Remove the patch with the fix that is already present in the new
version.
Signed-off-by: Daniel Semkowicz <dse@thaumatec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The BusyBox version of mv does not have the -Z flag for setting SELinux
security context. This results in failure
when the cockpit-certificate-helper script is executed.
Depend the package on GNU Coreutils to make sure that the proper version
of mv is installed.
Signed-off-by: Daniel Semkowicz <dse@thaumatec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The old-bridge package config option was removed from the recipe,
but the usage of this option was left in some places.
Remove any reference to old-bridge. Only the Python bridge is currently
supported by Cockpit.
Signed-off-by: Daniel Semkowicz <dse@thaumatec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.
The affected module is not part of the meta-oe universe currently,
so ignore the CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Modified net-generic.patch to update a hardcoded version number to avoid
patch fuzz.
Changelog: https://github.com/webmin/webmin/releases/tag/2.300
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[2025-07-14] — Xdebug 3.4.5
Fixed bug #2332: Segmentation fault for code coverage with nested fibers
Fixed bug #2356: Reading properties with get hooks may modify property value
[2025-06-12] — Xdebug 3.4.4
Fixed bug #2349: Regression in Xdebug 3.4.3 breaks throwing exceptions in nested generators
Fixed bug #2350: Crash when a certain page generates an exception since Xdebug 3.4.3
Fixed bug #2352: Crash when using latest Xdebug version when throwing exceptions
Fixed bug #2354: The __invoke frame in call stacks don't have the argument name in the trace
[2025-05-14] — Xdebug 3.4.3
Fixed bug #2322: Xdebug tries to open debugging connection in destructors during shutdown
Fixed bug #2325: Referred chrome browser extension is no longer working
Fixed bug #2326: Step debugger finishes if property debugging handler in PHP throws an exception
Fixed bug #2331: Segmentation fault with 'invalid' variable names
Fixed bug #2339: Trying to throw an exception can cause a zend_mm_heap corrupted error under specific circumstances
Fixed bug #2340: Xdebug case sensitivity issues on some files introduced since 3.3.0
Fixed bug #2343: Fatal error on virtual property hook step debugging
Fixed bug #2348: Xdebug does not resolve breakpoints in property hooks
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-04-23
nginx-1.28.0 stable version has been released, incorporating new
features and bug fixes from the 1.27.x mainline branch - including
memory usage and CPU usage optimizations in complex SSL configurations,
automatic re‑resolution of hostnames in upstream groups, performance
enhancements in QUIC, OCSP validation of client SSL certificates and
OCSP stapling support in the stream module, variables support in the
proxy_limit_rate, fastcgi_limit_rate, scgi_limit_rate, and
uwsgi_limit_rate directives, the proxy_pass_trailers directive, and
more.
License-Update: copyright years refreshed and removed C-style comments
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Handles CVE-2025-23016 (in 2.4.5)
Add tag to SRC_URI.
Move version to recipe filename.
License-Update: file was renamed without any text change
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
bugfix:
use open-cli instead of require('open') for Node 20+ compatibility
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- feat: add support for OpenAPI 3.0.4 (#10247)
- feat: apply cumulative update to address various issues (#10324)
- fix(docker): fix security issues CVE-2024-56171, CVE-2025-24928 (#10351)
- fix: fix definition resolving being affected by the order of schemas (#10386)
- fix(json-schema-2020-12): avoid accessing properties of null schemas (#10397)
- fix(json-schema-2020-12-samples): fix examples for nullable primitive types defined as list of types (#10390)
- fix(utils): fix error messages for range validation of number parameters (#10344)
- fix(json-schema-2020-12): use consistent comparison operators for displaying min/max constraints (#10159)
- fix(json-schema-2020-12-samples): use zero as default example value for int32 and int64 (#10230)
- fix(style): prevent operationId from wrapping when space is available (#10259)
- fix(docker): address multiple HIGH security vulnerabilities (#10410)
- fix(json-schema-2020-12): infer type string when contentEncoding or contentMediaType is present (#10411)
- fix: align OpenAPI 3.x.y file uploads with specification (#10409)
- feat(oas31): display file upload input when contentMediaType or contentEncoding is present (#10412)
- fix: avoid accessing properties of empty Example Objects (#10453)
- fix(oauth2): avoid processing authorizationUrl when it is not a string (#10452)
- fix: use spec compliant JSON Pointer implementation (#10455)
- fix(spec): assure operation is an immutable map in operations selectors (#10454)
- fix: assure parameter is an immutable map when grouping parameters (#10457)
