- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This one contains only a few CVEs + bugfixes.
* CVE-2019-8381 memory access in do_checksum() (#538)
* CVE-2019-8376 NULL pointer dereference get_layer4_v6() (#537)
* CVE-2019-8377 NULL pointer dereference get_ipv6_l4proto() (#536)
* Rename Ethereal to Wireshark (#545)
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/8399
These 2 patches cause some breakage for other packages.
For now, we drop them and wait for upstream to finalize a fix.
We can live with deprecated SSL APIs for a while. No need to hurry, since
this doesn't seem to help.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
trafficshaper create QoS rules to limit (or reserve) traffic used
by classes of clients.
Uplink and downlink can be controled (or not controlled) independently.
Client classes are defined by its network addresses (IPv4 or IPv6). Each
client class can define absolute or relative (to wan) bandwith, and also
the use (or not) of spare wan bandwidth when avaiable.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Bug fixes and a security update of the bundled RubyGems:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Added PKG_BUILD_PARALLEL for faster compilation.
Removed old rpath hack that is no longer necessary.
Removed and replaced two patches with configure arguments.
Added PIC as is standard with these.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Added PKG_BUILD_PARALLEL for faster compilation.
Removed rpath hack as it is no longer necessary.
Removed old patches that are now handled by configure flags.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Added PKG_BUILD_PARALLEL for faster compilation.
Removed rpath hack that is no longer needed.
Added PIC as is typically the case with these.
Remove obsolete patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Saves on compiled size.
Also got rid of outdated rpath linking.
Added PIC compilation as is done elsewhere.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Disabled a bunch of debug stuff in order to save size.
Also removed the rpath stuff as that has not been needed for a long time.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed two patches that have --disable configure parameters now.
Refreshed patches.
Size of libgstreamer1 from 822243 to 529366 on mvebu.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Revert the addition of build dependency in commit 2d1694ff7
to a non-existent host build of zlib.
The host build of zlib was removed already in April 2018 by
8dcd941d8b (diff-1ed408c61d79f9c6c5d197333e94ce8d)
which made zlib a build tool defined in /tools
The newly introduced build dependency causes always a warning like:
WARNING: Makefile 'package/feeds/packages/postgresql/Makefile'
has a build dependency on 'zlib/host', which does not exist
Not sure what was the error that 2d1694ff7 tried to fix,
but reference to a non-existent host build is not the solution.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Using shorewall-lite {en|dis}able instead of completely restarting
Shorewall is much more efficient.
But it also makes sense to move the starting of Shorewall from init
to an interface hotplug event. The "lan" interface should be a good
indicator that networking it ready. Besides, Shorewall won't start
until br-lan is available.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Lucian Cristian
Sebastian Kemper
Alexandru Ardelean
Hannu Nyman
Josef Schlehofer
Luiz Angelo Daros de Luca
Eneas U de Queiroz
W. van den Akker
Karel Kočí
Jannik Vieten
Rosen Penev
Philip Prindeville
Ted Hess
Brian J. Murrell
Jan Pavlinec
W. Michael Petullo