CVE-2025-47917 is that the function mbedtls_x509_string_to_names() takes
a head argument and performs a deep free() on it.
Backport patch to fix CVE-2025-47917 and drop the modification in doc
file and comment in header file which lack of context.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In case usrmerge DISTRO_FEATURE is enabled, the recipe installed
the application to /bin folder, which is however a symlink to /usr/bin,
so the installation ultimately failed.
To fix this, set the correct prefix for the installation.
This is a partial backport of f91983f1f3e897d25ab477fdfb5baed89ccc0daf
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Default branch is renamed from `master` to `main`. Commitshas are the
same.
Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 58679b6a515b51d28c480836ad598fca6f0cc655)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original xz-compressed tarball isn't available at the download
location anymore - switch to the gz tarball which is still there.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
master was renamed to main
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8fb37f0f954e234d132468adba2072a70812a818)
- Detect active network interface to use, instead of asking user, this needs
to run in automation
- Find the location of ppp_null.so with find instead of rpm, rpm is a distro choice
it can be assumed to be always there.
- Add missing runtime deps for ptests
- Kill openl2tpd started by run-ptest script before exiting, otherwise
ptest runner hangs forever.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d30427f475f273ab8c5dd83b2c076bb4fc8a9a82)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
libxml has derecated the "xmlSetFeature" call, and hid is behind a special
config flag (--with-legacy), which is not used by default in oe-core.
This makes compilation fail, when "esi" PACKAGECONFIG is enabled:
Libxml2Parser.cc:94:5: error: 'xmlSetFeature' was not declared in this scope; did you mean 'xmlHasFeature'?
This backported patch fixes this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Per [1] CVE-2025-54574 is fixed in patch for CVE-2023-5824.
That was a composite patch from more commits.
When checking it, it really contains also commit [2] which is mentioned
as fix for CVE-2025-54574.
[1] https://security-tracker.debian.org/tracker/CVE-2025-54574
[2] a27bf4b84d
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
VMware Aria Operations and VMware Tools contain a local privilege
escalation vulnerability. A malicious local actor with non-administrative
privileges having access to a VM with VMware Tools installed and managed
by Aria Operations with SDMP enabled may exploit this vulnerability
to escalate privileges to root on the same VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-41244
Upstream-patch:
7ed196cf01
Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Within tcpreplay's tcprewrite, a double free vulnerability has been identified
in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c.
This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly
invokes the cleanup routine multiple times on the same memory region.
By supplying a specifically crafted pcap file to the tcprewrite binary,
a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2.
The impacted element is the function untrunc_packet of the file
src/tcpedit/edit_packet.c of the component tcprewrite. Executing
manipulation can lead to use after free. It is possible to launch
the attack on the local host. The exploit has been publicly disclosed
and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da.
Applying a patch is advised to resolve this issue.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
With the exception of paho-mqtt-cpp, the double protocol= attributes
were added to the SRC_URIs when protocol=https was added to all SRC_URIs
fetching from github.com in commit b402a3076f (recipes: Update SRC_URI
branch and protocols).
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2e0a581bee7fc15a78f6e19ba1e596930edee414)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
===========
-A memory leak fix in the prior version wasn't applied correctly, resulting
in an invalid memory access causing a crash.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5d050f078afcb24d0532367592b074ae0787b06f)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
=========
-Fixed bug that caused crash when a CLIENT_KEY arrived out of order
-Fixed option handling on Windows when an argument is missing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93a5628ae660bf6aa3cfdc9e0032088e4df8a0c5)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
==========
-On very low speed transfers (<10Kbps) sessions would time out due to a very
large interpacket transmission interval. Fixed by putting a lower limit
on the advertised GRTT of of the interpacket transmission interval.
-Sending of ABORT messages on early shutdown would sometimes fail due to
OpenSSL cleanup functions running before application cleanup. Changed the
ordering of atexit() handlers to ensure OpenSSL cleanup happens last.
-Fixed missing timestamp update when clients read CONG_CTRL messages
-Fix to GRTT handling on server to ensure it doesn't fall below minumim.
-Fixed bypassed checking of existing files on client for backup
-Various logging fixes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0a58426ed073d48533276688445df3777776886b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Original URI is not accessible anymore
Drop md5sum
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ceb91603415c6e059d866666574dd1be5b93867a)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Switch SRC_URI to https (yes, the URI still has ftp in the path!).
Also drop the obsolete SRC_URI[md5sum].
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9221eaa8d6d4279f4477a30bc3112d32af04b976)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
=========
# Do not ignore multicast advertisements when discovery was sent as unicast
(fix regression from 1.0.5).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a014528ede30caf2e1ac340bc09222428c4f5870)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>