- fix(spec): avoid accessing $ref when path item is not an object (#10456)
- fix(json-schema-2020-12-samples): generate proper samples for XML atttributes (#10459)
- fix(security): update Axios to non-vulnerable 1.9.0 version (#10460)
- fix(docker): address CVE-2025-32414/CVE-2025-32415 (#10461)
- feat(observability): allow defining custom uncaught exception handler (#10462)
- feat(json-schema-5-samples): add support for time format example generation (#10420) (#10421)
- refactor: introduce function for getting Schema Object type (#10330)
- fix: mitigate ReDoS when generating examples from pattern (#10477)
- fix(release): fix failed v5.23.0 release
- fix(packagist): exclude large obsolete directories from publishing to Packagist (#10329)
- ft(oas3): show the schema tab in the Try it Out mode (#10488)
- fix: align expanded content inside expand collapse button (#10497)
- feat: release SwaggerUI via GitHub Actions
- fix(CD): provide correct npm token
- fix(dist): provide correct npm token for swagger-ui-dist release
- fix: fix opened model schema resolving issue on spec change (#10509)
- fix(docker): bump nginx image to version 1.29.0-alpine to fix CVE-2025-48174 (#10508)
- feat: release Swagger UI to Packagist (#10513)
- fix(oas3): reset request body values in try it out (#9717)
- fix(style): restore paragraph spacing in parameter and response descriptions (#10514)
- feat(json-schema): support x-additionalPropertiesName (#10006)
- fix: permissions of files to allow running as non-root (#10515)
- fix: sanitization of relative OpenAPI JSON paths (#10528)
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Please see
https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265
for what changes are needed, and sed commands that can be used to make them en masse.
I've verified that bitbake -c patch world works with these, but did not run a world
build; the majority of recipes shouldn't need further fixups, but if there are
some that still fall out, they can be fixed in followups.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The current include file that stores the known non-reproducible packages
is layer dependent and that forces the user of the layers to maintain
the list of the files (for example, see AB config[0]).
By moving the exclude list to each layer.conf and extending the common
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES variable, the known non-reproducible
packages will be automatically excluded for each layer used in the
reproducibility test without any special knowledge in the test
environment.
NB: the empty list for meta-initramfs was just removed not moved.
[0]: https://git.yoctoproject.org/yocto-autobuilder-helper/tree/config.json?id=7d8933e75bdf7fb821a25617cb2dcabf1f3f8700#n322
Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Co-Developed-by: Guillaume Swaenepoel <guillaume.swaenepoel@smile.fr>
Signed-off-by: Guillaume Swaenepoel <guillaume.swaenepoel@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Makes the hammer a bit smaller, since we do not enable go by default
in packageconfig's it helps with yocto check layer with default config.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As the other layers of meta-openembedded, this line makes it easy to
send a patch by copy-pasting and reduce slightly the probability of
error.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The https://www.hiawatha-webserver.org/ site is defunct. So move SRC_URI to use
https://hiawatha.leisink.net/ instead. Update to 11.0 while we are here.
Changelog: https://hiawatha.leisink.net/changelog
mbed TLS updated to 3.0.0.
Dropped support for TLSv1.0 and TLSv1.1. Configuration option MinTLSversion removed.
Dropped support for HTTP Public Key Pinning (HPKP). Configuration option PublicKeyPins removed.
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set pam module path to ${base_libdir}/security as this is the default
path in libpam.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This CVE is officially disputed by Redhat with official statement in
https://nvd.nist.gov/vuln/detail/CVE-2007-0086
Red Hat does not consider this issue to be a security vulnerability.
The pottential attacker has to send acknowledgement packets periodically
to make server generate traffic. Exactly the same effect could be
achieved by simply downloading the file. The statement that setting the
TCP window size to arbitrarily high value would permit the attacker to
disconnect and stop sending ACKs is false, because Red Hat Enterprise
Linux limits the size of the TCP send buffer to 4MB by default.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is gentoo specific CVE.
NVD tracks this as version-less CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These were not updated on recipe upgrade.
To make maintenance easier, remove exact versions.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs are specific to Debian and MAC OS X respectively.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
