diff options
Diffstat (limited to 'meta-openembedded/meta-networking')
31 files changed, 69 insertions, 80 deletions
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb index 14d809f518..c5499ffeeb 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f9ce51a65dd738dc1ae631d8b21c40e0" PARALLEL_MAKE = "" -DEPENDS = "libpcap libpcre libdnet bison-native" +DEPENDS = "libpcap libpcre libdnet bison-native libnetfilter-queue" SRC_URI = "http://fossies.org/linux/misc/daq-${PV}.tar.gz \ file://disable-run-test-program-while-cross-compiling.patch \ @@ -19,7 +19,7 @@ SRC_URI[sha256sum] = "bdc4e5a24d1ea492c39ee213a63c55466a2e8114b6a9abed609927ae13 # # never look to /usr/local lib while cross compiling -EXTRA_OECONF = "--disable-nfq-module --disable-ipq-module --includedir=${includedir} \ +EXTRA_OECONF = "--enable-nfq-module --disable-ipq-module --includedir=${includedir} \ --with-libpcap-includes=${STAGING_INCDIR} --with-dnet-includes=${STAGING_LIBDIR}" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/files/0001-correct-the-location-of-unistd.h.patch b/meta-openembedded/meta-networking/recipes-connectivity/daq/files/0001-correct-the-location-of-unistd.h.patch index 38dae2099a..7587d44336 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/daq/files/0001-correct-the-location-of-unistd.h.patch +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/files/0001-correct-the-location-of-unistd.h.patch @@ -1,14 +1,15 @@ -From 10e7d4e4bfcb70344d18f0d4ce36068475747f25 Mon Sep 17 00:00:00 2001 +From b7d54de51553f6d09906c355bd0dd326890c8fe4 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 29 Mar 2017 15:59:43 -0700 Subject: [PATCH] correct the location of unistd.h -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- os-daq-modules/daq_ipfw.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + os-daq-modules/daq_nfq.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/os-daq-modules/daq_ipfw.c b/os-daq-modules/daq_ipfw.c index 016beb0..c2a4175 100644 @@ -26,6 +27,22 @@ index 016beb0..c2a4175 100644 #include <netinet/in.h> #include <sys/socket.h> +diff --git a/os-daq-modules/daq_nfq.c b/os-daq-modules/daq_nfq.c +index 33021c0..4de94b6 100644 +--- a/os-daq-modules/daq_nfq.c ++++ b/os-daq-modules/daq_nfq.c +@@ -24,10 +24,10 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> ++#include <unistd.h> + + #include <sys/types.h> + #include <sys/time.h> +-#include <sys/unistd.h> + + #include <netinet/ip.h> + -- -2.12.1 +2.25.1 diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb index 9a2bbab39f..e38ef2b04a 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb @@ -43,10 +43,8 @@ SRCREV = "d956f683d37ea40e7977cc5907361f3e6988a439" UPSTREAM_CHECK_GITTAGREGEX = "release_(?P<pver>\d+(\_\d+)+)" -CVE_CHECK_IGNORE = "\ - CVE-2002-0318 \ - CVE-2011-4966 \ -" +CVE_STATUS[CVE-2002-0318] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2011-4966] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." PARALLEL_MAKE = "" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.3.bb index ce094d5afb..4626e400f4 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.3.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.3.bb @@ -57,10 +57,8 @@ BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "mbed_tls" -# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 -CVE_CHECK_IGNORE += "CVE-2021-43666" -# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c -CVE_CHECK_IGNORE += "CVE-2021-45451" +CVE_STATUS[CVE-2021-43666] = "backported-patch: Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310" +CVE_STATUS[CVE-2021-45451] = "backported-patch: Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c" # Strip host paths from autogenerated test files do_compile:append() { diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb index b8c9662de7..10fb7de8ca 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb @@ -58,11 +58,6 @@ BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "mbed_tls" -# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 -CVE_CHECK_IGNORE += "CVE-2021-43666" -# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c -CVE_CHECK_IGNORE += "CVE-2021-45451" - # Strip host paths from autogenerated test files do_compile:append() { sed -i 's+${S}/++g' ${B}/tests/*.c 2>/dev/null || : diff --git a/meta-openembedded/meta-networking/recipes-connectivity/openthread/wpantund_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/openthread/wpantund_git.bb index a7fcc202a4..ebb3fc3c1c 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/openthread/wpantund_git.