mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-03-10 09:19:41 +01:00

Commit Graph

Author	SHA1	Message	Date
Peter Marko	33d90091be	libmicrohttpd: disable experimental code by default Introduce new packageconfig to explicitly avoid compilation of experimental code. Note that the code was not compiled by default also before this patch, this now makes it explicit and makes it possible to check for the flags in cve-check code. This is less intrusive change than a patch removing the code which was rejected in patch review. This will solve CVE-2025-59777 and CVE-2025-62689 as the vulnerable code is not compiled by default. Set appropriate CVE status for these CVEs based on new packageconfig. (From OE-Core rev: 1d8e646aebe75b8ede51d4de9e0003a822992a33) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-12-12 08:49:37 -08:00
Narpat Mali	caa3177c77	libmicrohttpd: upgrade 0.9.75 -> 0.9.76 Changelog: ============ Fix potential DoS vector in MHD_PostProcessor.(CVE-2023-27371) Releasing GNU libmicrohttpd 0.9.76 hotfix. https://github.com/Karlson2k/libmicrohttpd/blob/v0.9.76/ChangeLog (From OE-Core rev: 017346be6c97d20b1b16d495ee9484f10973857c) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-20 17:20:44 +00:00

Author

SHA1

Message

Date

Peter Marko

33d90091be

libmicrohttpd: disable experimental code by default

Introduce new packageconfig to explicitly avoid compilation of
experimental code. Note that the code was not compiled by default also
before this patch, this now makes it explicit and makes it possible to
check for the flags in cve-check code.

This is less intrusive change than a patch removing the code which was
rejected in patch review.

This will solve CVE-2025-59777 and CVE-2025-62689 as the vulnerable code
is not compiled by default.
Set appropriate CVE status for these CVEs based on new packageconfig.

(From OE-Core rev: 1d8e646aebe75b8ede51d4de9e0003a822992a33)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-12-12 08:49:37 -08:00

Narpat Mali

caa3177c77

libmicrohttpd: upgrade 0.9.75 -> 0.9.76

Changelog:
============
Fix potential DoS vector in MHD_PostProcessor.(CVE-2023-27371)
Releasing GNU libmicrohttpd 0.9.76 hotfix.

https://github.com/Karlson2k/libmicrohttpd/blob/v0.9.76/ChangeLog

(From OE-Core rev: 017346be6c97d20b1b16d495ee9484f10973857c)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2023-03-20 17:20:44 +00:00

2 Commits