ClamAV 0.103.5 is a critical patch release with the following fix:
- CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
clamscan --gen-json option) is enabled.
https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f92c093c7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 70d1858353)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 64cf3dc6c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pjsip:pjsip has been deprecated by teluu:pjsip since September 2021:
<cpe-23:cpe23-item name="cpe:2.3🅰️pjsip:pjsip:2.7.1:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️teluu:pjsip:2.7.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
<cpe-item name="cpe:/a:pjsip:pjsip:2.7.2" deprecated="true" deprecation_date="2021-09-02T14:49:19.527Z">
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c99d84fb96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
RK3399_ROCKPRO64 has been picked from pine64/rockpro64 but here we deal
with orangepi-rk3399, so let's change the label to RK3399_ORANGEPI.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 07a0d71657)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 1.1.7):
8b70f08 Add definition of new event GstAppSinkCallbacks for interpipesink element
ddaa9b5 Add conditional build according to GST_VERSION_MINOR
730dea6 Bump project version
8718b12 Add initialization for the GstAppSinkCallbacks struct
f015ff7 Remove redundant initialization of new_event callback
530da92 Update copyright year in README file
e8ce826 Add explanatory comment on the memset of GstAppSinkCallbacks struct
f0f3b8e Fix README copyright date to 2016-2022
814982e Merge branch 'hotfix/add-new-event-callback'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0872ac72b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in
tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by
a crafted XML message and leads to a denial of service.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b23ef21029)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mod_compress has been subsumed by mod_deflate since version 1.4.56 and
dab212b5f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 653dc2e710)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch added by commit eee96b0f0a on gcc
9.3.0 must also be applied on gcc 10 and 11 to avoid the following build
failure on numerous packages (babeltrace2, pcsc-lite, tpm2-pkcs11,
etc.):
configure:13774: checking whether pthreads work with -pthread
configure:13868: /home/giuliobenetti/autobuild/run/instance-0/output-1/host/bin/or1k-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -std=gnu99 -pthread -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
conftest.c:27:26: error: #error "_REENTRANT must be defined"
27 | # error "_REENTRANT must be defined"
| ^~~~~
It should be noted that external bootlins will have to be rebuilt.
Fixes:
- http://autobuild.buildroot.org/results/cb58d4fbaeb08d188c2f8bf05ef1604789fa8766
- http://autobuild.buildroot.org/results/7af9d4b68bd46ed260ed66ba2cc3c9c21482e741
- http://autobuild.buildroot.org/results/6f926bec146752873f8032b593f0de1cb222ea46
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 98e39dc80e)
[Peter: drop 11.2.0 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rdgif.c, cderror.h: add sanity check for GIF image dimensions.
Thank to Casper Sun for cjpeg potential vulnerability report.
- Update hash of README (changes not related to license)
- Update indentation in hash file (two spaces)
https://jpegclub.org/reference/reference-sources/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5e36f80a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5.15.2 is the last public release of 5.15 and does not contain this CVE
fix. However, >=6.1.2 and >5.12.12 all contain the necessary patches so
let's port them to 5.15.2.
Technically only the first two patches are required to patch the CVE.
However, the second patch introduces a regression that is fixed in the third
patch.
The patches are taken from KDE kde/5.15 git branch.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9151eab3c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: also change in Config.in]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f6297befe1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is
specifically defined to use a particular SAN type, can result in bypassing
name-constrained intermediates. Node.js was accepting URI SAN types, which
PKIs are often not defined to use. Additionally, when a protocol allows URI
SANs, Node.js did not match the URI correctly.
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Node.js converts SANs (Subject Alternative Names) to a string format. It
uses this string to check peer certificates against hostnames when
validating connections. The string format was subject to an injection
vulnerability when name constraints were used within a certificate chain,
allowing the bypass of these name constraints.
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Node.js did not handle multi-value Relative Distinguished Names correctly.
Attackers could craft certificate subjects containing a single-value
Relative Distinguished Name that would be interpreted as a multi-value
Relative Distinguished Name, for example, in order to inject a Common Name
that would allow bypassing the certificate subject verification.
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Due to the formatting logic of the console.table() function it was not safe
to allow user controlled input to be passed to the properties parameter
while simultaneously passing a plain object with at least one property as
the first parameter, which could be __proto__. The prototype pollution has
very limited control, in that it only allows an empty string to be assigned
numerical keys of the object prototype.
