Fix following issue when using customized kernel without kernel-module-l2tp-ppp enabled.
ERROR: openl2tp-1.8-r0 do_package_qa: QA Issue: openl2tp-ptest rdepends on kernel-module-l2tp-ppp, but it isn't a build dependency? [build-deps]
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable snmp_bc plugin build by default as net-snmp no longer supports
DES by default.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Allows for net-snmp to be build with support for AES-192 and AES-256
Signed-off-by: Benjamin B. Frost <benjamin@geanix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The original SRC_URI's certificate has expired - change it to a working URL.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The DES algorithm is considered weak and outdated. Remove des from
default PACKAGECONFIG to disable it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Add pkgconfig to solve following configure error:
../sources/adcli-0.9.3.1/configure: line 15340: syntax error near unexpected token `LIBSELINUX,'
../sources/adcli-0.9.3.1/configure: line 15340: `PKG_CHECK_MODULES(LIBSELINUX, libselinux, found_libselinux=yes, found_libselinux=no)'
2. Add PACKAGECONFIG[selinux] for new selinux support in 0.9.3.1.
3. Add 0001-configure.ac-Fix-selinux-error-for-cross_compiling.patch to fix SELINUX_MAKEFILE file check in 0.9.3.1.
4. Add --disable-offline-join-support to solve following configure error
configure: error: Couldn't build offline join support, Samba version too old or libnatapi devel package is missing
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE metrics currently report CVE-2025-34468 as open.
CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher
version, however by default cve-check only compares numbers.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use the latest commit from the 1.4 branch; the last 1.4 release was 3
months ago so it contains important fixes.
- The contents of /usr/share/ are slightly different, so change the path
slightly.
- The new patch fixes the .pc file generation (it also ensures that
there are no references to absolute paths in the .pc file which would
need to be removed again).
- PubSub information model is now enabled by default, add a new option
to disable it (disabling only pubsub isn't enough).
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
fix regression where the 'plugin' was not passed to pppd
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/nanomsg/nanomsg/releases/tag/1.2.2
Drop 0001-allow-build-with-cmake-4.patch as the issue has been fixed
upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- New option -J / --json for JSON output. See doc/fping-json.md for
the JSON schema. This feature is still in alpha and the schema
might change in future releases
- The -g, --generate option now also supports IPv6 addresses
- New option --seqmap-timeout to control the time after which sequence
numbers can be used again
- Fix OpenBSD sprintf() warning
- Fix fallback to SO\_TIMESTAMP if SO\_TIMESTAMPNS is not available
- When reading target names from file or standard input, lines longer
than the static buffer are no longer interpreted as more than one line
- Typo fix in error message when SO\_BINDTODEVICE fails
- Options --print-tos and --print-ttl now also work for IPv6, and no
longer require privileges
- Report received ICMPv6 error messages
- Suppress duplicate reports in count mode with -q, --quiet or -Q, --squiet
- Switch to alpine-based multi-stage Docker build to reduce image size
and improve build performance; add OpenContainers-compatible labels
- Print receive ping moved to new functions
- Avoid unsigned overflow when determining the memory size to save
response times on systems where size\_t is the same as unsigned int
- Document the new minimum value for the -p option
- Fix build without IPv6 support
- Fix debug build use of dbg_printf in fping.c
- Remove MacOS-specific test for -I option
- GitHub Actions fixes
- Fix measurement of time for timed reports (-Q) to start after DNS name
resolution.
- Updated autoconf from 2.71 to 2.72
- Updated automake from 1.16.5 to 1.18.1
- Updated libtool from 2.4.6 to 2.5.4
- Implemented verification of autotools tarballs in Github actions.
- Implemented stricter flag value checking (e.g. -c 10xyz is not accepted anymore).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
5.9.5.1:
* Only a version numbering fix.
5.9.5.2:
* Fix an issue with needing limits.h included.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Append -Wno-error=deprecated-declarations to CXXFLAGS so builds
don't break when Boost marks APIs like strand::wrap() as deprecated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default ${PN} (python3-scapy) CVE fails to match relevant CVEs,
because they are tracked under the scapy:scapy CPE.
Set CVE_PRODUCT to the correct value.
See CVE db query:
sqlite> select * from products where product like '%scapy%';
CVE-2019-1010142|scapy|scapy|2.4.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Some PACKAGECONFIGs (cifsidmap, cifsacl, pam) were failing to build since
a while, erroring out with:
| ../sources/cifs-utils-7.4/resolve_host.c:23:10: fatal error: config.h: No such file or directory
| 23 | #include "config.h"
| | ^~~~~~~~~~
| compilation terminated.
The config.h header is generated in the root of build folder, and it seems
that the recipe can't be built 100% out of the source tree.
To avoid this issue, add ${B} as an include folder to CFLAGS, so it finds
the required header.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2025-2312
The recipe installs two scripts in bindir - this is nothing new.
But the shebang has changed from "/usr/bin/env python3" to
"/usr/bin/python3" - these were always python scripts, but
they weren't recognized as such during the QA checks, and
python wasn't installed as a runtime dependency.
