541 Commits

Author SHA1 Message Date
Colin McAllister
1477114ae4
nginx: Fix CVE-2025-23419 for 1.25.5
Updates nginx.inc to apply CVE-2025-23419.patch to both 1.24.0 and
1.25.5. However, a unique patch is provided for 1.25.5 since the
upstream patch for CVE-2025-23419 can be cleanly applied to 1.25.5.

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Change-Id: Ia7b8e16067781776cf0a39fac757f8d25ac118fa
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:50:50 +05:30
Colin McAllister
63e2e60787
nginx: upgrade 1.25.4 -> 1.25.5
Changelog:
==========
https://nginx.org/en/CHANGES

*) Feature: virtual servers in the stream module.

*) Feature: the ngx_stream_pass_module.

*) Feature: the "deferred", "accept_filter", and "setfib" parameters of
the "listen" directive in the stream module.

*) Feature: cache line size detection for some architectures.

*) Feature: support for Homebrew on Apple Silicon.

*) Bugfix: Windows cross-compilation bugfixes and improvements.

*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:50:49 +05:30
Valeria Petrov
c223262bd7
apache2: upgrade 2.4.65 -> 2.4.66
Security fixes:
- CVE-2025-66200
- CVE-2025-65082
- CVE-2025-59775
- CVE-2025-58098
- CVE-2025-55753

See: http://www.apache.org/dist/httpd/CHANGES_2.4.66

Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-11 08:00:53 +05:30
Gyorgy Sarvari
89a01c3d9a
cockpit: set correct CVE_PRODUCT
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit af4df551eec582844a8b56154117915ace1596cd)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-28 11:27:05 -08:00
Gyorgy Sarvari
7435780bbe webmin: patch CVE-2022-0829
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-0829

Pick the patch from the nvd report details.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 80b536578028e4f6d0e5d13d133d1d88764f7445)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
0c7d961f95 webmin: patch CVE-2022-0824
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-0824

Pick the patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit b4c4f0c52537afd097c967850267e4e29e4a620f)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
3601d99c9e webmin: patch CVE-2019-15642
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-15642

Pick the patch mentioned in the nvm report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 241abdec1282b65eab79923434a059e6d6f869f6)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
e64c857b02 webmin: patch CVE-2017-17089
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-17089

Pick the patch referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 85933945fba1096bfcb1d3e723dc50bac3416867)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
9655a3d880 webmin: patch CVE-2017-15644, CVE-2017-15645 and CVE-2017-15646
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15644
https://nvd.nist.gov/vuln/detail/CVE-2017-15645
https://nvd.nist.gov/vuln/detail/CVE-2017-15646

Pick the patch mentioned in the nvd report (same patch is marked to
fix all three vulnerabilities).

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 4c602e88b9b2f4babb367d5b6ae7099933976b15)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
e8eea380c9 apache2: ignore CVE-2025-3891
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.

The affected module is not part of the meta-oe universe currently,
so ignore the CVE.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 11fc309ae95bc221d44fb85515ab5df7afd59c26)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:55 +05:30
Paul Le Guen de Kerneizon
f1f248262d cockpit: remove deprecated packages
This commit removes from the recipe the following deprecated packages:
- `cockpit-docker`: cockpit project no longer supports Docker since version 228
  [1]
- `cockpit-machines`: cockpit-machines is now provided in a dedicated
  repository [2], and code base has been removed since version 242 [3]

[1]: https://cockpit-project.org/blog/cockpit-228.html
[2]: https://github.com/cockpit-project/cockpit-machines
[3]: https://cockpit-project.org/blog/cockpit-242.html

Signed-off-by: Paul Le Guen de Kerneizon <paul.leguendekerneizon@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a495fd2a54614ab238e4e87355cc850c68d56fd1)
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:38:29 +05:30
Leonard Anderweit
855498c938 cockpit: fix build error
Fix a build error caused by a missing build directory. This is already
fixed in cockpit 344 and newer so backport the fix.

Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:38:29 +05:30
Gyorgy Sarvari
580a16b0e1 hiawatha: fix SRC_URI
The previous url stopped working, switch to the same host
that's used in the master branch also.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:32:41 +05:30
Peter Marko
5be19f09df
monkey: ignore CVE-2013-1771
This is gentoo specific CVE.
NVD tracks this as version-less CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 36a7e409d8dcee804f911174291a0c72b8037934)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 14:43:36 +08:00
Ninette Adhikari
7ddd3c5703
monkey: Update status for CVE-2013-2183
Current version (1.6.9) is not affected. Issue was addressed in version 1.3.0

Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 17bcf478a512c7d75baa3b68e8f650aff7d17bbe)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 14:43:36 +08:00
Gyorgy Sarvari
baf3635c7d
apache2: ignore irrelevant CVEs
Ignore a number of CVEs for this recipe (because they are for another software,
outdated version, or because they affect only non-Linux platforms). This commit
is a backport of a number of commits from the master branch (which uses the same
version of the recipe):

0e7733f1b8f51949ec91d82267d5d864ac0be16a
1b86a60f6283b08acadc50914075d93dd362700b
59d3949e3ed673bd049aadfd2238213b550f1461
1b86a60f6283b08acadc50914075d93dd362700b
da2b5e8b93c248363581b1bd4ff67ff1d8357c41
0e7733f1b8f51949ec91d82267d5d864ac0be16a

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-06 16:10:21 +08:00
Gyorgy Sarvari
293446bfa9
mod-dnssd: update SRC_URI
Upstream repository url changed.

Fixes unsuccessful fetch warning.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 10c13bf1fbe18ee51b27d6538df5058879ef1d3b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:15 +08:00
Peter Marko
2392237655
fcgi: patch CVE-2025-23016
Pick commit referencing this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 6e86e0dd54e1ca7459f3e1afebf24f5437d8b586)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:13 +08:00
Archana Polampalli
a5de2a5728
apache2: upgrade 2.4.64 - 2.4.65
fixes CVE-2025-54090

Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.65

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:09:56 +08:00
Peter Marko
97e9dee283
nginx: patch CVE-2025-53859
Pick patch from nginx site which is also mentioned in [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-53859

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Vijay Anusuri
c672757f81 apache2: Upgrade 2.4.62 -> 2.4.64
This upgrade incorporates the fixes for CVE-2025-53020, CVE-2025-49812,
CVE-2025-49630, CVE-2025-23048, CVE-2024-47252, CVE-2024-43394,
CVE-2024-43204, CVE-2024-42516 and other bugfixes.

Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.64

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-08-02 13:13:10 -04:00
Changqing Li
e82141507c phpmyadmin: upgrade 5.2.1 -> 5.2.2
License-Update: License year updated

This upgrade include security fix for:
CVE-2025-24529
CVE-2025-24530

Release note:
https://www.phpmyadmin.net/news/2025/1/21/phpMyAdmin-522-is-released/

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-07-10 20:04:33 -04:00
Changqing Li
6c9f1f8d45 nginx: fix CVE-2025-23419
CVE-2025-23419:
When multiple server blocks are configured to share the same IP address
and port, an attacker can use session resumption to bypass client
certificate authentication requirements on these servers. This
vulnerability arises when TLS Session Tickets
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key
are used and/or the SSL session cache
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
are used in the default server and the default server is performing
client certificate authentication.   Note: Software versions which have
reached End of Technical Support (EoTS) are not evaluated.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2025-23419

This partially cherry picked from commit
13935cf9fdc3c8d8278c70716417d3b71c36140e, the original patch had 2
parts. One fixed problem in `http/ngx_http_request` module and the
second fixed problem in `stream/ngx_stream_ssl_module` module.  The fix
for `stream/ngx_stream_ssl_module can't be aplied because, the 'stream
virtual servers' funcionality was added later in this commit:
d21675228a.
Therefore only `http/ngx_http_request` part was backported.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-03-03 08:09:03 -05:00
Jef Driesen
a141d3dc33 nginx: fix the tarball and license checksums
The nginx upgrade in commit 6eef5e3efb0a871622d2ea5eeb016b61d46f722c
added an incorrect tarball checksum and didn't update the license
checksum, resulting in build failures.

Signed-off-by: Jef Driesen <jefdriesen@telenet.be>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:51:19 -08:00
Divya Chellam
6eef5e3efb nginx: upgrade 1.25.3 -> 1.25.4
Changelog:
===========
https://nginx.org/en/CHANGES

*) Security: when using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session
(CVE-2024-24989, CVE-2024-24990).

