mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-22 07:53:48 +02:00
Code Issues Packages Projects Releases Wiki Activity
76,024 Commits 38 Branches 625 Tags
fb0a4eb7a8aa94deffd46c4611175dee4ffe2d07
Commit Graph

5 Commits

Author SHA1 Message Date
Hitendra Prajapati
f734bc2352 inetutils: fix for CVE-2026-32772 
Pick patch from [1] also mentioned at NVD report in [2]

[1] https://www.openwall.com/lists/oss-security/2026/03/13/1
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-32772
[3] https://cgit.git.savannah.gnu.org/cgit/inetutils.git/patch/?id=d6b8b83aa51616946fd314bc48087312d13c99f8
[4] https://security-tracker.debian.org/tracker/CVE-2026-32772

(From OE-Core rev: 02b29ddc66956c83af2702bbf0fcd4985c00fa68)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
[YC: NEWS diff in [3] links to [1]]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
 2026-05-12 21:31:34 +01:00
Vijay Anusuri
ba6c5d8069 inetutils: Fix CVE-2026-32746 
Pick patch according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-32746
[2] https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
[3] https://codeberg.org/inetutils/inetutils/pulls/17/files

(From OE-Core rev: 53a3cdf7b55b76ec64a314f5fafced4a803ac12f)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
 2026-03-25 17:34:13 +00:00
Peter Marko
6d3b13d2cc inetutils: patch CVE-2026-28372 
Pick patch according to [1] (equivalent to patch from [2]).

This CVE is needed if util-linux >= 2.40 is used which is not the case
in Yocto scarthgap, however it's always possible that users update
packages in their layers.

[1] https://security-tracker.debian.org/tracker/CVE-2026-28372
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-28372

(From OE-Core rev: 2ab4f313ebd2c8f2d801dc3f53df3a0741cf848e)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
[YC: replaced kirkstone by scarthap]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
 2026-03-25 17:34:13 +00:00
Vijay Anusuri
2541663fd1 inetutils: Fix CVE-2026-24061 
Upstream-Status: Backport from
https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=ccba9f748aa8d50a38d7748e2e60362edd6a32cc
& https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fd702c02497b2f398e739e3119bed0b23dd7aa7b

Ref: https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html

(From OE-Core rev: da89012029cb110f6d2768248981ab9c4872d871)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2026-02-16 09:52:34 +00:00
Tom Rini
1bbdc674ae inetutils: Update to the 2.5 release 
The update from 2.4 to 2.5 was almost something AUH could take care of.
However, we had backported two patches to address CVE-2023-40303 and
that threw off AUH. These changes are confirmed to be in 2.5, so drop
them and update to 2.5.

(From OE-Core rev: e1bffeab27b062884f6366cde24ce1c67e7ec03e)

Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2024-01-03 23:36:34 +00:00