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/openthread/wpantund_git.bb @@ -22,11 +22,8 @@ S = "${WORKDIR}/git" inherit pkgconfig perlnative autotools -# CVE-2020-8916 has been fixed in commit -# 3f108441e23e033b936e85be5b6877dd0a1fbf1c which is included in the SRCREV -# CVE-2021-33889 has been fixed in commit -# a8f3f761f6753b567d1e5ad22cbe6b0ceb6f2649 which is included in the SRCREV # There has not been a wpantund release as of yet that includes these fixes. # That means cve-check can not match them. Once a new release comes we can -# remove the ignore statement. -CVE_CHECK_IGNORE = "CVE-2020-8916 CVE-2021-33889" +# remove the statement. +CVE_STATUS[CVE-2020-8916] = "backported-patch: fixed via 3f108441e23e033b936e85be5b6877dd0a1fbf1c" +CVE_STATUS[CVE-2021-33889] = "backported-patch: fixed via 3f108441e23e033b936e85be5b6877dd0a1fbf1c" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb index 03eff43dd2..9239bd81c2 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb @@ -2,7 +2,6 @@ SUMMARY = "Header-only C++14 library that gives you an embedded HTTP server" DESCRIPTION = "Cross-platform, efficient, customizable, and robust \ asynchronous HTTP/WebSocket server C++14 library with the \ right balance between performance and ease of use" -AUTHOR = "Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>" HOMEPAGE = "https://stiffstream.com/en/products/restinio.html" SECTION = "libs" LICENSE = "BSD-3-Clause" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.18.4.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.18.5.bb index 66089edad5..9d8802ff54 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.18.4.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.18.5.bb @@ -32,18 +32,13 @@ SRC_URI:append:libc-musl = " \ file://cmocka-uintptr_t.patch \ " -SRC_URI[sha256sum] = "6ba7b3503cc59c9ff4f6fcb1b510c2c855fff93e0b366ab891a32a4732e88e53" +SRC_URI[sha256sum] = "095256ac332e1d9fbf9b7ff7823f92a3233d3ed658ce7fc9b33905c2243f447f" UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.18(\.\d+)+).tar.gz" inherit systemd waf-samba cpan-base perlnative update-rc.d perl-version pkgconfig -# CVE-2011-2411 is valnerble only on HP NonStop Servers. -CVE_CHECK_IGNORE += "CVE-2011-2411" -# Patch for CVE-2018-1050 is applied in version 4.5.15, 4.6.13, 4.7.5. -CVE_CHECK_IGNORE += "CVE-2018-1050" -# Patch for CVE-2018-1057 is applied in version 4.3.13, 4.4.16. -CVE_CHECK_IGNORE += "CVE-2018-1057" +CVE_STATUS[CVE-2011-2411] = "not-applicable-platform: vulnerable only on HP NonStop Servers" # remove default added RDEPENDS on perl RDEPENDS:${PN}:remove = "perl" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb index adc2a72eeb..fe9c038f5c 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb @@ -1,6 +1,5 @@ SUMMARY = "A client for the Cisco3000 VPN Concentrator" HOMEPAGE = "http://www.unix-ag.uni-kl.de/~massar/vpnc/" -AUTHOR = "Maurice Massar vpnc@unix-ag.uni-kl.de" SECTION = "net" LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=173b74cb8ac640a9992c03f3bce22a33" diff --git a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.1.bb b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.1.bb index a83dad350f..65bf91c7eb 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.1.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.1.bb @@ -2,7 +2,6 @@ SUMMARY = "Dispatcher service for systemd-networkd connection status changes" DESCRIPTION = "This daemon is similar to NetworkManager-dispatcher, but is much \ more limited in the types of events it supports due to the limited nature of \ systemd-networkd(8)." -AUTHOR = "Clayton Craft and others" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=84dcc94da3adb52b53ae4fa38fe49e5d" diff --git a/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb b/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb index f9f810abdd..36c921a167 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.19.bb @@ -61,6 +61,7 @@ do_install:append () { } USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system nogroup" USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/radvd/ -M -g nogroup radvd" pkg_postinst:${PN} () { diff --git a/meta-openembedded/meta-networking/recipes-extended/dlm/dlm_4.2.0.bb b/meta-openembedded/meta-networking/recipes-extended/dlm/dlm_4.2.0.bb index 094dbb1ad0..ee006efe28 100644 --- a/meta-openembedded/meta-networking/recipes-extended/dlm/dlm_4.2.0.bb +++ b/meta-openembedded/meta-networking/recipes-extended/dlm/dlm_4.2.0.bb @@ -39,6 +39,7 @@ export EXTRA_OEMAKE = "" CFPROTECTION ?