*) Bugfix: connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.

*) Bugfix: socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.

*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
fault in a worker process (for SSL proxying) might occur if AIO was
used in a subrequest.

*) Bugfix: a segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.

*) Bugfixes and improvements in HTTP/3.

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-20 19:34:12 -05:00
Trevor Woerner
62b7dc247b apache2: use update-alternatives for httpd
Busybox can optionally provide an httpd server, but by default The Yocto
Project defconfig for busybox does not enable it. If it is enabled,
busybox puts the resulting /usr/sbin/httpd object under the control of
update-alternatives.

apache2, on the other hand, does not put /usr/sbin/httpd under the control
of update-alternatives. Therefore, in the off chance a user enables the
busybox httpd server, it does not play well with apache2.

Add update-alternatives information to apache2 so that it plays nicely with
busybox which can optionally provide an httpd server at /usr/sbin/httpd.

Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-10-06 07:26:19 -04:00
Ashish Sharma
b7148ebb47 nginx: Backport fix for CVE-2024-7347
Upstream-Status: Backport [88955b1044 and 7362d01658]

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-08-21 16:45:46 -04:00
Siddharth Doshi
408fc15c23 apache2: Upgrade 2.4.60 -> 2.4.62
CVE's Fixed by upgrade:
CVE-2024-39884 httpd: source code disclosure with handlers configured via AddType
CVE-2024-40725 httpd: source code disclosure with handlers configured via AddType

Other Changes between 2.4.60 -> 2.4.62
======================================
https://github.com/apache/httpd/blob/2.4.62/CHANGES

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-08-03 11:51:25 -04:00
Siddharth Doshi
0cbf21fd51 apache2: Upgrade 2.4.59 -> 2.4.60
CVE's Fixed by upgrade:
CVE-2024-36387 apache2/httpd: DoS by null pointer in websocket over HTTP/2
CVE-2024-38472 apache2/httpd: UNC SSRF on WIndows
CVE-2024-38473 apache2/httpd: Encoding problem in mod_proxy
CVE-2024-38474 apache2/httpd: Substitution encoding issue in mod_rewrite
CVE-2024-38475 apache2/httpd: Improper escaping of output in mod_rewrite
CVE-2024-38476 apache2/httpd: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
CVE-2024-38477 apache2/httpd: null pointer dereference in mod_proxy
CVE-2024-39573 apache2/httpd: Potential SSRF in mod_rewrite

Other Changes between 2.4.59 -> 2.4.60
======================================
https://github.com/apache/httpd/blob/2.4.60/CHANGES

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-07-09 08:14:43 -04:00
Ninette Adhikari
3be6d57c67
sthttpd: Update status for CVE-2017-10671
Current version 2.27.1 is not affected by the issue.
Affected versions: Up to (excl.) 2.27.1

Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-30 11:00:34 -07:00
Yoann Congal
2e25f21f52
reproducibility: move repro excludes from AB config.json to meta-oe
For now, the known non-reproducible packages list is stored inside the
autobuilder config.json file. This is not ideal. Let's move this list
into each layers of meta-openembedded.

These lists can be used with, in local.conf:
  include conf/include/non-repro-meta-oe.inc
  OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "${KNOWN_NON_REPRO_META_OE}"

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-30 11:00:33 -07:00
Soumya Sambu
47d001b2fd
apache2: Upgrade v2.4.58 -> v2.4.59
This upgrade incorporates the fixes for CVE-2024-27316,
CVE-2024-24795,CVE-2023-38709 and other bugfixes.

Adjusted 0004-apache2-log-the-SELinux-context-at-startup.patch
and 0007-apache2-allow-to-disable-selinux-support.patch to
align with upgraded version.

Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.59

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-21 10:52:49 -07:00
Maxim Perevozchikov
6d79be680f
nginx: Disable login for www user
Signed-off-by: Maxim Perevozchikov <m.perevozchikov@yadro.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-14 08:38:40 -07:00
Markus Volk
4ed68ecd75
gnome-user-share: add recipe
- add it as runtime dependency to gnome-control-center because without it,
  the file sharing options are hidden.
- configure the paths to fit to openembedded env
- add mod_dnssd runtime dependency for apache2 as this is a requirement

To enable the feature, PACKAGECONFIG httpd needs to be added.
This is not done by default to avoid apache2 runtime dependency just by
including this recipe.
NOTE: Apache2 httpd doesn't need to be running. It'll get
      started and stopped on demand by systemd.

