Fixes the following security issues:
- CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression
- CVE-2018-16853: Fix S4U2Self crash with MIT KDC build
- CVE-2018-16853: Do not segfault if client is not set
For more info, see the release notes:
https://www.samba.org/samba/history/samba-4.9.4.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security impact, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added all hashes provided by upstream and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added all hashes provided by upstream and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added all hashes provided by upstream and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rebased patch 0006, removed patch 0008 which is included in upstream
release version, renumbered remaining patches.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The websock_config.h file currently ends up being installed into the
sysroot with a #include "config.h" line but the config.h file does not
get copied into the sysroot. Refactoring the original patch to have the
configure script properly report whether or not SSL support is enabled
without using the config.h file.
Patch has been submitted upstream but may never be merged since upstream
appears to be dead.
https://github.com/payden/libwebsock/pull/38
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add patch to fix musl TEMP_FAILURE_RETRY error
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Go 1.11.5 addresses a reported security issue, CVE-2019-6486.
Signed-off-by: Christian Stewart <christian@paral.in>
Acked-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For the curious, there's the short changelog summary:
https://github.com/kergoth/tslib/releases
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The iperf project changed the archive after the release without changing
the filename of the archive.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Additional fixes for CVE-2017-9800: Malicious server can execute arbitrary
command on client and a number of crash fixes.
https://svn.apache.org/repos/asf/subversion/tags/1.9.10/CHANGES
Drop upstream SHA1 hash as that is no longer listed. Also add a hash for
the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
upmpdcli 1.4.0 uses both the `uint64_t` and `u_int64_t` type. `uintN_t` is
standard C99 type available in `<stdint.h>`, whereas `u_intN_t` is defined in
`<sys/types.h>`.
Because of the missing include of `<sys/types.h>` building upmpdcli breaks now
when building with the musl C library, which is very strict:
```
src/mediaserver/cdplugins/netfetch.h:71:5: error: ‘u_int64_t’ does not name a type
u_int64_t datacount() {
```
Add a patch from upstream which fixes the issue by replacing `u_int64_t`
with `uint64_t`.
Fixes:
http://autobuild.buildroot.net/results/f3082d2fdda8d73dbd9d3b65a08d844934066ef7
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
For more details, see the CHANGES file:
https://www.apache.org/dist/httpd/CHANGES_2.4.38
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
