commit f79a420825 (package/busybox/udhcpc.script: support RFC3442
static routes) used 'set --' clobbering the positional arguments, causing
the action argument to not be correctly forwarded to hook scripts for the
renew / bound cases if static routes are provided by the server.
As a workaround, save the action argument at the beginning of the script and
use that when calling hook scripts.
Reported-by: 王琦 <wangwangqi2011@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 94c41eef61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update LIBARGTABLE2_VERSION to reflect what is used by
https://release-monitoring.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5a3d1f34bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update IOZONE_VERSION to reflect what is used by
https://release-monitoring.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1e75050bbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3.34.1 is the version used by https://release-monitoring.org as well as
NVD NIST database so add SQLITE_TAR_VERSION and drop
SQLITE_CPE_ID_VERSION
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3943b6f003)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The release contains a bugfix to fix the make install of the python
module after build changes introduced in this release RC1.
This release contains a number of bug fixes. There is a crash fix for
broken internal structures in stream reuse, that is used when many TCP
or TLS upstream connections are made. Also a number of features are added.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.2
Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aaad2ab8e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sven has privately asked to no longer receive notifications related to
this package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 829ecf7d79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
through 2.3.2 allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted TGA file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0eebfba388)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
textview_uri_security_check in textview.c in Claws Mail before 3.18.0,
and Sylpheed through 3.7.0, does not have sufficient link checks before
accepting a click.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 634dcbd50d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This affects the package jszip before 3.7.0. Crafting a new zip file
with filenames set to Object prototype values (e.g __proto__, toString,
etc) results in a returned object with a modified prototype instance.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 921830e92d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failures on arc and riscv32:
latency.c: In function 'display':
latency.c:326:21: error: format '%ld' expects argument of type 'long int', but argument 2 has type 'time_t' {aka 'long long int'} [-Werror=format=]
326 | ("RTT| %.2ld:%.2ld:%.2ld (%s, %Ld us period, "
| ~~~~^
| |
| long int
| %.2lld
327 | "priority %d)\n", dt / 3600,
| ~~~~~~~~~
| |
| time_t {aka long long int}
altency.c: In function ‘display’:
altency.c:262:21: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘time_t’ {aka ‘long long int’} [-Werror=format=]
262 | ("RTT| %.2ld:%.2ld:%.2ld (%s, %Ld us period, "
| ~~~~^
| |
| long int
| %.2lld
263 | "priority %d)\n", dt / 3600,
| ~~~~~~~~~
| |
| time_t {aka long long int}
Fixes:
- http://autobuild.buildroot.org/results/448efe22e8fe058a1b354a3c124874e30b9ce138
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 74196b7d05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on musl raised since the addition of the
package in commit eb91fa730c:
/tmp/instance-1/output-1/build/ogre-1.12.0/OgreMain/src/OgreStringConverter.cpp: In static member function 'static bool Ogre::StringConverter::parse(const String&, Ogre::int32&)':
/tmp/instance-1/output-1/build/ogre-1.12.0/OgreMain/src/OgreStringConverter.cpp:253:22: error: 'strtol_l' was not declared in this scope; did you mean 'strtold_l'?
253 | ret = (int32)strtol_l(val.c_str(), &end, 0, _numLocale);
| ^~~~~~~~
| strtold_l
Fixes:
- http://autobuild.buildroot.org/results/491f89e45610a7752c0700ac02b80a92b7876ec3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 84333281cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qt5declarative builds qmltyperegistrar for the host as part of its build
process.
When building qt target packages (which is the case for qt5declarative),
-spec devices/linux-buildroot-g++ is passed to qmake in QT5_QMAKE
variable and this spec currently has -latomic in its LIBS.
This -latomic makes it to the build of the host build of
qmltyperegistrar which is not useful.
This was discovered on Fedora 34 where libatomic is not pulled with gcc
package, therefore was missing on the host machine.
This makes sure that -latomic is not added for host build of qt
packages.
Fixes: 7d286be4f9 ("package/qt5base: link with -latomic when needed")
Cc: Quentin Schulz <foss@0leil.net>
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2d991fd7b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 5f432df7e2 ("boot/arm-trusted-firmware: change
ENABLE_STACK_PROTECTOR value when disabled") set
ENABLE_STACK_PROTECTOR=0 when disabled. But since we pass this value as
MAKE_OPT, the internal ATF logic that sets ENABLE_STACK_PROTECTOR again
based on its initial value breaks. This leads to build failure:
make[1]: *** [/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o] Error 1
aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized command-line option ‘-fstack-protector-0’; did you mean ‘-fstack-protector’?
