3754 Commits

Author SHA1 Message Date
Ankur Tyagi
c49bff1273
wolfssl: patch CVE-2025-7394
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7394

Backport patches from the PR[1][2][3] mentioned in the changelog[4].

[1] https://github.com/wolfSSL/wolfssl/pull/8849
[2] https://github.com/wolfSSL/wolfssl/pull/8867
[3] https://github.com/wolfSSL/wolfssl/pull/8898
[4] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 08:12:18 +05:30
Ankur Tyagi
df26bbaaba
tinyproxy: patch CVE-2025-63938
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 08:12:13 +05:30
Ankur Tyagi
e90c455347
znc: patch CVE-2024-39844
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39844

Backport commit[1] from https://github.com/znc/znc/releases/tag/znc-1.9.1
[1] 8cbf8d6281

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:52:00 +05:30
Ankur Tyagi
bfd8dda3ba
proftpd: patch CVE-2024-48651
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:52:00 +05:30
Ankur Tyagi
bad750ad27
open62541: patch CVE-2024-53429
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-53429

Backport the patch mentioned in the comment[1] which fixed this CVE.

[1] https://github.com/open62541/open62541/issues/6825#issuecomment-2460650733

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:59 +05:30
Ankur Tyagi
c73fe4bd7e
mtr: patch CVE-2025-49809
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49809

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:59 +05:30
Ankur Tyagi
b45ac4e0ef
libcoap: patch CVE-2025-34468
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-34468

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:58 +05:30
Ankur Tyagi
c0c54373e9
frr: ignore CVE-2024-44070
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-44070

The PR[1] fixing this CVE was backported[2] to stable/9.1 and commit[3]
exists in the current version so we can ignore it.

$ git tag --contains 21cd931 | grep frr-9.1.3
frr-9.1.3

[1] https://github.com/FRRouting/frr/pull/16497
[2] https://github.com/FRRouting/frr/pull/16504
[3] 21cd931a5f

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:58 +05:30
Khem Raj
7e4c89a25e
dante: Add _GNU_SOURCE for musl builds
This helps build fixes e.g. cpuset_t definitions etc.
glibc builds have _GNU_SOURCE defined inherently.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 848bac20ea27afddc3843c41ad105843ad167177)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:57 +05:30
Gyorgy Sarvari
f0fa984d16
dante: upgrade 1.4.3 -> 1.4.4
License-Update: copyright year bump

Changelog:
- Fix potential security issue CVE-2024-54662, related to "socksmethod"
  use in client/hostid-rules.
- Add a missing call to setgroups(2).
- Patch to fix compilation with libminiupnp 2.2.8.
- Client connectchild optimizations.
- Client SIGIO handling improvements.
- Various configure/build fixes.
- Updated to support TCP_EXP1 version of TCP hostid format.

https://www.inet.no/dante/announce-1.4.4

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:57 +05:30
Ankur Tyagi
2aa20b7141
cifs-utils: patch CVE-2025-2312
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:56 +05:30
Peter Marko
98f1eff432
net-snmp: patch CVE-2025-68615
Pick patch per [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-68615

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:50:50 +05:30
Gyorgy Sarvari
b7180060eb
wolfssl: patch CVE-2025-7395
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7395

Backport the patches from the PR[1] that is referenced by the project's
changelog[2] to fix this issue.

[1]: https://github.com/wolfSSL/wolfssl/pull/8833
[2]: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:15 +05:30
Ankur Tyagi
e7b55c84bb
libcoap: patch CVE-2025-59391
Details https://nvd.nist.gov/vuln/detail/CVE-2025-59391

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:15 +05:30
Ankur Tyagi
ba18d52f43
libcoap: ignore CVE-2023-51847
Details https://nvd.nist.gov/vuln/detail/CVE-2023-51847

The vulnerability exists in coap_threadsafe.c but thread safe support was
added in version v4.5.3 [1]

[1] c69c5d5af0

$ git tag --contains c69c5d5
v4.3.5
v4.3.5-rc1
v4.3.5-rc2
v4.3.5-rc3
v4.3.5a

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:14 +05:30
Gyorgy Sarvari
8a991e7e3c
libcoap: ignore CVE-2025-50518
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518

The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 598176e1cb6c928e322e26d358e8d01ba9d5af0a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:14 +05:30
Peter Marko
6593af3931
libmemcached: ignore CVE-2023-27478
Per [1] this is fixed by [2].
The commit message says that it is reverting feature added in:

$ git tag --no-contains d7a0084 | grep 1.0.18
1.0.18

This recipe is for the original memcached which is unmaintained now.
Hence the ignore instead of upgrade.