For details, see the advisory:
https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer
overflow in sampled_data_finish (called from sampled_data_continue and
interp).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c817641331)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in
sampled_data_sample (called from sampled_data_continue and interp).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 70910c4092)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop spurious space added by commit
f9e359d765
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7e47d01c99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-13867: Open-iSCSI targetcli-fb through 2.1.52 has weak
permissions for /etc/target (and for the backup directory and backup
files).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 488f92a1c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4192: vim is vulnerable to Use After Free
Fix CVE-2021-4193: vim is vulnerable to Out-of-bounds Read
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 33a3f1f30d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with introspection:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler gst/rtsp-server/GstRtspServer-1.0.gir --output gst/rtsp-server/GstRtspServer-1.0.typelib --includedir=/usr/share/gir-1.0
Could not find GIR file 'Gst-1.0.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file gst/rtsp-server/GstRtspServer-1.0.gir: Failed to parse included gir Gst-1.0
If the above error message is about missing .so libraries, then setting up GIR_EXTRA_LIBS_PATH in the .mk file should help.
Typically like this: PKG_MAKE_ENV += GIR_EXTRA_LIBS_PATH="$(@D)/.libs"
Fixes:
- http://autobuild.buildroot.org/results/04af6b22cfa0cffb6a3109a3b32b27137ad2e0b0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fa3e7a63b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit db14f7d715)
[Peter: drop 5.15.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/scripts/pkg-stats:1171:8: E713 test for membership should be 'not in'
support/scripts/pkg-stats:1175:8: E713 test for membership should be 'not in'
support/scripts/pkg-stats:1179:8: E713 test for membership should be 'not in'
3 E713 test for membership should be 'not in'
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1955772278
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 02e679d8bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When debugging pkg-stats, it's quite useful to be able to disable some
features that are quite long (checking upstream URL, checking latest
version, checking CVE). This commit adds a --disable option, which can
take a comma-separated list of features to disable, such as:
./support/scripts/pkg-stats --disable url,upstream
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b102352b62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The .affects() method of the CVE class in support/scripts/cve.py can
return 3 values: CVE_AFFECTS, CVE_DOESNT_AFFECT and CVE_UNKNOWN.
We of course properly account for CVEs where .affects() return
CVE_AFFECTS, but the ones for which CVE_UNKNOWN is returned are
currently ignored, and therefore treated as if they did not affect the
package.
However CVE_UNKNOWN in fact indicates that the v_start/v_end fields of
the CPE entry could not be parsed by
distutils.version.LooseVersion(). Instead of ignoring such cases, this
commit adds support for the concept of "unsure CVEs", which will be
listed next to CVEs known to affect the package, so that we are aware
of them and can investigate the version issue.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a206bbc5fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s/interperter/interpreter/ and drop 'use use' / 'depend on use'.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 65054d1a19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add "Linux" before kernel in comment to be consistent with other
packages and manual
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 956cd5b9b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add "Linux" before kernel in comment to be consistent with other
packages and manual
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e0de6291e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add "Linux" before kernel in comment to be consistent with other
packages and manual
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0730b8b822)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop duplicated sentence from Config.in
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 59bbe7cc74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit ead2afda13, gettext is
wrongly disabled when BR2_SYSTEM_ENABLE_NLS is set
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5630e83c84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid
SRTP packets
When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls
can be terminated by remote attackers. This attack can be done
continuously, thus denying encrypted calls during the attack.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
- CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
By default, SIP requests of the type SUBSCRIBE are not authenticated in
the affected versions of FreeSWITCH.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
- CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests,
leading to spam and message spoofing
By default, SIP requests of the type MESSAGE (RFC 3428) are not
authenticated in the affected versions of FreeSWITCH. MESSAGE requests
are relayed to SIP user agents registered with the FreeSWITCH server
without requiring any authentication. Although this behaviour can be
changed by setting the auth-messages parameter to true, it is not the
default setting.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
- CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding
When flooding FreeSWITCH with SIP messages, it was observed that after a
number of seconds the process was killed by the operating system due to
memory exhaustion
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
- CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways
An attacker can perform a SIP digest leak attack against FreeSWITCH and
receive the challenge response of a gateway configured on the FreeSWITCH
server. This is done by challenging FreeSWITCH's SIP requests with the
realm set to that of the gateway, thus forcing FreeSWITCH to respond with
the challenge response which is based on the password of that targeted
gateway.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.7
Removed patch, upstream applied a different fix:
e9fde845de
Added optional dependency to libks, needed due to upstream commit
ed98516666
Added upstream patches to fix build errors.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 829777c1c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Needed to bump freeswitch to 1.10.7.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 30b2dbeae3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