Move ENABLE_STACK_PROTECTOR to make environment instead to allow make to
change its value.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1497663294
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ccac9a5bbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit
cf176128ec ("boot/arm-trusted-firmware:
add SSP option"), we are passing ENABLE_STACK_PROTECTOR=none when we
want to disable SSP usage in TF-A. While this works fine in recent
versions of TF-A, older versions such as TF-A will end up passing
-fstack-protector-none in this situation, which fails as this is not a
valid gcc option (the valid gcc option is -fno-stack-protector).
To solve this, we pass ENABLE_STACK_PROTECTOR=0 which was in older
TF-A versions used to say "don't do anything with SSP", and is also
still supported in newer versions of TF-A.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738580
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5f432df7e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
- CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
- CVE-2021-31799: A command injection vulnerability in RDoc
For more details, see the announcement:
https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js is vulnerable to a use after free attack where an attacker might
be able to exploit the memory corruption, to change process behavior.
Drop 0002-Fix-build-with-ICU-68.patch as this is now fixed upstream since
https://github.com/nodejs/node/commit/e459c79b02
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca92d31cff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes fixes for the recent "Sequoia" seq_file vulnerability
(CVE-2021-33909):
https://lwn.net/Articles/863729/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 79e230178b)
[Peter: drop 5.12.x/5.13.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on riscv32:
system/base/target.scm:132:16: In procedure triplet-pointer-size:
unknown CPU word size "riscv32"
Fixes:
- http://autobuild.buildroot.org/results/6705630c1484239ec8b73d57ebc2e2570fbfc8f8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 55f1afe6db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig needs wchar, thread debugging, and udev support to be
able to use all the packages it enables.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738516
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 28803d38e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since bump to version 0.22.3 in commit b6576a458c (package/mpd: bump
to version 0.22.3), mpd needs gcc >= 8, as documented in their manual
[0], to avoid the following build failure with gcc 7.3.1:
/tmp/instance-7/output-1/host/opt/ext-toolchain/aarch64-linux-gnu/include/c++/7.3.1/bits/stl_tree.h:2091:28: error: no matching function for call to 'std::_Rb_tree<std::__cxx11::basic_string<char>, std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> >, std::_Select1st<std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> > >, std::less<std::__cxx11::basic_string<char> >, std::allocator<std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> > > >::_M_get_insert_unique_pos(std::pair<std::basic_string_view<char>, std::basic_string_view<char> >::first_type&)'
= _M_get_insert_unique_pos(_KeyOfValue()(__v));
~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/4888d99404cc4273349ab036035c5ff7e086b83e
[0] https://mpd.readthedocs.io/en/stable/user.html#compiling-from-source)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword commit log to reference the manual]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8f7d7d9d86)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gobject-introspection is an optional dependency (enabled by default)
since version 1.26.0 and
2aa0badc79
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit af34a67be6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pixman package exhibits gcc bug 101737 when built for the SH4
architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101737=y.
Also let's add PIXMAN_CFLAGS and pass the Codesourcery work around CFLAGS
to it for consistency like we do for the rest of the packages.
Fixes:
http://autobuild.buildroot.net/results/b20/b20869bbb48edb1f0a847ea9e2e1a0462d6350be/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a8a9b12766)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Highly parallel host-python3 builds sometimes fail with:
Exception in thread Thread-1:
Traceback (most recent call last):
File "/tmp/instance-3/output-1/host/lib/python3.9/threading.py", line 973, in _bootstrap_inner
self.run()
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 317, in run
result_item, is_broken, cause = self.wait_result_broken_or_wakeup()
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 376, in wait_result_broken_or_wakeup
worker_sentinels = [p.sentinel for p in self.processes.values()]
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 376, in <listcomp>
worker_sentinels = [p.sentinel for p in self.processes.values()]
RuntimeError: dictionary changed size during iteration
During the compile_all.py step of host-python3. This issue is reported
upstream at https://bugs.python.org/issue43498, and while not yet
fixed upstream, a PR was proposed with a possible fix for it. Seems
the PR seems reasonable, let's give it a chance and see if it improves
the situation.
Hopefully Fixes:
http://autobuild.buildroot.net/results/ae6c4ab292589a4e4442dfb0a1286349a9bf4d29/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e17946b409)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xlib_libxshmfence unconditionally uses SYS_futex which raises the
following build failure on riscv32:
xshmfence_futex.h:58:17: error: 'SYS_futex' undeclared (first use in this function); did you mean 'sys_futex'?