= "-fcf-protection=full" CFPROTECTION:riscv64 = "" CFPROTECTION:arm = "" +CFPROTECTION:aarch64 = "" CFLAGS += "${CFPROTECTION}" diff --git a/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb b/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb index 580c29e1ae..301dd86cf3 100644 --- a/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb +++ b/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.5.bb @@ -14,3 +14,5 @@ SRC_URI = "git://git.netfilter.org/libnetfilter_queue;branch=master \ S = "${WORKDIR}/git" inherit autotools pkgconfig + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb b/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb index a43c345d59..2778185618 100644 --- a/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb +++ b/meta-openembedded/meta-networking/recipes-filter/libnfnetlink/libnfnetlink_1.0.2.bb @@ -18,3 +18,5 @@ SRC_URI[md5sum] = "39d65185e2990562c64de05a08de8771" SRC_URI[sha256sum] = "b064c7c3d426efb4786e60a8e6859b82ee2f2c5e49ffeea640cfe4fe33cbc376" inherit autotools pkgconfig + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.5.bb b/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.6.bb index 380a33064b..841a7267b8 100644 --- a/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.5.bb +++ b/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.6.bb @@ -7,7 +7,7 @@ SRC_URI = "git://git.netfilter.org/libnftnl;branch=master \ file://0001-configure.ac-Add-serial-tests.patch \ file://run-ptest \ " -SRCREV = "c62bef65fef638452b4ed1893c2451fc253ca7ca" +SRCREV = "83dd4dc316b4189d16ead54cd30bfc89e5160cfd" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-irc/weechat/weechat_4.0.1.bb b/meta-openembedded/meta-networking/recipes-irc/weechat/weechat_4.0.2.bb index 00472e21eb..8f1e06f390 100644 --- a/meta-openembedded/meta-networking/recipes-irc/weechat/weechat_4.0.1.bb +++ b/meta-openembedded/meta-networking/recipes-irc/weechat/weechat_4.0.2.bb @@ -10,7 +10,7 @@ SRC_URI = "https://weechat.org/files/src/weechat-${PV}.tar.xz \ file://0001-use-pkg-config-for-gcrypt-instead.patch \ " -SRC_URI[sha256sum] = "1b9533123af427922b3d7fabede958dc85392d50881d97d0b7986d8f514556e9" +SRC_URI[sha256sum] = "0e648ee0d024c8099425ee60d41b272924ec8e19800ee8f1441090708834023c" inherit cmake pkgconfig diff --git a/meta-openembedded/meta-networking/recipes-protocols/babeld/babeld_1.12.2.bb b/meta-openembedded/meta-networking/recipes-protocols/babeld/babeld_1.13.1.bb index 03db5fc0bf..a799ad197e 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/babeld/babeld_1.12.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/babeld/babeld_1.13.1.bb @@ -13,7 +13,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENCE;md5=411a48ac3c2e9e0911b8dd9aed26f754" SRC_URI = "gitsm://github.com/jech/babeld.git;protocol=https;branch=master" -SRCREV = "a9fba0e19ebde96cdc4edd35c5363f9e8139ab35" +SRCREV = "3d61ea1e843e2c5f9706c74d1adad4e1d24d44b9" UPSTREAM_CHECK_GITTAGREGEX = "babeld-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb index 46f1b70cb7..aff7954f50 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb @@ -46,18 +46,16 @@ PACKAGECONFIG[tls] = ",tls=no,mbedtls" CVE_PRODUCT = "apple:mdnsresponder" -# CVE-2007-0613 is not applicable as it only affects Apple products -# i.e. ichat,mdnsresponder, instant message framework and MacOS. -# Also, https://www.exploit-db.com/exploits/3230 shows the part of code -# affected by CVE-2007-0613 which is not preset in upstream source code. -# Hence, CVE-2007-0613 does not affect other Yocto implementations and -# is not reported for other distros can be marked whitelisted. -# Links: -# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 -# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 -# https://security-tracker.debian.org/tracker/CVE-2007-0613 -# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 -CVE_CHECK_IGNORE += "CVE-2007-0613" +CVE_STATUS[CVE-2007-0613] = "not-applicable-platform: Issue affects Apple products \ +i.e. ichat,mdnsresponder, instant message framework and MacOS. Also, \ +https://www.exploit-db.com/exploits/3230 shows the part of code \ +affected by CVE-2007-0613 which is not preset in upstream source code. \ +Hence, CVE-2007-0613 does not affect other Yocto implementations and \ +is not reported for other distros can be marked whitelisted. \ +Links: https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 \ +https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 \ +https://security-tracker.debian.org/tracker/CVE-2007-0613 \ +https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613" PARALLEL_MAKE = "" diff --git a/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow.inc b/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow.inc index aaad0e00e1..7062d21462 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow.inc +++ b/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow.inc @@ -13,10 +13,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e870c934e2c3d6ccf085fd7cf0a1e2e2" SRC_URI = "git://gitosis.stanford.edu/openflow.git;protocol=git;branch=master" -CVE_CHECK_IGNORE = "\ - CVE-2015-1611 \ - CVE-2015-1612 \ -" +CVE_STATUS[CVE-2015-1611] = "not-applicable-config: Not referred to our implementation of openflow" +CVE_STATUS[CVE-2015-1612] = "not-applicable-config: Not referred to our implementation of openflow" +CVE_STATUS[CVE-2018-1078] = "cpe-incorrect: This CVE is not for this product but cve-check assumes it is \ +because two CPE collides when checking the NVD database" DEPENDS = "virtual/libc" @@ -58,7 +58,3 @@ do_install:append() { } FILES:${PN} += "${nonarch_libdir}/tmpfiles.d" - -# This CVE is not for this product but cve-check assumes it is -# because two CPE collides when checking the NVD database -CVE_CHECK_IGNORE = "CVE-2018-1078" diff --git a/meta-openembedded/meta-networking/recipes-protocols/zeroconf/zeroconf_0.9.bb b/meta-openembedded/meta-networking/recipes-protocols/zeroconf/zeroconf_0.9.bb index 0b9e05b324..c53d1b8052 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/zeroconf/zeroconf_0.9.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/zeroconf/zeroconf_0.9.bb @@ -7,7 +7,6 @@ These addresses are allocated from the 169.254.0.0/16 address range and \ are normally attached to each Ethernet device in your computer. \ Addresses are assigned randomly by each host and, in case of collision, \ both hosts (are supposed to) renumber." -AUTHOR = "Anand Kumria <wildfire@progsoc.uts.edu.au>" HOMEPAGE = "http://www.progsoc.org/~wildfire/zeroconf/" LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4 \ diff --git a/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb b/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb index 01e060e2f5..e41dd93f5d 100644 --- a/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb +++ b/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb @@ -71,5 +71,4 @@ FILES:${PN}-staticdev += "${libdir}/dovecot/*/*.a" FILES:${PN}-dev += "${libdir}/dovecot/libdovecot*.so" FILES:${PN}-dbg += "${libdir}/dovecot/*/.debug" -# CVE-2016-4983 affects only postinstall script on specific distribution -CVE_CHECK_IGNORE += "CVE-2016-4983" +CVE_STATUS[CVE-2016-4983] = "not-applicable-platform: Affects only postinstall script on specific distribution." diff --git a/meta-openembedded/meta-networking/recipes-support/http-parser/http-parser_2.9.4.bb b/meta-openembedded/meta-networking/recipes-support/http-parser/http-parser_2.9.4.bb index d4f76850d3..528289b7fd 100644 --- a/meta-openembedded/meta-networking/recipes-support/http-parser/http-parser_2.9.4.bb +++ b/meta-openembedded/meta-networking/recipes-support/http-parser/http-parser_2.9.4.bb @@ -6,7 +6,6 @@ DESCRIPTION = "This is a parser for HTTP messages written in C. It parses \ interrupted at anytime. Depending on your architecture, it \ only requires about 40 bytes of data per message stream (in a \ web server that is per connection)." -AUTHOR = "Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>" HOMEPAGE = "https://github.com/nodejs/http-parser" SECTION = "libs" LICENSE = "MIT" diff --git a/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-netlink_1.2.0.bb b/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-netlink_1.3.0.bb index b50d33f908..b50d33f908 100644 --- a/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-netlink_1.2.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-netlink_1.3.0.bb diff --git a/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-tools.inc b/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-tools.inc index 46d0c1b4f1..942b2d482d 100644 --- a/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-tools.inc +++ b/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-tools.inc @@ -5,4 +5,4 @@ LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://${WORKDIR}/git/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "git://github.com/wkz/mdio-tools.git;protocol=https;branch=master" -SRCREV = "0dbfca13a094d20d736153c63161cf11b9ccf2d3" +SRCREV = "42c91efa63ef81992cdcc01e698cf3bc7764bbc3" diff --git a/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-tools_1.2.0.bb b/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-tools_1.3.0.bb index cd4df3da05..cd4df3da05 100644 --- a/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-tools_1.2.