The CVEs are tracked with an underscore in the product name:
sqlite> select * from PRODUCTs where product like '%async%mq%';
CVE-2025-65503|redboltz|async_mqtt|10.2.5|=||
This patch sets the correct CVE_PRODUCT.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Features
---------
Added timestamp helper commands
Use separate thread for saving session data
Run multiple session save requests in parallel
Changed magnet metadata handling and added 'magnet.path.set'
Optimizations
-------------
Use map rather than vector for Poll tables
Bug Fixes
-----------
Convert IPv4in6 addresses to IPv4 in outgoing handshakes
Force clear bitfield ranges of downloads that get hashed
Use CURLOPT_CLOSESOCKETFUNCTION to properly handle libcurl closing sockets before CURL_POLL_REMOVE
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Build:
** New "-Dmbim_groupname=<name>" meson build option to restrict MBIM kernel
device access to a given Unix group and root. The access check works
in parallel to the "-Dmbim_username" option; passing either check allows
access to the kernel device (eg, logical OR).
* New Intel AT Tunnel service, including the following operations:
* MBIM_CID_INTEL_AT_TUNNEL_AT_COMMAND
* Extended the SMS service:
* MBIM_CID_SMS_CONFIGURATION now supports notifications
* mbimcli:
** New '--sms-query-configuration' and '--sms-query-message-store-status'
actions
** New '--atds-query-rat' and '--atds-query-operators' actions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
During the compile step, CMake will attempt to generate a test
certificate with openssl-native using a hard-coded path to the openssl
config:
openssl req -config /etc/ssl/openssl.cnf ...
Thus using the build host's openssl config. If the build host's openssl
is configured with options that openssl-native does not understand or
accept, the test certificate will not be generated:
[log.do_configure on openSUSE 16.0]
Searching for OpenSSL executable and dlls
OpenSSL executable: .../build/tmp/work/cortexa53-crypto-oe-linux/libwebsockets/4.5.2/recipe-sysroot-native/usr/bin/openssl
GENCERTS = 1
Generating SSL Certificates for the test-server...
Error configuring OpenSSL modules
4037413D467F0000:error:030000A9:digital envelope routines:alg_module_init:unknown option:../sources/openssl-3.5.4/crypto/evp/evp_cnf.c:61:name=rh-allow-sha1-signatures, value=yes
4037413D467F0000:error:0700006D:configuration file routines:module_run:module initialization error:../sources/openssl-3.5.4/crypto/conf/conf_mod.c:288:module=alg_section, value=evp_properties retcode=-1
CMake Warning at lib/tls/CMakeLists.txt:528 (message):
!!! Failed to generate SSL certificate for Test Server!!!:
OpenSSL return code = 1
and the subsequent do_install() step will fail:
| CMake Error at test-apps/cmake_install.cmake:126 (file):
| file INSTALL cannot find
| ".../build/tmp/work/cortexa53-crypto-oe-linux/libwebsockets/4.5.2/build/libwebsockets-test-server.key.pem":
| No such file or directory.
ERROR: Task (.../layers/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.5.2.bb:do_install) failed with exit code '1'
Fix the location where CMake looks for the openssl.cnf file in order
to use the one that comes with the openssl-native that will be used to
generate the certificate. Thus ensuring that they are in step in terms
of which configuration options will be acceptable.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Release notes:
3.0.1:
Fix: Problems with IPv6 compatibility and running without a fully working network.
Fix: The permissions of the PTY were not set correctly with gtlsshd.
Fix: Some issues building under MSYS2 were fixed.
Enhancement: A "chardelay" gensio is added. This is basically the same as the Nagle
algorithm in TCP, but it works on other things, like UDP and relpkt, to make
transfer more efficient on those.
Enhancement: You can use "gsh" instead of "gtlssh" for a shorter name.
Lots of little documentation updates.
3.0.0:
The only major thing is all the deprecated sergensio code has been removed.
There are also some minor bug fixes, some documentation improvements, some minor
improvements, and a bug fix around ax25 where it was reporting the close of the
last channel too soon.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
8.0.5:
Fixed building ACE for Android with uses_wchar=1
Add support for parallel make using Embarcadero bcc64x compiler
Fixed compile errors when C++23 is enabled
Updated thread name support to work with older Windows versions
8.0.4:
Fixed compile errors in the ACE core when compiled without thread
support (only core of ACE compiled and not tested)
8.0.3:
Deprecated ACE_Copy_Disabled in favor of deleted copy/assignment
Replaced usage of ACE_MIN and ACE_MAX with std::min/std::max
Add support for abstract paths to ACE_UNIX_ADDR
Improve support for 64bit file sizes
Minor fixes to ACE logging classes
Use C++11 default for more classes
GCC versions less than 9 and Clang versions less than 12 are no longer tested in GitHub Actions CI
Dropped support for Embarcadero C++ Builder bcc32c and bcc64 compilers
Updated support for Green Hills INTEGRITY and INTEGRITY-178 tuMP RTOS. Tested on INTEGRITY 11.4.6 and INTEGRITY-178 5.0.0.
Thread names given to ACE_OS::thr_create are now passed down to the OS on Windows and on INTEGRITY.
https://github.com/DOCGroup/ACE_TAO/releases
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Handles CVE-2025-11677, CVE-2025-11678, CVE-2025-11679 and
CVE-2025-11680.