58 | return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
| ^~~~~~~~~
| sys_futex
Fixes:
- http://autobuild.buildroot.org/results/b3523e35fde0fac04b96a6278cbc6ffdfe56f7d1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e39ad96136)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer
overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and
Pl_AES_PDF::finish) when a certain downstream write fails.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 96865f02d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace libjson by jsoncpp for C++ dependency which was wrongly added
by commit 74fc60a267
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f23129ee1e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump to version 3.4.7 in
commit bb75c4b541:
/tmp/instance-5/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ui/qt/CMakeFiles/qtui.dir/sequence_diagram.cpp.o: undefined reference to symbol '__atomic_compare_exchange_4@@LIBATOMIC_1.0'
/tmp/instance-5/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /tmp/instance-5/output-1/host/sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
Fixes:
- http://autobuild.buildroot.org/results/6617ee0e0046a0452a1515b89e9c704b1c125ec4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0344be5299)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC 11 defaults to C++17. Fix the following build failure with gcc 11:
In file included from _internal/Source/JSONDefs.h:12,
from _internal/Source/JSONDebug.h:4,
from _internal/Source/JSONNode.h:4,
from _internal/Source/JSONNode.cpp:1:
_internal/Source/JSONDefs/GNU_C.h:58:28: error: ISO C++17 does not allow dynamic exception specifications
58 | #define json_throws(x) throw(x)
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/1e66dff705bbb38e7e0f0e5864ce794b4345dcc6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ff55c323af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build with libmaxminddb is broken since bump to version 3.0.5 in commit
464d0be380 because of
785958f9b5
So revert this commit until upstream answer to comment to
https://github.com/SpiderLabs/ModSecurity/issues/2131
Reverting this commit requires autoreconfiguring, which itself causes
lots of warnings as configure.ac queries git to know the version of
various parts of libmodsecurity. However, it turns out that those
versions are only used to be displayed in the output of the configure
script, which is quite useless. The only one that is referenced
elsewhere is LIBINJECTION_VERSION, but it's in fact a different thing:
it is defined by others/libinjection/src/libinjection_sqli.c.
The only variable that was AC_SUBST() and therefore visible elsewhere
was MSC_GIT_VERSION, but it is not used anywhere in the code base,
except in the configure script itself.
Note that one patch is 0001 and the other 0003, because there was
already a 0002 patch.
Fixes:
- http://autobuild.buildroot.org/results/4c639fd967faa06f8ae362bacd38f3409c47267c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 94b6fbd582)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find numa to avoid the following build failure when
checking for numa_available:
configure:9667: checking for numa_available in -lnuma
configure:9692: /tmp/instance-7/output-1/host/bin/microblazeel-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -static conftest.c -lnuma >&5
/tmp/instance-7/output-1/host/opt/ext-toolchain/bin/../lib/gcc/microblazeel-buildroot-linux-uclibc/9.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: /tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/lib/libnuma.a(libnuma.o): in function `numa_node_to_cpus_v1':
(.text+0x2a80): undefined reference to `__atomic_fetch_and_1'
/tmp/instance-7/output-1/host/opt/ext-toolchain/bin/../lib/gcc/microblazeel-buildroot-linux-uclibc/9.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: /tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/lib/libnuma.a(libnuma.o): in function `numa_node_to_cpus_v2':
(.text+0x2ddc): undefined reference to `__atomic_fetch_and_1'
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/577a63432fba2f9ae1ed2c6c2a77c5ce54ac5521
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3be90cd5b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC 11 defaults to C++17. Fix the following build failure with gcc 11:
In file included from details/shared-ptr/base.cxx:5:
../odb/details/shared-ptr/base.hxx:38:49: error: ISO C++17 does not allow dynamic exception specifications
38 | operator new (std::size_t, odb::details::share) throw (std::bad_alloc);
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/cfd5f92f0aa923815edba5fbfcd5b7b312d9d40e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 69d2d1d91e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 11:
In file included from ../include/loki/SmartPtr.h:33,
from SmartPtr.cpp:20:
../include/loki/SmallObj.h: At global scope:
../include/loki/SmallObj.h:462:57: error: ISO C++17 does not allow dynamic exception specifications
462 | static void * operator new ( std::size_t size ) throw ( std::bad_alloc )
|
Fixes:
- http://autobuild.buildroot.org/results/768727160beaca5df3ef18be29cfbaa3ced67ad5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0239ea5615)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-22235: Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6
and 3.2.0 to 3.2.14 allows denial of service via packet injection or
crafted capture file
https://www.wireshark.org/security/wnpa-sec-2021-06.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bb75c4b541)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- [High] OCSP verification issue when response is for a certificate with
no relation to the chain in question BUT that response contains the
NoCheck extension which effectively disables ALL verification of that
one cert.
- [Low] OCSP request/response verification issue. In the case that the
serial number in the OCSP request differs from the serial number in
the OCSP response the error from the comparison was not resulting in a
failed verification.
- [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in
base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier.
Versions 4.6.0 and up contain a fix and do not need to be updated for
this report.
https://github.com/wolfSSL/wolfssl/blob/v4.8.1-stable/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6427f12bba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