Now QA check is complaining about missing python in RDEPENDS.
To avoid mandatory python installation, package the scripts
separately in cifs-utils-scripts package.
Shortlog:
cifs-utils: bump version to 7.4
mount.cifs: retry mount on -EINPROGRESS
cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP
cifscreds: use <libgen.h> for basename
getcifsacl, setcifsacl: use <libgen.h> for basename
cifs.upcall: fix memory leaks in check_service_ticket_exits()
cifs-utils: bump version to 7.3
Fix regression in mount.cifs with guest mount option
resolve_host.c: Initialize site_name
cldap_ping: Fix socket fd leak
cifs-utils: bump version to 7.2
getcifsacl: fix return code check for getting full ACL
cifs-utils: add documentation for upcall_target
cifs-utils: avoid using mktemp when updating mtab
cldap_ping.c: add missing <sys/types.h> include
configure.ac: libtalloc is now mandatory
cifscreds: allow user to set the key's timeout
cifscreds: use continue instead of break when matching commands
Do not pass passwords with sec=none and sec=krb5
docs: add esize description
docs: add max_cached_dirs description
docs: update actimeo description
Fix compiler warnings in mount.cifs
CIFS.upcall to accomodate new namespace mount opt
cifs-utils: Skip TGT check if valid service ticket is already available
use enums to check password or password2 in set_password, get_password_from_file and minor documentation additions
cifs-utils: support and document password2 mount option
smbinfo: add bash completion support for filestreaminfo, keys, gettconinfo
cifs-utils: bump version to 7.1
cifs: update documentation for sloppy mount option
docs: add closetimeo description
docs: add compress description
checkopts: update it to work with latest kernel version
cifs-utils: add documentation for multichannel and max_channels
cifs-utils: smbinfo: add gettconinfo command
Implement CLDAP Ping to find the closest site
mount.cifs.rst: update section about xattr/acl support
mount.cifs.rst: add missing reference for sssd
getcifsacl, setcifsacl: add missing <endian.h> include for le32toh
getcifsacl, setcifsacl: add missing <linux/limits.h> include for XATTR_SIZE_MAX
cifs-utils: Make automake treat /sbin as exec, not data
pam_cifscreds: fix warning on NULL arg passed to %s in pam_syslog()
cifs.upcall: fix UAF in get_cachename_from_process_env()
cifs-utils: add documentation for acregmax and acdirmax
setcifsacl: Fix uninitialized value.
Use explicit "#!/usr/bin/python3"
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1.Drop following patches as they were merged upstream.
0001-Android-Fix-the-build.patch
0012-Fix-configuration-of-NETSNMP_FD_MASK_TYPE.patch
net-snmp-5.9.4-kernel-6.7.patch
0008-net-snmp-fix-engineBoots-value-on-SIGHUP.patch
0001-Fix-LDFLAGS-vs-LIBS-ordering.patch
2.Drop 0005-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch as compile error has been fixed.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fixed a vulnerability in the NetworkManager plugin charon-nm that potentially
allows using credentials of other local users.
- Concurrent requests to fetch the same CRL URI by multiple threads are now
combined.
- Increased the max. supported length for section names in swanctl.conf to 256.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2025-61962.
License-Update: added a warning about linking against the newly relicensed WolfSSL.
Changelog: https://gitlab.com/fetchmail/fetchmail/-/blob/6.6.2/NEWS
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The recipe had already an almost working ptest config which
wasn't enabled, it just needed some small fixes to make it work:
correct the output of the run-ptest script, and install some
extra testdata.
Execution is quick, single digit seconds:
root@qemux86-64:/usr/lib/unbound/ptest/tests# ptest-runner
START: ptest-runner
2025-12-16T11:53
BEGIN: /usr/lib/unbound/ptest
Start of unbound 1.24.2 unit test.
test authzone functions
test negative cache functions
test ub_random functions
[...many lines...]
PASS: ./testdata/val_unsecds_negcache.rpl
PASS: ./testdata/val_unsecds_qtypeds.rpl
PASS: ./testdata/val_wild_pos.rpl
PASS: ./testdata/version_bind.rpl
PASS: ./testdata/version_bind_hide.rpl
PASS: ./testdata/views.rpl
DURATION: 4
END: /usr/lib/unbound/ptest
2025-12-16T11:53
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518
The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Windows/interactive service: fix erroneous exit on error that could
be used by a local Windows users to achieve a local denial-of-service
(CVE-2025-13751)
- Windows/interactive service: improve service pipe robustness against
file access races (uuid) and access by unauthorized processes (ACL).
upgrade bundled build instruction (vcpkg and patch) for pkcs11-helper
to 1.31, fixing a parser bug
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This helps tests not hitting timeout (120s default)
especially testmesg_stress test can timeout on slower machines
e.g. fully emulated ( non-kvm ) qemu machines e.g.
qemuarm64 on x86_64 machine.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