[1] https://nvd.nist.gov/vuln/detail/CVE-2023-27478
[2] https://github.com/awesomized/libmemcached/commit/48dcc61a

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 607a44649189a29e6f547ce89b41ba332a45946a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:13 +05:30
Ankur Tyagi
3750ce0e75
libiec61850: patch CVE-2024-45969
Details https://nvd.nist.gov/vuln/detail/CVE-2024-45969

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:13 +05:30
Ankur Tyagi
50906d9169
dovecot: upgrade 2.3.21 -> 2.3.21.1
Release Notes:
- CVE-2024-23184: A large number of address headers in email resulted
  in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
  discarded, with a limit of 10MB on a single header and 50MB for all
  the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
  to introspection server. These need to be optionally in Basic auth
  instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
  required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
  protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
  from token, but was configured on Dovecot.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:12 +05:30
Gyorgy Sarvari
ff7b552534
sngrep: upgrade 1.8.1 -> 1.8.2
This update contains fix for CVE-2024-35434, and a small build system change
that adds a fallback in case ncurses library isn't available during build.

Shortlog: https://github.com/irontec/sngrep/compare/v1.8.1...v1.8.2

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:05 +05:30
Ankur Tyagi
86abe3d5de
openvpn: patch CVE-2025-13086
Details https://nvd.nist.gov/vuln/detail/CVE-2025-13086

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-17 11:45:24 +05:30
Archana Polampalli
c42bfd596e
tcpreplay: fix CVE-2025-9157
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2.
The impacted element is the function untrunc_packet of the file
src/tcpedit/edit_packet.c of the component tcprewrite. Executing
manipulation can lead to use after free. It is possible to launch
the attack on the local host. The exploit has been publicly disclosed
and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da.
Applying a patch is advised to resolve this issue.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 0538af085a47b038e369db9872ffed8945b200c2)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-17 11:45:23 +05:30
Ankur Tyagi
788904cef1
unbound: patch CVE-2024-43168
Details https://nvd.nist.gov/vuln/detail/CVE-2024-43168

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-17 11:45:23 +05:30
Ankur Tyagi
1876b4656d
unbound: patch CVE-2024-43167
Details https://nvd.nist.gov/vuln/detail/CVE-2024-43167

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-17 11:45:22 +05:30
Ankur Tyagi
0d9da11052
fetchmail: patch CVE-2025-61962
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-17 11:45:22 +05:30
Ankur Tyagi
eb338ebb60
civetweb: patch CVE-2025-9648
Details https://nvd.nist.gov/vuln/detail/CVE-2025-9648

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-17 11:45:21 +05:30
Kai Kang
1fea09e692
mbedtls: fix CVE-2025-47917
CVE-2025-47917 is that the function mbedtls_x509_string_to_names() takes
a head argument and performs a deep free() on it.

Backport patch to fix CVE-2025-47917 and drop the modification in doc
file and comment in header file which lack of context.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-17 11:45:16 +05:30
Vijay Anusuri
b4812b18ee
proftpd: Fix CVE-2023-48795
Upstream-Status: Backport from bcec15efe6

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 6c8ae54fc345fb6249f1cc92ed769d451ddc12b5)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-11 08:02:03 +05:30
Hitendra Prajapati
5775e1a643
wireshark: fix CVE-2025-13499
Upstream-Status: Backport from e180152d3d

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-11 08:02:02 +05:30
Wang Mingyu
47b2afbc12
corosync: upgrade 3.1.9 -> 3.1.10
CVE-2025-30472.patch
removed since it's included in 3.1.10

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7915bcecf5b25eb525c5700fc4196422596b5a38)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-09 07:01:20 +05:30
Peter Marko
4d1817df45
nftables: remove python dependency from main package
The recipe splits python code to nftables-python package, however
setuptools classes add the dependency to main package.
Since nftables-python package already has python3-core explicit
dependency, remove it from the main package.