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-31 13:42:54 -07:00
Markus Volk
44c5937a9c
apache2: preset mpm=prefork by default
currently this is chosen depending on machine at do_configure

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-31 13:42:54 -07:00
Armin Kuster
b29e413d92
meta-openemnedded: Add myself as scarthgap maintainer
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-27 20:07:53 -07:00
Khem Raj
a8310f7f31
layer.conf: Prepare for release, drop nanbield LAYERSERIES
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-17 13:10:12 -07:00
Khem Raj
8186418f5b
layer.conf: Update for the scarthgap release series
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-16 10:29:31 -07:00
Jan Vermaete
c2c01199d7
netdata: version bump 1.43.2 -> 1.44.3
* fixed a few minor oelint-adv warnings in the recipe
* placed all SRC_URI lines in one block

Tested on Raspberry PI 4

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-02-21 19:59:52 -08:00
Martin Jansa
21f956598d
recipes: drop ${SRCPV} usage
* Drop SRCPV similarly like oe-core did in:
  https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=843f82a246a535c353e08072f252d1dc78217872

* SRCPV is deferred now from PV to PKGV since:
  https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=a8e7b0f932b9ea69b3a218fca18041676c65aba0

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
2024-02-09 09:52:12 -08:00
Michael Haener
b29195ce4c
nginx: add http sub module feature
Providing the http sub module feature. The module works as a filter which
replaces a specific character string in a response with another character
string.

Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-19 09:51:05 -08:00
alperak
9d0d7d9d62
nginx: fix CVE-2023-44487
Upstream-Status: Backport from [6ceef192e7]

WARNING: nginx-1.24.0-r0 do_cve_check: Found unpatched CVE (CVE-2023-44487)

This vulnerability exists between the following versions -> From(including) 1.9.5 Up to(including) 1.25.2

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-11 12:11:36 -08:00
Alexander Kanavin
628a8d011f
cockpit: add setuptools dependency to bring in distutils copy
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-31 08:27:49 -08:00
Jan Vermaete
33245220ad
netdata: added Python as rdepends
Netdata has plugins.  Some of the written in Python.

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-22 06:39:32 -08:00
Derek Straka
8dc77ebf92
nginx: update versions for both the stable branch and mainline
Stable: None -> 1.24.0
Legacy Mainline 1.21.1 -> Removed

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-14 15:47:21 -08:00
Meenali Gupta
dc4bef4648
nginx: upgrade 1.25.2 -> 1.25.3
Changelog:
===========
https://nginx.org/en/CHANGES

*) Change: improved detection of misbehaving clients when using HTTP/2.

*) Feature: startup speedup when using a large number of locations.
       Thanks to Yusuke Nojima.

*) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2 without SSL; the bug had appeared in 1.25.1.

*) Bugfix: the "Status" backend response header line with an empty
       reason phrase was handled incorrectly.

*) Bugfix: memory leak during reconfiguration when using the PCRE2
       library.
       Thanks to ZhenZhong Wu.

*) Bugfixes and improvements in HTTP/3.

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-14 07:53:24 -08:00
Dylan Turner
9f0b505341
apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622
Note that patch 0011-modules... is no longer needed as it's included in
the upgrade as well.

CVE: CVE-2023-43622

Signed-off-by: Dylan Turner <dylan.turner@ni.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-27 13:39:53 -08:00
Jan Vermaete
1739239813
README.md: was a Markdown paragraph and should be a list
The Markdown was, at least at github.com, displayed as a paragraph.
And it reads beter as a list.

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-17 11:38:26 -08:00
Jan Vermaete
0f87d09d11
netdata: version bump 1.43.0 -> 1.43.2
And fixed the upstream check for new versions.

Changelog: https://github.com/netdata/netdata/blob/master/CHANGELOG.md

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-17 11:38:26 -08:00
Jan Vermaete
3d3bbc2ac3
netdata: chown in systemd service with ':' iso '.'
There was a warning in the systemd journaling about it.

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-17 11:38:26 -08:00