latest commit from the 1.4 branch; the last 1.4 release was 3
months ago so it contains important fixes.
- The contents of /usr/share/ are slightly different, so change the path
slightly.
- The new patch fixes the .pc file generation (it also ensures that
there are no references to absolute paths in the .pc file which would
need to be removed again).
- PubSub information model is now enabled by default, add a new option
to disable it (disabling only pubsub isn't enough).
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
fix regression where the 'plugin' was not passed to pppd
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/nanomsg/nanomsg/releases/tag/1.2.2
Drop 0001-allow-build-with-cmake-4.patch as the issue has been fixed
upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- New option -J / --json for JSON output. See doc/fping-json.md for
the JSON schema. This feature is still in alpha and the schema
might change in future releases
- The -g, --generate option now also supports IPv6 addresses
- New option --seqmap-timeout to control the time after which sequence
numbers can be used again
- Fix OpenBSD sprintf() warning
- Fix fallback to SO\_TIMESTAMP if SO\_TIMESTAMPNS is not available
- When reading target names from file or standard input, lines longer
than the static buffer are no longer interpreted as more than one line
- Typo fix in error message when SO\_BINDTODEVICE fails
- Options --print-tos and --print-ttl now also work for IPv6, and no
longer require privileges
- Report received ICMPv6 error messages
- Suppress duplicate reports in count mode with -q, --quiet or -Q, --squiet
- Switch to alpine-based multi-stage Docker build to reduce image size
and improve build performance; add OpenContainers-compatible labels
- Print receive ping moved to new functions
- Avoid unsigned overflow when determining the memory size to save
response times on systems where size\_t is the same as unsigned int
- Document the new minimum value for the -p option
- Fix build without IPv6 support
- Fix debug build use of dbg_printf in fping.c
- Remove MacOS-specific test for -I option
- GitHub Actions fixes
- Fix measurement of time for timed reports (-Q) to start after DNS name
resolution.
- Updated autoconf from 2.71 to 2.72
- Updated automake from 1.16.5 to 1.18.1
- Updated libtool from 2.4.6 to 2.5.4
- Implemented verification of autotools tarballs in Github actions.
- Implemented stricter flag value checking (e.g. -c 10xyz is not accepted anymore).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
5.9.5.1:
* Only a version numbering fix.
5.9.5.2:
* Fix an issue with needing limits.h included.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Append -Wno-error=deprecated-declarations to CXXFLAGS so builds
don't break when Boost marks APIs like strand::wrap() as deprecated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default ${PN} (python3-scapy) CVE fails to match relevant CVEs,
because they are tracked under the scapy:scapy CPE.
Set CVE_PRODUCT to the correct value.
See CVE db query:
sqlite> select * from products where product like '%scapy%';
CVE-2019-1010142|scapy|scapy|2.4.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Some PACKAGECONFIGs (cifsidmap, cifsacl, pam) were failing to build since
a while, erroring out with:
| ../sources/cifs-utils-7.4/resolve_host.c:23:10: fatal error: config.h: No such file or directory
| 23 | #include "config.h"
| | ^~~~~~~~~~
| compilation terminated.
The config.h header is generated in the root of build folder, and it seems
that the recipe can't be built 100% out of the source tree.
To avoid this issue, add ${B} as an include folder to CFLAGS, so it finds
the required header.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2025-2312
The recipe installs two scripts in bindir - this is nothing new.
But the shebang has changed from "/usr/bin/env python3" to
"/usr/bin/python3" - these were always python scripts, but
they weren't recognized as such during the QA checks, and
python wasn't installed as a runtime dependency.
Now QA check is complaining about missing python in RDEPENDS.
To avoid mandatory python installation, package the scripts
separately in cifs-utils-scripts package.
Shortlog:
cifs-utils: bump version to 7.4
mount.cifs: retry mount on -EINPROGRESS
cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP
cifscreds: use <libgen.h> for basename
getcifsacl, setcifsacl: use <libgen.h> for basename
cifs.upcall: fix memory leaks in check_service_ticket_exits()
cifs-utils: bump version to 7.3
Fix regression in mount.cifs with guest mount option
resolve_host.c: Initialize site_name
cldap_ping: Fix socket fd leak
cifs-utils: bump version to 7.2
getcifsacl: fix return code check for getting full ACL
cifs-utils: add documentation for upcall_target
cifs-utils: avoid using mktemp when updating mtab
cldap_ping.c: add missing <sys/types.h> include
configure.ac: libtalloc is now mandatory
cifscreds: allow user to set the key's timeout
cifscreds: use continue instead of break when matching commands
Do not pass passwords with sec=none and sec=krb5
docs: add esize description
docs: add max_cached_dirs description
docs: update actimeo description
Fix compiler warnings in mount.cifs
CIFS.upcall to accomodate new namespace mount opt
cifs-utils: Skip TGT check if valid service ticket is already available
use enums to check password or password2 in set_password, get_password_from_file and minor documentation additions
cifs-utils: support and document password2 mount option
smbinfo: add bash completion support for filestreaminfo, keys, gettconinfo
cifs-utils: bump version to 7.1
cifs: update documentation for sloppy mount option
docs: add closetimeo description
docs: add compress description
checkopts: update it to work with latest kernel version
cifs-utils: add documentation for multichannel and max_channels
cifs-utils: smbinfo: add gettconinfo command
Implement CLDAP Ping to find the closest site
mount.cifs.rst: update section about xattr/acl support
mount.cifs.rst: add missing reference for sssd
getcifsacl, setcifsacl: add missing <endian.h> include for le32toh
getcifsacl, setcifsacl: add missing <linux/limits.h> include for XATTR_SIZE_MAX
cifs-utils: Make automake treat /sbin as exec, not data
pam_cifscreds: fix warning on NULL arg passed to %s in pam_syslog()
cifs.upcall: fix UAF in get_cachename_from_process_env()
cifs-utils: add documentation for acregmax and acdirmax
setcifsacl: Fix uninitialized value.
Use explicit "#!/usr/bin/python3"
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