(From meta-openembedded rev: 331126a6d0a48ebcf12069df554b3abacaeb512a)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-09 07:01:16 +05:30
Vijay Anusuri
7ed4330bcf
net-snmp: Update Upstream-status in the net-snmp-5.9.4-kernel-6.7.patch
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-05 17:46:29 +05:30
Khem Raj
bd2cabff81
net-snmp: Fix a crash and support for 6.7+ kernel
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from 8147a884c68d8fdd89939a8443a902b65297520c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-05 17:46:28 +05:30
Gyorgy Sarvari
9100a5369d
nbdkit: patch CVE-2025-47712
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-47712

Pick the patch from the project's repository which explicitly
mentions this vulnerability ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:34 +05:30
Gyorgy Sarvari
ffb8d52fae
nbdkit: patch CVE-2025-47711
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-47711

Pick the patch from the repository which explicitly mentions
this CVE ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:34 +05:30
Khem Raj
e6a44bc7eb
ot-br-posix: Define config files explicitly
Otherwise it picks up from build area with absolute paths into builddir

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0439d42c556d97405b13deecc412605ca8fc202f)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-25 17:12:18 +05:30
Zhang Peng
e656a5b181
frr: fix CVE-2024-55553
CVE-2024-55553:
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size
of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes.
An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing
more than this number of updates during an update interval (usually 30 minutes).
Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this
to trigger route validation continuously. Given that routers with large full tables may need
more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers
of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally.
Additionally, the re-validation will cause heightened BMP traffic to ingestors.
Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-55553]

Upstream patches:
[b0800bfdf0]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-21 11:06:13 +05:30
Peter Marko
23c3bdefbe squid: patch CVE-2025-62168
Pick commit mentioned in NVD CVE report.

Conflict in src/errorpage.cc resolved per patch from Debian bookworm.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-17 11:50:20 +05:30
Peter Marko
1a6b962e47 proftpd: set status of CVE-2001-0027
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."

Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."

Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.

[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7ce88a3b0ad6790606b0498899cc1e3)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-17 11:50:20 +05:30
Gyorgy Sarvari
6eb226f7c5 unbound: fix SRC_URI
The branch used in the SRC_URI got deleted, and the used revision is
detached from all branches. Use nobranch tag in the SRC_URI to avoid
fetching failures.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:38:29 +05:30
Gyorgy Sarvari
517e770313 mbedtls: update SRC_URI branch
Branch was renamed.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f60db58ea4fc9f24ddcecb2dd2b046c332f9a6ba)

Adapted to Scarthgap (removed tag from SRC_URI).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:32:47 +05:30
Gyorgy Sarvari
bb36ace700 ncftp: fix SRC_URI
The downloaded tarball was moved to a new folder, causing
fetching failures.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:32:47 +05:30
Gyorgy Sarvari
37bfef7bf6 http-parser: fix SRC_URI branch
master branch was renamed to main

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:32:41 +05:30
Gyorgy Sarvari
b915e3d3f6 netsniff-ng: fix SRC_URI branch
Source branch was renamed from master to main.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:32:41 +05:30
Ankur Tyagi
f029d98026 squid: upgrade 6.12 -> 6.14
License-Update: copyright years updated

Changelog:
https://github.com/squid-cache/squid/releases/tag/SQUID_6_13
https://github.com/squid-cache/squid/releases/tag/SQUID_6_14

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:28:45 +05:30
Peter Marko
64eecac264 squid: download from github
Devtool could not find latest versions before.

Download page [1] shows message
"Squid sources are released through GitHub. Please refer to the Releases
Page to find all released versions."

Note that also squid security advisories were moved to Github.

[1] https://www.squid-cache.org/Versions/

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f088e1e1f93e6bd15358f921624159ab279953ab)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:28:45 +05:30
Peter Marko
817253bd45 squid: upgrade 6.10 -> 6.12
License-Update: copyright year updated

Add patch to fix new build failure from release tarball.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 928ef34eadcab1272a2bc3a694873eede05a746d)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:28:45 +05:30
Peter Marko
42e51b1e59 squid: Upgrade to 6.10
Solves CVE-2024-37894

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c393973c8516d56d547297902ef27c02d16a54b1)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:28:45 +05:30
Ankur Tyagi
102c073c35 freeradius: upgrade 3.2.5 -> 3.2.6
Release Notes:
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_6

Refresh patch 0008-libtool-do-not-use-jlibtool.patch due to upstream commit:
315f09e4eb

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30
Ankur Tyagi
1d9c04fea8 frr: upgrade 9.1 -> 9.1.3
Dropped patches which are part of this release.

Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-9.1.1
https://github.com/FRRouting/frr/releases/tag/frr-9.1.2
https://github.com/FRRouting/frr/releases/tag/frr-9.1.3

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30