This patch addresses issue:
[ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service
Link to Python issue:
https://bugs.python.org/issue35746
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This extends the Python[3] shebang fixup to all packages.
Only Python scripts in `/usr/bin` will be handled at the moment. Later it
may make sense to also cover executables in `/bin`, though typically Python
executables shouldn't be placed there.
Previously the shebang handling was only done for python[3]-pip &
python[3]-setuptools.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Piping to xargs does not handle spaces in paths too well, because it splits
up the paths.
For deleting empty dirs, we also need to do several retries, otherwise
`find` will try to go through the directories after they're deleted.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a validate section to service_triggers(), and fixes some
variable name typos in qosdef_init_static().
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Update to latest version even though it's a no-op for us
(change is for compilation on Haiku) because otherwise uscan (and
folks who don't check changelogs for relevant changes) will complain.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The shared library does not depend on libatomic nor libstdcpp anymore.
This is very good news for the users of said lib.
This commit updates the depends accordingly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Disabled doc and valgrind tests to speed up compilation.
Added --disable-ld-version-script to reduce compiled size.
Added -Wl,--gc-sections to reduce compiled size.
From 28339 to 27700 bytes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Disable debug to save some space: 163689 vs. 155034 bytes.
Add -Wl,--gc-sections. Down to 138627 bytes.
Miscellaneous cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Changes:
-remove old patch(part of 0.0.9 release)
-change the canonical upstream repo location to gitlab
-change source to gitlab
-change source package to golang-gitlab-yawning-obfs4-dev
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Remove patches 001-fix-unused.patch and 002-replace-nitems.patch,
similar fixes to make libudev-fbsd compile were applied upstream.
Refresh remaining patches.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
While researching CircleCI build failures, I came across a linking error
relating to liblzma, where ld instructs to recompile with fPIC.
Unfortunately, this increases filesize. Added some configure flags to try
to mitigate is somewhat.
Removed maintainer as he is no longer active.
Added PKG_CPE_ID for proper CVE tracking.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
[toke@toke.dk: Port to master branch]
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function, removes a duplicate
option, and removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Alexandru Ardelean
Alexandru Ardelean
Jeffery To
Christian Lachner
Daniel F. Dickinson
Luiz Angelo Daros de Luca
Peter Wagner
Sebastian Kemper
Hannu Nyman
Yousong Zhou
W. Michael Petullo
Jan Pavlinec
Michael Heimpold
Val Kulkov
Deng Qingfang
Rosen Penev
Daniel Golle
Daniel Engberg
Toke Høiland-Jørgensen
Adrien DAURIAT
Josef Schlehofer
Daniel Golle
Karl Palsson