* drop patches included in this release
* update license
* add packageconfig for examples as those don't build
License-Update: added new license, see:
https://libwebsockets.org/git/libwebsockets/commit?id=e3dca87f23e8f783e1008b54829b39f9d7b083df
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==============
* Removed unintentional copy requiment from some of async functions parameter.
* Fixed Heap-use-after-free during broker shutdown.
* Rifined documents.
* Added TLS Websocket verify none port to broker for browser.
* Added Cerfiticate file's digitalSignature to keyUsage.
* Fixed wss connection from Web Browser handshake failed problem.
* Changed trial broker on `async-mqtt.redboltz.net` ws and wss port.
* ws was 10080 but Chrome block it by default. Updated to 80.
* wss was 10443 but Chrome doesn't block it by default. But for consistency, updated to 443.
* system_test still uses 10080 and 10443 to avoid conflict.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/rakshasa/rtorrent/releases/tag/v0.16.2
Remove 0001-scripts-common.m4-Insert-spaces-in-shell-lists.patch as it was merged in upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove 0001-scripts-common.m4-Insert-spaces-in-shell-lists.patch as it was merged in upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commit from the recipe got got detached from the master branch - use nobranch to
avoid fetching failure.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Pick patches as listed in NVD CVE report.
Note that Debian lists one of the patches as introducing the
vulnerability. This is against what the original report [1] says.
Also the commit messages provide hints that the first patch fixes this
issue and second is fixing problem with the first patch.
[1] https://jvn.jp/en/jp/JVN19358384/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix a m4 script bug
Drop CVE_STATUS since this is only needed for < 0.14 release
Enable using posix_fallocate when creating a new file to avoid fragmentation
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Device database changes:
- Support iPad Pro M5 family devices
- Support Apple Vision Pro M5
- Support MacBook Pro 14-inch M5
* Bug Fixes:
Fix: array initialization compatibility with MSVC
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The project switched to storing their releases on Github, and
the original links stopped working.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ver 3.10:
Fix issue with handling neighbor report on BSS TM request.
Fix issue with handling deauth and FT association failure.
Fix issue with handling roaming and old frequencies.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
SAE-PK needs base64_decode(), but if no other feature is enabled that
needs base64 support, then it is missing.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add the instance specifier to the ptp4l dependency for the phc2sys
service, so the corresponding service is automatically started
correctly. This fixes the following error messages, when starting the
phc2sys@... service:
Failed to restart phc2sys@eth0.service: Unit ptp4l.service not found.
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
hostapd has supported IEEE 802.11be (Wi-Fi 7) for over three years. Given
the growing market demand for Wi-Fi 7, it is now an appropriate time to
enable support for IEEE 802.11be Extremely High Throughput (EHT). Note
that CONFIG_IEEE80211AX is a mandatory prerequisite for setting
CONFIG_IEEE80211BE.
This patch also enables the following build-time options in defconfig,
all of which have no runtime impact:
SAE Public Key (SAE_PK)
Opportunistic Wireless Encryption (OWE)
Suite B and Suite B 192
Automatic Channel Selection (ACS)
Multiband Operation (MBO)
Signed-off-by: Miaoqing Pan <miaoqing.pan@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
New version includes support to build against CMake 4+.
Release notes are available at [0].
[0]: https://github.com/labapart/gattlib/releases
License-Update: Copyright year changed
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There hasn't been an upstream release in four years. Latest HEAD supports builds
with CMake 4+, but the corresponding patches at [0] and [1] are considered to be
too invasive to backport. Instead, apply the 'minimum policy version' override.
[0]: 00d7750304
[1]: 53b46d63b4
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix:
| CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
New version includes support to build against CMake 4+.
Release notes are available at [0].
[0]: https://github.com/seladb/PcapPlusPlus/releases/tag/v25.05
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There hasn't been a new upstream release yet that ships the required changes.
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix:
| CMake Error at CMakeLists.txt:5 (cmake_minimum_required):
| Compatibility with CMake < 3.5 has been removed from CMake.
|
| Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
| to tell CMake that the project requires at least <min> but has been updated
| to work with policies introduced by <max> or earlier.
|
| Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ver 3.9:
Fix issue with Access Point mode and frequency unlocking.
Fix issue with network configuration and BSS retry logic.
Fix issue with handling busy notification from Access Point.
Fix issue with handling P-192, P-224 and P-521 for SAE.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- The project uses CCFLAGS instead of CXXFLAGS to add C++ compiler flags.
Assign the value of CXXFLAGS to the CCFLAGS variable and export CCFLAGS for use in the build environment.
It fixes the contains reference TMPDIR because DEBUG_PREFIX_MAP is already included in CXXFLAGS (poky/meta/conf/bitbake.conf)
- Fix typo -Wnodeprecated-declarations -> -Wno-deprecated-declarations
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_Compression.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_ETCL_Parser.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_ETCL.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_Monitor_Control.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_RLECompression.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: Fatal QA errors were found, failing task.
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Suggested-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It was related to latest UNPACKDIR changes -> https://git.openembedded.org/openembedded-core/commit/?id=46480a5e66747a673041fe4452a0ab14a1736d5e
ERROR: ace-8.0.2-r0 do_install: oe_runmake failed
ERROR: ace-8.0.2-r0 do_install: Execution of '/srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/ace/8.0.2/temp/run.do_install.14265' failed with exit code 1
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
SRCREV was removed accidentally during last update - add it back.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