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/mdio-tools/mdio-tools_1.3.0.bb diff --git a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p17.bb b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p17.bb index fba4611b99..e80ea4c149 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p17.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p17.bb @@ -26,12 +26,11 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g SRC_URI[sha256sum] = "103dd272e6a66c5b8df07dce5e9a02555fcd6f1397bdfb782237328e89d3a866" -# CVE-2016-9312 is only for windows. -# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility -# The other CVEs are not correctly identified because cve-check -# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference) -CVE_CHECK_IGNORE += "\ - CVE-2016-9312 \ +CVE_STATUS[CVE-2016-9312] = "not-applicable-platform: Issue only applies on Windows" +CVE_STATUS[CVE-2019-11331] = "upstream-wontfix: inherent to RFC 5905 and cannot be fixed without breaking compatibility" +CVE_STATUS_GROUPS += "CVE_STATUS_NTP" +CVE_STATUS_NTP[status] = "fixed-version: Yocto CVE check can not handle 'p' in ntp version" +CVE_STATUS_NTP = " \ CVE-2015-5146 \ CVE-2015-5300 \ CVE-2015-7975 \ @@ -51,7 +50,6 @@ CVE_CHECK_IGNORE += "\ CVE-2016-7433 \ CVE-2016-9310 \ CVE-2016-9311 \ - CVE-2019-11331 \ " diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb index e12e4be7f8..4873e9d89c 100644 --- a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb @@ -119,3 +119,5 @@ python() { if 'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split(): raise bb.parse.SkipRecipe('Requires meta-filesystems to be present to provide fuse.') } + +CVE_PRODUCT = "open-vm-tools vmware:tools" diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb index 76bce7db53..a5fc158749 100644 --- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb +++ b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb @@ -16,8 +16,7 @@ UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" SRC_URI[sha256sum] = "13b207a376d8880507c74ff78aabc3778a9da47c89f1e247dcee3c7237138ff6" -# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. -CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569" +CVE_STATUS[CVE-2020-27569] = "not-applicable-config: Applies only Aviatrix OpenVPN client, not openvpn" INITSCRIPT_PACKAGES = "${PN}" INITSCRIPT_NAME:${PN} = "openvpn" diff --git a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_46.0.bb b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_47.0.bb index a6927f566d..ac417435ce 100644 --- a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_46.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_47.0.bb @@ -7,7 +7,7 @@ RDEPENDS:${PN} = "bash perl" SRC_URI = "git://github.com/linux-rdma/rdma-core.git;branch=master;protocol=https \ file://0001-cmake-Allow-SYSTEMCTL_BIN-to-be-overridden-from-envi.patch" -SRCREV = "f2789cbd394c5839e8942d585a494ab72fd97e39" +SRCREV = "ccb120cc7b7faceca90cfa55189a1b35b0adc78d" S = "${WORKDIR}/git" #Default Dual License https://github.com/linux-rdma/rdma-core/blob/master/COPYING.md diff --git a/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb b/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb index b3e687476b..5732f509b1 100644 --- a/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb +++ b/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb @@ -30,11 +30,7 @@ SRC_URI = " \ S = "${WORKDIR}/git" -CVE_CHECK_IGNORE += "\ - CVE-2016-0749 \ - CVE-2016-2150 \ - CVE-2018-10893 \ -" +CVE_STATUS[CVE-2018-10893] = "fixed-version: patched already, caused by inaccurate CPE in the NVD database." inherit autotools gettext python3native python3-dir pkgconfig diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_4.0.6.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_4.0.7.bb index f822dce672..d7df76a692 100644 --- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_4.0.6.bb +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_4.0.7.bb @@ -17,7 +17,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/wireshark-${PV}.tar.xz \ UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" -SRC_URI[sha256sum] = "0079097a1b17ebc7250a73563f984c13327dac5016b7d53165810fbcca4bd884" +SRC_URI[sha256sum] = "a79f7b04cbff823e30452abf4bcb86773d8583eb62d5f71f16c09f019f8a8777" PE = "1" |