Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

frr: upgrade 8.3.1 -> 8.3.2 #689

Closed
wants to merge 1 commit into from
Closed

frr: upgrade 8.3.1 -> 8.3.2 #689

wants to merge 1 commit into from

Conversation

KanjiMonster
Copy link
Contributor

Upgrade FRR 8.3 to latest maintenance tag 8.3.2 to include fixes for CVEs CVE-2022-40302, CVE-2022-40318 and CVE-2022-43681.

Dropped 0001-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch as it is already included in the tag.

References:
https://cyberriskleaders.com/new-vulnerabilities-disclosed-in-frrouting-software/

@KanjiMonster
frr: upgrade 8.3.1 -> 8.3.2
cf81f79 
Upgrade FRR 8.3 to latest maintenance tag 8.3.2 to include fixes for
CVEs CVE-2022-40302, CVE-2022-40318 and CVE-2022-43681.

Dropped 0001-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch
as it is already included in the tag.

References:
https://cyberriskleaders.com/new-vulnerabilities-disclosed-in-frrouting-software/

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
@KanjiMonster KanjiMonster mentioned this pull request May 11, 2023
Closed
@KanjiMonster
Copy link
Contributor Author

Update for kirkstone is #688, master and mickledore are unaffected as these issues were already fixed in the original 8.4 release.

@akuster
Copy link
Contributor

akuster commented May 24, 2023

grabbed this this morning

@kraj
Copy link
Contributor

kraj commented Jul 3, 2023

@akuster I see this is for langdale and langdale is EOL, so perhaps we should mark it as wontfix

@akuster akuster added the wontfix label Jul 4, 2023
@akuster
Copy link
Contributor

akuster commented Jul 4, 2023

Correct. Langdale is EOL. wontfix.
Kirkstone has the fix.

@akuster akuster closed this Jul 4, 2023
kraj pushed a commit to YoeDistro/meta-openembedded that referenced this pull request Feb 10, 2024
@akiernan @kraj
c-ares: Upgrade 1.24.0 -> 1.26.0
cd12fdd 
Changes 1.26.0:

Brad House (14):
      update release notes format
      update format slightly
      RELEASE-NOTES -> RELEASE-NOTES.md
      test: fix outdated license headers
      no reason to include sys/random.h all the time (openembedded#684)
      Do not sanity check RR Name vs Question (openembedded#685)
      autotools: fix building for 32bit windows due to stdcall symbol mangling (openembedded#689)
      man ares_fds(3): mark as deprecated and add explanation (openembedded#691)
      fix doxygen typo
      Autotools allow make to override CFLAGS/CPPFLAGS/CXXFLAGS (openembedded#695)
      Event Subsystem: No longer require integrators to have their own (openembedded#696)
      adig: Differentiate between internal and server error
      Release prep for c-ares 1.26.0 (openembedded#698)
      clusterfuzz: enforce maximum DNS packet size due to long parser time

Erik Lax (1):
      Added flags to are_dns_parse to force RAW packet parsing (openembedded#693)

Gregor Jasny (1):
      cmake: improve some include related code (openembedded#680)

Changes 1.25.0:

Brad House (22):
      fix test building with symbol hiding
      ci: add test case for building with hidden symbol visibility
      ci: disable static for symbol hiding tests
      getrandom() may require sys/random.h on some systems
      fix support with older google test versions
      CI: Add Alpine Linux and old Ubuntu (openembedded#667)
      Fix bad stub for ares__iface_ips_enumerate()
      ahost should use ares_getaddrinfo() these days (openembedded#669)
      Connection failure should increment server failure count first
      sonarcloud: const
      clang-format
      ares_strsplit() rewrite as wrapper around ares__buf_split()
      clang-format
      Autotools warning fixes (openembedded#671)
      Old MacOS SDKs require you include sys/socket.h before net/if.h (openembedded#673)
      docs: host -> ip
      Autotools: rework to simplify and fix recent issues (openembedded#674)
      set winver consistently across build systems
      autotools: update logic for building tests to provide more feedback
      OSSFuzz: it assumes autotools builds a static library by default, which means the old autotools must have done that even though there were comments saying it wasn't.  Disable static by default on Windows however since it can't build both simultaneously.
      tests: replace google DNS with CloudFlare for reverse lookups as google's servers stopped responding properly
      1.25.0 release prep (openembedded#676)

Gregor Jasny (1):
      Fix minor warnings and documentation typos (openembedded#666)

Martin Chang (1):
      Use SOCK_DNS extension on socket on OpenBSD (openembedded#659)

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
kraj pushed a commit to YoeDistro/meta-openembedded that referenced this pull request Dec 7, 2024
@MarkusVolk @kraj
wireplumber: update 0.5.6 -> 0.5.7
38c6065 
WirePlumber 0.5.7
~~~~~~~~~~~~~~~~~

Highlights:

  - Fixed an issue that would cause random profile switching when an application
    was trying to capture from non-Bluetooth devices (openembedded#715, openembedded#634, !669)

  - Fixed an issue that would cause strange profile selection issues [choices
    not being remembered or unavailable routes being selected] (openembedded#734)

  - Added a timer that delays switching Bluetooth headsets to the HSP/HFP
    profile, avoiding needless rapid switching when an application is trying to
    probe device capabilities instead of actually capturing audio (!664)

  - Improved libcamera/v4l2 device deduplication logic to work with more complex
    devices (!674, !675, openembedded#689, openembedded#708)

Fixes:

  - Fixed two memory leaks in module-mixer-api and module-dbus-connection
    (!672, !673)

  - Fixed a crash that could occur in module-reserve-device (!680, openembedded#742)

  - Fixed an issue that would cause the warning "[string "alsa.lua"]:182:
    attempt to concatenate a nil value (local 'node_name')" to appear in the
    logs when an ALSA device was busy, breaking node name deduplication (!681)

  - Fixed an issue that could make find-preferred-profile.lua crash instead of
    properly applying profile priority rules (openembedded#751)

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@akuster akuster

Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@KanjiMonster @akuster @kraj